On Tuesday, 20 June 2023 06:29:52 BST the...@sys-concept.com wrote: > Trying to send email via Google SMTP and postfix but getting authentication > failed. > > white postfix/smtp[32223]: 62E5618008F: to=<u...@google.com>, > relay=smtp.gmail.com[173.194.203.109]:587, delay=2390, > delays=2390/0.01/0.29/0, dsn=4.7.8, status=deferred (SASL authentication > failed; server smtp.gmail.com[173.194.203.109] said: 535-5.7.8 Username and > Password not accepted. Learn more at?535 5.7.8 > https://support.google.com/mail/?p=BadCredentials > n3-20020aa78a43000000b00663b712bfbdsm4668932pfa.57 - gsmtp) > > relayhost = [smtp.gmail.com]:587 > smtp_sasl_auth_enable = yes > smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd > smtp_sasl_security_options = noanonymous > smtp_tls_CAfile = /etc/postfix/cacert.pem > smtp_use_tls = yes > > /etc/postfix/sasl_passwd > [smtp.gmail.com]:587 usern...@gmail.com:PASSWORD > postmap /etc/postfix/sasl_passwd > /etc/init.d/postfix restart > > The user and password are correct.
I think I know what the problem is - but I do not use postfix and can't confirm it on my side: Since mid 2022 Google requires 2FA to allow login into their server. Until then it used to be the case you could select in their security settings to "Allow Less Secure Apps", generate an application specific password hash using their GUI and use this in your mail client. For a year now you won't be able to do this, unless you first provide a mobile phone number to Google. If you *must* use Google, they you'll have to login into their Google account security panel, set 2FA, attempt to connect with your postfix client, create an application pass code hash for your postfix via their GUI and use that as your password in your postfix settings. If you change your IP address, or your PC/client, or anything else Google are using to fingerprint and profile your device, then you'll have to login again in their GUI to confirm you are who you are and your client is a legitimate device owned by you. They have many relevant help pages to explain all this, so you should search for specific guidance, or find another email provider with less onerous user profiling demands. ;-) HTH
signature.asc
Description: This is a digitally signed message part.
