hello!
Gmail will disable the connections by password (insecure programs) the only way to send an email via gmail will be with Oauth 2.0 this implies that --send-mail will no longer work with gmail . is there a plan to improve --send-mail to integrate OAuth2.0 authentication
Thank you.
Thanks for pointing this out.
Is there a description you can link to? The ones I’m finding are a more limited change, G Suite only.
G Suite matters of course (is Gmail affected?), but I’m not sure G Suite is affected for Duplicati use.
Google: We’re banning these insecure apps from connecting to G-Suite accounts
Turning off less secure app access to G Suite accounts
Scanners and other devices - No change is required for scanners or other devices using simple mail transfer protocol (SMTP) or LSAs to send emails. If you replace your device, look for one that sends email using OAuth.
Less Secure (non-OAuth) Apps Will Cease to Work February 2021 had above, then I found a source.
While Duplicati is not a device, it doesn’t have any need for email other than sending them by SMTP.
Q: How can I log in to a GMail account using OAuth 2.0? says in theory the Duplicati email can keep using its existing mail library if a way can be developed to help it. Although Duplicati uses OAuth 2 in various ways for storage services, via Duplicati OAuth Handler, I don’t think its tokens work for email.
How we get along with OAuth describes how process works for storage services that require OAuth 2.
Of possibly greater concern is an announced Google change to remove what Duplicati OAuth Handler refers to as “Google Drive (full access) login” which is mainly used for files that get “given” to Duplicati.
Ordinarily Duplicati uses “Google Drive (limited) login”, makes its own files, so gets access permission.
There doesn’t seem to be a way to “give” files to a different owner, e.g. with some tool in their web UI, however I don’t have G Suite and I’m not super expert at Google Drive. If you have G Suite, is there a way that you know of to grant access to apps? If so, perhaps someday there will be in Google Drive…
Enhancing security controls for Google Drive third-party apps
Thanks for your reply, here are more details of the situation: I have 100 Duplicati backups to Gdrive accounts, they all connect with oAuth (Duplicati OAuth Handler) and everything works correctly, the problem is the email alerts in case of problems : to be able to integrate automatic email alerts you must use the --send-mail command but this command (program) is considered unsecured by google because it connects to accounts with login and password and not with Oauth.
To sum up, if nothing is done, the send-mail program provided by duplicati will be obsolete and will no longer work with Gmail / Gsuite accounts.
Here is an example of Duplicati backup I made
There is no specific “send-mail” program. The example has Duplicati.CommandLine.exe sending mail, however this might just be a phrasing difference. The key question is whether the username/password sending will continue to work with G Suite (cited findings leaning towards yes) and Gmail (no data yet).
Again, please cite sources and carefully read through the ones I cited. They don’t match the summary. There might be something else, so please provide the most authoritative technical sources you have…
As a technical note, the protocol to send mail dates back to at least 1982 though it’s had many updates.
You get a transcript of client mail sending interaction with the server (e.g. at Gmail) at profiling log level. Perhaps a send-mail command by itself would spare you the long output that profiling a backup makes.
The Duplicati client authentication looks like it happens below. After that, authentication details will vary.
How do I access GMail using MailKit? shows how that could be converted to use an access token, however the trick is getting a token to use, but before going further, please cite sources on need…
Now everything is clear, the question only arises for Gsuite accounts and sending emails with the SMTP protocol will continue to work.
Thanks a lot for your help.
Fairly sure this is a non-issue. The notice is about “account access”, not email send authentication. This quote directly from the original Google notification:
No change is required for scanners or other devices using simple mail transfer protocol (SMTP) or LSAs to send emails.
Further, if the receiving account is Gmail or GSuite, you don’t need to authenticate at all.
To help keep your account secure, starting May 30, 2022 , ​​Google will no longer support the use of third-party apps or devices which ask you to sign in to your Google Account using only your username and password.
Now it is for usual accounts not GSuite.
2 Likes
Got this email this morning too - which led me to this thread.
Not being an overly techy person, is this the end for Gmail-linked email notifications?
Free SMTP - Gmail alternative might be a solution that uses a different email sending service.
but if you want to send through Gmail, you could see if App Password as below works for you:
1 Like