4

I have been using Google 2 factor auth for a while, and have several applications configured. One of them is offlineimap (where I download the mail), but when I use mu4e to compose a message, I get the following error:

Sending failed: 534-5.7.9 Application-specific password required. 
Learn more at  534-5.7.9 
http://support.google.com/accounts/bin/answer.py?answer=185833

I have a ~/.authinfo.gpg configured (and it decrypts successfully manually), and my ~/.offlineimaprc calls get_password_emacs (the example I used can be found here).

I've even attempted to skip the gpg piece to see if it works, using my mu4e Google App Password directly in the ~/.offlineimaprc, but I end up with the same result.

My ~/.authinfo.gpg file: (decrypted here, sensitive info removed)

machine imap.gmail.com login me@gmail.com port 993 password GoogleAppPassword
machine smtp.gmail.com login me@gmail.com port 587 password GoogleAppPassword

My ~/.offlineimaprc file:

[general]
accounts = Gmail
maxsyncaccounts = 3
pythonfile = ~/.offlineimap.py

[Account Gmail]
localrepository = Local
remoterepository = Remote

[Repository Local]
type = Maildir
localfolders = ~/Maildir

[Repository Remote]
remotehost = imap.gmail.com 
remoteuser = me@gmail.com 
remotepasseval = get_password_emacs("imap.gmail.com",  "me@gmail.com", "993")
ssl = yes
maxconnections = 1
realdelete = no
holdconnectionopen = true
keepalive = 60
type = IMAP

and my ~/.offlineimap.py

#!/usr/bin/python
import re, os

def get_password_emacs(machine, login, port):
    s = "machine %s login %s port %s password ([^ ]*)\n" % (machine, login, port)
    p = re.compile(s)
    authinfo = os.popen("gpg -q --no-tty -d ~/.authinfo.gpg").read()
    return p.search(authinfo).group(1)

Can anyone see the issue I'm having? I've validated that the ~/.authinfo.gpg file decrypts successfully, and that my Google App Password is correct.

Thanks for your time.

Tim S.
  • 2,187
  • 1
  • 25
  • 40
  • 1
    Not sure why people are downvoting this, but it's still an issue. Stopped using mu4e for the time being because of this issue for now. – Tim S. Jun 18 '15 at 18:23
  • 1
    Upvoted because now I'm facing the same thing. – tamouse Oct 05 '15 at 20:35
  • You mostly probably are facing the same thing as me. You need to authenticate the gpg session otherwise your "gpg -q..." decryption will fail. Try setting up a gpg-agent and see if it works. – pranith Nov 03 '15 at 13:33
  • I'm already running gpg-agent. – Tim S. Jan 22 '16 at 16:55

1 Answers1

1

using my mu4e Google App Password directly in the ~/.offlineimaprc

That's exactly the problem. You shouldn't be using the password directly. For legacy applications that do not accept the second factor token, you need to use the application-specific password, instead. This is a password that you generate from this URL:

https://security.google.com/settings/security/apppasswords

And you use the generated password in lieue of your real password. You should note, however, that these application-specific passwords grant full access to your account. As a result, using app passwords significantly reduces the protections you get from enabling 2-factor on your account.

Michael Aaron Safyan
  • 93,612
  • 16
  • 138
  • 200
  • I did that -- I'm not attempting to use my real Google password here, but the App password generated at that site. That's what I meant by "Google App Password". – Tim S. Oct 01 '14 at 12:42
  • An attempt to use the bare Google App Password in order to test if it's working is not the same as using it under normal operations. – tamouse Oct 05 '15 at 20:36