Channels
android_tests
apple-silicon
arm-architecture
auditing-warroom
aws
carving
code-review
community-feeds
core
darkbytes
doorman
ebpf
eclecticiq-polylogyx-extension
extensions
file-carving
fim
fleet
fleet-dev
fleetosquery
foundation
fuzzing
general
golang
goquery
infrastructure
jobs
kolide
linen-dev
linux
macos
officehours
osctrl
plugins
process-auditing
querycon
queryhub
random
selfgroup
sql
tls
uptycs
vendor-feeds
website
windows
zeek
zentral
zercurity
Title
a
Artem
04/27/2022, 1:27 PMHello everyone!
Did anybody previously see such error
535 5.7.8 Username and Password not accepted"smtp_settings": {
"enable_smtp": true,
"configured": true,
"sender_address": "<mailto:user@ourdomain.com|user@ourdomain.com>",
"server": "<http://smtp.gmail.com|smtp.gmail.com>",
"port": 587,
"authentication_type": "authtype_username_password",
"user_name": "<mailto:user@ourdomain.com|user@ourdomain.com>",
"password": "********",
"enable_ssl_tls": true,
"authentication_method": "authmethod_plain",
"domain": "",
"verify_ssl_certs": true,
"enable_start_tls": true
}535 5.7.8 Username and Password not accepted. Learn more at\n5.7.8 <https://support.google.com/mail/?p=BadCredentials> i27-20020a1c541b000000b003928e866d32sm1520496wmb.37 - gsmtp👀 1
The funny stuff related to this problem is that I receive an email from this service account about successful SMTP configuration, but still can not add new users because of error described earlier.
k
Kathy Satterlee
04/27/2022, 6:14 PM@Artem Sorry SMTP is giving you trouble! Have you tried Google's Captcha Unlock?
a
Artem
04/27/2022, 6:15 PMHi @Kathy Satterlee! I didn’t try it yet, will do it asap, thanks for advice!
z
zwass
04/27/2022, 6:17 PMbtw on newer versions of Fleet you can still add users without email.
a
Artem
04/27/2022, 6:17 PM@zwass yea, that’s our current single option 😉
z
zwass
04/27/2022, 6:18 PMHopefully Kathy's suggestion helps get this working
👍 1
a
Artem
04/27/2022, 6:18 PMBut it’s really interesting to find and fix the reason of the problem
@Kathy Satterlee could you please explain any details about this mechanism? I didn’t have experience with it and currently don’t properly understand how to user it with Fleet.
z
zwass
04/27/2022, 6:22 PMDo you have 2FA enabled on this account? Might need to use app specific password.
a
Artem
04/27/2022, 6:24 PM@zwass yes, I have 2FA enabled and I use 16-char app specific password. With general password I see another type of error during SMTP configuration
Could not update settings. sending mail: client auth error: 534 5.7.9 Application-specific password required. Learn more at 5.7.9 <https://support.google.com/mail/?p=InvalidSecondFactor> i27-20020a1c541b000000b003928e866d32sm2111167wmb.37 - gsmtpk
Kathy Satterlee
04/27/2022, 6:28 PMAs far as that Captcha unblock goes, Google has some built-in protections against SPAM senders/scammers that can be a little overprotective. By doing the captcha unblock, you're essentially confirming that you're actually to do the thing it blocked you from doing. You should (hopefully) only need to do it once after the initial setup.
a
Artem
04/27/2022, 6:29 PMAs I can see, I can not use Google Captcha with 2FA enabled 😞
I see such message, when try to follow https://accounts.google.com/b/0/DisplayUnlockCaptcha
k
Kathy Satterlee
04/27/2022, 6:30 PMIt looks like it unblocked successfully. Try adding a new user and we'll see if that was the issue.
a
Artem
04/27/2022, 6:33 PMSorry, but nothing is changed. I tried to invite new user right now and saw same error.
I also tried to create another app specific passwords, but had same results with them. This problem looks really strange for me because of successful email about SMTP configuration, but no opportunity to invite new users…
k
Kathy Satterlee
04/27/2022, 6:39 PMWhat version of Fleet are you running? I can test adding Google SMTP settings to see what happens.
a
Artem
04/27/2022, 6:40 PMFleet 4.13.0 • Go go1.17.8
✅ 1
k
Kathy Satterlee
04/27/2022, 6:42 PMGive me a few minutes to test things out.
a
Artem
04/27/2022, 6:45 PMI think there is small probability about google workspace based reason of problem. Found such article https://stackoverflow.com/questions/63562314/535-b5-7-8-username-and-password-not-accepted-with-g-suite-and-django, but without solution
Is it posiible to debug actial connection between google and Fleet somehow? Maybe any kind of verbose logging?
I would like to compare connections at first time (when I get email about finished SMTP configuration) and at user invitation time
z
zwass
04/27/2022, 7:00 PMI think you'd have to use some sort of packet capture tool for that. The strange thing is that the same email sending code is used everywhere in the app: https://github.com/fleetdm/fleet/blob/main/server/mail/mail.go#L143
👍 1
k
Kathy Satterlee
04/27/2022, 7:00 PMI'm getting the same error, so I'm digging in to see if I can get it resolved on my end.
👍 1
a
Artem
04/27/2022, 7:03 PM@Kathy Satterlee thank you for such deep diving, hope you will find how to solve it!
k
Kathy Satterlee
04/27/2022, 7:42 PMHappy to help! Looking at one last setting and then we may need to call this one a bug.
This one might take a few to filter through, so I'm going to step away for a few minutes.
I'm going to loop our engineering team in on this one. I'll let you know as soon as I have an update!
a
Artem
04/27/2022, 8:20 PM@Kathy Satterlee thank you!
k
Kathy Satterlee
04/27/2022, 9:17 PMHappy to help 🙂
I may not have an answer for you today, but I'll make sure I check in on this first thing in the morning as well.
🔥 1
Testing this out with everything all fresh and new now!
a
Artem
04/28/2022, 6:15 PM@Kathy Satterlee good luck with it! Hope you will find exact reason!
k
Kathy Satterlee
04/28/2022, 7:39 PMMe too! I ran into some unrelated technical issues I'm needing to clean up (went a little to rogue with some file permissions), so things are taking a while.
a
Artem
05/01/2022, 9:58 AMHello @Kathy Satterlee! Did you manage to achieve any results in researching the problem?
k
Kathy Satterlee
05/02/2022, 5:00 PMNo, and I've thrown everything I've got at it. I'll get a bug report filed to get some more eyes on it, but it may be something odd with Google.
We have a bug report filed for this. Hopefully we can track down where the breakdown in communication is happening with the SMTP. If anything new develops, just let me know!
a
Artem
05/03/2022, 7:32 PMDid I understand you correctly that I need to create an issue for this problem?
k
Kathy Satterlee
05/03/2022, 7:33 PMI've already gotten it filed!
a
Artem
05/03/2022, 8:06 PM@Kathy Satterlee okay, thanks! I didn’t find anything related to our problem in https://github.com/fleetdm/fleet/issues, so decided to ask you.
k
Kathy Satterlee
05/03/2022, 8:07 PMThat's odd. I'll double check in a few minutes and file again if I need to.
👍 1
I did have to recreate the issue, thanks for bringing that back to me! Here's the active link:
https://github.com/fleetdm/fleet/issues/5542
🔥 1
a
Artem
05/03/2022, 9:52 PM@Kathy Satterlee thanks!
k
Kathy Satterlee
05/17/2022, 7:12 PMHey @Artem, wanted to drop a quick line here so that you knew we were still on it! Engineering is still looking into this but it's definitely looking more and more like it's something on the Google end blocking the smtp.
👍 1
a
Artem
05/18/2022, 8:30 AMHi @Kathy Satterlee! Got it, thanks! Currently we found small “workaround” via adding user with SAML access, but I hope you will find the way to solve this bug!
✅ 1