Paul Bierton Posted March 9, 2022 Share Posted March 9, 2022 We've had to change the password on the SMTP mailbox (Gmail) that we are using to send out Service Manager email. Im using an application specific password due to it being a 'Less Secure Application' in Googles eyes. When you initially test the account with the ASP, it sends the email is is received via the tested emails account. Press Save to accept the changed credentials, then Retest and we get the following error. Unable to send test message to the specified recipient ChilkatLog: SendEmail: DllDate: Feb 9 2021 ChilkatVersion: 9.5.0.86 UnlockPrefix: HRNBLL.CBX102021 Architecture: Little Endian; 64-bit Language: Visual C++ 2019 / x64 VerboseLogging: 0 Component successfully unlocked using purchased unlock code. sendEmailInner: renderToMime_pt1: createEmailForSending: Auto-generating Message-ID --createEmailForSending --renderToMime_pt1 sendMimeInner: ensureSmtpSession: ensureSmtpConnection: smtpParams: SmtpHost: smtp.gmail.com SmtpPort: 587 SmtpUsername: <REDACTED> SmtpSsl: 0 StartTLS: 1 --smtpParams smtpConnect: smtpHostname: smtp.gmail.com smtpPort: 587 connectionIsReady: Using existing/open SMTP connection to send email. --connectionIsReady Reconnecting because the connection has been idle for too long. smtpSocketConnect: socketOptions: SO_SNDBUF: 262144 SO_RCVBUF: 4194304 TCP_NODELAY: 1 SO_KEEPALIVE: 1 --socketOptions --smtpSocketConnect smtpGreeting: readSmtpResponse: SmtpCmdResp: 220 smtp.gmail.com ESMTP f13-20020adff8cd000000b001f03439743fsm1047731wrq.75 - gsmtp --readSmtpResponse --smtpGreeting startTLS: sendCmdToSmtp: SmtpCmdSent: EHLO live.hornbill.com<CRLF> --sendCmdToSmtp readSmtpResponse: SmtpCmdResp: 250-smtp.gmail.com at your service, [87.117.243.10] SmtpCmdResp: 250-SIZE 35882577 SmtpCmdResp: 250-8BITMIME SmtpCmdResp: 250-STARTTLS SmtpCmdResp: 250-ENHANCEDSTATUSCODES SmtpCmdResp: 250-PIPELINING SmtpCmdResp: 250-CHUNKING SmtpCmdResp: 250 SMTPUTF8 --readSmtpResponse sendCmdToSmtp: SmtpCmdSent: STARTTLS<CRLF> --sendCmdToSmtp readSmtpResponse: SmtpCmdResp: 220 2.0.0 Ready to start TLS --readSmtpResponse TLS connection established. --startTLS ehloCommand: sendCmdToSmtp: SmtpCmdSent: EHLO live.hornbill.com<CRLF> --sendCmdToSmtp readSmtpResponse: SmtpCmdResp: 250-smtp.gmail.com at your service, [87.117.243.10] SmtpCmdResp: 250-SIZE 35882577 SmtpCmdResp: 250-8BITMIME SmtpCmdResp: 250-AUTH LOGIN PLAIN XOAUTH2 PLAIN-CLIENTTOKEN OAUTHBEARER XOAUTH SmtpCmdResp: 250-ENHANCEDSTATUSCODES SmtpCmdResp: 250-PIPELINING SmtpCmdResp: 250-CHUNKING SmtpCmdResp: 250 SMTPUTF8 --readSmtpResponse --ehloCommand --smtpConnect --ensureSmtpConnection ensureSmtpAuthenticated: smtpAuthenticate: No SMTP password or OAuth2 access token provided. Skipping SMTP authentication because no login/password provided. smtp_host: smtp.gmail.com smtp_port: 587 smtp_user: <REDACTED> auth-method: NONE smtpAuthMethod: NONE smtpAuthenticate: login_method: NONE or already authenticated --smtpAuthenticate ConnectionType: SSL/TLS --smtpAuthenticate --ensureSmtpAuthenticated --ensureSmtpSession sendSmtpEmail: sendWithPipelining: sendMailFrom: mailFrom: do-not-reply@live.hornbill.com sendCmdToSmtp: SmtpCmdSent: MAIL FROM:<do-not-reply@live.hornbill.com><CRLF> --sendCmdToSmtp --sendMailFrom sendRcptTo: sendCmdToSmtp: SmtpCmdSent: RCPT TO:<REDACTED><CRLF> --sendCmdToSmtp --sendRcptTo sendCmdToSmtp: SmtpCmdSent: DATA<CRLF> --sendCmdToSmtp readSmtpResponse: SmtpCmdResp: 530-5.7.0 Authentication Required. Learn more at SmtpCmdResp: 530 5.7.0 https://support.google.com/mail/?p=WantAuthError f13-20020adff8cd000000b001f03439743fsm1047731wrq.75 - gsmtp --readSmtpResponse readRcptTo: readSmtpResponse: SmtpCmdResp: 530-5.7.0 Authentication Required. Learn more at SmtpCmdResp: 530 5.7.0 https://support.google.com/mail/?p=WantAuthError f13-20020adff8cd000000b001f03439743fsm1047731wrq.75 - gsmtp --readSmtpResponse bad_address: <REDACTED> --readRcptTo readSmtpResponse: SmtpCmdResp: 530-5.7.0 Authentication Required. Learn more at SmtpCmdResp: 530 5.7.0 https://support.google.com/mail/?p=WantAuthError f13-20020adff8cd000000b001f03439743fsm1047731wrq.75 - gsmtp --readSmtpResponse smtpRset: Sending RSET command. smtpSendGet2: sendCmdToSmtp: SmtpCmdSent: RSET<CRLF> --sendCmdToSmtp readSmtpResponse: SmtpCmdResp: 250 2.1.5 Flushed f13-20020adff8cd000000b001f03439743fsm1047731wrq.75 - gsmtp --readSmtpResponse --smtpSendGet2 --smtpRset --sendWithPipelining --sendSmtpEmail --sendMimeInner --sendEmailInner Failed. --SendEmail --ChilkatLog We have access to the account and can send normally through that email. Just not hornbill. Please Advise Link to comment Share on other sites More sharing options...
Paul Bierton Posted March 10, 2022 Author Share Posted March 10, 2022 This is now Urgent - We have spent 3 days being unable to send emails from Hornbill due to this issue - the ability to send emails is a CRITICAL core component of Hornbill and how we service ours users. We can receive the emails but cannot send to our end users. I have tried multiple times to add the password here: Each test is successful, you press SAVE CHANGES and then exit the page. Go back into the Page and press Test, the test fails. Something isnt right. Link to comment Share on other sites More sharing options...
Keith Stevenson Posted March 10, 2022 Share Posted March 10, 2022 Paul, Thanks for the post. Sadly this is a known issue. Once you make the change and it works (First time) do not go back in and retest as this will cause the password to be lost. The email will flow as expected after the initial save. Kind Regards Keith Stevenson Link to comment Share on other sites More sharing options...
Keith Stevenson Posted March 10, 2022 Share Posted March 10, 2022 @Paul Bierton The above is correct for the admin.hornbill.com/xxxx site (which is being deprecated) and wont get fixes IF you use live.hornbill.com/XXXX and the admin functionality from within that it will function as expected (You also dont get the option to re-test after going back in) Kind Regards Link to comment Share on other sites More sharing options...
Paul Bierton Posted March 10, 2022 Author Share Posted March 10, 2022 @Keith Stevenson I open live.hornbill.com > Administration (which takes me to admin.hornbill.com) System > Email >Domains > Add Password > Press Save Raised a New Ticket, Go No email for Raising a Ticket, The email to say its been raised is sat in the outbox. So Emails are not flowing as expected. (Ignore the Sent error thats a user with a missing email) Whether admin.hornbill is being deprecated or not, the current ability to edit these credentials isnt available in live.hornbill and as a result, we even with a single submission (not a retest) able to send mail. Link to comment Share on other sites More sharing options...
Keith Stevenson Posted March 10, 2022 Share Posted March 10, 2022 @Paul Bierton Administration in live is via the cog at the bottom Left , which should have the New button next to it. Kind Regards Link to comment Share on other sites More sharing options...
Paul Bierton Posted March 10, 2022 Author Share Posted March 10, 2022 Well who knew, I thought that was just user preferences. I dont recall seeing any patch notes relating to the change, we normally get a Hornbill notification of such new features. Ill have a look in there. Link to comment Share on other sites More sharing options...
Paul Bierton Posted March 10, 2022 Author Share Posted March 10, 2022 @Keith Stevenson Ive now set the password in the new section, But still no emails are going out - just sat in the Outbox still. Edit: Looks like there might be a resend delay on fail, Ill check back shortly. Link to comment Share on other sites More sharing options...
Paul Bierton Posted March 10, 2022 Author Share Posted March 10, 2022 @Keith Stevenson were getting this error now - We use 2 Factor Authentication, so This option is no longer available. SmtpCmdResp: 535-5.7.8 Username and Password not accepted. Learn more at SmtpCmdResp: 535 5.7.8 https://support.google.com/mail/?p=BadCredentials m9-20020a05600c4f4900b00389e8184edcsm351494wmq.35 - gsmtp gmail_hints: To send email via GMail using login/password authentication, your GMail account must be configured to allow for "less secure apps". See https://support.google.com/accounts/answer/6010255 Otherwise you need to use OAuth2 authentication. Examples for GMail SMTP OAuth2 authentication are available on example-code.com under the SMTP category. Is there any documentation for OAuth and Gmail? We already use SSO with Google. Link to comment Share on other sites More sharing options...
Paul Bierton Posted March 10, 2022 Author Share Posted March 10, 2022 @Keith Stevenson Further investigation shows that Gmail doesnt support OAuth for email. Going to contact Google to see what options we have also. Link to comment Share on other sites More sharing options...
Steve Giller Posted March 10, 2022 Share Posted March 10, 2022 53 minutes ago, Paul Bierton said: I dont recall seeing any patch notes relating to the change This will be the announcement you missed, there may be other information you're not yet aware of in there. Link to comment Share on other sites More sharing options...
Paul Bierton Posted March 10, 2022 Author Share Posted March 10, 2022 14 minutes ago, Steve Giller said: This will be the announcement you missed, there may be other information you're not yet aware of in there. Yeah We are usually reliant on the Hornbill notification for such things, shouldve checked Link to comment Share on other sites More sharing options...
Paul Bierton Posted March 10, 2022 Author Share Posted March 10, 2022 So, ive just spent the morning going through a whole host of things with Google and also testing the settings that @Keith Stevenson Pointed out. We still have errors and are unable to send. In google we disabled 2factor on the account in question. Tried signing in with the username and password but it was rejected as we werent using an application password, so we tried with the application password with 2fa enabled, this also failed. This brought us on to this @Steve Giller https://support.google.com/accounts/answer/6010255?authuser=4&p=less-secure-apps Quote To help keep your account secure, starting May 30, 2022, Google will no longer support the use of third-party apps or devices which ask you to sign in to your Google Account using only your username and password. Please note this deadline does not apply to Google Workspace or Google Cloud Identity customers. The enforcement date for these customers will be announced on the Workspace blog at a later date Whilst this doesn't immediately affect us it soon will. Google are discontinuing their support for less secure applications in May, which meant we lookgin into enabling OAuth for sending, only to find out that using your Google Connector you can only connect to calendars as Hornbill is not verified with Google. If I click Advanced and Continue I can only share the Calendar with Google. and cos of this its not viisble within the OAth Settings of Send Mail. So currently STILL as it stands we cannot send emails and its causing no amount of issues, just by changing a password We declined as customer success call as we were more than happy with Hornbill but currently Im inclined to have a conversation just to raise this issue. @Keith Stevenson You were correct in forming me that it will test once, to which this does and successfully sends the email, but doesnt send on the scheduled sender. Link to comment Share on other sites More sharing options...
Keith Stevenson Posted March 10, 2022 Share Posted March 10, 2022 @Paul Bierton The error on sending we get is (which looks like you are set to use UID\PWD not OAuth2. readSmtpResponse: SmtpCmdResp: 535-5.7.8 Username and Password not accepted. Learn more at SmtpCmdResp: 535 5.7.8 https://support.google.com/mail/?p=BadCredentials 10-20020adf808a000000b001edd413a952sm4188185wrl.95 - gsmtp gmail_hints: To send email via GMail using login/password authentication, your GMail account must be configured to allow for "less secure apps". See https://support.google.com/accounts/answer/6010255 Otherwise you need to use OAuth2 authentication. Examples for GMail SMTP OAuth2 authentication are available on example-code.com under the SMTP category. (leaveContext) (leaveContext) SMTP authentication failed after sending password. Check your username/password or your SMTP server's auth settings So it looks like its not configured for Old or new. (Sort of half of each) For OAuth2 you first need to create a KeySafe Entry (which is where it the Credentials will then be populated from. https://wiki.hornbill.com/index.php?title=Hornbill_KeySafe If you goot Keysafe in New Admin, Create new , Enter Google as typle click connect and follow on screen prompts. Once done go back to mail connector and choose OAuth2 and drop down list should not allow credentails to be populated. Kind Regards Link to comment Share on other sites More sharing options...
Paul Bierton Posted March 10, 2022 Author Share Posted March 10, 2022 @Keith Stevenson If you re-read my post I point out Quote Google are discontinuing their support for less secure applications in May, which meant we looking into enabling OAuth for sending, only to find out that using your Google Connector you can only connect to calendars as Hornbill is not verified with Google. Which in turn mean I did exactly that, however the Google Connector is not verified with Google, thus get an error and can only access the Calendar. I appreciate the assistance and apologise if my replies sound short and exasperated. Link to comment Share on other sites More sharing options...
Keith Stevenson Posted March 10, 2022 Share Posted March 10, 2022 @Paul Bierton Have just tried the OAuth and do appear to get the same error\problem and have escalated that internally. In the meantime what do you get if you try Classic Auth (UserName and Password) which should be good whilst we investigate this. (You will need to goto the link and enable "Less Secure app" - its still encrypted ) Kind Regards Link to comment Share on other sites More sharing options...
Paul Bierton Posted March 10, 2022 Author Share Posted March 10, 2022 We have resolved this by using the DNS routing and adding a valid SPF Record, However the downside of this is that the outgoing emails are no longer within our mailbox. Its not fixed by any means, but for now we are up and running and would much rather send via OAuth2 if Hornbill can get verified to use it. Thanks for your help @Keith Stevenson Link to comment Share on other sites More sharing options...
Keith Stevenson Posted March 10, 2022 Share Posted March 10, 2022 @Paul Bierton You may have missed the post above. If you can enable Less Secure app for now and use UID\PWD that should work whilst we investigate internally. Kind Regards Link to comment Share on other sites More sharing options...
Paul Bierton Posted March 10, 2022 Author Share Posted March 10, 2022 4 minutes ago, Keith Stevenson said: @Paul Bierton Have just tried the OAuth and do appear to get the same error\problem and have escalated that internally. In the meantime what do you get if you try Classic Auth (UserName and Password) which should be good whilst we investigate this. (You will need to goto the link and enable "Less Secure app" - its still encrypted ) Kind Regards Classic Auth rejects the send as well and points you towards the App Specific Password Edit: saw the post as I posted this one Link to comment Share on other sites More sharing options...
Keith Stevenson Posted March 10, 2022 Share Posted March 10, 2022 @Paul Bierton Thats strange as my test for that worked. Sadly as you are now using Direct DNS I cant see the actual error in your logs. If its sending now, I suggest leaving this for today and once I get clarification from Development we can look again tomorrow. Kind Regards Link to comment Share on other sites More sharing options...
Paul Bierton Posted March 10, 2022 Author Share Posted March 10, 2022 7 minutes ago, Keith Stevenson said: @Paul Bierton Thats strange as my test for that worked. Sadly as you are now using Direct DNS I cant see the actual error in your logs. If its sending now, I suggest leaving this for today and once I get clarification from Development we can look again tomorrow. Kind Regards Im happy to revisit, for now we are glad to have the emails sending. I will run a test tomorrow to get the required error messages and provide Link to comment Share on other sites More sharing options...
Paul Bierton Posted March 11, 2022 Author Share Posted March 11, 2022 @Keith Stevenson I tried to add the account this morning using just the password (with 2Factor enabled). Link to comment Share on other sites More sharing options...
Keith Stevenson Posted March 11, 2022 Share Posted March 11, 2022 We now understand the issue. The Hornbill App (OAuth Service Account) for Google does not request permissions for email. This account\app was originally for other Google intergrations. To ensure we dont cause issues with that functionality we will look to create a new Hornbill Email App Google OAuth Service account today and once done add this to the list in KeySafe. This may take a few days as the App\Service needs to be verified by google. We will keep this post updated. Kind Regards 1 Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now