Recently I turned my gmail account into 2-step verification ON.Now when I try to connect my gmail account through any jabber(xmpp supported) clients.. it wont work.I know gmail is based on xmpp protocol.Does xmpp protocol support 2step verification or its a different set of process.. please let me know.
XMPP still should work. You will be required to generate a application password for each client (e.g. XMPP client, phone, etc.).
http://support.google.com/accounts/bin/answer.py?hl=en&answer=185833
Related
I want to write an application which can receive emails locally and can response with successful and error responses.
After reading some tutorials about how SMTP works I was trying to send an email using telnet to my locally running SMTP server.
Connect to SMTP server
HELO/EHLO command
AUTH ...
MAIL from command
RCPT to command
DATA command
write somedata
QUITE
What I couldn't understand is step 3. Why do I need to be authenticated to send an email to localhost. I mean if I am yahoo user and I have to send an email to gmail user, how can I be authenticated to gmail SMTP server?
SMTP Auth is used to authenticate the send email. SMTP AUTH authenticates you directly with our SMTP server. This is transparent to you as a user.
SMTP is the protocol (the language) your email program uses to send email through our email server. AUTH is the part of that protocol that is used to verify that you are one of our users.
SMTP authentication allows the client to show the server that this client has permission to relay e-mail through this server.
In most cases, you can send without authentication to local e-mail addresses of this domain
(i.e. send from bob#domain.com to alice#domain.com)
because the server does not need to relay your e-mail to external servers. Authentication is required whenever the recipient is not of a local domain
(i.e. send from joe#company.com to tom#example.com, provided that
company.com and example.com use different e-mail servers).
If you want to read more about this Here I find the some reference where it explain very clearly.
http://www.afterlogic.com/mailbee-net/docs/smtp_authentication.html
http://www.softhome.net/help/faq/smtp-auth.html
Hope this can help full for you.
SMTP AUTH protects the server from unauthorized use. For example, Google doesn't allow people to send email from Google's email servers unless they have an account. You prove that you have an account (or that you are somehow authorized to use their servers) by authenticating with the AUTH command.
Maybe an example where the email service isn't free would be more clear. If you are trying to send email using GoDaddy's email servers, but you don't have an account, they will prevent you from doing it. GoDaddy charges people to use their services.
If you are running a company called mycompany.com, and you run your own mail servers, you don't want every spammer in the world using your servers to send email out of your company. You require senders to authenticate using AUTH in order to protect your servers from unauthorized use.
What is the right way to send e-mail from an consumer product?
Say your are developing the "forgot password" functionality on an app, running on a micro computer - like the raspberrypi - that the user can buy of the shelf?
On one hand, the consumer can't be bothered to enter its own SMTP credentials. On the other hand, storing the manufacturer's SMTP credentials is a security flaw, because the hardware with physical access can be easily hacked.
If you want to build a forgot password functionality, you should build out an API on a server that you control that has the forgot password functionality. Then, you can send the email to them with the temporary reset values, and you wouldn't need to ship your SMTP credentials on their device.
What security can we implement in PHPmailer to make it a more secure app for Gmail? https://support.google.com/accounts/answer/6010255
I am using PHPmailer to send emails via Gmail. PS: I don't want to enable "access for less secure apps" here: https://www.google.com/settings/security/lesssecureapps, I want to make the app more secure.
Gmail has started imposing a new authentication mechanism that substitutes SMTP athentication for OAuth2-based authorisation. The docs on their changes can be found here.
This doens't really improve security much because ultimately you still need to submit your username and password over SSL at some point (the very mechanism that google deems insecure) to authenticate to get an OAuth token, which is exactly as secure as existing SMTP auth systems.
As yet, PHPMailer does not support this new mechanism - PRs welcome! You will need an OAuth2 class, such as this one, and perhaps make use of this code example.
In the mean time, you do have to "enable access for less secure apps", and you should set SMTPSecure = 'tls' and Port = 587 and use normal auth to connect using PHPMailer.
Update
PHPMailer supports Gmail's XOAUTH2 authentication as of version 5.2.11. See this guide. It's being expanded in version 6.0 to support other services too.
I'm trying to connect and retrieve a list of message headers from Gmail via IMAP.
I'm getting a response from Google with "Web Login Required" and then a URL to continue the sign-in via the web interface. Log: http://hastebin.com/odufaducew.vhdl
Why does this happen? How to handle this case? I'm using the MailCore2 lib for iOS if that helps at all.
You can enable access for less secure apps in this page Google - Less secure apps
Choose enable and try again!
As legoscia points out, this happens when the login is done using a password and considered risky. The best option seems to be to avoid storing and using user's passwords for Gmail and instead switch to Oauth2. Is this app a mail user interface or are you using IMAP as an API? (Perhaps, https://developers.google.com/gmail/api/ would be more appropriate?)
I am developing against software app that sends notifications via email and it doesn't support SSL/TLS encryption. I need to send these notifications to a server that only supports encrypted connections.
I am thinking about I might be able to solve these problems with a local mail relay, something that runs as a windows service and accepts local unencrypted connections then relays the mail to the proper server using an encrypted connection.
Does anyone know of a good lightweight mail relay/server app that I can use to do this? Is there a better solution?
I've had some great success with hMailServer - I think it covers your needs (I'm using it as a small domain mailserver).