Meshcentral: SMTP not working configuration error

@ooops4 You need to either change the value of port to 465 or leave it at 587 and set tls to false. If tls is set to true, MeshCentral will use implicit encryption (which only works on port 465) instead of explicit/opportunistic encryption (STARTTLS) to establish an encrypted connection with the mail server.

@Ylianst It would probably make sense to either rename tls to starttls (and invert the boolean values) since the current name is misleading or deprecate this option entirely since the correct setting can easily be inferred from the value of port.

changed to below config

"smtp": {
    "host": "smtp.gmail.com",
    "port": 465,
    "from": "[email protected]",
    "user":  "[email protected]",
    "pass": "password",
    "tls": false
   }

Above config gives this error

If I set port : 587and tls : false then it gives below error

If I set port : 465 and tls : true , then it gives me below error

@ooops4 Did you do what the error message you receive with port: 587 + tls: false / port: 465 + tls: true tells you to do?

Also, you can't use port: 465 with tls: false since that port doesn't support STARTTLS.

That error message (534 5.7.14) is due to Google not allowing MeshCentral to send mail due to their security settings. You said you turned on less secure apps in your Google account. But I think you will still need to use the app specific password option for it to work. The last I knew Google has deprecated their 'less secure apps' option.

The other thing you may need to do is visit this site (while logged in with that Gmail account) and follow the prompts to allow access.
https://accounts.google.com/DisplayUnlockCaptcha

@Ylianst It would probably make sense to either rename tls to starttls (and invert the boolean values) since the current name is misleading or deprecate this option entirely since the correct setting can easily be inferred from the value of port.

+1 for @whalehub 's suggestion to modify this option in some way. It wasn't clear to me that starttls would be used when "SMTP server port" was set to 587. I used the Windows installer to configure email settings; at one point I had a typo in the "SMTP server hostname" I hadn't noticed, but I also enabled "Connect to SMTP server using TLS" thinking that option might have been designed to enable/disable encryption in general.

I'm also using a gmail account and as @PathfinderNetworks suggested I set up an app specific password to get things working.

I thought I'd mention a related issue: as I said earlier my mail configuration wasn't set up correctly at first and I was trying to access the MC2 console with those incorrect settings active, unable to verify the account since I wasn't getting the messages. Once I had appropriate settings in place, I logged in to the MC2 console with my admin account, and MC2 said it sent an email to verify the account - never got it. Quit my browser, used the Windows installer to check the MC2 settings and restart the server, tried logging in again - no email. Clicked the 'resend email' button then got an email; clicked the link in the email to verify the account. Also sent a subsequent message using the "Email" option for the account in "My Users" to confirm mail is generally working.

@ooops4 Did you do what the error message you receive with port: 587 + tls: false / port: 465 + tls: true tells you to do?

Also, you can't use port: 465 with tls: false since that port doesn't support STARTTLS.

@whalehub
I have posted both cases error snapshot above.
https://github.com/Ylianst/MeshCentral/issues/1928#issuecomment-718864343
Check once. If you need anything else other than the posted one. let me know, I will provide one.

@tlcarpenter
What was your config.json configuration for SMTP, can you tell me specific for Gmail SMTP like port, tls, etc
Share a snapshot or code, would be much helpful.
Remember to XXXX personal info while sharing

The other thing you may need to do is visit this site (while logged in with that Gmail account) and follow the prompts to allow access.
https://accounts.google.com/DisplayUnlockCaptcha

I followed the steps and allowed it. Will update here if it works,
Meanwhile can you share me what port and tls should be used or any extra settings should be applied in config.json ??

@ooops4 , smtp section from my working config.

"smtp": {
"host": "smtp.gmail.com",
"port": 587,
"from": "(gmail address)",
"user": "(gmail address)",
"pass": "(application specific password - omitted the spaces Google includes)",
"tls": false
}

Hope that helps.

@ooops4 , smtp section from my working config.

"smtp": {
"host": "smtp.gmail.com",
"port": 587,
"from": "(gmail address)",
"user": "(gmail address)",
"pass": "(application specific password - omitted the spaces Google includes)",
"tls": false
}

Hope that helps.

Use this same config
but also did the step suggested by @PathfinderNetworks and enabled here https://accounts.google.com/DisplayUnlockCaptcha
I didn't use app-specific password.
I hope this won't be a problem in the future because I read somewhere that when enabled by DisplayUnlockCaptcha link. It enables only for 10 minutes around. I'll see if it's true or not. I Will update here.

I would seriously consider using a service other than Google for sending e-mail, such as Amazon Simple E-mail Service, SendGrid, Mandrill, Mailgun, and many others. I use Amazon SES, which works flawlessly with MeshCentral, is not difficult to set up, and costs little to nothing to use.