Google turning off less secure app access to G Suite accounts

A good number of Koha users make using Gmail for sending email notices from Koha. They use Gmail with Mail Transfer Agents (MTA) like Exim and Postfix. Google offered the Less Secure Apps feature to allow sending emails from MTAs. Google is turning off LSA access from third-party software. Google says "Starting in June 2020, we'll limit the ability for less secure apps (LSAs) to access G Suite account data. LSAs are non-Google apps that can access your Google account with only a username and password. They make your account more vulnerable to hijacking attempts. Instead of LSAs, you can use apps that support OAuth—a modern and secure access method".

How it affects Koha users?

After June 15, 2020 - Koha Users who try to connect to an LSA for Gmail with Exim or Postfix for the first time will no longer be able to do so. Users already connected can continue till February 15 2021.

After February 15, 2021 - Access to LSAs will be turned off for all G Suite accounts. Koha users can't send emails using LSA.

How to overcome this situation?

Google has introduced a new method to use Gmail service from third party software. The user needs to finish two-step verification for Google account. Then create an app password for Gmail clients (e.g. Exim, Postfix). Detailed instructions in the following link,

https://support.google.com/accounts/answer/185833?hl=en

How to solve email sending problem with Postfix and Gmail

This post is obsoleted due to Google turning off less secure app access to G Suite accounts.

Turning off less secure app access to G Suite accounts

https://gsuiteupdates.googleblog.com/2019/12/less-secure-apps-oauth-google-username-password-incorrect.html

Use the following link to create Gmail password for email clients (e.g. Exim, Postfix).

Sign in using App Passwords

https://support.google.com/accounts/answer/185833?hl=en

Configure gmail with postfix to send notices from Koha

1. Installation of postfix mail server

Open a terminal and apply the following commands one by one,

sudo apt-get update

sudo apt-get install postfix

Select no configuration in the post installation screen.

2. Copy the configuration file.

sudo cp /usr/share/postfix/main.cf.debian /etc/postfix/main.cf

3. Install following packages too

sudo apt-get install libsasl2-2

sudo apt-get install libsasl2-modules

sudo apt-get install ca-certificates

4. Open the following file and add few lines.

sudo leafpad /etc/postfix/main.cf

Add the following lines at the bottom of the file.

relayhost = [smtp.gmail.com]:587

smtp_sasl_auth_enable = yes

smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd

smtp_sasl_security_options = noanonymous

smtp_tls_CAfile = /etc/postfix/cacert.pem

smtp_use_tls = yes

5. Create a new file to save the gmail password.

Either use an existing Gmail account or create a new one for the purpose send notices from Koha. Google turning off less secure app access to G Suite accounts. Use the following link to finish two-step verification for Google accounts. Create an app password for email clients (e.g. Exim, Postfix). https://support.google.com/accounts/answer/185833?hl=en

Open the following file and add Google app password of Gmail.

sudo leafpad /etc/postfix/sasl_passwd

Add the following line in the opened file.

[smtp.gmail.com]:587    urgmailid@gmail.com:yourpassword

Add your Gmail username and password.

6. Change the permission of the following file.

sudo chmod 400 /etc/postfix/sasl_passwd

7.  Translate the /etc/postfix/sasl_passwd to Postfix lookup tables.

sudo postmap /etc/postfix/sasl_passwd

8. Create the /etc/aliases.db

sudo postalias hash:/etc/aliases

9. Create the /etc/postfix/cacert.pem.

sudo cat /etc/ssl/certs/Equifax_Secure_CA.pem >> /etc/postfix/cacert.pem

For Ubuntu 18.04 LTS Users

sudo cat /etc/ssl/certs/thawte_Primary_Root_CA.pem >> /etc/postfix/cacert.pem

10.  Restart Postfix.

sudo /etc/init.d/postfix restart

11. Enable email service in Koha

Execute following command in a terminal

sudo koha-email-enable library

12. Enable less secure apps in Gmail account

Visit the link. 

http://kohageek.blogspot.in/2016/02/how-to-solve-email-sending-problem-with-gmail.html

13. Check the following settings in Koha to send email notices,

Koha > Administration > Patron categories > Overdue notice required > Yes
[Check for each patron category]

Koha Administration > Global System Preferences > Patrons > Enhancedmessagingpreferences > Allow

Set Koha >  Tools > Overdue Notice/status triggers

 

Information courtesy

These instructions blindly borrowed from Eureka blog.
Vinod Kumar Mishra