Sunday, January 28, 2024

Google phasing out password-based SMTP / POP3 / IMAP

We got an email with "[Action Required]", with a link to this blog post from google - https://workspaceupdates.googleblog.com/2023/09/winding-down-google-sync-and-less-secure-apps-support.html

We have used two different methods to deal with this - one solution using XOAuth, and one using App Passwords.

1. For some of our Moodle instances which used Google Workspace emails for outbound emails, we could use the in-built XOAuth support as explained here,

Admins can enable Gmail XOauth2 for outgoing and incoming mail

So I created two separate sets of credentials for one of the email ids, since the redirect url for each (one production and one development) server would be different as mentioned in the documentation linked from the tracker link above -

server.url/admin/oauth2callback.php

Setting up OAuth 2.0 - API Console Help (google.com)

2. For our internal server using ssmtp as mentioned in this earlier post, this procedure (or the use of PHPMailer which supports XOAuth) would not be suitable, since it does not have a public-facing website url.

(
ssmtp seems to be orphaned since 2019, 

msmtp doesn't seem to have oauth,

describes a python solution, but needs refresh, and needs a browser.

)

In passing, the email from google mentions that App Passwords are not going away - "Password-based access (with the exception of App Passwords) will no longer be supported" . We had earlier created App Passwords for use with We can create App Passwords if we enable 2FA. So, we enabled 2FA, created an App Password, and just replaced the password in our earlier ssmtp configuration file with the App Password (without spaces). And that works.

 

No comments:

Post a Comment