Pi, exim4 and google smtp

formatting link

--
There is nothing a fleet of dispatchable nuclear power plants cannot do  
that cannot be done worse and more expensively and with higher carbon  
 Click to see the full signature
Reply to
The Natural Philosopher
Loading thread data ...

On Fri, 18 Oct 2019 23:43:41 +0100, MArtin declaimed the following:

Meaningless... The first is using a gmail web page (a gmail controlled client application) that runs ON a gmail server sending to your ISP server. This tests nothing with regards to having a non-gmail client (exim on the R-Pi) sending via the gmail server.

Have you set gmail to allow unsecure applications?

--
	Wulfraed                 Dennis Lee Bieber         AF6VN 
	wlfraed@ix.netcom.com    http://wlfraed.microdiversity.freeddns.org/
Reply to
Dennis Lee Bieber

On Fri, 18 Oct 2019 23:33:59 +0100, MArtin declaimed the following:

Many ISPs block use of port 25 -- one should use either 587 ("submission port") or an alternate/TLS port (not sure what number that is; google indicates blueyonder uses the obsolete port 465)

A five year old article

formatting link
(may only verify what you've tried -- I don't know how your configuration has been set-up). (Also
formatting link
)

Possibly of note -- from your original post

Your last success used "plain" protocol for authentication... I haven't been able to find anything defining what gmail really wants these days. The server itself doesn't list it...

220 smtp.gmail.com ESMTP j31sm2563838ota.13 - gsmtp EHLO gmail.com 250-smtp.gmail.com at your service, [2600:1700:e630:890:c932:bd85:577:9922] 250-SIZE 35882577 250-8BITMIME 250-STARTTLS 250-ENHANCEDSTATUSCODES 250-PIPELINING 250-CHUNKING 250 SMTPUTF8

(No AUTH protocol list)

And this just says it doesn't like whatever authentication was attempted.

Perhaps undoing the unsecure apps and setting up app-specific passwords as per

formatting link

Unfortunately, we are at the stage where I'd have to install exim on my web-server R-Pi to diagnose any further.

--
	Wulfraed                 Dennis Lee Bieber         AF6VN 
	wlfraed@ix.netcom.com    http://wlfraed.microdiversity.freeddns.org/
Reply to
Dennis Lee Bieber

On Sat, 19 Oct 2019 12:43:00 -0400, Dennis Lee Bieber declaimed the following:

Apologies -- you have already answered that... Just that the message threading put the reply some 10 posts below

--
	Wulfraed                 Dennis Lee Bieber         AF6VN 
	wlfraed@ix.netcom.com    http://wlfraed.microdiversity.freeddns.org/
Reply to
Dennis Lee Bieber

Avast's configuration for the email/news sig-ish ad trailer is in Configure shield settings/ Mail shield/ Add a signature to the end of sent mails - uncheck

There's an article about exim and smtp.gmail.com that claims to be last edited 2019 Jul, but all its references are much much older

formatting link
Installing and Configuring Exim4 for Gmail SMTP Relay This page was last edited on 30 July 2019, at 19:59.

--
Mike Easter
Reply to
Mike Easter

Make sure the app specific passwords are set. These are random-like strings that gmail generates for you to enter in your "device=pi" password setup - it's not your own choice of password letters/chars.

FWIW, I used to use exim4 some time ago, which worked fine (however the following writeup will have changed now)

formatting link

Currently I do this with postfix, works perfectly on a headless pi

formatting link

--
Adrian C
Reply to
Adrian Caspersz

Thanks I believe that I have changed it.

Very similar to where I had my configuration. The references I used originally were:

formatting link
and
formatting link

They gave me a happily working configuration - until it stopped working.

I do like your references troubleshooting suggestion of nuke the install and start all over again. For completeness it should probably have a more drastic suggestion involving physical violence for when it still doesn't work.

Thanks MArtin

Reply to
MArtin

with gmail as the smarthost exim is connecting, switching to TLS, trying to authenticate and not being accepted.

insecure apps is turned on.

The user name and password is correct when I log into googles own webmail. I don't have two factor authentication and at the moment seem to have failed to set it up as well.

pub time.

MArtin

Reply to
MArtin

Only partially agree - it doesn't check anything on exim or the pi connectivity but it did show to me that i wasn't having a username / password moment of stupidity either self caused or google caused.

The pi configuration was working and had been working for over a year. It suddenly stopped so a password having been changed or expired was an obvious first possibility i tried.

MArtin

Reply to
MArtin

gmail only lists the auth after it has switched to TLS so I am seeing

SMTP>> EHLO PI09 SMTP> STARTTLS SMTP> EHLO PI09 SMTP

Reply to
MArtin

On Sun, 20 Oct 2019 21:36:49 +0100, MArtin declaimed the following:

I still don't believe that direct Google log-in success means much -- other than to verify you do have a valid account.

What character encoding is being used by the direct log-in vs that being used by exim4? If your password has some special characters that have different values in different encodings then the password could be seen as different on the server end. Does the password only use characters in the

7-bit ASCII set? (That should be safe for ASCII, ISO-Latin-1, and UTF8 encodings).

Unfortunately, I suspect having those items sent after the STARTTLS command means WireShark won't capture legible packets, and sense each session should have negotiated a different key-pair you can't rely upon matching up packets between sessions.

--
	Wulfraed                 Dennis Lee Bieber         AF6VN 
	wlfraed@ix.netcom.com    http://wlfraed.microdiversity.freeddns.org/
Reply to
Dennis Lee Bieber

Ha.

When I'm trying to engage a server 'manually', depending on the protocol, I use a 'telnet-like' client and the nntp or smtp or imap exchanges.

Since this involves TLS, I would use openssl which uses the various ssl/tls protocols.

formatting link
Talk smtp to gmail with openssl s_client

--
Mike Easter
Reply to
Mike Easter

Also, I would note the CRLF issues in the comments section of the article above, which discussion is extended over here

formatting link
Connecting to smtp.gmail.com via command line

--
Mike Easter
Reply to
Mike Easter

I've run into the CR vs CRLF inside SSL / TLS only once in ~20 years. That was with the Courier SMTP server.

I've never seen it be an issue when connecting to to Gmail's SMTP servers.

The "-crlf" flag for openssl's s_client makes it easy to work around this /if/ it proves to be a problem.

--
Grant. . . . 
unix || die
Reply to
Grant Taylor

ElectronDepot website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.