Pi, exim4 and google smtp

My headless pi has been sending emails to my normal account from it
and its companion headless pi for well over a year. They are only
occasional status, temperature warning and the like so should be well
under any number or rate limits. With no configuration changes here or
changes by me to the gmail account it has suddenly stopped working. A
look at the exim4 log shows the last successful email as:
2019-10-15 12:59:41 1iKLUK-0008Vq-B4 XXXXXXXX.co.uk
R=smarthost T=remote_smtp_smarthost
H=gmail-smtp-msa.l.google.com [74.125.133.109]
X=TLS1.2:ECDHE_RSA_CHACHA20_POLY1305:256 CV=no
DN="C=US,ST=California,L=Mountain View,O=Google LLC,CN=smtp.gmail.com"
A=plain C="250 2.0.0 OK 1571140782 a10sm21277754wrm.52 - gsmtp"
2019-10-15 12:59:42 1iKLUK-0008Vq-B4 Completed
and the first unsuccessful email as:
2019-10-16 05:15:03 1iKaiE-0001MQ-PH
Reply to
MArtin
Loading thread data ...
Google randomly breaks mail from the real world of SMTP all the time. As long as other gmail users and outlook.com users can get their mail in, they're happy; trying to send reliably from anything else is a generally waste of effort.
That said, sending via an ISP's smarthost may have a better chance of success.
Reply to
Roger Bell_West
How is Exim configured? Remote debugging attempts on configuration one can?t see aren?t very practical.
Can you see what happens in the SMTP connection? At the least you need to establish whether Exim is attempting to authenticate and failing, or not even trying.
Something like:
(echo ?To: user@address ; echo Subject: t; echo; echo body) | exim -odf -v -t
--
https://www.greenend.org.uk/rjk/
Reply to
Richard Kettlewell
Sorry, remove the quote:
(echo To: user@address ; echo Subject: t; echo; echo body) | exim -odf -v -t
--
https://www.greenend.org.uk/rjk/
Reply to
Richard Kettlewell
FWIW I've seen perfectly standard email to gmail.com addresses rejected with this specific error in the last few weeks. It's just gmail being big enough not to have to care.
Reply to
Roger Bell_West
On Thu, 17 Oct 2019 23:19:32 +0100, MArtin declaimed the following:
Using what /software/? The account/password may not be the problem, rather features of the client doing the connection.
Presuming it is not a matter of not having the current gmail SSL key chain (I'd hope exim, et al have been patched to handle the security keys now in use -- that's the biggest problem with using Eudora on gmail; Eudora's key store doesn't recognize newer security chains), then the most likely aspect is that gmail considers exim (or your host) as an untrusted client.
For that, have you tried the information provided via that link? """ Allow less secure apps: If you don't use 2-Step Verification, you might need to allow less secure apps to access your account. """
That is a setting you have to make via the web interface to gmail.
Typically, for sending, one should first try using the SMTP provided by one's own ISP, even if the "account" of the email is not with that ISP. The client is configured to login in using the ISP credentials, but then sends the email using headers of the foreign account. (in old Eudora, this was a "relay host" -- you define one connection as the relay, and set a flag on other accounts telling them to send using the relay host instead of making a direct connection).
--
	Wulfraed                 Dennis Lee Bieber         AF6VN 
	wlfraed@ix.netcom.com    http://wlfraed.microdiversity.freeddns.org/
Reply to
Dennis Lee Bieber
It's a gmail issue and I don't think there is any fix for it. You pretty much can't use gmail as a smarthost anymore. We've been doing the same thing for years but are having to come up with another solution now. All the email providers want you to use their application or use two step authentication and I don't think it is going to go away ever.
--

Knute Johnson
Reply to
Knute Johnson
Gmail is using a black hole list, maybe RBL. If your ISP's sending MTA gets on the list, your mail will be delayed or rejected.
Been there, maybe even now.
--

-TV
Reply to
Tauno Voipio
logging in via web mail just to make sure the password hadn't been changed by outside agency.
It suddenly stopped working in the last couple of days. I'verun an update upgrade cycle on the pi but while it found things to update it made no difference to this issue.
That was already set, it had to be to work originally. Checking showed it as still set.
Yes, I tried that originally before using Google, and have spent today trying again, unfortunately it seems my ISP while supporting smtp isn't compatible with exim. I couldn't persuade it to work and gave up and used google and still cant - looking at their support forums it seems a selection of other people cant get the isp smtp to work with with a selection of clients either.
--
This email has been checked for viruses by Avast antivirus software. 
https://www.avast.com/antivirus
Reply to
MArtin
Unfortunately the reason I was using google was because configuration with the ISP server proved too difficult originally. Having spent all day trying to configure to use the ISP servers and trawling their support forums it seems I am not alone in having difficulty with the isp servers and the previous advice has been google is easier to configure and get working!
MArtin
--
This email has been checked for viruses by Avast antivirus software. 
https://www.avast.com/antivirus
Reply to
MArtin
I can send happily from gmail web mail to my isp account. which removed my worries about the password having changed or a blocklist against the isp or my receving address being the issue. It sems it is specifically the exim config which is no longer compatible with google.
MArtin
--
This email has been checked for viruses by Avast antivirus software. 
https://www.avast.com/antivirus
Reply to
MArtin
Fwiw: I have found TuffMail to be an excellent for-fee email service provider. Their technical expertise is excellent, and their customer service is very good. In my experience, their spam filtering is superb.
On a different topic, the signature delimiter line above is defective. It's supposed to be "-- ", two hyphens followed by a space.
HTH
--
Robert Riches 
spamtrap42@jacob21819.net 
 Click to see the full signature
Reply to
Robert Riches
These two logs are non-trivially different to me. Let's break them down to what's different (that I think matters).
A) H=gmail-smtp-msa.l.google.com [74.125.133.109] CV=no A=plain C="250 2.0.0 OK 1571140782 a10sm21277754wrm.52 - gsmtp"
B) H=smtp.gmail.com [173.194.76.108] CV=yes: SMTP error from remote mail server after pipelined MAIL FROM: SIZE=1568: 530-5.5.1 Authentication Required. Learn more at 530 5.5.1
formatting link
r3sm15957872wre.29 - gsmtp
1) H is different. I would expect them to be the same. 2) CV is different. I'm not familiar with exim and can't speak to it. 3) The first log entry looks like it's using "PLAIN" SMTP Authentication. I don't see similar in the second log entry. 4) The second log entry seems to be complaining about the lack of authentication, possibly point #3 above.
I hope that point #4 is talking about point #3. Given that it looks like you're using IPv4 and not IPv6, you are likely not running into more stringent requirements that Google enforces on IPv6.
My first guess is that something happened and your client is not trying to use SMTP Authentication any more. I have no idea why.
I don't know if that helps or not. Hopefully it gives you something to look at.
For what it's worth, I successfully send email to Google / Gmail daily from my VPS. So it is possible to successfully get email into Google, even as a small email operator.
--
Grant. . . . 
unix || die
Reply to
Grant Taylor
Its worse than that.
I needed to fake an email fr a friuend who was sitting beside me ta the time. To send off a large dicument I had hlepned him preprae.
No problem I thought, I can fake his BT email account and send it through my own SMTP relay.
No chnace. the target systenm rejected it in te grounds that BT email doesnt get sent from random relays on the internet.
When I used his own domain however it worked perfectly.
The point is that it is now almost unacceptable to use your ISPs SMTP relay.
You have to send via your mail persons SMTP relay.
Last year, visiting my sister in Germany, I could not even connect to a third party port 25 without adding a whitelist to the ROUTER.
Before the commercialisation of the Internet, there was no point in sending random emails to people you didn't know.
Apart from malware, I wonder how many people, like me, simply refuse to buy anything they have seen advertised on the internet or on TV?
Is there any point in SPAM?
I only have one charity apart from poppy day, that I ever give serious money to. I bought a charity produt online
Every week since then I was emailed junk promotion for more charity products. Clicking unsubscribe made no difference. I blacklisted the domain. I will never contribute to that charity again.
--
"Strange as it seems, no amount of learning can cure stupidity, and  
higher education positively fortifies it." 
 Click to see the full signature
Reply to
The Natural Philosopher
set up exim on your own virtual server out there in internet land.
The rules of authenticated email are getting quite complex.
That at least allows you to control both ends of te smnart relay link to your client.
If you run Imap it also allows you global cloud access to your email.
--
"Women actually are capable of being far more than the feminists will  
let them."
Reply to
The Natural Philosopher
That seems to be to do with googles response to: host smtp.gmail.com
which used to give a set of gmail-smtp-msa.N.google.com has address x.x.x.x responses where N went from 1 to 4
and now gives smtp.gmail.com has address 173.194.76.108 smtp.gmail.com has IPv6 address 2a00:1450:400c:c00::6d
I don't know whether it used to have ipv6 results because I don't have ipv6 connectivity so would have ignored it.
that seems to be certificate verification result though what certificate and where it is I am not sure
I think that is because the connection has failed so the error is logged instead of the connection used
or possibly google is now requiring more / different authentication that i don't have
thanks for the thoughts - i am no further forward but have a slightly better view on the log entries
I would have claimed similar a week ago!
--
This email has been checked for viruses by Avast antivirus software. 
https://www.avast.com/antivirus
Reply to
MArtin
This is just the reason why the ISP mail agent is so important. IIRC, there is an EU recommendation that consumer accounts should be allowed to send email via licensed ISP servers only.
This at least makes it more difficult to fake emails (which we have far too much of in the current Net).
--

-TV
Reply to
Tauno Voipio
Sending mail is extremely easy through a PHP script running on the same server your mail provider is hosted on, e.g. in a contact form. If you make a machine accessible PHP instead of one for humans to fill in, it should be easy to access that from your PI.
--




/ \  Mail | -- No unannounced, large, binary attachments, please! --
Reply to
Axel Berger
And makes it far easier to enforce the ability of government organisations to read them.
--
There is something fascinating about science. One gets such wholesale  
returns of conjecture out of such a trifling investment of fact. 
 Click to see the full signature
Reply to
The Natural Philosopher
That is a useful idea thanks, though it would seem that there are no longer free accounts.
Yes, I am aware of the required delimeter, unfortunately it is set by avast and i don't know of a way to change it. My own if i set one which i frequently don't should be correct.
MArtin
-- Someone who thinks logically, provides a nice contrast to the real world.
--
This email has been checked for viruses by Avast antivirus software. 
https://www.avast.com/antivirus
Reply to
MArtin

ElectronDepot website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.