Google will turn off plain smtp login - possible impact on motioneye-generated emails? #2306
Comments
|
May 30, not March 30, 2022. |
|
We'll have to wait and see! I noticed that some people sync motion media to gdrive, which for me would be an alternative to email (just not as handy as it would not create a push notification). But I wonder if authentication for that will also be affected in the same way. |
|
According to that site, if you use an app password (the Authorization Key), it (GDrive) should still be fine. An App password is a 16-digit passcode that gives a non-Google app or device permission to access your Google Account. Learn more about how to sign in using App Passwords." |
|
I recently migrated our phpBB, Wordpress and Matomo successfully via:
That worked very well without changing anything else than the password in SMTP settings. I use |
|
Has there been an update on this now that Google has made the change? |
|
Does it not work when you just create and use a dedicated application password? |
|
I've already got an application password for using SMTP commands with Home Assistant, so I know that it's all set up properly. Which is why it's strange that I can't get it to connect through motion eye using the same log in details |
|
The idea behind application passwords is that you create one per application. So if this application gets compromised, you can remove the one password from your Google account without the need to change passwords everywhere else. This, apart of the common ability to limit access to particular resources only. I am not sure whether/how this is enforced, e.g. based on some identified the client sends, but try to create and use a dedicated application password for motionEye. |
I'm not actually using Gmail, my isp uses their back end system, we only get one application password per email address and I use it on multiple devices to access my email. It's not a problem anywhere except here. |
|
Which SMTP settings and port do you use? Assure that TLS in enabled, as I am pretty sure (an hope) that Gmail is not accepting plain data transfer nowadays. If you use TLS already, please post the logs: journalctl -u motioneyeOne thing I recognised is that motionEye always starts an unencrypted connection and then uses STARTTLS when the "TLS" setting is enabled. This is nonsense IMO, as STARTTLS itself is in 99.9% of all cases: Either the SMTP server supports TLS (all serious servers do), then use TLS right from the start, or it does not, then I would never use this SMTP server in the first place. Related code block: https://github.com/motioneye-project/motioneye/blob/ae03a4c/motioneye/sendmail.py#L44C12-L46 Should be changed: -- conn = smtplib.SMTP(server, port, timeout=settings.SMTP_TIMEOUT)
if tls:
-- conn.starttls()
++ conn = smtplib.SMTP_SSL(server, port, timeout=settings.SMTP_TIMEOUT)
++ else:
++ conn = smtplib.SMTP(server, port, timeout=settings.SMTP_TIMEOUT)Or we change the option to allow only TLS or STARTTLS as alternatives, to never allow sending unencrypted data at all. From the apps I use with Gmail, those either use port 465 with (true) TLS, or 587 with STARTTLS. Not sure whether it works when exchanging port and protocol. Since one usually expects "TLS" to actually mean TLS right from the start, usually at port 465, the current behaviour of motionEye could indeed lead to false settings. |
These are the instructions for setting up SMTP access form the ISP Link These are the settings that are being used to access SMPT in Home Assistant which are running perfectly right now.
This is my motioneye configuration
I'm not sure what logs you might want or how to retrieve them |
|
Probably they do not support plain connection with STARTTLS, or only on the other port. Can you try port 587? At least Gmail accepts this for plain/STARTTLS. |
|
Can you try this: apt install patch # assuming some DEB-based distro
cd /usr/local/lib/python3.*/dist-packages # assuming motionEye installed globally via pip
curl -sSf 'https://patch-diff.githubusercontent.com/raw/motioneye-project/motioneye/pull/2896.patch' | patch -p1
systemctl restart motioneyeThen with port 465 and TLS enabled like you have it currently. |
I'm using MotionEye through the Home Assistant app store. Can I still use the above commands? I have almost zero knowledge of understanding of anything beyond copy\pasting things into the command line. |
|
Oh, no the HA app is the old motionEye 0.42.1 and I am not sure how the files are distributed. Probably run a |
This is not an issue yet, but it might become one at the end of the month. Will this affect those of us using Gmail to send/store motion alerts? I received a message from google that on May 30 "Google will no longer support the use of third-party apps or devices which ask you to sign in to your Google Account using only your username and password." See their page https://support.google.com/accounts/answer/6010255?rfn=1646361360139&anexp=nret-fa&pli=1&authuser=3#zippy=%2Cupdate-your-app-or-operating-system. Apologies in advance if this is baseless concern.
The text was updated successfully, but these errors were encountered: