I think I’m close to figuring this one out, but could use a little help if anyone can point me in the right direction here. I’m following the docs on setting up google smtp but trying to adapt it work with the SMTP relay service for our organization’s Google workspace.
Tutor is confirmed able to connect to the relay service per telnet
2.Using these config settings:
File "/opt/pyenv/versions/3.8.18/lib/python3.8/smtplib.py", line 660, in auth
raise SMTPAuthenticationError(code, resp)
smtplib.SMTPAuthenticationError: (535, b'5.7.8 Username and Password not accepted. For more information, go to\n5.7.8 https://support.google.com/mail/?p=BadCredentials d64-20020a633643000000b005dc1a944789sm340872pga.2 - gsmtp')
Per Google Workspace Docs regarding “Less Secure” App access methods:
Starting on September 30, 2024, less secure apps, third-party apps, or devices that have you sign in with only your username and password will no longer be supported for Google Workspace accounts. For exact dates, visit Google Workspace Updates. To continue to use a specific app with your Google Account, you’ll need to use a more secure type of access that doesn’t share password data. Learn how to use Sign in with Google.
This part of the documentation is unfortunately a bit outdated, I have opened an issue on github about this but it’s still in backlog to be done.
Basically if you haven’t already done so then you should enable 2FA on your Google account, then only when that’s active you’ll be able to create an app-specific password which is a randomly generated string. It’ll only show you once as soon as you create it, so copy it down before you close that window otherwise you’ll have to create a new password again.
@joel.edwards thanks for you help. This helped me debug and make some progress. I’ve managed to config everything and get the test email to send properly but can’t seem to figure out why production system emails aren’t coming through (no login confirmation, account password reset etc.). Any guidance there? …As I’m writing this, a new account creation verification email finally came through, so something is working but very slowly. Still haven’t seen the password reset request email come though.
Gmail relay service will get me quite far using a dedicate workspace account, but I am curious, what would be a some better alternatives to look into in terms of SMTP servers that would be better suited than gmail?
That’s not a bad idea. We’re primarily a google operating organization, but we do have office365 infrastructure. Using that SMTP to provide the LMS email service may be a good option. I’ll have to thinker around with that. How is the performance? Any issues with it or rate limitations? Google relay is 10k emails/day, which is fine for us currently but it doesn’t seem to be handling 100% of the LMS SMTP services correctly.
Update… after coming back to everything this morning, the google SMTP relay service seems to be working smoothly now. I guess going to bed was all that was required to fix the problem lol
ultimately the SMTP service you should use depends on the primary email infrastructure you use, or what you can implement.
for example I’ve set up sites that route email through an on-premises (or cloud-hosted) mail server like MS-Exchange, iRedMail, GroupWise, etc.
You could also set up a relay server with something like PostFix (advanced, make sure you adequately protect it from unauthorised relaying or you’ll just become a spam-bot and get your IP blacklisted)
If you have an email gateway / spam filter solution like Mimecast for example you can probably also get an authenticated SMTP there.
There’s also a plethora of bulk-mailer services that can handle these kind of things too like MailChimp, SendGrid, MooSend, etc.
Overall for small volumes of mails they all function pretty much the same, but it’s generally simplest to go directly with your main email provider unless they are too restrictive for the expected volumes of mail.
I see you mentioned that you have 365 and G-Workspace environments, I assume they have distinct email domain names?
It’s not a particularly common use case but if both services handle the same domain name then one won’t route to the other. eg:
if your gmail and 365 both use username@yourdomain.com and you have a mix of users on both, then using gmail smtp will only deliver to your gmail users and will fail with “Address not found” for the users that are supposed to be on 365 (it won’t automatically know that some addresses are hosted on a different mail service)
In the more typical use case where you have your 365 users at username@your365domain.com and workspace users at username@yourgmaildomain.com then using either smtp server should route the mails normally to all users.