Not a bug smtp.gmail.com wants OAuth 2.0

[sudrien]

Affected version

2.0.4

Trying to set up gmail smtp

forum.example.com/admin.php?options/groups/emailOptions/


Email transport method: smtp
(smtp.gmail.com : 587)
Authentication - no OAuth 2.0 option
Encryption: TLS

Apparently Gmail really wants OAuth 2.0 - support would be nice.

Current workaround:

Authentication: Username and Password
(gmail email address, password)

https://myaccount.google.com/lesssecureapps - turn less secure app support ON.

 

[Xon]

Turning on 'less secure apps' mode should allow it to work, it is really the only sane way to-do it.

 

[Chris D]

I think my actual recommendation would be to enable 2FA on the Gmail account and then use an app specific password. Obviously you still have a single point of failure, i.e. the app password but as long as that isn’t compromised the account is more secure generally.

If ever your server was compromised you’d be able to revoke the app specific password.

 

[Xon]

Ah, I forgot about the app specific password option.

Not that I think there is that much point since the email bounce processing will nuke all contents of that email account by design. By I guess it prevents the email account being messed with

 

[Chris D]

Yeah it was mostly a general suggestion, but you're right, it'd be less crucial for the bounce SMTP.

 

[Mike Fara]

While somewhat unrelated, there are even more issues if you use Google Compute Engine. Primarily because SMTP ports are blocked to prevent spam from being sent from GCE itself and getting their IPs blacklisted. Our solution: MAILGUN. BUT, because Mailgun has its own catch for bounced e-mails, there is no way to forward it to a separate catch-all e-mail address that XenForo supports (for example on Gsuite or any service bounce@whatever.com) without using their extremely confusing API, as far as I can tell.

So basically, we are using a bit of a shoddy method to get our emails out. And we cannot get bounce working. I can see the bounces caught by mailgun, but there seems to be no way to relay it to XenForo. This is a misconfiguration I cannot solve.