{"id":27765,"date":"2020-10-15T11:32:58","date_gmt":"2020-10-15T09:32:58","guid":{"rendered":"https:\/\/pi3g.com\/?p=27765"},"modified":"2020-10-15T11:32:58","modified_gmt":"2020-10-15T09:32:58","slug":"gmail-workspace-gmail-suite-send-e-mail-from-server-using-msmtp","status":"publish","type":"post","link":"https:\/\/pi3g.com\/de\/gmail-workspace-gmail-suite-send-e-mail-from-server-using-msmtp\/","title":{"rendered":"Gmail Workspace \/ Gmail Suite e-Mail vom Server mit msmtp senden"},"content":{"rendered":"

We are in the process of migrating to Gmail, to be able to delegate managing a mail server.<\/p>\n

We used ssmtp on our server to email mails before, using our own mail server (Zimbra).<\/p>\n

I have now managed to get Gmail Workspace working, and would like to share some pointers on how to do that. <\/p>\n

This is done on a Debian \/ Ubuntu system.<\/p>\n

Set up 2 factor authentication<\/h1>\n

Login to your Google account:<\/p>\n

https:\/\/myaccount.google.com\/<\/a><\/p>\n

Click on the Security tab and scroll down to 2-step Verification, enable it.<\/p>\n

\"image\"<\/a><\/p>\n

You will probably need to provide your mobile phone number to Google or choose another option here.<\/p>\n

Set up an App password<\/h1>\n

Click on \u201cApp passwords\u201d below the 2-Step Verification.<\/p>\n

Google will require you to sign-in again.<\/p>\n

\"image\"<\/a><\/p>\n

(Note I already have an app password set up, your screen might look a bit different in the beginning)<\/p>\n

Click on Select app, and select Other (custom name)<\/p>\n

\"image\"<\/a><\/p>\n

You can enter any name you like \u2013 it is for your reference. For example, <\/p>\n

\"image\"<\/a><\/p>\n

Click on Generate<\/strong><\/p>\n

A popup window will appear. Your app password will be shown only this one time, so be sure to copy it.<\/p>\n

\"image\"<\/a><\/p>\n

Note that the password is just shown as four segments of four characters each to be easier to read, there will be no spaces <\/strong>in the actual password.<\/p>\n

In this case the password is <\/p>\n

lwsznhkychasbbrh<\/em><\/p>\n

Click on Done.<\/p>\n

Switch to msmtp<\/h1>\n

ssmtp is not maintained anymore, and will also possibly have issues connecting to Gmail:<\/p>\n

\/var\/log\/syslog:Oct 15 09:52:22 Athena sSMTP[19076]: SSL connection using ECDHE_ECDSA_CHACHA20_POLY1305
\n\/var\/log\/syslog:Oct 15 09:52:22 Athena sSMTP[19076]: Authorization failed (535 5.7.8  <\/em>https:\/\/support.google.com\/mail\/?p=BadCredentials<\/em><\/a> ************.79 – gsmtp)<\/em><\/p>\n

ssmtp: Authorization failed (535 5.7.8  <\/em>https:\/\/support.google.com\/mail\/?p=BadCredentials<\/em><\/a> *************.4 – gsmtp)<\/em><\/p>\n

Apparently the ECDHE auth part might be a problem for some users on newer systems<\/a>.<\/p>\n

The workaround is to switch to msmtp<\/strong>.<\/p>\n

Remove ssmtp (all commands run as root)<\/p>\n

\n

apt-get purge ssmtp<\/p>\n<\/blockquote>\n

Install msmtp<\/p>\n

\n

apt-get install msmtp msmtp-mta<\/p>\n<\/blockquote>\n

Set up msmtp<\/h1>\n
\n

nano \/etc\/msmtprc<\/p>\n<\/blockquote>\n

Put in the following data:<\/p>\n

\n

defaults
\nauth           on
\ntls            on
\ntls_starttls   on
\ntls_trust_file \/etc\/ssl\/certs\/ca-certificates.crt
\nlogfile        \/var\/log\/msmtp.log<\/p>\n

account        gmail
\nhost           smtp.gmail.com
\nport           587<\/p>\n

from           user@example.com
\nuser           user@example.com
\npassword       lwsznhkychasbbrh<\/p>\n

account default : gmail\n<\/p>\n

<\/p>\n<\/blockquote>\n

Change your login data (from, user, and password \u2013 I have taken lwsznhkychasbbrh <\/em>from the example above).<\/p>\n

Note that you do not need to restart a service or anything like that \u2013 the access data will be used for the next email the server tries to send.<\/p>\n

Use the app password <\/strong>generated above \u2013 your account password will not work:<\/p>\n

msmtp: authentication failed (method PLAIN)
\nmsmtp: server message: 534-5.7.9 Application-specific password required. Learn more at
\nmsmtp: server message: 534 5.7.9  <\/em>https:\/\/support.google.com\/mail\/?p=InvalidSecondFactor<\/em><\/a> *************.29 – gsmtp
\nmsmtp: could not send mail (account default from \/etc\/msmtprc)<\/em>\n<\/p>\n

Also, please note that the app password should be entered without spaces between the characters (as discussed above)<\/p>\n

Secure this file (it contains login data!):<\/p>\n

\n

chmod 600 \/etc\/msmtprc<\/p>\n<\/blockquote>\n

\"image\"<\/a><\/p>\n

Enable Less secure apps<\/h1>\n

https:\/\/admin.google.com\/u\/2\/ac\/security\/lsa<\/a><\/p>\n

Unfortunately, you will also<\/strong> need to enable Less secure apps <\/strong>access for your accounts in Google Admin, otherwise you would continue to get the same error message:<\/p>\n

msmtp: authentication failed (method PLAIN)
\nmsmtp: server message: 535-5.7.8 Username and Password not accepted. Learn more at
\nmsmtp: server message: 535 5.7.8  https:\/\/support.google.com\/mail\/?p=BadCredentials<\/a> **********.34 – gsmtp
\nmsmtp: could not send mail (account default from \/etc\/msmtprc)<\/p>\n

\"image\"<\/a><\/p>\n

Change this to \u201cAllow users to manage their access to less secure apps\u201d and click on Save<\/strong>.<\/p>\n

Send a test message<\/h1>\n

If everything works correctly, you can now send a test message:<\/p>\n

\n

echo ‘test’ | msmtp ceo@example.com<\/a><\/p>\n<\/blockquote>\n

If this command returns without an error, then everything works.<\/p>\n

Also, if you refresh your App passwords view, you will see that the app password has been used (\u201clast used\u201d):<\/p>\n

\"image\"<\/a><\/p>\n

(this might not always be accurate as per my tests, though). <\/p>\n

If it would not <\/strong>work, you would get an output similar to the following:<\/p>\n

msmtp: authentication failed (method PLAIN)
\nmsmtp: server message: 535-5.7.8 Username and Password not accepted. Learn more at
\nmsmtp: server message: 535 5.7.8  <\/em>https:\/\/support.google.com\/mail\/?p=BadCredentials<\/em><\/a> ***********.9 – gsmtp
\nmsmtp: could not send mail (account default from \/etc\/msmtprc)<\/em><\/p>\n

Note: This error will also appear if you delete your app password using the trash can icon you can see above. This, by the way is a useful feature of the App passwords: if you suspect a breach, you can simply delete the app password and set up your device with another app password.<\/p>\n

If you continue to get this error, check whether you have enabled less secure apps, as I have instructed you to do (above). \n<\/p>\n

Note II: you will get an info about freshly created app passwords in your email account:<\/p>\n

\"image\"<\/a><\/p>\n

Note III: you will also get the sent messages in your sent folder:<\/p>\n

\"image\"<\/a>\n<\/p>\n

Ref<\/h1>\n