Articles in this section

Troubleshooting GMail Account for Sending EditShare Mail

Follow

When configuring a GMail account to send email from EditShare servers, there are some common issues you may run into.

  • Did you follow the directions and use smtp.gmail.com:587 in EditShare Preferences? 
  • If that didn't work, can you dig smtp.gmail.com (preferably from a different network from the server) and use that IP address on port 587? 
  • If that didn't work, do they have a firewall blocking port 587? Can you telnet to smtp.gmail.com on port 587?
  • If there's no firewall, are they using a GMail account configured to block "insecure" (non-OAuth 2.0) clients? If so, follow Google's directions to allow insecure clients.
  • If that didn't work, are they using Google Apps SMTP Relay or Restricted SMTP? If so, use the appropriate settings and try again.
  • If that didn't work, can they try using any other SMTP server or service?
  • As always grep postfix /var/log/syslog may have the pertinent error for the exact situation.
Setting up Gmail/Google Apps should be easy, but it's not! Here's why:
  • Google uses many MX records pointing to different SMTP servers to provide redundancy and load balancing, with many of those servers going up and down at will. This works fine if there's a stable, unfettered internet connection with short DNS timeouts. This doesn't work well in corporate/enterprise environments that cache DNS at the router or switch level, as they'll usually cache a stale IP address for Google's SMTP domains within a few days or weeks. You can try running dig smtp.gmail.com from your own workstation to get a more recent IP address and use that instead of the domain (with no guarantee that the server at that IP address will have good/any uptime), or ask their IT department to flush their DNS caches more frequently or blacklist smtp.gmail.com from their DNS caches (which defeats the usual purpose of using a Gmail account to avoid IT intervention).
  • Google allows SSL connections on port 465, but EditShare servers only support TLS, which means you have to use port 587. If this doesn't work, check with the IT department to see if they're blocking internet traffic on port 587.
  • GMail by default blocks "insecure" clients (those not using OAuth 2.0) from accessing GMail accounts. This "protection" results in error messages like these in postfix's logs:

    SASL authentication failed; server smtp.gmail.com[74.125.196.108] said: 535-5.7.8 Username and Password not accepted. Learn more at?535 5.7.8 http://support.google.com/mail/bin/answer.py?answer=14257 k28sm1249575yhg.25 - gsmtp
    or
    SASL authentication failed; server smtp.gmail.com[74.125.28.109] said: 534-5.7.14 Please log in via your web browser and then try again.?534-5.7.14 Learn more at?534 5.7.14 https://support.google.com/mail/bin/answer.py?answer=78754 je4sm2161593pbd.94 - gsmtp

    To fix this, disable this protection in the GMail account's settings.
  • Google Apps has different ways to authenticate, and some IT departments love to use the more exotic ones for "appliances" like EditShare servers.
    • Standard Google Apps SMTP configuration works, but only with TLS/on port 587, but has organization-wide per-day rate limits that can work against EditShare since its outgoing email can't be throttled or meaningfully configured. Since a busy Storage/Ark server with lots of RAID controllers can generate dozens of emails per day, IT departments may be reluctant to allow this.
    • Google Apps SMTP relay uses the site's static internet IP address for authentication instead of a username and password. It has higher rate limits and may be compatible with unencrypted email delivery over port 25 if necessary.
    • Restricted Gmail SMTP servers require no authentication, don't encrypt mail, use port 25 only, and can only send mail to other Gmail and Google Apps users. Yes, one customer is using this.
    • Application specific passwords: Even though the password they entered may allow them to login to their email client via the web, it may not allow them to send email from the EditShare Appliance. See below: 
      Feb 4 08:22:50 es-efsmaster01 postfix/smtp[3922]: 43C01F011A0: SASL
      authentication failed; server smtp.gmail.com[173.194.175.109] said:
      534-5.7.9 Application-specific password required. Learn more at?534
      5.7.9 https://support.google.com/mail/?p=InvalidSecondFactor 
      u126sm5103373qkc.107 - gsmtp

Related articles

Comments

0 comments

Please sign in to leave a comment.