Cumulus Support

Posted: **Fri 13 May 2022 2:07 pm**

Today I got an email from Google:

A suspicious app was blocked from accessing your account

Following a link for an explanation I got:

To help keep your account secure, starting May 30, 2022, Google will no longer support the use of third-party apps or devices which ask you to sign in to your Google Account using only your username and password.

The "suspicious app" turned out to be CumulusMX, trying to alert me of an error. I have successfully used the settings below for a long time:

email.jpg

This is the relevant part from the MXdiags file:

2022-05-13 06:39:21.690 SendEmail: Error - MailKit.Security.SslHandshakeException: An error occurred while attempting to establish an SSL or TLS connection.

When connecting to an SMTP service, port 587 is typically reserved for plain-text connections. If
you intended to connect to SMTP on the SSL port, try connecting to port 465 instead. Otherwise,
if you intended to use STARTTLS, make sure to use the following code:

client.Connect ("smtp.gmail.com", 587, SecureSocketOptions.StartTls);
---> System.Security.Authentication.AuthenticationException: Authentication failed, see inner exception. ---> Mono.Btls.MonoBtlsException: Ssl error:100000f7:SSL routines:OPENSSL_internal:WRONG_VERSION_NUMBER
at /build/mono-2liaiA/mono-5.18.0.240+dfsg/external/boringssl/ssl/tls_record.c:217
at Mono.Btls.MonoBtlsContext.ProcessHandshake () [0x00054] in <a9a08e39ba304bd0a84c49bd158dfc02>:0
at Mono.Net.Security.MobileAuthenticatedStream.ProcessHandshake (Mono.Net.Security.AsyncOperationStatus status, System.Boolean renegotiate) [0x000c6] in <a9a08e39ba304bd0a84c49bd158dfc02>:0
at (wrapper remoting-invoke-with-check) Mono.Net.Security.MobileAuthenticatedStream.ProcessHandshake(Mono.Net.Security.AsyncOperationStatus,bool)
at Mono.Net.Security.AsyncHandshakeRequest.Run (Mono.Net.Security.AsyncOperationStatus status) [0x00006] in <a9a08e39ba304bd0a84c49bd158dfc02>:0
at Mono.Net.Security.AsyncProtocolRequest.ProcessOperation (System.Threading.CancellationToken cancellationToken) [0x0012a] in <a9a08e39ba304bd0a84c49bd158dfc02>:0
at Mono.Net.Security.AsyncProtocolRequest.StartOperation (System.Threading.CancellationToken cancellationToken) [0x000a4] in <a9a08e39ba304bd0a84c49bd158dfc02>:0
--- End of inner exception stack trace ---
at Mono.Net.Security.MobileAuthenticatedStream.ProcessAuthentication (System.Boolean runSynchronously, Mono.Net.Security.MonoSslAuthenticationOptions options, System.Threading.CancellationToken cancellationToken) [0x00336] in <a9a08e39ba304bd0a84c49bd158dfc02>:0
--- End of inner exception stack trace ---
at MailKit.Net.Smtp.SmtpClient.ConnectAsync (System.String host, System.Int32 port, MailKit.Security.SecureSocketOptions options, System.Boolean doAsync, System.Threading.CancellationToken cancellationToken) [0x002a3] in <eabb09d1c9ea4e16807c3441ccbaf11a>:0
at MailKit.Net.Smtp.SmtpClient.Connect (System.String host, System.Int32 port, MailKit.Security.SecureSocketOptions options, System.Threading.CancellationToken cancellationToken) [0x00012] in <eabb09d1c9ea4e16807c3441ccbaf11a>:0
at CumulusMX.EmailSender.SendTestEmail (System.String[] to, System.String from, System.String subject, System.String message, System.Boolean isHTML) [0x0011e] in <97834895e3104302abf6a91184c2a0c5>:0

For the next few weeks I can configure Gmail to accept insecure applications, but starting June I will be out of luck. Do I have to change my settings (how?) or does the CumulusMX email module have to be updated/replaced?

Posted: **Fri 13 May 2022 2:35 pm**

Hi Karl,
I am not using gmail for my CumulusMX alarms but using the GoDaddy provided email services, and that works well.
However, for my Reolink camera I got the following information from Reolink support on the two-step verification. Not sure if this may be helpful to you:

Victoria (Reolink)
Jan 11, 2022, 14:03 GMT+8
Hello Paul...,
Thank you for contacting us.
This Gmail address are ok. But the problem is from the password and port.
SMTP server is "smtp.gmail.com"
Port is 465 or 587.
As for the password, you should not enter the password of your email address but the App password, a 16-characters number. About the App password, please refer to How to Generate an APP Password in Gmail Email Account
In this step, please remmeber to turn on the two-step vertification.
Anything we can help you with, please do not hesitate to contact us.
Have a nice day.
Best Regards,
Reolink Support Team

That reply included a screen capture for security settings. I can't exactly remember all what I had to do, but with lots of trial and error I got it to work.

Enjoy,
Paul

Posted: **Fri 13 May 2022 4:25 pm**

As Paul says, if you are, you shouldn't be using your user password. You should create an application password. If you have two factor authentication switched on for Google (and you should) that is the only way applications can use Google email.

Posted: **Fri 13 May 2022 4:48 pm**

Well ....

In order to set up two factor authorisation you need a cell phone ... and I don't have one. There is no cell phone coverage in our area so owning a cell phone would be pointless

Posted: **Fri 13 May 2022 4:57 pm**

You don't have to use a mobile text messages for 2FA, you an also use a hardware device like a Yubikey, or an Authenticator app (I recommend the Microsoft Authenticator rather than the Google version) either on you computer or mobile if you had one! - they work offline.

Posted: **Fri 13 May 2022 5:44 pm**

Sadly, either of the authentication apps only work on mobiles (cell phone or tablet) ... which I don't have. And I'm not going to buy a hardware device (would it even work on a Raspi?), so I guess I will have to live without the Cumulus email alerts.

Posted: **Fri 13 May 2022 6:49 pm**

When I setup mine I used my Windows 10 PC, no cell or tablet involved.
From my gmail.com after sign in, click on the [3x3-dot] Google app icon in upper right, select Account > Security

Enjoy,
Paul

Posted: **Fri 13 May 2022 7:29 pm**

Hi Paul,

I'm not getting it. When I sign into my Gmail account, go to security and try to set up 2-step verification I get the following screen:

2-step.jpg

There's no device listed under "These devices can get prompts" because I don't have any! When I click "Don't see your device", I get instructions on how to set up an Android phone or iPhone (which I don't have). When I click on "Show more options" Google suggests either a security key or at text message/telefon call (ridiculous). This world is not (anymore) made for people who don't own mobile devices.

Posted: **Fri 13 May 2022 8:02 pm**

Not sure what you've done differently!
For 'devices' I get a list of multiple tablets, Raspberry Pis, laptops and desktop PCs that I have used to access Gmail over many years, as well as my phone. Have you NEVER accessed Gmail from Windows or other compuer before (maybe you have been using a mail program such as Outlook rather than a web browser??)
Also, the phone call can be to a landline.
Definitely does not require a mobile phone.

Posted: **Fri 13 May 2022 10:02 pm**

The Google help page explains that if you do not have access to a mobile you do not have to use one. It does recommend Google Prompts on a mobile, but then shows you that you can select other methods including an Authenticator app. I see those other options on my account.

I do not see the authenticator option on your screen shot for some reason, but it does show "voice call" as an alternative. Presumably you do have a phone of some sort? Once 2FA is enabled then you can add more authentication options including plain recovery keys.

Once you have 2FA switched on, you can then disable it on the computer you normally use by saying it is a trusted device.

The 2FA is nothing to do with Cumulus, it just needs to be enabled to add an application password that Cumulus can use.

Cumulus Support

Email alerts with gmail account

Email alerts with gmail account

Re: Email alerts with gmail account

Re: Email alerts with gmail account

Re: Email alerts with gmail account

Re: Email alerts with gmail account

Re: Email alerts with gmail account

Re: Email alerts with gmail account

Re: Email alerts with gmail account

Re: Email alerts with gmail account

Re: Email alerts with gmail account