We Keep Coding

Gmail is blocking to send email via SMTP? [duplicate]

This question already has answers here:
smtp error: 535 5.7.8 Username and Password not accepted for gmail in go
(4 answers)
Closed 2 years ago.
I have tried to set up msmtp server from this question PHP+Ubuntu Send email using gmail form localhost. So I have set the default (account) to send from:
/etc/msmtprc:
defaults
tls on
tls_starttls on
tls_trust_file /etc/ssl/certs/ca-certificates.crt
account default
host smtp.gmail.com
port 587
auth on
user autak987#gmail.com
password PASSWORD #not real password
from autak987#gmail.com
logfile /var/log/msmtp.log
And now when I try to send a test email (executed as root):
echo -e "Subject: Test Mail\r\n\r\nThis is my first test email." | msmtp --debug --from=default -t autak987#gmail.com
gives:
loaded system configuration file /etc/msmtprc
ignoring user configuration file /root/.msmtprc: No such file or directory
falling back to default account
using account default from /etc/msmtprc
host = smtp.gmail.com
port = 587
source ip = (not set)
proxy host = (not set)
proxy port = 0
timeout = off
protocol = smtp
domain = localhost
auth = choose
user = autak987#gmail.com
password = *
passwordeval = (not set)
ntlmdomain = (not set)
tls = on
tls_starttls = on
tls_trust_file = /etc/ssl/certs/ca-certificates.crt
tls_crl_file = (not set)
tls_fingerprint = (not set)
tls_key_file = (not set)
tls_cert_file = (not set)
tls_certcheck = on
tls_min_dh_prime_bits = (not set)
tls_priorities = (not set)
auto_from = off
maildomain = (not set)
from = default
add_missing_from_header = on
add_missing_date_header = on
remove_bcc_headers = on
dsn_notify = (not set)
dsn_return = (not set)
logfile = /var/log/msmtp.log
logfile_time_format = (not set)
syslog = (not set)
aliases = (not set)
reading recipients from the command line and the mail
<-- 220 smtp.gmail.com ESMTP o60sm9122564eda.30 - gsmtp
--> EHLO localhost
<-- 250-smtp.gmail.com at your service, [2a00:1028:8d1b:f32a:baac:e4e8:de4:df3c]
<-- 250-SIZE 35882577
<-- 250-8BITMIME
<-- 250-STARTTLS
<-- 250-ENHANCEDSTATUSCODES
<-- 250-PIPELINING
<-- 250-CHUNKING
<-- 250 SMTPUTF8
--> STARTTLS
<-- 220 2.0.0 Ready to start TLS
TLS session parameters:
(TLS1.3)-(ECDHE-X25519)-(ECDSA-SECP256R1-SHA256)-(AES-256-GCM)
TLS certificate information:
Owner:
Common Name: smtp.gmail.com
Organization: Google LLC
Locality: Mountain View
State or Province: California
Country: US
Issuer:
Common Name: GTS CA 1O1
Organization: Google Trust Services
Country: US
Validity:
Activation time: Tue 11 Aug 2020 10:57:38 AM CEST
Expiration time: Tue 03 Nov 2020 09:57:38 AM CET
Fingerprints:
SHA256: 8A:D6:DC:62:1D:6B:BB:B9:45:03:38:E8:40:AC:8C:A8:60:75:CF:B6:95:93:83:4C:ED:AD:BA:CA:71:47:44:E7
SHA1 (deprecated): 84:5D:7F:E9:0E:7C:6A:C0:70:F6:04:09:4A:1C:AA:5D:6C:BF:11:E2
--> EHLO localhost
<-- 250-smtp.gmail.com at your service, [2a00:1028:8d1b:f32a:baac:e4e8:de4:df3c]
<-- 250-SIZE 35882577
<-- 250-8BITMIME
<-- 250-AUTH LOGIN PLAIN XOAUTH2 PLAIN-CLIENTTOKEN OAUTHBEARER XOAUTH
<-- 250-ENHANCEDSTATUSCODES
<-- 250-PIPELINING
<-- 250-CHUNKING
<-- 250 SMTPUTF8
--> AUTH PLAIN AGF1dGFrOTg3QGdtYWlsLmNvbQBNaWxhbmJhcm9zMTIz
<-- 535-5.7.8 Username and Password not accepted. Learn more at
<-- 535 5.7.8 https://support.google.com/mail/?p=BadCredentials o60sm9122564eda.30 - gsmtp
msmtp: authentication failed (method PLAIN)
msmtp: server message: 535-5.7.8 Username and Password not accepted. Learn more at
msmtp: server message: 535 5.7.8 https://support.google.com/mail/?p=BadCredentials o60sm9122564eda.30 - gsmtp
msmtp: could not send mail (account default from /etc/msmtprc)
msmtp: cannot log to /var/log/msmtp.log: cannot open: Permission denied
msmtp: log info was: host=smtp.gmail.com tls=on auth=on user=autak987#gmail.com from=default recipients=autak987#gmail.com smtpstatus=535 smtpmsg='535-5.7.8 Username and Password not accepted. Learn more at\n535 5.7.8 https://support.google.com/mail/?p=BadCredentials o60sm9122564eda.30 - gsmtp' errormsg='authentication failed (method PLAIN)' exitcode=EX_NOPERM
So the log says <-- 535-5.7.8 Username and Password not accepted. Learn more at, but I got an warning email someone has tried to log in your account Which I confirm was me. Then it says The application you have tried to use, Google blocked, because it does not fulfil our security standards. So the msmtp does not fulfil security standard? I have donwloaded all the certificate needed (and credentials were correct either login or password). So if msmtp does not fulfil security standard, how can I send email from php form?

You probably need to enable Less Secure Apps in your google account to allow the use of smtp
https://support.google.com/accounts/answer/6010255?hl=en
If you use 2 factor authentication you will need to generate an app specific password
https://support.google.com/accounts/answer/185833?hl=en

"550 5.7.1 Relaying denied" sending via Mailgun with msmtp

Has anyone successfully set up msmtp with a Mailgun account? I keep getting "Relaying denied", and msmtp reports that the envelope from is invalid. I have tried every variation of the from address that I can think of, scoured Mailgun's documentation for details on their SMTP parameters, and searched the web for examples, and I've not found anything that differs from my setup (aside from server and account names, of course).
Here is my /etc/msmtprc file,
account default
# The SMTP smarthost
host smtp.mailgun.org
# Use TLS on port 465
port 465
tls on
tls_starttls off
user manul#mail.mydomain.net
password [snip]
from mailgun#mydomain.net
# Syslog logging with facility LOG_MAIL instead of the default LOG_USER
syslog LOG_MAIL
And the msmtp session:
$ echo 'Subject: Grfg' | msmtp -v 'aidalgol#example.net'
loaded system configuration file /etc/msmtprc
ignoring user configuration file /home/me/.msmtprc: No such file or directory
falling back to default account
using account default from /etc/msmtprc
host = smtp.mailgun.org
port = 465
source ip = (not set)
proxy host = (not set)
proxy port = 0
timeout = off
protocol = smtp
domain = localhost
auth = none
user = manul#mail.mydomain.net
password = *
passwordeval = (not set)
ntlmdomain = (not set)
tls = on
tls_starttls = off
tls_trust_file = system
tls_crl_file = (not set)
tls_fingerprint = (not set)
tls_key_file = (not set)
tls_cert_file = (not set)
tls_certcheck = on
tls_min_dh_prime_bits = (not set)
tls_priorities = (not set)
auto_from = off
maildomain = (not set)
from = mailgun#aidalgolland.net
add_missing_from_header = on
add_missing_date_header = on
remove_bcc_headers = on
dsn_notify = (not set)
dsn_return = (not set)
logfile = (not set)
logfile_time_format = (not set)
syslog = LOG_MAIL
aliases = (not set)
reading recipients from the command line
TLS session parameters:
(TLS1.3)-(ECDHE-X25519)-(RSA-PSS-RSAE-SHA256)-(AES-128-GCM)
TLS certificate information:
Owner:
Common Name: *.mailgun.org
Organization: MAILGUN TECHNOLOGIES\, INC
Organizational unit: MAILGUN TECHNOLOGIES\, INC
Locality: San Francisco
State or Province: California
Country: US
Issuer:
Common Name: Thawte TLS RSA CA G1
Organization: DigiCert Inc
Organizational unit: www.digicert.com
Country: US
Validity:
Activation time: Wed 19 Feb 2020 13:00:00 NZDT
Expiration time: Wed 20 Apr 2022 00:00:00 NZST
Fingerprints:
SHA256: 9E:5F:9B:27:BB:26:14:6F:3E:2F:50:75:FE:BF:64:1C:4B:8D:E0:A6:B7:EA:4F:27:13:05:FD:81:3F:57:52:26
SHA1 (deprecated): 54:36:F6:D1:44:0A:B4:62:F0:94:1B:21:7A:1B:82:5C:DF:FD:FF:57
<-- 220 Mailgun Influx ready
--> EHLO localhost
<-- 250-smtp-out-n17.prod.us-east-1.postgun.com
<-- 250-AUTH PLAIN LOGIN
<-- 250-SIZE 52428800
<-- 250-8BITMIME
<-- 250-ENHANCEDSTATUSCODES
<-- 250-SMTPUTF8
<-- 250 PIPELINING
--> MAIL FROM:<mailgun#myexample.net>
--> RCPT TO:<aidalgol#example.net>
--> DATA
<-- 550 5.7.1 Relaying denied
msmtp: envelope from address mailgun#mydomain.net not accepted by the server
msmtp: server message: 550 5.7.1 Relaying denied
msmtp: could not send mail (account default from /etc/msmtprc)

It turned out to be that I needed to set auth on in the msmtp configuration. The error envelope from address mailgun#mydomain.net not accepted by the server from msmtp was completely wrong.

For other people who got here you'll probably need to go to
https://app.mailgun.com/app/sending/domains/**YOUR-DOMAIN-NAME-HERE/credentials
to get your per-domain credentials as suggested here:
https://documentation.mailgun.com/en/latest/quickstart-sending.html#send-via-api
I diagrammed what to put where in the configuration file along with how to navigate to the setting. This should help make things super clear hopefully.
Note: The grey info-box in the bottom right with the password copy thing I got to by clicking on the green outlined "Reset password" button

Error using Google two factor auth with mu4e & Gmail

I have been using Google 2 factor auth for a while, and have several applications configured. One of them is offlineimap (where I download the mail), but when I use mu4e to compose a message, I get the following error:
Sending failed: 534-5.7.9 Application-specific password required.
Learn more at 534-5.7.9
http://support.google.com/accounts/bin/answer.py?answer=185833
I have a ~/.authinfo.gpg configured (and it decrypts successfully manually), and my ~/.offlineimaprc calls get_password_emacs (the example I used can be found here).
I've even attempted to skip the gpg piece to see if it works, using my mu4e Google App Password directly in the ~/.offlineimaprc, but I end up with the same result.
My ~/.authinfo.gpg file: (decrypted here, sensitive info removed)
machine imap.gmail.com login me#gmail.com port 993 password GoogleAppPassword
machine smtp.gmail.com login me#gmail.com port 587 password GoogleAppPassword
My ~/.offlineimaprc file:
[general]
accounts = Gmail
maxsyncaccounts = 3
pythonfile = ~/.offlineimap.py
[Account Gmail]
localrepository = Local
remoterepository = Remote
[Repository Local]
type = Maildir
localfolders = ~/Maildir
[Repository Remote]
remotehost = imap.gmail.com
remoteuser = me#gmail.com
remotepasseval = get_password_emacs("imap.gmail.com", "me#gmail.com", "993")
ssl = yes
maxconnections = 1
realdelete = no
holdconnectionopen = true
keepalive = 60
type = IMAP
and my ~/.offlineimap.py
#!/usr/bin/python
import re, os
def get_password_emacs(machine, login, port):
s = "machine %s login %s port %s password ([^ ]*)\n" % (machine, login, port)
p = re.compile(s)
authinfo = os.popen("gpg -q --no-tty -d ~/.authinfo.gpg").read()
return p.search(authinfo).group(1)
Can anyone see the issue I'm having? I've validated that the ~/.authinfo.gpg file decrypts successfully, and that my Google App Password is correct.
Thanks for your time.

using my mu4e Google App Password directly in the ~/.offlineimaprc
That's exactly the problem. You shouldn't be using the password directly. For legacy applications that do not accept the second factor token, you need to use the application-specific password, instead. This is a password that you generate from this URL:
https://security.google.com/settings/security/apppasswords
And you use the generated password in lieue of your real password. You should note, however, that these application-specific passwords grant full access to your account. As a result, using app passwords significantly reduces the protections you get from enabling 2-factor on your account.

How configure roundcube to work with imaps?

I recently installed Postfix, Dovecot to setup a mail server on my own VPS ( using this tutorial: Email with Postfix, Dovecot, Mysql)
Imaps server uses port 993 for Authentication, and Postfix uses port 25 to send mails.
In this tutorial, users stored in a Database ( so imaps use mysql to authenticate users).
i'm sure every thing works fine with imaps and postfix , because few days ago i installed Kmail client (on my linux) and receive mails from my server. sending mails also works fine, i sent a mail to Gmail and google received it without a problem (in my "Gmail inbox" not spam folder)
So to get to my Emails from a web mail client, i installed Roundcube on /var/www/mail directory.
I configured Roundcube many times. but each time it gives me this Error:
IMAP Error: Login failed for [me#mydomain] from X.x.X.x . Empty
startup greeting (localhost:993) in
/var/www/mm/program/lib/Roundcube/rcube_imap.php on line 184 (POST
/mm/?_task=login?_task=login&_action=login)
When i do log in from roundcube, imap server says ( in /var/log/mail.log ):
May 20 07:05:16 my-server dovecot: imap-login: Disconnected (no auth
attempts): rip=::1, lip=::1, TLS handshaking: Disconnected
Here is my roundcube config file :
$config['db_dsnw'] = 'mysql://roundcubeuser:myPassword#localhost/roundcubemail';
// ----------------------------------
// IMAP
// ----------------------------------
$config['debug_level'] = 13;
$config['default_host'] = 'ssl://127.0.0.1';
$config['default_port'] = 993;
// ----------------------------------
// SMTP
// ----------------------------------
$config['smtp_server'] = 'ssl://localhost';
What's the problem? i really have no idea what is happening !
Thank you.

I'm using postfix + dovecot + roundcube a few months now and it's working for me. In my configuration, postfix rejects plaintext sessions, so roundcube has to connect with ssl - and it's working.
This is from my main.inc.php. I don't remember editing anything here, it's just the initial config created during the installation.
Now that I'm looking at it, default_port doesn't make any sense, I think it's just ignored.
// To use SSL/TLS connection, enter hostname with prefix ssl:// or tls://
// Supported replacement variables:
// %n - http hostname ($_SERVER['SERVER_NAME'])
// %d - domain (http hostname without the first part)
// %s - domain name after the '#' from e-mail address provided at login screen
// For example %n = mail.domain.tld, %d = domain.tld
// TCP port used for IMAP connections
$rcmail_config['default_port'] = 143;
$rcmail_config['default_host'] = array("ssl://localhost:993");
// TCP port used for IMAP connections
$rcmail_config['default_port'] = 143;

In case the other answer does not work, this is what worked for me. My config.inc.php now contains:
$config['default_host'] = 'ssl://localhost';
$config['default_port'] = 993;
NOTE: using tls://localhost did not work for me. I had to specify ssl:// as the URI scheme.
Via PhpMyAdmin, I also ran this SQL command (all my user accounts are on the same machine that runs RoundCube):
UPDATE `rc_users` SET `mail_host`='ssl://localhost'
I got the port number 993 from running sudo netstat -tulnp in order to determine the port on which Dovecot was listening.

Gmail smtp SASL authentication

I'm using postfix to send email via gmail with an application's password (two step-validation activated).
Each time I test sending mail using sendmail command, I get this error:
Action: delayed
Status: 4.7.14
Diagnostic-Code: X-Postfix; delivery temporarily suspended: SASL authentication
failed; server smtp.gmail.com said: 534-5.7.14
<https://accounts.google.com/signin/continue?...> Please log in via your web browser and?534-5.7.14 then try again.?534-5.7.14
This is my postfix configuration:
main.cf
myorigin = /etc/mailname
mydestination = mydomain.com, localhost.fr, localhost
relayhost = [smtp.gmail.com]:587
smtp_sasl_auth_enable = yes
smtp_sasl_security_options = noanonymous
smtp_sasl_password_maps = hash:/etc/postfix/sasl/sasl_passwd
smtp_tls_security_level = encrypt
smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
/etc/postfix/sasl/sasl_passwd:
[smtp.gmail.com]:587 admin#mydomain.com:application_password
And this is how I used sendmail:
sendmail -v ...
From: admin#mydomain.com
Subject: Test
This is a test mail
.
Any ideas ? Thanks !

For anyone finding this who has run into the same scenario:
Using an app specific password
2FA enabled on your account
Seeing 'delivery temporarily suspended: SASL authentication failed; server smtp.gmail.com[173.194.68.109] said: 534-5.7.9 Please log in with your web browser and then try again' in your log
You may need to visit https://accounts.google.com/DisplayUnlockCaptcha to 'bypass' the captcha, which will enable the account access and get everything working.

Allow less secure apps: If you don't use 2-Step Verification, you might need to allow less secure apps to access your account.