Gmail blocking mutt
Solution 1
I finally got it to work by enabling Google 2-step verification and using an app-specific password for mutt.
More detail:
I enabled 2-step verification on my Google account, which means that when I log in to Google, I have to enter a pin number from either a text or from the Google Authenticator app.
Then I had to get an app-specific password for mutt. You can generate an app specific password here.
Then I used that app-specific password for logging into mutt instead of my normal password. And then I don't have to enter a pin number.
Solution 2
As one of the comments says it looks like Google have moved to blocking apps that are using IMAP/SMTP PLAIN authentication by default and you can read official blogs stating that Google strongly recommends IMAP/SMTP protocol users switch to OAuth 2.0 (as XMPP is also listed I wonder if (older?) OSX iChat will stop working with GTalk at some point). Elsewhere, there's some fun speculation as to the rationale for this change. At the time of writing anecdotal investigation suggests:
- Google business accounts won't see this issue - they continue to automatically accept password based IMAP/SMTP logins and there's currently no setting to refuse them (can't be causing trouble for all those paying users with programs using "legacy" password logins eh?).
- Non-"business" Google accounts now have a setting to allow or disallow password based IMAP/SMTP logins ("less secure apps"). Google accounts that have existed for years can automatically have opted to disallow but this might not happen to everyone.
I've tried first logging into GMail using a web browser then using mutt from the same machine. I've tried changing muttrc settings to ensure TLS is always used. I've tried the unlock captcha link. All have failed to let my mutt work with a "do not allow less secure apps" GMail account (but may solve login problems in different scenarios). Your choices are:
- Switch your Google account to require 2-step verification and create an app-specific password for mutt.
- Switch to mutt 1.11.0 or later and configure OAUTHBEARER support.
- Use the Google account setting that allows less secure apps to connect.
- Move to another IMAP client that does OAuth.
(Whoever voted up my original reply - thank you)
Solution 3
Judging by aharris88's description, Gmail was blocking access to his account via mutt because mutt is using insecure connections when communicating with Gmail's servers. This means that your username and password are being sent across the local network and the Internet in an unencrypted form; generally a really bad idea, and something to be avoided whenever possible. Gmail was attempting to discourage this risky configuration by rejecting mutt's connection attempt. Changing your Google account settings to allow "Access for less secure apps" overrode this behavior, allowing mutt to connect in an insecure fashion.
One solution for this is to configure mutt to use TLS security when connecting to Gmail. This way, your credentials aren't sent in plain-text form, and you can thus disable "Access for less secure apps" in your Google account settings.
To use TLS, edit your mutt configuration file (~/.muttrc) to be similar to the following:
set realname = 'Your Full Name'
set imap_user = '[email protected]'
set smtp_url = "smtp://[email protected]:587/"
set spoolfile = imaps://imap.gmail.com:993/INBOX
set folder = "imaps://imap.gmail.com:993"
set record="+[Gmail]/Sent Mail"
set postponed="+[Gmail]/Drafts"
set header_cache="~/.mutt/cache/headers"
set message_cachedir="~/.mutt/cache/bodies"
set certificate_file=~/.mutt/certificates
# These two lines appear to be needed on some Linux distros, like Arch Linux
set ssl_starttls = yes
set ssl_force_tls = yes
Also, create the directories and files mutt will use to cache message information and store certificates by executing:
mkdir -p ~/.mutt/cache/bodies
mkdir ~/.mutt/cache/headers
touch ~/.mutt/certificates
Lines 3-5 of the mutt configuration file tell mutt to connect to Gmail using secure ports and protocols. Make sure you fill in 'Your Full Name' on line 1, and replace "youraccount" in both lines 2 and 3. The last two lines will force mutt to connect securely, and may be required on some Linux distributions. The rest of the configuration is a pretty common setup to make mutt play nice with Gmail.
You'll also need to have OpenSSL (or something equivalent) installed on your system, though most systems will probably already have this.
Now, start mutt. You'll be prompted for your Gmail account password. You may also be prompted to accept a certificate that the Gmail server will send you; go ahead and do so. If you see your inbox, you should be all set!
If it's still not connecting, something else is preventing mutt from connecting securely. Try executing: mutt -v to display mutt's version and compile options. In the "Compile options" section of the output, look for +USE_SSL or something similar like +USE_SSL_OPENSSL or +USE_SSL_GNUTLS. If none of these appear with a plus next to them, then mutt was compiled without the ability to connect with TLS, and you'd need to recompile it.
Another possibility is that OpenSSL (or an equivalent SSL package) is not yet installed on your system. The method of installing it will be dependent on which Linux/Unix distribution you are using. Try searching for guides specific to your distribution. You may also need to install an additional package containing Certificate Authorities.
Once you do get things working, if you don't want to type your Gmail password every time you run mutt, you can store it directly in the ~/.muttrc file by adding a line like:
set imap_pass = 'yourpassword'
Note, however, that this presents a security risk, particularly if you share a system with other users. To reduce this risk, you can make ~/.muttrc readable only by you by executing:
chmod 600 ~/.muttrc
This prevents non-root users and services running on your system from reading your password stored in the ~/.muttrc file.
Solution 4
Mutt now officially supports OAuth specifically targeting issues with Gmail.
Solution 5
Create an app specific password for mutt: https://support.google.com/accounts/answer/185833 https://security.google.com/settings/security/apppasswords
Related videos on Youtube
16 : 24
11 : 03
05 : 04
16 : 14
05 : 16
12 : 08
aharris88
Updated on September 18, 2022Comments
-
aharris88 almost 2 years
When I try to log in to gmail with mutt, it flashes a quick Webalert with a url, something like accounts.gmail.com or something. It's too quick for me to see or copy it. Then it says Login failed.
Then I get an email from Gmail saying:
Google Account: sign-in attempt blocked Hi Adam, We recently blocked a sign-in attempt to your Google Account [[email protected]]. Sign in attempt details Date & Time: Wednesday, December 10, 2014 11:55:21 PM UTC Location: Utah, USA If this wasn't you Please review your Account Activity page at https://security.google.com/settings/security/activity to see if anything looks suspicious. Whoever tried to sign in to your account knows your password; we recommend that you change it right away. If this was you You can switch to an app made by Google such as Gmail to access your account (recommended) or change your settings at https://www.google.com/settings/security/lesssecureapps so that your account is no longer protected by modern security standards. To learn more, see https://support.google.com/accounts/answer/6010255. Sincerely, The Google Accounts teamI can go to the link and enable "Access for less secure apps" and then I can log in just fine, but is there a way to login with mutt without having to turn on this less secure option in Gmail?
Update:
I'm on mac os x Yosemite When I run mutt -v, in the compile options, it does contain +USE_SSL_OPENSSL I'm not using google 2-step verification I'm not using an application specific password Here are the messages that I get when I try to log in:
Reading imaps://imap.gmail.com:993/INBOX... Looking up imap.gmail.com... Connecting to imap.gmail.com... TLSv1.2 connection using TLSv1/SSLv3 (ECDHE-RSA-AES128-GCM-SHA256) Logging in... [WEBALERT https://accounts.google.com/ContinueSignIn?sarp=1&scc=1&plt=AKgnsbsm0P......I found this answer, but it didn't work: https://stackoverflow.com/a/25209735/1665818
-
linluk over 9 yearsthis doesn't solves the problem, its the same configuration i have. you have to allow insecure apps in your gmail settings to use mutt this way. but we want to use it (f possible) with the standard security settings. thanks anyway. -
hampercm over 9 yearsMake sure that smtp_url, spoolfile, and folder are being set exactly as specified above, except of course replacing 'youraccount' with your account name. These are the key lines. And, make sure those aren't being set to something else further down in the file. I've also augmented my answer to address a couple other possibilities. Using the two lines I added at the bottom of the configuration file given above may help. Otherwise, you may need to install a SSL implementation or recompile mutt. -
aharris88 over 9 yearsIt still didn't work. That was almost the exact same stuff I already had in my .muttrc. But I had extra stuff. I deleted the other stuff just in case. I didn't add the ssl part because I'm on mac. Also, the messages I'm getting looks like it's using ssl already.
-
hampercm over 9 yearsHmmm. I have very little personal experience with MacOS, so unfortunately I may not be of much help for your issue. Did you create the ~/.mutt/ subdirectories and files using the mkdir and touch commands as described above? Those appear to be necessary on some -nixes. Other than that, I don't have much more to suggest, other than doing some web searches specific to mutt and Gmail on Mac OS. Several search hits talk about using "MacPorts" to install mutt variants.
-
aharris88 over 9 yearsThanks. Yes I ran the mkdir and touch commands to create the correct directories and files.
-
hampercm over 9 yearsI ran across some info that may explain things. This suggests that OAuth 2.0 is required for ALL access from external apps, even over secure connections. I checked my Google settings and found I had enabled less secure apps in the past for some other reason, and forgot about it, which is why my mutt access was working bonks head with palm :( It appears you can use SASL XOAUTH2 to get around needing the "less secure" option, but may not be worth the time invested for a small? security boost.
-
aharris88 over 9 yearsIn my question, I've already linked to this answer, which says the same thing, but it doesn't work. stackoverflow.com/questions/25209676/…
-
jla about 9 yearsHow do app specific passwords fit into the mix? If you use an app specific password can you leave "allow less secure apps to connect" off and still use PLAIN / Basic Authentication without the warning?
-
Dennis Anderson almost 9 yearsI found that if you paste values from an external command, and it has any special values you must wrap it in double quotes, e.g.:imap_pass = "`get_my_pass`" -
aharris88 almost 9 yearsI'm not using google 2-step verification.
-
twolfe18 almost 9 yearsOh, I thought you could use app specific passwords with or without 2-step verification. I guess this is something to consider for those who have setup the 2-step verification.
-
Yoshua Wuyts almost 9 yearsUsing an app-specific password with @hampercm's setup circumvents this issue. - security.google.com/settings/security/apppasswords
-
BFG742 over 8 yearscould you elaborate on this more please?
-
aharris88 over 8 yearsOk, I added more detail. Hope that helps.
-
reinierpost over 8 yearsIndeed, this didn't help for me, either.
-
reinierpost over 8 yearsThis didn't help for me, either. The accepted answer did.
-
Bernardo Sulzbach almost 8 yearsStill working and saving hours all around the world. Thanks @aharris88 -
yukashima huksay over 5 yearsI think it's better if you try to add at least some of the instructions for how to use OAuth in with gmail to your answer. link only answers become invalid if the url changes. or the file moves.
