Due to a server issue on my mail server I had to put the dovecot, a mail-server for Linux, in debug mode. Meaning that from now on it logs whatsoever happens on the machine for troubleshooting.
My problem was that I could not create my email profile after getting a new phone. Server responded with “bad password”. So I checked the login events coming from my IP Address, which was 89.204.xxx.xxx at that time.
For that I used a simple command that only shows me authentication events for my IP-Address due to the fact that the bots will soon overflow my screen.
After a few login try’s i returned to my console window to check the logs for hints what is going.
Yea you are right, no traffic at all in my authentication log from my phone. Time to change the filter.
This time I used directly the syslog where all my logs coming together and listened for the keyword “office”.
Nearly no bot try’s that email so I thought its a good way to only see my login events coming from my Android Microsoft Outlook App. Wrong! Instead, i saw the following:
After a short research it was clear that the IP that is performing the login requests (126.96.36.199) belongs to Microsoft and is located in the data centers in the US which might be relevant in terms of the GDPR.
This does not seem to be noted in the Data Privacy Statement nor in the Apps FAQ for the outlook android app. At least i didn’t find anything related to this.
This behavior is “as expected” and a response from Microsoft support is documented here: https://answers.microsoft.com/en-us/msoffice/forum/all/outlook-for-android-imap-connection-from-work/1dad80a9-b807-47f5-9b7d-ed2d17780bb0
The statement says: The app needs to access your email via our email server so that the app will perform its job of sending/receiving an email.