Error using Google two factor auth with mu4e & Gmail - emacs

I have been using Google 2 factor auth for a while, and have several applications configured. One of them is offlineimap (where I download the mail), but when I use mu4e to compose a message, I get the following error:
Sending failed: 534-5.7.9 Application-specific password required.
Learn more at 534-5.7.9
http://support.google.com/accounts/bin/answer.py?answer=185833
I have a ~/.authinfo.gpg configured (and it decrypts successfully manually), and my ~/.offlineimaprc calls get_password_emacs (the example I used can be found here).
I've even attempted to skip the gpg piece to see if it works, using my mu4e Google App Password directly in the ~/.offlineimaprc, but I end up with the same result.
My ~/.authinfo.gpg file: (decrypted here, sensitive info removed)
machine imap.gmail.com login me#gmail.com port 993 password GoogleAppPassword
machine smtp.gmail.com login me#gmail.com port 587 password GoogleAppPassword
My ~/.offlineimaprc file:
[general]
accounts = Gmail
maxsyncaccounts = 3
pythonfile = ~/.offlineimap.py
[Account Gmail]
localrepository = Local
remoterepository = Remote
[Repository Local]
type = Maildir
localfolders = ~/Maildir
[Repository Remote]
remotehost = imap.gmail.com
remoteuser = me#gmail.com
remotepasseval = get_password_emacs("imap.gmail.com", "me#gmail.com", "993")
ssl = yes
maxconnections = 1
realdelete = no
holdconnectionopen = true
keepalive = 60
type = IMAP
and my ~/.offlineimap.py
#!/usr/bin/python
import re, os
def get_password_emacs(machine, login, port):
s = "machine %s login %s port %s password ([^ ]*)\n" % (machine, login, port)
p = re.compile(s)
authinfo = os.popen("gpg -q --no-tty -d ~/.authinfo.gpg").read()
return p.search(authinfo).group(1)
Can anyone see the issue I'm having? I've validated that the ~/.authinfo.gpg file decrypts successfully, and that my Google App Password is correct.
Thanks for your time.

using my mu4e Google App Password directly in the ~/.offlineimaprc
That's exactly the problem. You shouldn't be using the password directly. For legacy applications that do not accept the second factor token, you need to use the application-specific password, instead. This is a password that you generate from this URL:
https://security.google.com/settings/security/apppasswords
And you use the generated password in lieue of your real password. You should note, however, that these application-specific passwords grant full access to your account. As a result, using app passwords significantly reduces the protections you get from enabling 2-factor on your account.

Related

Sending a mail with smtp on localhost in ubuntu?

root#sourav-HP-Pavilion-dv6500-Notebook-PC:/var/log# echo -e "Subject:
Test Mail\r\n\r\n This is my first test email." | msmtp --debug
--from=default -t souravsachdeva13#gmail.com
loaded system configuration file /etc/msmtprc
ignoring user configuration file /root/.msmtprc: No such file or
directory
falling back to default account
using account default from /etc/msmtprc
host = smtp.gmail.com
port = 587
proxy host = (not set)
proxy port = 0
timeout = off
protocol = smtp
domain = localhost
auth = choose
user = souravsachdeva13#gmail.com
password = *
passwordeval = (not set)
ntlmdomain = (not set)
tls = on
tls_starttls = on
tls_trust_file = /etc/ssl/certs/ca-certificates.crt
tls_crl_file = (not set)
tls_fingerprint = (not set)
tls_key_file = (not set)
tls_cert_file = (not set)
tls_certcheck = on
tls_min_dh_prime_bits = (not set)
tls_priorities = (not set)
auto_from = off
maildomain = (not set)
from = default
add_missing_from_header = on
add_missing_date_header = on
remove_bcc_headers = on
dsn_notify = (not set)
dsn_return = (not set)
logfile = /var/log/msmtp.log
syslog = (not set)
aliases = (not set)
reading recipients from the command line and the mail
msmtp: cannot connect to smtp.gmail.com, port 587: Connection timed
out
msmtp: could not send mail (account default from /etc/msmtprc)
root#sourav-HP-Pavilion-dv6500-Notebook-PC:/var/log#
I am trying different servers for past 3-4 hours and none of them seems to work fine for me.This one did showed some output which I think can be helpful to debug it. Do you see any setting missing or wrongly configured.
Do not you have to get an application password ?
I write gmail 'password' in msmtprc. I get error below.
msmtp: authentication failed (method PLAIN)
msmtp: server message: 535-5.7.8 Username and Password not accepted. Learn more at
msmtp: server message: 535 5.7.8 https://support.google.com/mail/?p=BadCredentials k123-v6sm24743490pga.21 - gsmtp
msmtp: could not send mail (account gmail from /home/miwa/.msmtprc)
I setup application pasword (access to URI in error message), then I can send mail to Gmail.
I use msmtp version. (on ArchLinux)
% msmtp --version
msmtp version 1.6.8
Platform: x86_64-pc-linux-gnu
TLS/SSL library: GnuTLS
Authentication library: GNU SASL
Supported authentication methods:
plain scram-sha-1 external gssapi cram-md5 digest-md5 login
IDN support: enabled
NLS: enabled, LOCALEDIR is /usr/share/locale
Keyring support: Gnome
System configuration file name: /etc/msmtprc
User configuration file name: /home/miwa/.msmtprc
Copyright (C) 2018 Martin Lambers and others.
This is free software. You may redistribute copies of it under the terms of
the GNU General Public License <http://www.gnu.org/licenses/gpl.html>.
There is NO WARRANTY, to the extent permitted by law.

Where did the 'Regster new email' button go?

I've setup my own test Gerrit server. I've been able to register my email address and make a couple of commits. However, I deleted my email address in order to get another confirmation email from my server, since I wanted to test the tweak I made to the SMTP server configuration. Going back to my Settings page on the GUI, I noticed the 'Register new email' button had vanished, as pictured below.
Though the email appears in the drop-down box, my email address was deleted, since 1) Settings > Identities does not show any email address, and 2) when I try to 'Edit config' on a Project, the GUI pops up the message:
I've also tried adding the email using the ssh shell, since I'm admin:
$ ssh -p 29418 myUsername#my.server.com gerrit set-account myUsername --add-email foo#bar.com
fatal: realm does not allow adding emails
What's the matter?
EDIT : Here is my etc/gerrit.config file. Yes, I've restarted Gerrit after I've changed it. For sendemail configuration, I've also tried setting the port to 465 and encryption to ssl and restart Gerrit, but it's still the same.
[gerrit]
basePath = git
serverId = [alphanumeric string]
canonicalWebUrl = http://my.server.com:8012/
[database]
type = h2
database = /home/gerrit2/gerrit/db/ReviewDB
[auth]
type = OAUTH
[receive]
enableSignedPush = false
[user]
name = gerrit2
email = foo.noreply#gmail.com
[sendemail]
from = USER
smtpServer = smtp.gmail.com
smtpServerPort = 587
smtpEncryption = tls
smtpUser = foo.noreply#gmail.com
smtpPass = [foo.noreply#gmail.com 's Pass]
sslVerify = false
[container]
user = root
javaHome = /usr/lib/jvm/java-8-openjdk-amd64/jre
[sshd]
listenAddress = *:29418
[httpd]
listenUrl = http://*:8012/
[cache]
directory = cache
[plugin "gerrit-oauth-provider-google-oauth"]
client-id = [Google client ID]
link-to-existing-openid-accounts = true
[plugin "gerrit-oauth-provider-github-oauth"]
client-id = [GitHub client ID]
[plugin "gerrit-oauth-provider-bitbucket-oauth"]
client-id = [BitBucket client ID]
When
auth.type = OAUTH
You need to add explicitly
[oauth]
allowRegisterNewEmail = true
https://gerrit-review.googlesource.com/Documentation/config-gerrit.html#oauth.allowRegisterNewEmail

The transport error code was 0x80040217 - cannot send using asp.classic and CDO

According to the many posts on the web, the error message
The message could not be sent to the smtp server. The transport error code was 0x80040217. The server response was not available
Basically means it doesn't authenticate because of a faulty user name/password
The problem I have is I run the mail server. I push emails on my .net websites fine, this issue only exists when using CDO
The email, username and password are correct, it's stored in plain text in the .asp file
Set MyMail = Server.CreateObject("CDO.Message")
Set MyConfig = Server.CreateObject ("CDO.Configuration")
'MyConfig.Fields("http://schemas.microsoft.com/cdo/configuration/sendusername") = "name#example.co.uk"
'MyConfig.Fields("http://schemas.microsoft.com/cdo/configuration/sendpassword") = "passwordIsHere"
MyConfig.Fields("http://schemas.microsoft.com/cdo/configuration/smtpserver") = "127.0.0.1" 'also tried with localhost, the actual IP of server and mail.example.co.uk (which is set up correctly)
MyConfig.Fields("http://schemas.microsoft.com/cdo/configuration/smtpserverport") = 587 ' also tried 25
MyConfig.Fields("http://schemas.microsoft.com/cdo/configuration/sendusing") = 2
MyConfig.Fields("http://schemas.microsoft.com/cdo/configuration/smtpconnectiontimeout") = 60
MyConfig.Fields("http://schemas.microsoft.com/cdo/configuration/smtpauthenticate") = 1
MyConfig.Fields.Update
Any ideas why, on my W2012 server, I can run my asp.classic website, but cannot send the email?
The email account works fine when I send mail from MS outlook. The fault is only here, in the script.
So after a weird conversion in the comments
The issue is likely because (with correct syntax highlighting) the sendusername and sendpassword CDO.Configuration properties are commented out, so it is likely the mail server is failing to authenticate.
Just remove the comments and you should be good to go.
Set MyMail = Server.CreateObject("CDO.Message")
Set MyConfig = Server.CreateObject ("CDO.Configuration")
MyConfig.Fields("http://schemas.microsoft.com/cdo/configuration/sendusername") = "name#example.co.uk"
MyConfig.Fields("http://schemas.microsoft.com/cdo/configuration/sendpassword") = "passwordIsHere"
MyConfig.Fields("http://schemas.microsoft.com/cdo/configuration/smtpserver") = "127.0.0.1" 'also tried with localhost, the actual IP of server and mail.example.co.uk (which is set up correctly)
MyConfig.Fields("http://schemas.microsoft.com/cdo/configuration/smtpserverport") = 587 ' also tried 25
MyConfig.Fields("http://schemas.microsoft.com/cdo/configuration/sendusing") = 2
MyConfig.Fields("http://schemas.microsoft.com/cdo/configuration/smtpconnectiontimeout") = 60
MyConfig.Fields("http://schemas.microsoft.com/cdo/configuration/smtpauthenticate") = 1
MyConfig.Fields.Update

How configure roundcube to work with imaps?

I recently installed Postfix, Dovecot to setup a mail server on my own VPS ( using this tutorial: Email with Postfix, Dovecot, Mysql)
Imaps server uses port 993 for Authentication, and Postfix uses port 25 to send mails.
In this tutorial, users stored in a Database ( so imaps use mysql to authenticate users).
i'm sure every thing works fine with imaps and postfix , because few days ago i installed Kmail client (on my linux) and receive mails from my server. sending mails also works fine, i sent a mail to Gmail and google received it without a problem (in my "Gmail inbox" not spam folder)
So to get to my Emails from a web mail client, i installed Roundcube on /var/www/mail directory.
I configured Roundcube many times. but each time it gives me this Error:
IMAP Error: Login failed for [me#mydomain] from X.x.X.x . Empty
startup greeting (localhost:993) in
/var/www/mm/program/lib/Roundcube/rcube_imap.php on line 184 (POST
/mm/?_task=login?_task=login&_action=login)
When i do log in from roundcube, imap server says ( in /var/log/mail.log ):
May 20 07:05:16 my-server dovecot: imap-login: Disconnected (no auth
attempts): rip=::1, lip=::1, TLS handshaking: Disconnected
Here is my roundcube config file :
$config['db_dsnw'] = 'mysql://roundcubeuser:myPassword#localhost/roundcubemail';
// ----------------------------------
// IMAP
// ----------------------------------
$config['debug_level'] = 13;
$config['default_host'] = 'ssl://127.0.0.1';
$config['default_port'] = 993;
// ----------------------------------
// SMTP
// ----------------------------------
$config['smtp_server'] = 'ssl://localhost';
What's the problem? i really have no idea what is happening !
Thank you.
I'm using postfix + dovecot + roundcube a few months now and it's working for me. In my configuration, postfix rejects plaintext sessions, so roundcube has to connect with ssl - and it's working.
This is from my main.inc.php. I don't remember editing anything here, it's just the initial config created during the installation.
Now that I'm looking at it, default_port doesn't make any sense, I think it's just ignored.
// To use SSL/TLS connection, enter hostname with prefix ssl:// or tls://
// Supported replacement variables:
// %n - http hostname ($_SERVER['SERVER_NAME'])
// %d - domain (http hostname without the first part)
// %s - domain name after the '#' from e-mail address provided at login screen
// For example %n = mail.domain.tld, %d = domain.tld
// TCP port used for IMAP connections
$rcmail_config['default_port'] = 143;
$rcmail_config['default_host'] = array("ssl://localhost:993");
// TCP port used for IMAP connections
$rcmail_config['default_port'] = 143;
In case the other answer does not work, this is what worked for me. My config.inc.php now contains:
$config['default_host'] = 'ssl://localhost';
$config['default_port'] = 993;
NOTE: using tls://localhost did not work for me. I had to specify ssl:// as the URI scheme.
Via PhpMyAdmin, I also ran this SQL command (all my user accounts are on the same machine that runs RoundCube):
UPDATE `rc_users` SET `mail_host`='ssl://localhost'
I got the port number 993 from running sudo netstat -tulnp in order to determine the port on which Dovecot was listening.

Gmail smtp SASL authentication

I'm using postfix to send email via gmail with an application's password (two step-validation activated).
Each time I test sending mail using sendmail command, I get this error:
Action: delayed
Status: 4.7.14
Diagnostic-Code: X-Postfix; delivery temporarily suspended: SASL authentication
failed; server smtp.gmail.com said: 534-5.7.14
<https://accounts.google.com/signin/continue?...> Please log in via your web browser and?534-5.7.14 then try again.?534-5.7.14
This is my postfix configuration:
main.cf
myorigin = /etc/mailname
mydestination = mydomain.com, localhost.fr, localhost
relayhost = [smtp.gmail.com]:587
smtp_sasl_auth_enable = yes
smtp_sasl_security_options = noanonymous
smtp_sasl_password_maps = hash:/etc/postfix/sasl/sasl_passwd
smtp_tls_security_level = encrypt
smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
/etc/postfix/sasl/sasl_passwd:
[smtp.gmail.com]:587 admin#mydomain.com:application_password
And this is how I used sendmail:
sendmail -v ...
From: admin#mydomain.com
Subject: Test
This is a test mail
.
Any ideas ? Thanks !
For anyone finding this who has run into the same scenario:
Using an app specific password
2FA enabled on your account
Seeing 'delivery temporarily suspended: SASL authentication failed; server smtp.gmail.com[173.194.68.109] said: 534-5.7.9 Please log in with your web browser and then try again' in your log
You may need to visit https://accounts.google.com/DisplayUnlockCaptcha to 'bypass' the captcha, which will enable the account access and get everything working.
Allow less secure apps: If you don't use 2-Step Verification, you might need to allow less secure apps to access your account.