GNOME Bugzilla – Bug 783385
Prefer SSL over STARTTLS for mail when both are set in GOA
Last modified: 2017-06-13 15:36:43 UTC
Clarification first: Gmail account added via Account Wizard in Evolution works all fine including Calendar, Contacts, Email (receiving and sending) except Empathy where it has to be added via Gnome Online Accounts (GOA). Problem: Gmail account added via GOA also works fine from calendar to contacts including receiving the emails and Empathy BUT fails to send any email due to: > The reported error was “HELO command failed: Peer failed to perform TLS handshake”. My investigation: Terminal gives no output for camel debug smtp, etc, this is what I found: 1. Two-factor authentication is not the issue. Tried disabling it, didn't work. 2. Account properties (for the same Gmail account) are different with missing "Send Email" tab/options see: If added via Evoluion: https://ibb.co/cCO0ha If added via GOA: https://ibb.co/hiuUav Conclusion: It seems Gmail added via GOA misses SMTP server settings like address, port and encryption type including the setting for OAuth2. Possible (unintended) workaround: Add the account from GOA and Evolution separately, user may either i) turn off "use for mail" in GOA or in Evolution > Preferences > Uncheck the account so it **does not appear** twice in Evolution. BUT this is just hiding the problem not fixing it. Note: I am not a programmer but tried my best to state problem. Please pity my ignorance.
> Terminal gives no output for camel debug smtp, etc, this is what I found: See https://help.gnome.org/users/evolution/stable/problems-debug-how-to.html linking to https://wiki.gnome.org/Apps/Evolution/Debugging#SMTP Which distribution is this about?
*SMTP log output: >[SMTP] Connecting to server smtp.gmail.com:587 from account 1496272406.848.18@my >[SMTP] received: 220 smtp.gmail.com ESMTP p5sm8569860wma.17 - gsmtp >[SMTP] sending: EHLO [192.168.1.9] >[SMTP] received: 250-smtp.gmail.com at your service, [37.107.191.29] >[SMTP] received: 250-SIZE 35882577 >[SMTP] received: 250-8BITMIME >[SMTP] received: 250-STARTTLS >[SMTP] received: 250-ENHANCEDSTATUSCODES >[SMTP] received: 250-PIPELINING >[SMTP] received: 250-CHUNKING >[SMTP] received: 250 SMTPUTF8 >[SMTP] sending: STARTTLS >[SMTP] received: 220 2.0.0 Ready to start TLS >[SMTP] sending: EHLO [192.168.1.9] >Error sending IPC message: Broken pipe >Error sending IPC message: Broken pipe *Distribution: Arch Linux Thanks!
Additional info: Above log is for the account added using GOA, doing the same for account added via Evolution Account Wizard: > [SMTP] Connecting to server smtp.googlemail.com:465 from account 14867821831.14575.10@mypc > [SMTP] received: 220 smtp.googlemail.com ESMTP b43sm9169292wrd.40 - gsmtp > [SMTP] sending: EHLO [192.168.1.9] > [SMTP] received: 250-smtp.googlemail.com at your service, [37.107.191.29] > [SMTP] received: 250-SIZE 35882577 > [SMTP] received: 250-8BITMIME > [SMTP] received: 250-AUTH LOGIN PLAIN XOAUTH2 PLAIN-CLIENTTOKEN OAUTHBEARER XOAUTH > [SMTP] received: 250-ENHANCEDSTATUSCODES > [SMTP] received: 250-PIPELINING > [SMTP] received: 250-CHUNKING > [SMTP] received: 250 SMTPUTF8 > [SMTP] sending: AUTH XOAUTH2 dXNlcj1zaGVpa2gubW9oYW1tYWQudGFpbXVyQGdtYWlsLmNvbQFhdXRoPUJlYXJlciBfadFWrSDfAdsf5LkdsMWZCSHJSTm02RHBNQ2Qxa3pzXzgtdm01YlpFM2tKM2drTTh4bE9WX3lPeWYwZWZlQWZ4WV9kZFowVTBGSkxLZk5zMEgyb3czYVktakFrMjBCSVI3S2RsLXYwRzdXVnVGR0Ywa09ISlNHRF9EWVZSWE1tQ21MOE51UFhfTEEBAQ== > [SMTP] received: 235 2.7.0 Accepted > [SMTP] Sending with server smtp.googlemail.com:465 from account 148234234831.14575.10@mypc > [SMTP] sending: MAIL FROM:<removed1@gmail.com> > [SMTP] received: 250 2.1.0 OK b43sm9169292wrd.40 - gsmtp > [SMTP] sending: RCPT TO:<removed2@gmail.com> > [SMTP] received: 250 2.1.5 OK b43sm9169292wrd.40 - gsmtp > [SMTP] sending: DATA > [SMTP] received: 354 Go ahead b43sm9169292wrd.40 - gsmtp > [SMTP] sending: \r\n.\r\n > [SMTP] received: 250 2.0.0 OK 1496595592 b43sm9169292wrd.40 - gsmtp > [SMTP] sending: QUIT > [SMTP] received: 221 2.0.0 closing connection b43sm9169292wrd.40 - gsmtp
(In reply to André Klapper from comment #1) >> Terminal output >> Which distribution is this about? Information has been added, please let me know if anything further required. Thanks
Thanks for a bug report. I am not able to reproduce this, but it doesn't mean much. Could you verify what the sending account configuration contains correct values, please? You can find the correct file in: ~/.config/evolution/sources/ it's the one which contains BackendName=smtp and it has this section (possibly with different values than I have): [Authentication] Host=smtp.gmail.com Method=XOAUTH2 Port=587 ProxyUid=system-proxy RememberPassword=true User=user@gmail.com CredentialName= It should reference the gmail SMTP server. I see in your log above that the SMTP access for GOA account tries to connect to smtp.gmail.com:587, while the one configured in evolution uses smtp.googlemail.com:465 Could it be that you cannot access smtp.gmail.com address from your location, but you can access smtp.googlemail.com from the same location? It is possible in certain situations.
(In reply to Milan Crha from comment #5) Thanks for trying to help. Starting from easiest first: >> Cannot access smtp.gmail.com from location This is not an issue. Account (say abc@gmail.com) works if I add via Evolution Account Setup Wizard (send/receive both) and the same only refuses to send email if added using Gnome Online Accounts. >> Port 587 or 456 on smtp.gmail.com Started from scratch (deleted Evolution config, user data and cache in respective directories as said here: https://help.gnome.org/users/evolution/3.10/data-storage.html.en) Added abc@gmail.com using GOA, it created 4 config files in sources directory. Trying to match with your config, I found as follows: > [Authentication] > Host=imap.gmail.com > Method=XOAUTH2 > Port=993 > ProxyUid=system-proxy > RememberPassword=true > User=abcgmail.com > CredentialName= Different than yours but seems correct as we are connecting to different ports (imap/smtp). > [Mail Transport] > BackendName=smtp > > [Authentication] > Host=smtp.gmail.com > Method=XOAUTH2 > Port=587 > ProxyUid=system-proxy > RememberPassword=true > User=abc@gmail.com > CredentialName= This is also same as yours. Result: Everything works but can't send email, TLS handshake error as above. Given this: a) Quoting from my comment above, can you comment on the differences here? If added via Evoluion: https://ibb.co/cCO0ha If added via GOA: https://ibb.co/hiuUav b) I will post separate comment by editing port=587 to port=465, and retry to send email and post result.
(In reply to pingo from comment #6) > b) I will post separate comment by editing port=587 to port=465, and > retry to send email and post result. Changed config from: > [Authentication] > Host=smtp.gmail.com > Method=XOAUTH2 > Port=587 > ProxyUid=system-proxy > RememberPassword=true > User=abc@gmail.com > CredentialName= To > Port=465 First, it throws: >The reported error was “Cannot send message: service not connected.”. Second, on re-login port number always returns to 587.
I didn't want to change only the port, but mainly the server address name. Evolution uses different name than the GOA configured, thus repeating that "in evo works, from GOA not" is not the proof of functionality. There are places from where gmail.com servers cannot be reached, but googlemail.com can. That's what I wanted to verify from you. It might be as simple as running this from a command line: $ ping -c 3 smtp.gmail.com $ ping -c 3 smtp.googlemail.com They usually resolve into different IP addresses, for me 74.125.206.108 and 74.125.206.16, but different physical location can resolve to other. > a) Quoting from my comment above, can you comment on the differences here? That's intentional. That's "we know better what settings to use" approach, as GOA is meant to be as simple as possible, it only failed for you for some reason we are trying to figure out. This approach is also the reason why the changes you make "reset back to previous values", because the GOA module writes the expected values into there. I do believe that the right settings for GOA are to use smtp.googlemail.com, eventually with changed encryption method, but I want to verify it first. Or at least to have confirmation from you that smtp.gmail.com doesn't work in general for you. We can verify it the other way around, aka configure the account in evolution, but change the SMTP server and port to the one preset in GOA. Then try to send an email (eventually after evolution close&open, to be 100% sure that the changes in preferences will be picked up).
(In reply to Milan Crha from comment #8) Thanks for bearing with me. a) Ping outputs Gmail/Googlemail: > [me@my ~]$ ping -c 3 smtp.gmail.com > PING smtp.gmail.com (74.125.128.108) 56(84) bytes of data. > 64 bytes from ec-in-f108.1e100.net (74.125.128.108): icmp_seq=1 ttl=43 time=108 ms > 64 bytes from ec-in-f108.1e100.net (74.125.128.108): icmp_seq=2 ttl=43 time=109 ms > 64 bytes from ec-in-f108.1e100.net (74.125.128.108): icmp_seq=3 ttl=43 time=108 ms > > --- smtp.gmail.com ping statistics --- > 3 packets transmitted, 3 received, 0% packet loss, time 2003ms > rtt min/avg/max/mdev = 108.969/109.220/109.714/0.441 ms > > [me@my ~]$ ping -c 3 smtp.googlemail.com > PING smtp.googlemail.com (173.194.69.16) 56(84) bytes of data. > 64 bytes from ef-in-f16.1e100.net (173.194.69.16): icmp_seq=1 ttl=43 time=115 ms > 64 bytes from ef-in-f16.1e100.net (173.194.69.16): icmp_seq=2 ttl=43 time=116 ms > 64 bytes from ef-in-f16.1e100.net (173.194.69.16): icmp_seq=3 ttl=43 time=115 ms > > --- smtp.googlemail.com ping statistics --- > 3 packets transmitted, 3 received, 0% packet loss, time 2002ms > rtt min/avg/max/mdev = 115.274/115.906/116.700/0.593 ms b) Add account in Evo and change config to match GOA: Added account via Evo, changed its default values in wizard: From Evo default: > smtp.googlemail.com port 465 with 'TLS encryption' To GOA default: > smtp.gmail.com:587 part 587 with 'Encryption STARTTLS after connecting' Restarted Evo, send mail results in: > The reported error was “HELO command failed: Peer failed to perform TLS handshake”. When this failed, I did one more exercise by keeping server address the same (smtp.gmail.com) but changed port to 465 with 'TLS on dedicated' and was able to send email. Correct me if wrong but I would say problem lies in port number and encryption method default in GOA rather than server address (smtp.gmail.com / smtp.googlemail.com) Let me know if more info needed.
(In reply to pingo from comment #9) > Correct me if wrong but I would say problem lies in port number and > encryption method default in GOA rather than server address (smtp.gmail.com > / smtp.googlemail.com) Thanks for the testing. I agree with the above. I changed some details in the evolution-data-server, but it won't fix it for you, because the connection details being used are advertised by GOA itself (they override the hard-coded values in evolution-data-server). I found bug #772305 for GOA, which is recent and related. Created commit 69e2645 in eds master (3.25.3+) Created commit 0a0bb3a in eds gnome-3-24 (3.24.3+)
(In reply to Milan Crha from comment #10) > Created commit 69e2645 in eds master (3.25.3+) > Created commit 0a0bb3a in eds gnome-3-24 (3.24.3+) Thank you for time. Just for my understanding, your commits (patches) will go into testing and then be deployed into stable repos? Is this how it works?
There's no "testing". The stable 'repo' is the "eds gnome-3-24" branch. At some point a new tarball is created, and it's up to distros when they ship it.