Jump to content

Unable to Send Emails after Password Change


Paul Bierton

Recommended Posts

We've had to change the password on the SMTP mailbox (Gmail) that we are using to send out Service Manager email.

Im using an application specific password due to it being a 'Less Secure Application' in Googles eyes.

When you initially test the account with the ASP, it sends the email is is received via the tested emails account. Press Save to accept the changed credentials, then Retest and we get the following error.

Unable to send test message to the specified recipient
ChilkatLog:
  SendEmail:
    DllDate: Feb  9 2021
    ChilkatVersion: 9.5.0.86
    UnlockPrefix: HRNBLL.CBX102021
    Architecture: Little Endian; 64-bit
    Language: Visual C++ 2019 / x64
    VerboseLogging: 0
    Component successfully unlocked using purchased unlock code.
    sendEmailInner:
      renderToMime_pt1:
        createEmailForSending:
          Auto-generating Message-ID
        --createEmailForSending
      --renderToMime_pt1
      sendMimeInner:
        ensureSmtpSession:
          ensureSmtpConnection:
            smtpParams:
              SmtpHost: smtp.gmail.com
              SmtpPort: 587
              SmtpUsername: <REDACTED>
              SmtpSsl: 0
              StartTLS: 1
            --smtpParams
            smtpConnect:
              smtpHostname: smtp.gmail.com
              smtpPort: 587
              connectionIsReady:
                Using existing/open SMTP connection to send email.
              --connectionIsReady
              Reconnecting because the connection has been idle for too long.
              smtpSocketConnect:
                socketOptions:
                  SO_SNDBUF: 262144
                  SO_RCVBUF: 4194304
                  TCP_NODELAY: 1
                  SO_KEEPALIVE: 1
                --socketOptions
              --smtpSocketConnect
              smtpGreeting:
                readSmtpResponse:
                  SmtpCmdResp: 220 smtp.gmail.com ESMTP f13-20020adff8cd000000b001f03439743fsm1047731wrq.75 - gsmtp
                --readSmtpResponse
              --smtpGreeting
              startTLS:
                sendCmdToSmtp:
                  SmtpCmdSent: EHLO live.hornbill.com<CRLF>
                --sendCmdToSmtp
                readSmtpResponse:
                  SmtpCmdResp: 250-smtp.gmail.com at your service, [87.117.243.10]
                  SmtpCmdResp: 250-SIZE 35882577
                  SmtpCmdResp: 250-8BITMIME
                  SmtpCmdResp: 250-STARTTLS
                  SmtpCmdResp: 250-ENHANCEDSTATUSCODES
                  SmtpCmdResp: 250-PIPELINING
                  SmtpCmdResp: 250-CHUNKING
                  SmtpCmdResp: 250 SMTPUTF8
                --readSmtpResponse
                sendCmdToSmtp:
                  SmtpCmdSent: STARTTLS<CRLF>
                --sendCmdToSmtp
                readSmtpResponse:
                  SmtpCmdResp: 220 2.0.0 Ready to start TLS
                --readSmtpResponse
                TLS connection established.
              --startTLS
              ehloCommand:
                sendCmdToSmtp:
                  SmtpCmdSent: EHLO live.hornbill.com<CRLF>
                --sendCmdToSmtp
                readSmtpResponse:
                  SmtpCmdResp: 250-smtp.gmail.com at your service, [87.117.243.10]
                  SmtpCmdResp: 250-SIZE 35882577
                  SmtpCmdResp: 250-8BITMIME
                  SmtpCmdResp: 250-AUTH LOGIN PLAIN XOAUTH2 PLAIN-CLIENTTOKEN OAUTHBEARER XOAUTH
                  SmtpCmdResp: 250-ENHANCEDSTATUSCODES
                  SmtpCmdResp: 250-PIPELINING
                  SmtpCmdResp: 250-CHUNKING
                  SmtpCmdResp: 250 SMTPUTF8
                --readSmtpResponse
              --ehloCommand
            --smtpConnect
          --ensureSmtpConnection
          ensureSmtpAuthenticated:
            smtpAuthenticate:
              No SMTP password or OAuth2 access token provided.
              Skipping SMTP authentication because no login/password provided.
              smtp_host: smtp.gmail.com
              smtp_port: 587
              smtp_user: <REDACTED>
              auth-method: NONE
              smtpAuthMethod: NONE
              smtpAuthenticate:
                login_method: NONE or already authenticated
              --smtpAuthenticate
              ConnectionType: SSL/TLS
            --smtpAuthenticate
          --ensureSmtpAuthenticated
        --ensureSmtpSession
        sendSmtpEmail:
          sendWithPipelining:
            sendMailFrom:
              mailFrom: do-not-reply@live.hornbill.com
              sendCmdToSmtp:
                SmtpCmdSent: MAIL FROM:<do-not-reply@live.hornbill.com><CRLF>
              --sendCmdToSmtp
            --sendMailFrom
            sendRcptTo:
              sendCmdToSmtp:
                SmtpCmdSent: RCPT TO:<REDACTED><CRLF>
              --sendCmdToSmtp
            --sendRcptTo
            sendCmdToSmtp:
              SmtpCmdSent: DATA<CRLF>
            --sendCmdToSmtp
            readSmtpResponse:
              SmtpCmdResp: 530-5.7.0 Authentication Required. Learn more at
              SmtpCmdResp: 530 5.7.0  https://support.google.com/mail/?p=WantAuthError f13-20020adff8cd000000b001f03439743fsm1047731wrq.75 - gsmtp
            --readSmtpResponse
            readRcptTo:
              readSmtpResponse:
                SmtpCmdResp: 530-5.7.0 Authentication Required. Learn more at
                SmtpCmdResp: 530 5.7.0  https://support.google.com/mail/?p=WantAuthError f13-20020adff8cd000000b001f03439743fsm1047731wrq.75 - gsmtp
              --readSmtpResponse
              bad_address: <REDACTED>
            --readRcptTo
            readSmtpResponse:
              SmtpCmdResp: 530-5.7.0 Authentication Required. Learn more at
              SmtpCmdResp: 530 5.7.0  https://support.google.com/mail/?p=WantAuthError f13-20020adff8cd000000b001f03439743fsm1047731wrq.75 - gsmtp
            --readSmtpResponse
            smtpRset:
              Sending RSET command.
              smtpSendGet2:
                sendCmdToSmtp:
                  SmtpCmdSent: RSET<CRLF>
                --sendCmdToSmtp
                readSmtpResponse:
                  SmtpCmdResp: 250 2.1.5 Flushed f13-20020adff8cd000000b001f03439743fsm1047731wrq.75 - gsmtp
                --readSmtpResponse
              --smtpSendGet2
            --smtpRset
          --sendWithPipelining
        --sendSmtpEmail
      --sendMimeInner
    --sendEmailInner
    Failed.
  --SendEmail
--ChilkatLog

We have access to the account and can send normally through that email. Just not hornbill.

Please Advise

Link to comment
Share on other sites

This is now Urgent  - We have spent 3 days being unable to send emails from Hornbill due to this issue - the ability to send emails is a CRITICAL core component of Hornbill and how we service ours users.

We can receive the emails but cannot send to our end users.

I have tried multiple times to add the password here:

image.thumb.png.a1ac84396c3f4f73b91f47ece589795e.png

Each test is successful, you press SAVE CHANGES and then exit the page. Go back into the Page and press Test, the test fails.

Something isnt right.

Link to comment
Share on other sites

Paul,
Thanks for the post. Sadly this is a known issue. Once you make the change and it works (First time) do not go back in and retest as this will cause the password to be lost. The email will flow as expected after the initial save. 

Kind Regards

Keith Stevenson 

Link to comment
Share on other sites

@Paul Bierton
The above is correct for the admin.hornbill.com/xxxx site (which is being deprecated) and wont get fixes

IF you use live.hornbill.com/XXXX and the admin functionality from within that it will function as expected (You also dont get the option to re-test after going back in)

Kind Regards

Link to comment
Share on other sites

@Keith Stevenson I open live.hornbill.com > Administration (which takes me to admin.hornbill.com) System > Email >Domains > Add Password > Press Save

Raised a New Ticket, Go No email for Raising a Ticket, The email to say its been raised is sat in the outbox. So Emails are not flowing as expected. 

image.png.f01e8bb4a100b48492f59b5b6ac4ca05.png

(Ignore the Sent error thats a user with a missing email)

Whether admin.hornbill is being deprecated or not, the current ability to edit these credentials isnt available in live.hornbill and as a result, we even with a single submission (not a retest) able to send mail.

 

 

Link to comment
Share on other sites

@Keith Stevenson  were getting this error now - We use 2 Factor Authentication, so This option is no longer available.

SmtpCmdResp: 535-5.7.8 Username and Password not accepted. Learn more at SmtpCmdResp: 535 5.7.8 https://support.google.com/mail/?p=BadCredentials m9-20020a05600c4f4900b00389e8184edcsm351494wmq.35

- gsmtp gmail_hints: To send email via GMail using login/password authentication, your GMail account must be configured to allow for "less secure apps". See https://support.google.com/accounts/answer/6010255 Otherwise you need to use OAuth2 authentication. Examples for GMail SMTP OAuth2 authentication are available on example-code.com under the SMTP category.

Is there any documentation for OAuth and Gmail? We already use SSO with Google.

Link to comment
Share on other sites

So, ive just spent the morning going through a whole host of things with Google and also testing the settings that @Keith Stevenson Pointed out.

We still have errors and are unable to send. 

In google we disabled 2factor on the account in question. Tried signing in with the username and password but it was rejected as we werent using an application password, so we tried with the application password with 2fa enabled, this also failed.

This brought us on to this @Steve Giller https://support.google.com/accounts/answer/6010255?authuser=4&p=less-secure-apps

 

Quote

To help keep your account secure, starting May 30, 2022, Google will no longer support the use of third-party apps or devices which ask you to sign in to your Google Account using only your username and password.

Please note this deadline does not apply to Google Workspace or Google Cloud Identity customers. The enforcement date for these customers will be announced on the Workspace blog at a later date

Whilst this doesn't immediately affect us it soon will.

Google are discontinuing their support for less secure applications in May, which meant we lookgin into enabling OAuth for sending, only to find out that using your Google Connector you can only connect to calendars as Hornbill is not verified with Google.

image.png.0e85558915c7061d523b48b961abe924.png

If I click Advanced and Continue I can only share the Calendar with Google.

image.png.8c173c3fe5be8c8a962da4b8c75b3d6a.png

and cos of this its not viisble within the OAth Settings of Send Mail.

image.thumb.png.92f175a1b5aed9fad87b4b828585e900.png

So currently STILL as it stands we cannot send emails and its causing no amount of issues, just by changing a password

We declined as customer success call as we were more than happy with Hornbill but currently Im inclined to have a conversation just to raise this issue.

@Keith Stevenson You were correct in forming me that it will test once, to which this does and successfully sends the email, but doesnt send on the scheduled sender.

Link to comment
Share on other sites

@Paul Bierton
The error on sending we get is (which looks like you are set to use UID\PWD not OAuth2. 


                    readSmtpResponse:
                        SmtpCmdResp: 535-5.7.8 Username and Password not accepted. Learn more at
                        SmtpCmdResp: 535 5.7.8 https://support.google.com/mail/?p=BadCredentials 10-20020adf808a000000b001edd413a952sm4188185wrl.95 - gsmtp
                        gmail_hints:
                            To send email via GMail using login/password authentication, your GMail account must be configured to
                            allow for "less secure apps".  See https://support.google.com/accounts/answer/6010255
                            Otherwise you need to use OAuth2 authentication.  Examples for GMail SMTP OAuth2 authentication are available
                            on example-code.com under the SMTP category.
                            (leaveContext)
                        (leaveContext)
                    SMTP authentication failed after sending password.
                    Check your username/password or your SMTP server's auth settings

So it looks like its not configured for Old or new. (Sort of half of each) 

For OAuth2 you first need to create a KeySafe Entry (which is where it the Credentials will then be populated from. 

https://wiki.hornbill.com/index.php?title=Hornbill_KeySafe

If you goot Keysafe in New Admin, Create new , Enter Google as typle click connect and follow on screen prompts. Once done go back to mail connector and choose OAuth2 and drop down list should not allow credentails to be populated. 

Kind Regards

 

Link to comment
Share on other sites

@Keith Stevenson If you re-read my post I point out

Quote

Google are discontinuing their support for less secure applications in May, which meant we looking into enabling OAuth for sending, only to find out that using your Google Connector you can only connect to calendars as Hornbill is not verified with Google.

Which in turn mean I did exactly that, however the Google Connector is not verified with Google, thus get an error and can only access the Calendar.

I appreciate the assistance and apologise if my replies sound short and exasperated.

Link to comment
Share on other sites

@Paul Bierton
Have just tried the OAuth and do appear to get the same error\problem and have escalated that internally. In the meantime what do you get if you try Classic Auth (UserName and Password) which should be good whilst we investigate this.  (You will need to goto the link and enable "Less Secure app"  - its still encrypted ) 

Kind Regards

Link to comment
Share on other sites

We have resolved this by using the DNS routing and adding a valid SPF Record, However the downside of this is that the outgoing emails are no longer within our mailbox.

Its not fixed by any means, but for now we are up and running and would much rather send via OAuth2 if Hornbill can get verified to use it.

Thanks for your help @Keith Stevenson

Link to comment
Share on other sites

4 minutes ago, Keith Stevenson said:

@Paul Bierton
Have just tried the OAuth and do appear to get the same error\problem and have escalated that internally. In the meantime what do you get if you try Classic Auth (UserName and Password) which should be good whilst we investigate this.  (You will need to goto the link and enable "Less Secure app"  - its still encrypted ) 

Kind Regards

Classic Auth rejects the send as well and points you towards the App Specific Password


Edit: saw the post as I posted this one :)

Link to comment
Share on other sites

@Paul Bierton
Thats strange as my test for that worked. Sadly as you are now using Direct DNS I cant see the actual error in your logs. If its sending now, I suggest leaving this for today and once I get clarification from Development we can look again tomorrow. 

Kind Regards

Link to comment
Share on other sites

7 minutes ago, Keith Stevenson said:

@Paul Bierton
Thats strange as my test for that worked. Sadly as you are now using Direct DNS I cant see the actual error in your logs. If its sending now, I suggest leaving this for today and once I get clarification from Development we can look again tomorrow. 

Kind Regards

Im happy to revisit, for now we are glad to have the emails sending. I will run a test tomorrow to get the required error messages and provide 

Link to comment
Share on other sites

We now understand the issue. The Hornbill App (OAuth Service Account) for Google does not request permissions for email. This account\app was originally for other Google intergrations. To ensure we dont cause issues with that functionality we will look to create a new Hornbill Email App Google OAuth Service account today and once done add this to the list in KeySafe. This may take a few days as the App\Service needs to be verified by google.  We will keep this post updated. 

Kind Regards

  • Like 1
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...