Last active
December 28, 2024 09:33
Revisions
-
darwin revised this gist
Sep 14, 2020 . 1 changed file with 7 additions and 10 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -51,22 +51,19 @@ This would exaplain the random behaviour of the issue: 2. assume none of them is currently banned by `smtp.gmail.com` 3. your web interface is assigned to work with C0. 4. you are able to setup "Send emails from a different address or alias" with your GSuite login+password, no problem in validating your credentials 5. later some bad actor using gmail web interface behaves in a way which triggers `smtp.gmai.com` ban, say it happened to be C0 machine 6. later when you try to send an email via gmail web interface, it uses C0, and you get "535 5.7.8 Username and Password not accepted." response back [5] 7. then you go into gmail settings and try to re-enter your password, you will get back "Authentication failed. Please check your username/password and Less Secure Apps...". This leads to a great confusion because your username/password are 100% correct. And you have no idea what "Less Secure Apps" mean, because you already have 2FA enabled, so this option is nowhere to be found. You try to google for some explanation and there is no clear answer. Only partially correct historical pages describing various stages how it worked in the past or confusing pages not related to the issue. 8. anyways, C0 ban is somehow time-limited. So it is possible that during next 24h or so, it starts working again. Or there is a chance your gmail client starts using a different backend computer, say C1 because of rotation. 9. so the feature now started working again... 10. ...until it stops again - because some other backend computer got banned and your gmail web client happened to be using it. This also explains why some people on the forums claim they solved the issue by enabling 2FA, or doing some captcha woodoo with Less Security Apps setting, or by removing and re-adding the email account in "Send emails from a different address or alias" settings. It was a pure luck or they managed to trigger reassigning of their backend computer, so they luckily got assigned a non-banned machine. ``` [1] https://support.google.com/mail/answer/22370?hl=en -
darwin revised this gist
Sep 14, 2020 . 1 changed file with 1 addition and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -45,7 +45,7 @@ Imagine a more strict black list for abusing computers. So `smtp.gmail.com` migh The likely root of the problem is that Google's own computers providing "Send emails from a different address or alias" feature of gmail might get banned. This would exaplain the random behaviour of the issue: 1. assume Gmail web-interface uses 10 backend computers: C0, C1, C2, ..., C9 to implement the "Send emails from a different address or alias" feature 2. assume none of them is currently banned by `smtp.gmail.com` -
darwin revised this gist
Sep 14, 2020 . 1 changed file with 13 additions and 13 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -17,14 +17,14 @@ The Internet is full of complains[6][7] with messy answers and without proper so Generally there are two ways how to use `smtp.gmail.com` (speaking about the secondary email google account, GSuite in my case): ##### Method 1 1. your account does not have 2FA 2. you use your real login+password 3. and you must have enabled "Use less secure apps" under the account security ##### Method 2 1. your account does have 2FA enabled 2. you must generate a new app-specific password 3. and you use login+generated password[3][4] This is causing quite some confusion among users. Anyways, I tested both methods and both are subject of this issue. @@ -33,7 +33,7 @@ This is causing quite some confusion among users. Anyways, I tested both methods (this is my speculation) Gmail web-interface uses some backend services to send emails. This is probably some google's cloud so it is not one but many machines in the cloud. When you add a new email via "Send emails from a different address or alias" gmail immediatelly performs a test of the connection and then has to store the credentials for later use. Note that `smtp.gmail.com` is another independent service running in the cloud, @@ -52,7 +52,7 @@ This would exaplain the erratic behaviour of the issue: 3. your web interface is assigned to work with C0. 4. you are able to setup "Send emails from a different address or alias" with your GSuite login+password, no problem in validating your credentials 5. later some bad actor usign gmail web interface behaves in a way which triggers `smtp.gmai.com` ban, say it happened to be C0 machine 6. later when you try to send email via gmail web interface, it uses C0, and you get "535 5.7.8 Username and Password not accepted." response back [5] 7. then you go into gmail settings and try to re-enter your password, you will get back "Authentication failed. Please check your username/password and Less Secure Apps...". This leads to great confusion because your username/password are 100% correct. And you have no idea what "Less Secure Apps" mean, because you already have @@ -68,11 +68,11 @@ removing and re-adding the email account in "Send emails from a different addres It was a pure luck or they managed to trigger reassign of their backend computer, so they luckily get assigned a non-banned machine. ``` [1] https://support.google.com/mail/answer/22370?hl=en [3] https://support.google.com/domains/answer/9437157?hl=en [4]: note that the option to "Use less secure apps" is not available with 2FA enabled [5]: note that technically there is no problem in the login/password, the problem is that C0 is banned and smtp.gmail.com refused to talk to it [6] https://support.google.com/accounts/thread/4520575?hl=en [7] https://support.google.com/mail/thread/40210887?hl=en ``` -
darwin revised this gist
Sep 14, 2020 . 1 changed file with 3 additions and 2 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -24,7 +24,7 @@ Generally there are two ways how to use `smtp.gmail.com` (speaking about the sec ##### Method 2 1. your account does have 2FA enabled, 2. you must generate a new app-specific password, 3. and you use login+generated password[3][^4] This is causing quite some confusion among users. Anyways, I tested both methods and both are subject of this issue. @@ -52,7 +52,7 @@ This would exaplain the erratic behaviour of the issue: 3. your web interface is assigned to work with C0. 4. you are able to setup "Send emails from a different address or alias" with your GSuite login+password, no problem in validating your credentials 5. later some bad actor usign gmail web interface behaves in a way which triggers `smtp.gmai.com` ban, say it happened to be C0 machine 6. later when you try to send email via gmail web interface, it uses C0, and you get "535 5.7.8 Username and Password not accepted." response back[^5] 7. then you go into gmail settings and try to re-enter your password, you will get back "Authentication failed. Please check your username/password and Less Secure Apps...". This leads to great confusion because your username/password are 100% correct. And you have no idea what "Less Secure Apps" mean, because you already have @@ -68,6 +68,7 @@ removing and re-adding the email account in "Send emails from a different addres It was a pure luck or they managed to trigger reassign of their backend computer, so they luckily get assigned a non-banned machine. --- [1]: https://support.google.com/mail/answer/22370?hl=en [3]: https://support.google.com/domains/answer/9437157?hl=en -
darwin revised this gist
Sep 14, 2020 . No changes.There are no files selected for viewing
-
darwin revised this gist
Sep 14, 2020 . No changes.There are no files selected for viewing
-
darwin revised this gist
Sep 14, 2020 . 1 changed file with 7 additions and 7 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -10,7 +10,7 @@ the feature and send emails via my secondary email without problems. Unfortunately this solution is no longer working properly. It suffers from intermittent "535 5.7.8 Username and Password not accepted." issues. The Internet is full of complains[6][7] with messy answers and without proper solution. ### First, don't get side-tracked with fiddling with "less secure apps" @@ -69,9 +69,9 @@ removing and re-adding the email account in "Send emails from a different addres It was a pure luck or they managed to trigger reassign of their backend computer, so they luckily get assigned a non-banned machine. [1]: https://support.google.com/mail/answer/22370?hl=en [3]: https://support.google.com/domains/answer/9437157?hl=en [4]: note that the option to "Use less secure apps" is not available with 2FA enabled [5]: note that technically there is no problem in the login/password, the problem is that C0 is banned and smtp.gmail.com refused to talk to it [6]: https://support.google.com/accounts/thread/4520575?hl=en [7]: https://support.google.com/mail/thread/40210887?hl=en -
darwin created this gist
Sep 14, 2020 .There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,77 @@ ### The problem I'm using web-based gmail as my primary email client. I want to use anoter SMTP server to send emails using secondary email address which is managed by GSuite. GMail offers "Send emails from a different address or alias" feature[1]. Historically it has been possible to use `smtp.gmail.com` with my GSuite credentials to enable the feature and send emails via my secondary email without problems. Unfortunately this solution is no longer working properly. It suffers from intermittent "535 5.7.8 Username and Password not accepted." issues. The Internet is full of complains[6][7][8] with messy answers and without proper solution. ### First, don't get side-tracked with fiddling with "less secure apps" Generally there are two ways how to use `smtp.gmail.com` (speaking about the secondary email google account, GSuite in my case): ##### Method 1 1. your account does not have 2FA, 2. you use your real login+password, 3. and you must have enabled "Use less secure apps" under the account security ##### Method 2 1. your account does have 2FA enabled, 2. you must generate a new app-specific password, 3. and you use login+generated password[3][4] This is causing quite some confusion among users. Anyways, I tested both methods and both are subject of this issue. ### My theory (this is my speculation) Gmail web-interface uses some backend services to send emails. This is probably some google's cloud so it is not one but many machines in the clould. When you add a new email via "Send emails from a different address or alias" gmail immediatelly performs a test of the connection and then has to store the credentials for later use. Note that `smtp.gmail.com` is another independent service running in the cloud, not related to the "Send emails from a different address or alias" feature of gmail. (`smtp.gmail.com` may be used by any 3rd party app to send emails via google). Recently (probaly around April 2020) Google likely deployed more security hardening of `smtp.gmail.com`. Imagine a more strict black list for abusing computers. So `smtp.gmail.com` might refuse to communicate with a banned IP. The likely root of the problem is that Google's own computers providing "Send emails from a different address or alias" feature of gmail might get banned. This would exaplain the erratic behaviour of the issue: 1. assume Gmail web-interface uses 10 backend computers: C0, C1, C2, ..., C9 to implement the "Send emails from a different address or alias" feature 2. assume none of them is currently banned by `smtp.gmail.com` 3. your web interface is assigned to work with C0. 4. you are able to setup "Send emails from a different address or alias" with your GSuite login+password, no problem in validating your credentials 5. later some bad actor usign gmail web interface behaves in a way which triggers `smtp.gmai.com` ban, say it happened to be C0 machine 6. later when you try to send email via gmail web interface, it uses C0, and you get "535 5.7.8 Username and Password not accepted." response back[5] 7. then you go into gmail settings and try to re-enter your password, you will get back "Authentication failed. Please check your username/password and Less Secure Apps...". This leads to great confusion because your username/password are 100% correct. And you have no idea what "Less Secure Apps" mean, because you already have 2FA enabled, so this option is nowhere to be found. You try to google for some explanation and there is no clear answer. Only partially correct historical pages describing various stages how it worked in the past or confusing pages not related to the issue. 8. anyways, C0 ban is somehow time-limited. So it is possible that during next 24h or so, it starts working again. Or there is a chance your gmail client will start using a different backend computer from the set, say C1 because of rotation. 9. so the feature now started working again... 10. ...until it stops again - because some other backend computer got banned and your gmail web client happened to be using it This also explains why some people on the forums claim they solved the issue by enabling 2FA, or doing some captcha woodoo with Less Security Apps setting, or removing and re-adding the email account in "Send emails from a different address or alias" settings. It was a pure luck or they managed to trigger reassign of their backend computer, so they luckily get assigned a non-banned machine. [1] https://support.google.com/mail/answer/22370?hl=en [3] https://support.google.com/domains/answer/9437157?hl=en [4] note that the option to "Use less secure apps" is not available with 2FA enabled [5] note that technically there is no problem in the login/password, the problem is that C0 is banned and smtp.gmail.com refused to talk to it [6] https://support.google.com/accounts/thread/4520575?hl=en [7] https://support.google.com/mail/thread/40210887?hl=en