Author Topic: Fetchmail and Gmail: Oauth required [SOLVED]  (Read 1827 times)

hjt

  • Zen Apprentice
  • *
  • Posts: 7
  • Karma: +3/-0
    • View Profile
Fetchmail and Gmail: Oauth required [SOLVED]
« on: February 21, 2019, 01:46:06 am »
Apparently Google is tightening security, and closing down Imap(s) an POP3(s) access to  Gmail accounts.
(I am aware of the "Allow less secure app", but even when this is set access is not allowed anymore)

On both my production server (5.0) and a clean test install (6.0) the /var/log/mail.log throws errors:
Fetchmail Query status=3 (AUTHFAIL) Authorization failure on ######

It seems that Oauth is now required to get the mails from Gmail.
I found an article that covers giving Fetchmail (6.3 and 6.4) support for Oauth2 : http://mmogilvi.users.sourceforge.net/software/oauthbearer.html

But I cannot figure out how to get this into the Zentyal server. Anyone succeeded at this?

« Last Edit: February 21, 2019, 01:19:54 pm by hjt »

hjt

  • Zen Apprentice
  • *
  • Posts: 7
  • Karma: +3/-0
    • View Profile
Re: Fetchmail and Gmail: Oauth required
« Reply #1 on: February 21, 2019, 01:19:39 pm »
As from a few hours ago, Gmail stopped throwing AUTH errors and is delivering mail again. Not sure if they changed their policy or if there was a technical error involved.
Anyhow mail is flowing again, and the problem is solved so far, for what I'm concerned.

It appears that Oauth authentification will be a standard part of Fetchmail 7, so I'll be waiting for that to come to Zentyal.

Ret

  • Zen Apprentice
  • *
  • Posts: 28
  • Karma: +1/-0
    • View Profile
Re: Fetchmail and Gmail: Oauth required [SOLVED]
« Reply #2 on: January 09, 2020, 11:53:07 pm »
It seems that in 2021 Google will enforce the use of Oauth and block access to "Less secure apps"(LSA)
They sent an email to all admins to take actions.
This is part of their announcement,

Access to LSAs will be turned off in two stages:

June 15, 2020 - Users who try to connect to an LSA for the first time will no longer be able to do so. This includes third-party apps that allow password-only access to Google calendars, contacts, and email via protocols such as CalDAV, CardDAV and IMAP. Users who have connected to LSAs prior to this date will be able to continue using them until usage of all LSAs is turned off.
February 15, 2021 - Access to LSAs will be turned off for all G Suite accounts.


Let's hope Zentyal can solve this on time!