smtp and gmail

[David Boneham]

Due to a more rigorous implementation of security policies at gmail, I have found this week that  it has become impossible to connect to the gmail smtp server using mu4e. Google guidance refers to switching off 2FA and using the "Less Secure Applications" procedure. But that did not solve the problem for me.

For practical reasons, it is not feasible for me to change email service provider. So I am currently using Thunderbird - which works.

This is not my preferred solution, however. Has anyone successfully navigated a connection to the gmail smtp server in the last few days? I should be very grateful for guidance.

[Magnus Therning]

If this reaches you then my gmail smtp setup is still working. I did set
it a while ago though.

I've set up an "app password" for mu4e, and put it into =~/.authinfo.gpg=:

#+begin_quote
machine smtp.gmail.com login <email address> port 587 password <app pwd>
#+end_quote

and the following settings in my Emacs config

#+begin_src emacs-lisp
(setq message-send-mail-function 'smtpmail-send-it
starttls-use-gnutls t
smtpmail-starttls-credentials '(("smtp.gmail.com" 587 nil nil))
smtpmail-default-smtp-server "smtp.gmail.com"
smtpmail-smtp-server "smtp.gmail.com"
smtpmail-smtp-service 587
smtpmail-debug-info t)
#+end_src

Hopefully that'll be of some help.

/M

--
Magnus Therning OpenPGP: 0x927912051716CE39
email: mag...@therning.org
@mag...@mastodon.technology http://magnus.therning.org/

Reality is that which, when you stop believing in it, doesn't go away.
— Philip K. Dick

[Christopher Gray]

I'm using msmtp and I use app passwords for 2FA. 

pacman -S msmtp

I have the message-send-mail-function in Emacs set to message-send-mail-with-sendmail.

/home/christopher/.config/msmtp/config has:

defaults
auth on
tls on
tls_trust_file /etc/ssl/certs/ca-certificates.crt
logfile /home/christopher/.cache/msmtp/msmtp.log

account        fastmail
host           smtp.fastmail.com
port           465
from           chris...@myowndomain.com
user           chris...@myowndomain.com
tls_starttls   off
#https://wiki.archlinux.org/index.php/msmtp#GNOME_Keyring

account        gmail
host           smtp.gmail.com
port           587
from           christoph...@gmail.com
user           christophergray168

account default : fastmail

Notice that there is nothing about authorization.  Msmtp knows how to look in the Gnome keyring.  I have a keyring named login, and the password to it is the same as my login password; doing this causes the keyring to be unlocked when I login to my session.  I store my email passwords in this same keyring, which stays unlocked for the duration of my session, so I am never asked for a password to send or receive email.

Gnome-keyring has few dependencies.  I use it even though I use Xfce and I don't have Gnome installed.

pacman -S gnome-keyring

pacman -S libsecret

The app passwords were put into the Gnome keyring like so:

secret-tool store --label=msmtp host smtp.fastmail.com service smtp user chris...@myowndomain.com

secret-tool store --label=msmtp host smtp.gmail.com service smtp user christophergray168

At the "Password:" prompts, input the appropriate app password for each account.

I use mbsync to sync the imap accounts:

pacman -S isync

I don't give the whole configuration here, since you were asking about smtp.  And whatever sync tool you are using probably has something equivalent to mbsync's PassCmd.

Fastmail, and also Gmail use the same app password for imap as smtp so my .mbsyncrc has:

PassCmd "secret-tool lookup user chris...@myowndomain.com"

PassCmd "secret-tool lookup user christophergray168"
which looks up, for mbsync, the passwords that were stored the way msmtp likes them, i.e, you don't need to store them twice.

[David Boneham]

Thanks both.

The solution for me was to edit ~/.authinfo.gpg, which had a superseded password in it. Previously mu4e would prompt me to insert the correct password,, if not included within .authinfo.gpg. But that seems to have stopped. Correcting the file data worked however.

I'm interested in Gnome keyring, which I have used in the past. But .authinfo.gpg working now...

Thanks again

[Ævar Arnfjörð Bjarmason]

I'm using that method right now to send you this E-Mail, i.e. setting an
application password for GMail.

I'm doing so by sending mail through a local exim configured to use
Gmail as a gateway.

As an aside I think that's a much superior method of hooking mu4e up to
an MTA than using something Emacs-specific. You get a well-tested MTA
with retry logic etc., all without a mail getting lost if your Emacs
crashes or whatever.

But I can't imagine that anything Emacs-native would have difficulties
with the auth method I'm using with Exim right now. It's just opening a
connection and issuing an AUTH.

[Andrew Fontaine]

I am using a similar set-up as well, using
`mbysnc` and `msmtp`. My emacs config is:

(sendmail-program . "msmtp")
(send-mail-function . smtpmail-send-it)
(message-sendmail-f-is-evil . t)
(message-sendmail-extra-arguments . ("--read-envelope-from"))
(message-send-mail-function . message-send-mail-with-sendmail)

and `msmtp` (generated, as I use nix and home-manager):

account me
auth on
from <username>
host smtp.gmail.com
passwordeval <cmd to fetch password from password store>
port 465
tls on
tls_starttls off
tls_trust_file /etc/ssl/certs/ca-certificates.crt # This is
from nix
user <username>

--

Andrew Fontaine