I've just set up a new email server with a new Roundcube installation (1.1.5, Debian Jessie backport) and everything works fine. Even though the identity_smtp plugin isn't in the Debian plugins package, a manual install did the job and it works just fine for every external SMTP. Except for... Gmail.
No matter if I use tls://smtp.gmail.com (with port 587) or ssl://smtp.gmail.com (with port 465), the Roundcube SMTP log always reads the same:
Send: EHLO domain.tld
Recv: 250-smtp.gmail.com at your service, [my-ipv6-address]
Recv: 250-SIZE 35882577
Recv: 250-8BITMIME
Recv: 250-STARTTLS
Recv: 250-ENHANCEDSTATUSCODES
Recv: 250-PIPELINING
Recv: 250-CHUNKING
Recv: 250 SMTPUTF8
Send: STARTTLS
Recv: 220 2.0.0 Ready to start TLS
Send: EHLO domain.tld
Recv: 250-smtp.gmail.com at your service, [my-ipv6-address]
Recv: 250-SIZE 35882577
Recv: 250-8BITMIME
Recv: 250-AUTH LOGIN PLAIN XOAUTH2 PLAIN-CLIENTTOKEN OAUTHBEARER XOAUTH
Recv: 250-ENHANCEDSTATUSCODES
Recv: 250-PIPELINING
Recv: 250-CHUNKING
Recv: 250 SMTPUTF8
Send: AUTH LOGIN
Recv: 334 VXXXXXXXXXX6
Send: aXXXXXXXXXXXXXXXXXXXX0=
Recv: 334 UXXXXXXXXXX6
Send: ****** [12]
Recv: 534-5.7.14 <https://accounts.google.com/signin/continue?sarp=1&scc=1&plt=AKgnsbt4
Recv: 534-5.7.14 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Recv: 534-5.7.14 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Recv: 534-5.7.14 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Recv: 534-5.7.14 55qapB7m6vaVqCfHKWrnaKUI0LWlI> Please log in via your web browser and
Recv: 534-5.7.14 then try again.
Recv: 534-5.7.14 Learn more at
Recv: 534 5.7.14 https://support.google.com/mail/answer/78754 4sm1XXXXXXXXXmu.2 - gsmtp
Send: RSET
Recv: 250 2.1.5 Flushed 4XXXXXXXXXXXXXu.2 - gsmtp
Send: QUIT
Recv: 221 2.0.0 closing connection 4XXXXXXXXXXXXXu.2 - gsmtp
It works just fine if I turn the "less secure" option on in Gmail (
https://www.google.com/settings/security/lesssecureapps), but of course that sort of defeats the purpose, doesn't it? I'd really like to resolve this issue...
Edit: See below, enabling 2 factor auth and generate an application key was the solution. Thanks to the author of this awesome plugin!