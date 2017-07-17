Hacker News new | past | comments | ask | show | jobs | submit login
Ask HN: Did Google turn off IMAP access for good over the weekend?
Google was going to turn off access for LSA apps soon, and this includes IMAP for Gmail. However, with the pandemic they delayed this indefinitely.

https://gsuiteupdates.googleblog.com/2020/03/less-secure-app-turn-off-suspended.html

Since May 1st, using IMAP to access a G Suite account stopped working, though, with a message:

> IMAP command 'AUTHENTICATE PLAIN <authdata>' returned an error: NO [AUTHENTICATIONFAILED] Invalid credentials (Failure)

I know the credentials are good because they work in the browser. Maybe an automated process somewhere kicked in?






You need to set up an app specific password [1] and use that for IMAP.

[1] https://support.google.com/mail/answer/185833?hl=en

Or better yet use the IMAP / SMTP Oauth2 auth mechanism;

https://developers.google.com/gmail/imap/xoauth2-protocol

Guide to setting up OAuth2 in offlineimap:

https://hobo.house/2017/07/17/using-offlineimap-with-the-gma...

Do mutt and git-send-email have support for OAuth2?

Not sure, I know that newer versions of thunderbird and k9 do, but you may need remove the account and re-create it; I didn't test changing the settings myself, I just deleted the old accounts and re-created them as IMAP / oauth.

They have turned it back on.

It does not work on some group accounts.

I just switched to g suite for business over the weekend and setup mail checking from my main account. I found enabling "Less secure apps" to get sending and receiving emails from my other accounts via POP3 to be very odd. Also had to create the app specific password. How is it a less secure app? It's a gmail account checking another gmail account. That really didn't make sense to me, but the tech support from g suite was happy to read the script to walk me through the setup. It was pretty frustrating to not be able to figure that out myself, it was not intuitive.

I’m out of the loop - where does Google commit to turning off IMAP? Is there any other standard that non-Google mail clients can follow?

Will Apple Mail lose Gmail compatibility or can they upgrade to something?

This is the original announcement I'm aware of:

https://gsuiteupdates.googleblog.com/2019/12/less-secure-app...

IIRC Apple Mail uses IMAP via Oauth.

So it's specifically IMAP without OAuth?

Yes- I used to maintain an open source imap library and looked into this when they first made the announcement. Microsoft is also planning on doing the same thing.

https://developer.microsoft.com/en-us/office/blogs/end-of-su...

Plenty of comments and current status at downdetector[0]. Clicking on the different countries suggests it's a global thing.

Edit: the "Less secure apps" [1] setting was reporting "setting could not be read", it's just re-appeared here in the UK (11:40 UTC).

[0] https://downdetector.co.uk/status/gmail/

[1] https://myaccount.google.com/lesssecureapps

I have no problem with it so far. Thunderbird on Debian through VPN in Amsterdam. (edit: wording)

Plenty of others in NL appear to have been hit [0]. Seems to be resolved now anyway.

[0] https://allestoringen.nl/storing/gmail/

> However, with the pandemic they delayed this indefinitely.

I guess someone didn't get the memo. Or else yes, perhaps they got some automated thing scheduled in advance and failed to roll it back properly as announced.

> I guess someone didn't get the memo.

Probably 'cause they can't log into their IMAP account right now...

Happening since morning, I got rid of Gapps on phone (for privacy concerns) and can't use K-9 Mail anymore, guess I'll have to resort to mobile browsers for email access.

Also for me this page (https://myaccount.google.com/lesssecureapps) says - "Setting could not be read".

Can't you create an "application password" for IMAP?

That requires two-factor auth, which requires giving them a phone number.

Can you use a Twilio number for $1/mo or some other burner service?

You can't set up TOTP without giving Google a phone number?

I'm not sure if Google allows using phone notifications first (another 2fa method) and then switching to TOTP, but TOTP isn't allowed as the first choice.

They support using phone numbers and then switching to TOTP and deleting the phone number.

Can you setup google voice?

Voice requires a phone number to link your GV number to

I can confirm. Same thing for, started 3 hours ago. It seems to work again for the moment though (after one hour, no change from my side).

The setting is also gone for me!

Unless it's for work, why not use a different service or host your own mail server? I'd say setting up a mail server with projects like Mail In A Box is easier than living without GApps.

reply


At least for me it's for work

Also confirming an issue for the past few hours.

It's currently 2020-05-04 11:26 UTC and the issue is ongoing.

EDIT: does anyone know if google has an "uptime" page for their various services where they can provide status updates as they diagnose the issue? This is impacting our entire org on G-suite.

EDIT2: Found this, but it shows "Gmail" as "green" Yeah, it's still down :rolleyes: https://www.google.com/appsstatus#hl=en

EDIT3: As of 2020-05-04 11:45 UTC, it's back up for me.

On a related note, how can I run internal mailserver that stores mail locally on my network, accessible through IMAP or web interface, and uses accounts on a POP3/IMAP-capable public server like Gmail only to receive and send mail (no long-term storage)? Where should I look?

I'm comfortable with setting up a VM, but I don't know much about email.

I would use something like OfflineIMAP to sync from an external IMAP server to your own Dovecot instance, assuming you want the local copy to be kept in sync (e.g., read status should be copied to the local copy as it changes, etc).

I personally like dockerized Mailcow: https://github.com/mailcow/mailcow-dockerized

reply


Ah, misread. I was just looking into entirely self-hosting this last week.

https://github.com/awesome-selfhosted/awesome-selfhosted#ema... See especially homebox, Mail-in-a-box "complete solutions".

With brief exploration you might also be comfortable with just running the MTA for sending and forwarding, and MDA for "delivery", i.e. reading.

They removed access for 'insecure apps'. Go to your Google account > Settings > activate 2 factor authentication and get an individual password for each app.

Source: Had to do this to all my superb python bots that we using mails for error reporting.

LoL Google.... I thought that I was a victim of your random account deletion for a bit

Lots of people are reporting this outage on this Google Support Thread:

* https://support.google.com/mail/thread/44318228?hl=en

For a few hours this morning, Gmail also had difficulty retrieving mail from other Gmail accounts via POP3.

It's really time to move away from Gmail & co.

Any suggestion for a comparable email service?

Depends on what you want. Personally, I use Gandi Webmail [1] which provides SOGo groupware [2].

NOTE: it is not as AJAXy as Gmail.

[1] https://news.gandi.net/en/2017/01/introducing-sogo-new-webma...

[2] https://sogo.nu/

Seconded. The vast number of aliases you can create is fantastic - I'm using unique addresses for every site I register on. Given the features and storage space, Gandi webmail seems to be very good value for money.

reply


fastmail or with (many) own domains: mailbox.org, runbox.com ...

I second fastmail, it's a really great service. I've been a happy customer for a year now, using my own domain and a sieve script for automated triaging of my emails. Their web interface is really, really good, and they're working hard to modernize the email protocols, with their work on JMAP and so on.

How’s the Australian spy law [1] thing?

[1] https://www.ctrl.blog/entry/goodbye-fastmail.html

Does that really change much in reality?

If you expect your emails to be inaccessible to anyone except you and the recipient you'll have to encrypt them anyway. If you are worried about the data-mining for ad purposes on other providers switching to a paid provider like Fastmail is still a good option and while everyone is subject to ad-tech data mining not everyone is subject to a targeted collection by a government actor most of the time.

My threat model is: governments can read my email but that will incur a cost, a timelapse and a judge -- not just a point and click mega-spy interface.

I want to bash Trump's latest haircut without fear of incoming, frivolous litigation.

I do, however, expect consequences if I do something really stupid.

I'm in France, and use email mostly to keep up with newsletters, personal comms, and non-important professional comms. If your threat model includes the Australian Government as a threat, then yes, using another provider would make sense. Then again, if you have government agencies in your threat model, you might want to move to E2E communications anyways.

This is terrible, I'm [genuinly] surprised that other people recommend fastmail.

I don't think the blog post is accurate, see [1]. From the three providers mentioned above (fastmail/mailbox/runbox) which I have experience with, fastmail has by far the best ui, speed and feel (atm).

As with gmail the fastmail provider does read your email content to provide e.g. search (and in case of gmail who knows what more?). Both will hand out information with a lawful warrant. -- And as long as the government is reasonably sane [2] that's perfectly fine with me.

[1] https://fastmail.blog/2018/12/21/advocating-for-privacy-aabi... [2] otherwise I'd try ProtonMail (but it has a price in useability)

+1 for Runbox. Reliable service and better price than Fastmail for my circumstances, at least.

I'm also very satisfied with Fastmail. Cost is the same as Google's paid tier but they do email really well.

i second to fastmail

Comparable email service? Not sure on what terms to compare. But take a look at the below privacy focused (or privacy respecting) services before you look at Fastmail (which can be quite expensive if you need multiple mailboxes):

Posteo.de (no custom domain support), runbox.com, mailbox.org, mailfence.com, migadu.com, mxroute.com (if you don't mind hosting in the U.S.), ProtonMail (needs a bridge software to use IMAP) and Tutanota (no IMAP support)

If you'd like to support the next generation JMap (which Fastmail develops), then getting a paid subscription on Fastmail could help.

Set up your own. iredmail and mail-in-a-box do most of the grunt work for you.

I've been hosting my mail with Zoho for a couple years and I've not had any issues with them.

Reading through the comments, sounds like it's a blip.

But yeesh - would've been just my luck! I'm in the process of putting together my de-Google plan lately.

Wow, for me it started happening Monday, May 4, 5:50 EDT.

LSA is back in settings, it should work fine now.

