PHPMailer authentication issue xoauth2 - oauth-2.0

I am using Google Business Apps for emails, and trying to send emails through PHPMailer. Now there is an issue with the SSL certificate so I have to turn off the SSL verification, but this errors is thrown up:
Auth method requested: XOAUTH2
Auth methods available on the server: PLAIN,LOGIN
SMTP Error: Could not authenticate.
Now my host isn't particularly helpful as its saying I need to use the correct email/pass, but that's not the way it works as we have to create an App via Google Developer and the connection is verified.
I am wondering if XOAUTH2 needs to be installed to the server? I have access to cPanel, but can't find the module.

Read the troubleshooting guide that the error links you to.
I'd bet that your ISP is intercepting your traffic and redirecting you to their own mail server, which will fail to match gmail's SSL certificate, and also lacks gmail's XOAUTH2 authentication scheme.
You should pay attention to why you're getting these errors - certificate verification is there to protect you and when it fails a check it's telling you that someone is intercepting your traffic and trying to MITM you - and by disabling it you've already given away your gmail credentials.

Related

Facebook Oauth URL Blocked

I'm currently testing my Ruby on Rails project Omniauth with Facebook functionality and no how I enter my Redirect URI it fails.
The exact error is:
URL Blocked: This redirect failed because the redirect URI is not whitelisted in the app’s Client OAuth Settings. Make sure Client and Web OAuth Login are on and add all your app domains as Valid OAuth Redirect URIs.
If I do,
https://localhost:3000/users/auth/facebook/callback
it then complains about trying to an ssl certificate to a non ssl puma. Are there any suggestions for this issue? Perhaps, working on my SSL certificates or any other solution.
I've been looking into similar posts and nothing has solved this issue. Please advise.

Apple Pay shows Domain verification failed. Unable to access verification file on server

I am trying to verify the server domain for Apple Pay. I have placed apple-developer-merchantid-domain-association.txt as per the Apple pay instruction and I can access this file with that URL as well.
But when i am going to verify the domain it shows me following Error:
Domain verification failed. Unable to access verification file on server. Confirm that the file is in the correct location, proxies and redirects are not enabled, and the documented Apple Domain Verification IP addresses can access your server.
I don't know what's wrong in configuration.
By the way, This Website is hosted on AWS behind Load balancer.
Wo Got solution of it:
It sounds weird but it worked. Earlier we were using the amazon provided SSL from ACM. And Apple was not able to verify the domain because of SSL related issue. After that we taken new SSL from GoDaddy and setting up on server and it solved our issue.
Seems like Apple was not able to verify domain from the free SSL provided by the AWS.

PHPMailer SMTP Gmail authentification error

I'm sending emails using PHPMailer 5.2.10 with the next code:
function SendGmail($to,$subj,$body)
{
$mail = new PHPMailer(); // create a new object
$mail->IsSMTP(); // enable SMTP
$mail->SMTPDebug = 1; // debugging: 1 = errors and messages, 2 = messages only
$mail->SMTPAuth = true; // authentication enabled
$mail->SMTPSecure = 'ssl'; // "ssl" secure transfer enabled REQUIRED for GMail
$mail->Host = "smtp.gmail.com";
$mail->Port = 465; // 465 or 587
$mail->IsHTML(true);
$mail->Username = "admin#mydomain.ru";
$mail->Password = "********";
$mail->SetFrom("admin#mydomain.ru");
$mail->Subject = $subj;
$mail->Body = $body;
$mail->AddAddress($to);
return $mail->Send();
}
Note: we use Google Apps, so the mail domain is not google.com, but some other, let's say, mydomain.ru.
Everything was fine until Google had recently implemented another "security enhancement" (AFAIK forcing OAuth2 authorisation). Now PHPMailer->Send() returns the following text:
2015-05-12 06:49:15 CLIENT -> SERVER: EHLO 127.0.0.1
2015-05-12 06:49:15 CLIENT -> SERVER: AUTH LOGIN
2015-05-12 06:49:15 CLIENT -> SERVER: [some base64 string]
2015-05-12 06:49:15 CLIENT -> SERVER: [some base64 string]
2015-05-12 06:49:16 SMTP ERROR: Password command failed: 535-5.7.8 Username and Password not accepted. Learn more at 535 5.7.8 http://support.google.com/mail/bin/answer.py?answer=14257 u10sm3566045lbb.30 - gsmtp
2015-05-12 06:49:16 SMTP Error: Could not authenticate.
2015-05-12 06:49:16 CLIENT -> SERVER: QUIT
2015-05-12 06:49:16 SMTP connect() failed. https://github.com/PHPMailer/PHPMailer/wiki/Troubleshooting bool(false) Done!
Ok, I go to http://support.google.com/mail/bin/answer.py?answer=14257 and doing the following:
Logging to this account via web interface - everything's Ok,
Opening this link in browser: http://www.google.com/accounts/DisplayUnlockCaptcha - google says everything is Ok,
Opening this link: https://support.google.com/accounts/answer/6010255 and then this link: https://www.google.com/settings/security/lesssecureapps where I see the following:
"Access for less secure apps: * Turn off / * Turn on" - for normal gmail account,
("This setting is inaccessible for google apps accounts") - for google apps account (not the exact text but my translation from russian as google shows it).
Yes, I have tried both SSL and TLS, 485 or 587 ports and everything else I've found on stackoverflow.com and here: https://github.com/PHPMailer/PHPMailer/wiki/Troubleshooting . Nothing helped.
PHPMailer troubleshooting page suggests to use "an OAuth2 client class": http://www.phpclasses.org/package/7700-PHP-Authorize-and-access-APIs-using-OAuth.html - but I have no idea of how to integrate it into PHPMailer and why it's not integrated yet by PHPMailer developers (this class is under BSD license), while it's necessary now for one of the most popular mail servers. I found no documentation for this OAuth2 about integrating it into PHPMailer, and I'm sure I can't do it myself - my PHP knowledge is poor.
The question is:
How can I avoid this goddamn OAuth2 and send emails as I did it before this "security enhancement" (for google apps account)? --OR:
How to easily integrate OAuth2 class mentioned above into PHPMailer? --OR:
Are there any other easy-to-use PHP solutions to send emails using gmail?
Lots of thanks in advance.
Thank you for reading the docs, it's much appreciated! The problem is that google has imposed this complicated authentication mechanism without much regard for its users, as you have experienced. It doesn't improve security because ultimately you still have to submit a username and password over SSL to get your token. OAuth is an authorisation (what you can do) protocol, but google are using it indirectly as an authentication (who you are) protocol.
The reason that nobody has implemented it is that while it's very clever, OAuth is generally unpleasant and confusing to work with, which is why we'd be very happy if someone got around to implementing it!
This article is very helpful and might form the basis of a PHPMailer implementation. Though that adds a dependency on ZF2, the principles will be the same for any other OAuth implementation such as the one from PHPClasses I linked to or this one.
Sorry I can't be much more help on this.
Update: PHPMailer now supports OAuth for gmail. This article describes how to use it, and yes it is still quite unpleasant!
How can I avoid this goddamn OAuth2 and send emails as I did it
before this "security enhancement" (for google apps account)?
You can't. Unlike regular Google, Google Apps does not allow "less secure apps". And once your account has been flagged for extra security, you must switch to OAuth2.
How to easily integrate OAuth2 class mentioned above into PHPMailer?
You can't. Like the Thunderbird team, there is some pretty strong bias against OAuth2 in the PHP Mailer team. IMO, OAuth2 is a big improvement for email.
Are there any other easy-to-use PHP solutions to send emails
using gmail?
Yes. My solution for my own SMTP project, Postman, was to switch from PHP Mailer to Zend_Mail for OAuth2. Zend_Mail has had native OAuth2 support for quite a while.
Oops, that was my mistake, I've been editing the code in wrong place, not in the one it was executed from.
Strange, but in spite of OAuth2 and other google surprises, i had not to change anything to make old code work (just update password).

Yet another issue with Rails and Exchange server

i trying to get work Rails with Exchange server 2007. I trying to use difference auth methods with it: none, plain, ntlm, login. But none of them does not work and i see exceptions like this for every auth method:
504 5.7.4 Unrecognized authentication type
After long googling i try to use telnet to watch what auth methods supported:
ehlo
...
250-AUTH
250-STARTTLS
...
250-AUTH without any params, but in any manuals in internet this line usually looks like 250-AUTH NTLM LOGIN.
What auth method i should use with this server or i must to reconfigure the exchange?
Some mails servers (both incoming and outgoing) require encryption before they allow authentication.
Judging by the presence of STARTTLS, you are currently connected to port 25 or 587 without encryption.
Try to switch this connection into TLS mode by using the STARTTLS command and promoting your current plain socket to an SSL one. Then repeat EHLO and there should be some auth capabilities listed (e.g. "250-AUTH LOGIN PLAIN").

omniauth openid invalid credentials

I am using omniauth and logging into google and yahoo using the open_id strategy. This was working fine, until I enabled SSL on my site. There was a couple issues. First the URL's being generated were still pointing at http instead of https. I fixed that using a monkey patch from other posts(Omniauth and open_id with Google broken when running behind nginx in SSL mode, OpenID for rails app behind Apache)
Now it seems like the URLs are okay, but now I always get invalid credentials failure. I am using nginx and unicorn and hosting on EC2, if any of that is relevant. I see this in my unicorn logs:
(google) Request phase initiated.
WARNING: making https request to https://www.google.com/accounts/o8/id without verifying server certificate; no CA path was specified.
Generated checkid_setup request to https://www.google.com/accounts/o8/ud with assocication ...
(google) Callback phase initiated.
(google) Authentication failure! invalid_credentials encountered.
*Note I remove the association above because I was not sure if thats some private key or something.
Also, I see google posting to my callback "/auth/google/callback".
Finally, about the warning about making a request without verifying server certificate, I saw in another post that I should add this:
require "openid/fetchers"
OpenID.fetcher.ca_file = "/etc/ssl/certs/ca-certificates.crt"
which I did, and the messages go away but does not fix my problem. Am I supposed to point this to my ssl certificates instead?
Just confused about what is going on and not finding good logging output to identify the problem...

Resources