[solved] Gmail and identity_smtp

[bagstone]

I've just set up a new email server with a new Roundcube installation (1.1.5, Debian Jessie backport) and everything works fine. Even though the identity_smtp plugin isn't in the Debian plugins package, a manual install did the job and it works just fine for every external SMTP. Except for... Gmail.

No matter if I use tls://smtp.gmail.com (with port 587) or ssl://smtp.gmail.com (with port 465), the Roundcube SMTP log always reads the same:

Code Select Expand


Send: EHLO domain.tld
Recv: 250-smtp.gmail.com at your service, [my-ipv6-address]
Recv: 250-SIZE 35882577
Recv: 250-8BITMIME
Recv: 250-STARTTLS
Recv: 250-ENHANCEDSTATUSCODES
Recv: 250-PIPELINING
Recv: 250-CHUNKING
Recv: 250 SMTPUTF8
Send: STARTTLS
Recv: 220 2.0.0 Ready to start TLS
Send: EHLO domain.tld
Recv: 250-smtp.gmail.com at your service, [my-ipv6-address]
Recv: 250-SIZE 35882577
Recv: 250-8BITMIME
Recv: 250-AUTH LOGIN PLAIN XOAUTH2 PLAIN-CLIENTTOKEN OAUTHBEARER XOAUTH
Recv: 250-ENHANCEDSTATUSCODES
Recv: 250-PIPELINING
Recv: 250-CHUNKING
Recv: 250 SMTPUTF8
Send: AUTH LOGIN
Recv: 334 VXXXXXXXXXX6
Send: aXXXXXXXXXXXXXXXXXXXX0=
Recv: 334 UXXXXXXXXXX6
Send: ****** [12]
Recv: 534-5.7.14 <https://accounts.google.com/signin/continue?sarp=1&scc=1&plt=AKgnsbt4
Recv: 534-5.7.14 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Recv: 534-5.7.14 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Recv: 534-5.7.14 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Recv: 534-5.7.14 55qapB7m6vaVqCfHKWrnaKUI0LWlI> Please log in via your web browser and
Recv: 534-5.7.14 then try again.
Recv: 534-5.7.14  Learn more at
Recv: 534 5.7.14  https://support.google.com/mail/answer/78754 4sm1XXXXXXXXXmu.2 - gsmtp
Send: RSET
Recv: 250 2.1.5 Flushed 4XXXXXXXXXXXXXu.2 - gsmtp
Send: QUIT
Recv: 221 2.0.0 closing connection 4XXXXXXXXXXXXXu.2 - gsmtp


It works just fine if I turn the "less secure" option on in Gmail (https://www.google.com/settings/security/lesssecureapps), but of course that sort of defeats the purpose, doesn't it? I'd really like to resolve this issue...


Edit: See below, enabling 2 factor auth and generate an application key was the solution. Thanks to the author of this awesome plugin!

[SKaero]

The "less secure" option has to be checked since Roundcube doesn't support open id authentication.

[bagstone]

Oh That's a shame

Are there any plans to change that? I found an old topic from 6 years ago where users request/discuss it, but since 6 years is an eternity in software development I'm going to ask again...

[SKaero]

I don't think there are any plans to support it. If I recall correctly one of the problems is its Google's own thing and not part of any spec so it would most likely need to be supported with a plugin which I think would be possible with the apis available today.

That said I don't see a ticket about it so you could try opening one https://github.com/roundcube/roundcubemail/issues

[deflomu]

You can also enable 2 factor authentication (https://www.google.com/landing/2step/) and generate a application specific password for roundcube.

[bagstone]

@Skaero: I don't even feel technically well-versed enough to have the vocabulary to correctly phrase a ticket. OpenID, XOAuth2, it's all Greek to me. I've found this plugin which might be relevant, though it's completely outdated (I didn't even try it to be honest):

https://github.com/aimxhaisse/roundcube-mod-auth-openid

@deflomu: Completely overlooked that. Just did it and it works like a charm - perfect! That's all I need to be honest, send GMail from my Roundcube without compromising security.

That seals the deal for me, so 2 factor auth was the solution for me here. I marked the topic as [solved].