"Error occurred while sending" after enabling Google 2-step authentication [with solution]

classic Classic list List threaded Threaded
11 messages Options
Reply | Threaded
Open this post in threaded view
|

"Error occurred while sending" after enabling Google 2-step authentication [with solution]

Nick Jenkins
Hi all,

Ran into a problem this morning, but in the process of writing this
email, I worked out the solution. I'll send this mail anyway, with
solution, so if someone (including myself) encounters the same problem
later on, it's there in the archives.

Some Background: What's happened is that I recently turned on Google
2-step authentication, after reading a horror story of someone having
their gmail password stolen (e.g. from a keylogger on an Internet
terminals), and from that lost their email, contacts, calendars, and
then experiencing bank fraud due to identity theft and reset passwords
on their banking sites, and so forth, and the whole thing sounded like a
total nightmare ... and in the ensuing discussion, the consensus
solution to avoid the same fate was to turn on 2-step authentication,
where you enter a password, plus a numeric code that's SMSed to your
phone or generated on your phone, and only with both of those things can
you log in (i.e. something you know + something you have). So similar to
many banking sites, but you can mark a browser as trusted after the
first successful login, and thereafter you only need your password, so a
bit more convenient.

More background: Most of Google's own apps now support 2-step
authentication, but to help with "legacy" apps that don't support 2-step
authentication, such as Evolution, you can generate an "application
password". This a password that you should use just for that app, and
it's 16 characters of gibberish, so very hard to brute force. It's
supposed to work just like your normal password did previously, without
requiring your phone for authentication, and once you're no longer using
that app, you then revoke the app-specific password, and it no longer
works. If you want further info, it's available at:
http://www.google.com/landing/2step/

Configuration in Evolution: I have this gmail account configured as IMAP
+ for receiving, and SMTP for sending, and previous to this it worked
fine. Also there's a Google calendar configured with the same account.
Evolution version is 3.8.4

What happened: After enabling 2-step authentication, Evolution prompted
me to enter my password. So I entered the app-specific password I had
generated (once for my email + once for my calendar), and I can view
everything as normal in Evolution, and mark mail as read, and so forth.
The problem is sending mail. Ever since enabling 2-step authentication,
when I reply to mail or create a new mail, and then hit Send, I get a
dialog error box that says:
-----------------------------------------
An error occurred while sending. How do you want to proceed?
The reported error was "Bad authentication response from server.".
[Continue Editing] [Save to Outbox] [Try Again]
-----------------------------------------

Thought process: My suspicion is that Evolution (or gnome-keyring) is
still remembering and using the old password for SMTP sending, rather
than the app-specific SMTP password that it should be using now. Is
there somewhere that I can say "hey, forget that old SMTP password, and
prompt me for the SMTP password next time you need it"?

Solution:
* install "seahorse" (it's in the standard repository of most
distributions), and run it.
* then in the top-right search box type "smtp", press enter
* it should show an entry like this "smtp://youremail%
40gmail.com;auth=[hidden email]:587".
* Right-click on that entry, choose "delete".
* Then quit Evolution, then restart evolution.
* Try sending mail again. This still didn't work, so then I searched in
seahorse for "evolution"
* There were a number of entries named things like "Evolution Data
Source 1220830865.7426.7@redux". You can't really tell what account they
are for by looking at them, but by showing the password for each, I was
able to check if they were the old password, and if so, then delete each
of those entries. I deleted around 6 entries, but I had deleted and
re-added this account a few times in previous years.
* Then quit Evolution, then restart evolution.
* When I tried sending again, it prompted for the password, and I
entered the app-specific password, and then it sent successfully, so
that was the solution.

How Evo could have made this a bit easier to solve:
* Prompting for the password to be entered on encountering a "Bad
authentication response from server." when sending, or allowing it to be
re-entered by clicking a button on that dialog box, would have been
ideal. [this is the first place I looked]  Even a link to open the
relevant Sending Email configuration page could be good, especially if
combined with the entry below:
* Under Edit -> Preferences -> select account -> Edit -> Sending Email,
a way to say "forget password" would have helped. [this was the second
place I looked]

-- All the best,
Nick.

_______________________________________________
evolution-list mailing list
[hidden email]
To change your list options or unsubscribe, visit ...
https://mail.gnome.org/mailman/listinfo/evolution-list
Reply | Threaded
Open this post in threaded view
|

Re: "Error occurred while sending" after enabling Google 2-step authentication [with solution]

Thomas Prost
Am Mittwoch, den 04.06.2014, 13:15 +1000 schrieb Nick Jenkins:
> Hi all,
>
(...)

>
> How Evo could have made this a bit easier to solve:
> * Prompting for the password to be entered on encountering a "Bad
> authentication response from server." when sending, or allowing it to be
> re-entered by clicking a button on that dialog box, would have been
> ideal. [this is the first place I looked]  Even a link to open the
> relevant Sending Email configuration page could be good, especially if
> combined with the entry below:
> * Under Edit -> Preferences -> select account -> Edit -> Sending Email,
> a way to say "forget password" would have helped. [this was the second
> place I looked]

... and the first place was the "file" dropdown-menu, where (in my
version) something like "drop all passwords" is resident ?
--
Best,
Thomas

_______________________________________________
evolution-list mailing list
[hidden email]
To change your list options or unsubscribe, visit ...
https://mail.gnome.org/mailman/listinfo/evolution-list
Reply | Threaded
Open this post in threaded view
|

Re: [Bulk] Re: "Error occurred while sending" after enabling Google 2-step authentication [with solution]

Ralf Mardorf-2
On Wed, 2014-06-04 at 12:40 +0200, Thomas Prost wrote:
> ... and the first place was the "file" dropdown-menu, where (in my
> version) something like "drop all passwords" is resident ?

And your version is Evolution 2.28.3 ;).

_______________________________________________
evolution-list mailing list
[hidden email]
To change your list options or unsubscribe, visit ...
https://mail.gnome.org/mailman/listinfo/evolution-list
Reply | Threaded
Open this post in threaded view
|

Re: "Error occurred while sending" after enabling Google 2-step authentication [with solution]

G.W. Haywood
In reply to this post by Nick Jenkins
Hi there,

On Wed, 4 Jun 2014, Nick Jenkins wrote:

> ... I recently turned on Google 2-step authentication
> ... (i.e. something you know + something you have).
> ...
>  you can mark a browser as trusted after the first successful
> login, and thereafter you only need your password ...

Can you explain how the first part ("something you know + something
you have") is not defeated by the last part?  Can the attacker not
simply impersonate your browser having first sniffed your password?
(And why involve a browser anyway?  You did mean 'browser'?)

--

73,
Ged.
_______________________________________________
evolution-list mailing list
[hidden email]
To change your list options or unsubscribe, visit ...
https://mail.gnome.org/mailman/listinfo/evolution-list
Reply | Threaded
Open this post in threaded view
|

Re: "Error occurred while sending" after enabling Google 2-step authentication [with solution]

Patrick O'Callaghan
On Wed, 2014-06-04 at 11:51 +0100, G.W. Haywood wrote:

> Hi there,
>
> On Wed, 4 Jun 2014, Nick Jenkins wrote:
>
> > ... I recently turned on Google 2-step authentication
> > ... (i.e. something you know + something you have).
> > ...
> >  you can mark a browser as trusted after the first successful
> > login, and thereafter you only need your password ...
>
> Can you explain how the first part ("something you know + something
> you have") is not defeated by the last part?  Can the attacker not
> simply impersonate your browser having first sniffed your password?
> (And why involve a browser anyway?  You did mean 'browser'?)

The 2-step process uses an out-of-band channel (by default an SMS
message) for the first authentication and leaves a token on your local
machine. If the attacker can't penetrate your machine then he can't
impersonate you (and if he can penetrate your machine then all bets are
off anyway). Once the setup is complete then simply knowing your
password is not enough.

The (slight) downside is that you have to repeat the setup once on each
machine and client program that needs access. All the tokens are of
course different.

poc

_______________________________________________
evolution-list mailing list
[hidden email]
To change your list options or unsubscribe, visit ...
https://mail.gnome.org/mailman/listinfo/evolution-list
Reply | Threaded
Open this post in threaded view
|

Re: [Bulk] Re: "Error occurred while sending" after enabling Google 2-step authentication [with solution]

Thomas Prost
In reply to this post by Ralf Mardorf-2
Am Mittwoch, den 04.06.2014, 12:45 +0200 schrieb Ralf Mardorf:
> On Wed, 2014-06-04 at 12:40 +0200, Thomas Prost wrote:
> > ... and the first place was the "file" dropdown-menu, where (in my
> > version) something like "drop all passwords" is resident ?
>
> And your version is Evolution 2.28.3 ;).

... hoping that such useful functionality wasn't taken off in newer ones
evo :-)

_______________________________________________
evolution-list mailing list
[hidden email]
To change your list options or unsubscribe, visit ...
https://mail.gnome.org/mailman/listinfo/evolution-list
Reply | Threaded
Open this post in threaded view
|

Re: "Error occurred while sending" after enabling Google 2-step authentication [with solution]

Andre Klapper
On Wed, 2014-06-04 at 20:25 +0200, Thomas Prost wrote:
> Am Mittwoch, den 04.06.2014, 12:45 +0200 schrieb Ralf Mardorf:
> > On Wed, 2014-06-04 at 12:40 +0200, Thomas Prost wrote:
> > > ... and the first place was the "file" dropdown-menu, where (in my
> > > version) something like "drop all passwords" is resident ?
> >
> > And your version is Evolution 2.28.3 ;).
>
> ... hoping that such useful functionality wasn't taken off in newer ones
> evo :-)

https://bugzilla.gnome.org/show_bug.cgi?id=660438

andre
--
Andre Klapper  |  [hidden email]
http://blogs.gnome.org/aklapper/

_______________________________________________
evolution-list mailing list
[hidden email]
To change your list options or unsubscribe, visit ...
https://mail.gnome.org/mailman/listinfo/evolution-list
Reply | Threaded
Open this post in threaded view
|

Re: "Error occurred while sending" after enabling Google 2-step authentication [with solution]

Thomas Prost
Am Mittwoch, den 04.06.2014, 20:37 +0200 schrieb Andre Klapper:

> On Wed, 2014-06-04 at 20:25 +0200, Thomas Prost wrote:
> > Am Mittwoch, den 04.06.2014, 12:45 +0200 schrieb Ralf Mardorf:
> > > On Wed, 2014-06-04 at 12:40 +0200, Thomas Prost wrote:
> > > > ... and the first place was the "file" dropdown-menu, where (in my
> > > > version) something like "drop all passwords" is resident ?
> > >
> > > And your version is Evolution 2.28.3 ;).
> >
> > ... hoping that such useful functionality wasn't taken off in newer ones
> > evo :-)
>
> https://bugzilla.gnome.org/show_bug.cgi?id=660438
>
> andre

Great solution. That's a feather in his cap.
--
Thomas Prost <[hidden email]>
ProstsInfo

_______________________________________________
evolution-list mailing list
[hidden email]
To change your list options or unsubscribe, visit ...
https://mail.gnome.org/mailman/listinfo/evolution-list
Reply | Threaded
Open this post in threaded view
|

Re: "Error occurred while sending" after enabling Google 2-step authentication [with solution]

Matthew Barnes
On Thu, 2014-06-05 at 00:00 +0200, Thomas Prost wrote:
> Great solution. That's a feather in his cap.

I removed it because Seahorse exists for password management.

Also, the complaint about password entry descriptions has been fixed.

https://bugzilla.gnome.org/show_bug.cgi?id=695744

Matthew Barnes


_______________________________________________
evolution-list mailing list
[hidden email]
To change your list options or unsubscribe, visit ...
https://mail.gnome.org/mailman/listinfo/evolution-list
Reply | Threaded
Open this post in threaded view
|

Re: "Error occurred while sending" after enabling Google 2-step authentication [with solution]

Matthew Barnes
In reply to this post by Nick Jenkins
On Wed, 2014-06-04 at 13:15 +1000, Nick Jenkins wrote:

> Some Background: What's happened is that I recently turned on Google
> 2-step authentication, after reading a horror story of someone having
> their gmail password stolen (e.g. from a keylogger on an Internet
> terminals), and from that lost their email, contacts, calendars, and
> then experiencing bank fraud due to identity theft and reset passwords
> on their banking sites, and so forth, and the whole thing sounded like a
> total nightmare ... and in the ensuing discussion, the consensus
> solution to avoid the same fate was to turn on 2-step authentication,
> where you enter a password, plus a numeric code that's SMSed to your
> phone or generated on your phone, and only with both of those things can
> you log in (i.e. something you know + something you have). So similar to
> many banking sites, but you can mark a browser as trusted after the
> first successful login, and thereafter you only need your password, so a
> bit more convenient.

You would be better off using GNOME Online Accounts (or Ubuntu Online
Accounts if you're a Unity guy) where you sign into Google once to
obtain an access token good for all Google services.

Evolution will self-configure a Google account for you and use your
access token so as to never bother you with a password prompt.

Matthew Barnes

_______________________________________________
evolution-list mailing list
[hidden email]
To change your list options or unsubscribe, visit ...
https://mail.gnome.org/mailman/listinfo/evolution-list
Reply | Threaded
Open this post in threaded view
|

Re: "Error occurred while sending" after enabling Google 2-step authentication [with solution]

Nick Jenkins
> > Some Background: What's happened is that I recently turned on Google
> > 2-step authentication,
>
> You would be better off using GNOME Online Accounts (or Ubuntu Online
> Accounts if you're a Unity guy) where you sign into Google once to
> obtain an access token good for all Google services.
>
> Evolution will self-configure a Google account for you and use your
> access token so as to never bother you with a password prompt.

Ah, cool, thank you for the heads up! I didn't realise these account
programs supported tokens, that makes life easier :-)

> Also, the complaint about password entry descriptions has been fixed.
> https://bugzilla.gnome.org/show_bug.cgi?id=695744
>
Cool, thank you, that helps.

-- All the best,
Nick.

_______________________________________________
evolution-list mailing list
[hidden email]
To change your list options or unsubscribe, visit ...
https://mail.gnome.org/mailman/listinfo/evolution-list