diff --git a/docs/reference/targets/smtp.md b/docs/reference/targets/smtp.md
index 7ee56abd..d9fbe46a 100644
--- a/docs/reference/targets/smtp.md
+++ b/docs/reference/targets/smtp.md
@@ -65,7 +65,7 @@ Refuse to pass messages over plain-text connections.
 
 ---
 
-### auth `off` | `plain` _username_ _password_ | `forward`  | `external`
+### auth `off` | `plain` _username_ _password_ | `login` _username_ _password_ | `forward`  | `external`
 Default: `off`
 
 Specify the way to authenticate to the remote server.
@@ -74,6 +74,10 @@ Valid values:
 - `off` – No authentication.
 - `plain` – Authenticate using specified username-password pair.
   **Don't use** this without enforced TLS (`require_tls`).
+- `login` - Authenticate using specified username-password pair.
+  Uses obsolete SASL LOGIN mechanism instead of SASL PLAIN.
+  This is required for compatibility with some SMTP services (e.g. Office 365).
+  **Don't use** this without enforced TLS (`require_tls`).
 - `forward` – Forward credentials specified by the client.
   **Don't use** this without enforced TLS (`require_tls`).
 - `external` – Request "external" SASL authentication. This is usually used for
diff --git a/internal/target/smtp/sasl.go b/internal/target/smtp/sasl.go
index 75f5d4e5..6af22e44 100644
--- a/internal/target/smtp/sasl.go
+++ b/internal/target/smtp/sasl.go
@@ -64,6 +64,13 @@ func saslAuthDirective(_ *config.Map, node config.Node) (interface{}, error) {
 		return func(*module.MsgMetadata) (sasl.Client, error) {
 			return sasl.NewPlainClient("", node.Args[1], node.Args[2]), nil
 		}, nil
+	case "login":
+		if len(node.Args) != 3 {
+			return nil, config.NodeErr(node, "two additional arguments are required (username, password)")
+		}
+		return func(*module.MsgMetadata) (sasl.Client, error) {
+			return sasl.NewLoginClient(node.Args[1], node.Args[2]), nil
+		}, nil
 	case "external":
 		if len(node.Args) > 1 {
 			return nil, config.NodeErr(node, "no additional arguments required")