SMTP wants to use my personal gmail account

pfh47 · June 20, 2023, 10:46am

I have created a free-standing Google account with its own Gmail service. I want to use these with the SMTP integration so I do not have to compromise the security of my personal Google account.

From config.yaml:

notify:
  - name: "Cheap slots warning"
    platform: smtp
    sender: !secret tregeada_sender
    recipient: !secret tregeada_recipient
    server: smtp.gmail.com
    username: !secret tregeada_username
    password: "!secret tregeada_password"
    debug: true
    port: 587
    encryption: starttls

Initially I set up the new Google account without 2FA instead using the username and password authentication. The connection failed. In the logs “535, b’5.7.8 Username and Password not accepted” told me that 2FA was set up on the target account. Strange?

Next, I created an app password for my personal Google account and changed the notifier config so that my personal Google account was the target. Success (sort of)! Using Developer Tools / Service I was able to send emails to myself.

Finally, I added 2FA and an app password to the new Google account and changed the notifier config setting the new Google account as the target. The connection failed. Here is the detail from the logs:

2023-06-20 10:58:23.164 ERROR (SyncWorker_4) [homeassistant.components.smtp.notify] Login not possible. Please check your setting and/or your credentials
Traceback (most recent call last):
File "/usr/src/homeassistant/homeassistant/components/smtp/notify.py", line 162, in connection_is_valid
server = self.connect()
^^^^^^^^^^^^^^
File "/usr/src/homeassistant/homeassistant/components/smtp/notify.py", line 155, in connect
mail.login(self.username, self.password)
File "/usr/local/lib/python3.11/smtplib.py", line 750, in login
raise last_exception
File "/usr/local/lib/python3.11/smtplib.py", line 739, in login
(code, resp) = self.auth(
^^^^^^^^^^
File "/usr/local/lib/python3.11/smtplib.py", line 662, in auth
raise SMTPAuthenticationError(code, resp)
smtplib.SMTPAuthenticationError: (534, b'5.7.9 Please log in with your web browser and then try again. Learn more at\n5.7.9 https://support.google.com/mail/?p=WebLoginRequired z12-20020a05600c114c00b003f9b4330880sm1904399wmz.29 - gsmtp')

So, I can only use SMTP if I compromise the security of my personal Google account?

Any and all help very gratefully received.

NathanCu · June 20, 2023, 4:05pm

And what happens if you actually setup 2fa and an app password on your burner account?

pfh47 · June 21, 2023, 7:58am

With burner account setup with 2FA and app password …

notify:
  - name: "Cheap slots warning"
    platform: smtp
    sender: !secret tregeada_sender
    recipient: !secret tregeada_recipient
    server: smtp.gmail.com
    username: !secret tregeada_username
    password: "!secret app_password_ytp"
    debug: true
    port: 587
    encryption: starttls

Cleared log and restarted HA. Didn’t try to send an email. Two items of interest in the log …

2023-06-21 08:42:04.239 ERROR (SyncWorker_4) [homeassistant.components.smtp.notify] Login not possible. Please check your setting and/or your credentials
Traceback (most recent call last):
File "/usr/src/homeassistant/homeassistant/components/smtp/notify.py", line 162, in connection_is_valid
server = self.connect()
^^^^^^^^^^^^^^
File "/usr/src/homeassistant/homeassistant/components/smtp/notify.py", line 155, in connect
mail.login(self.username, self.password)
File "/usr/local/lib/python3.11/smtplib.py", line 750, in login
raise last_exception
File "/usr/local/lib/python3.11/smtplib.py", line 739, in login
(code, resp) = self.auth(
^^^^^^^^^^
File "/usr/local/lib/python3.11/smtplib.py", line 662, in auth
raise SMTPAuthenticationError(code, resp)
smtplib.SMTPAuthenticationError: (534, b'5.7.9 Please log in with your web browser and then try again. Learn more at\n5.7.9 https://support.google.com/mail/?p=WebLoginRequired m4-20020a5d56c4000000b003078354f774sm3710087wrw.36 - gsmtp')

and

2023-06-21 08:42:12.266 WARNING (SyncWorker_0) [googleapiclient.http] Encountered 403 Forbidden with reason "insufficientPermissions"
2023-06-21 08:42:12.347 ERROR (MainThread) [homeassistant.components.sensor] google_mail: Error on device update!
Traceback (most recent call last):
File "/usr/src/homeassistant/homeassistant/helpers/entity_platform.py", line 537, in _async_add_entity
await entity.async_device_update(warning=False)
File "/usr/src/homeassistant/homeassistant/helpers/entity.py", line 784, in async_device_update
await self.async_update()
File "/usr/src/homeassistant/homeassistant/components/google_mail/sensor.py", line 46, in async_update
data: dict = await self.hass.async_add_executor_job(settings.execute)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/local/lib/python3.11/concurrent/futures/thread.py", line 58, in run
result = self.fn(*self.args, **self.kwargs)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/local/lib/python3.11/site-packages/googleapiclient/_helpers.py", line 130, in positional_wrapper
return wrapped(*args, **kwargs)
^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/local/lib/python3.11/site-packages/googleapiclient/http.py", line 938, in execute
raise HttpError(resp, content, uri=self.uri)
googleapiclient.errors.HttpError: <HttpError 403 when requesting https://gmail.googleapis.com/gmail/v1/users/me/settings/vacation?alt=json returned "Request had insufficient authentication scopes.". Details: "[{'message': 'Insufficient Permission', 'domain': 'global', 'reason': 'insufficientPermissions'}]">

EKC · June 21, 2023, 8:57pm

Two unrelated thoughts:

Have you turned on the “allow less secure apps” setting on your Gmail account?

Should the double quotes around your password be in the secrets file, rather than the notify config?