I'm currently using fetchmail to draw from various POP accounts and
distribute on my server using fetchmail, procmail, and dovecot. It has
worked flawlessly for several years going back to when imapd was the
serving daemon.

I received notification that Gmail will be going to 2FA (two factor
authentication) as of December 14.

Switching to 2FA at gmail results in a fetchmail authentication error.
Obviously the challenge/response required to log in is missing in
fetchmail, just the POP password is submitted.

Does this signal the end of my current mail service and force us to use
webmail? If not, how can I satisfy gmail's need for 2FA via fetchmail?
Is there an alternative to fetchmail that will provide this
authentication requirement?

Rinaldi

Am Tue, 7 Dec 2021 12:26:44 -0600
schrieb Rinaldi <rm@nunya.inv>:

> Does this signal the end of my current mail service and force us to
> use webmail? If not, how can I satisfy gmail's need for 2FA via
> fetchmail? Is there an alternative to fetchmail that will provide
> this authentication requirement?
As I know, you need to use OAuth2 with 2FA to make it work, but I can't
try it, I got rid off all my Google accounts.

Rinaldi <rm@nunya.inv> wrote:
> I'm currently using fetchmail to draw from various POP accounts and
> distribute on my server using fetchmail, procmail, and dovecot. It has
> worked flawlessly for several years going back to when imapd was the
> serving daemon.
>
> I received notification that Gmail will be going to 2FA (two factor
> authentication) as of December 14.
>
> Switching to 2FA at gmail results in a fetchmail authentication error.
> Obviously the challenge/response required to log in is missing in
> fetchmail, just the POP password is submitted.
>
> Does this signal the end of my current mail service and force us to use
> webmail? If not, how can I satisfy gmail's need for 2FA via fetchmail?
> Is there an alternative to fetchmail that will provide this
> authentication requirement?
>
> Rinaldi

Very important to me too. If you find a workaround please post back.

Rinaldi wrote on 12/7/21 7:26 PM:
> I'm currently using fetchmail to draw from various POP accounts and distribute on my server using fetchmail, procmail, and dovecot.  It has worked flawlessly for several years going back to when imapd was the serving daemon.
>
> I received notification that Gmail will be going to 2FA (two factor authentication) as of December 14.
>
> Switching to 2FA at gmail results in a fetchmail authentication error. Obviously the challenge/response required to log in is missing in fetchmail, just the POP password is submitted.
>
> Does this signal the end of my current mail service and force us to use webmail?  If not, how can I satisfy gmail's need for 2FA via fetchmail? Is there an alternative to fetchmail that will provide this authentication requirement?
>
> Rinaldi

all good just generate an "application-specific" password an use that instead of "your" password

-rasp

On Wed, 8 Dec 2021 16:49:01 +0100
Ralph Spitzner <rasp@spitzner.org> wrote:
> Rinaldi wrote on 12/7/21 7:26 PM:
> > I'm currently using fetchmail to draw from various POP accounts and distribute on my server using fetchmail, procmail, and dovecot.  It has worked flawlessly for several years going back to when imapd was the serving daemon.
> >
> > I received notification that Gmail will be going to 2FA (two factor authentication) as of December 14.
> >
> > Switching to 2FA at gmail results in a fetchmail authentication error. Obviously the challenge/response required to log in is missing in fetchmail, just the POP password is submitted.
> >
> > Does this signal the end of my current mail service and force us to use webmail?  If not, how can I satisfy gmail's need for 2FA via fetchmail? Is there an alternative to fetchmail that will provide this authentication requirement?
> >
> > Rinaldi
>
> all good just generate an "application-specific" password an use that instead of "your" password

Would you care to elaborate?

Marco Moock <mo01@posteo.de> writes:

> Am Tue, 7 Dec 2021 12:26:44 -0600
> schrieb Rinaldi <rm@nunya.inv>:
>
>> Does this signal the end of my current mail service and force us to
>> use webmail? If not, how can I satisfy gmail's need for 2FA via
>> fetchmail? Is there an alternative to fetchmail that will provide
>> this authentication requirement?
> As I know, you need to use OAuth2 with 2FA to make it work, but I can't
> try it, I got rid off all my Google accounts.

I'm not suggesting you ask them unless you're using nmh, but the nmh
people seem to know something about getting email out of gmail. Maybe
you can glean something useful from what they write about it. Or maybe
their inc command could be adapted to your use if fetchmail can't do it:

https://lists.nongnu.org/archive/html/nmh-workers/2020-09/msg00005.html
https://lists.nongnu.org/archive/html/nmh-workers/2020-07/msg00017.html
https://lists.nongnu.org/archive/html/nmh-workers/2019-12/msg00064.html
https://lists.nongnu.org/archive/html/nmh-workers/2019-06/msg00118.html
https://lists.nongnu.org/archive/html/nmh-workers/2019-06/msg00099.html

- Mike S.

On 12/8/21 18:23, Chris Vine wrote:
> On Wed, 8 Dec 2021 16:49:01 +0100
> Ralph Spitzner <rasp@spitzner.org> wrote:
>> Rinaldi wrote on 12/7/21 7:26 PM:
>>> I'm currently using fetchmail to draw from various POP accounts and distribute on my server using fetchmail, procmail, and dovecot.  It has worked flawlessly for several years going back to when imapd was the serving daemon.
>>>
>>> I received notification that Gmail will be going to 2FA (two factor authentication) as of December 14.
>>>
>>> Switching to 2FA at gmail results in a fetchmail authentication error. Obviously the challenge/response required to log in is missing in fetchmail, just the POP password is submitted.
>>>
>>> Does this signal the end of my current mail service and force us to use webmail?  If not, how can I satisfy gmail's need for 2FA via fetchmail? Is there an alternative to fetchmail that will provide this authentication requirement?
>>>
>>> Rinaldi
>>
>> all good just generate an "application-specific" password an use that instead of "your" password
>
> Would you care to elaborate?

Got app specific passwords for fetchmail and t-bird. This stanza is
working for gmail in ~/.fetchmailrc.

poll pop.gmail.com with proto POP3 service 995
user '$USER' there with password '$2FAPWD' is '$USER' here ssl

Thanks for the tip.

Rinaldi

Chris Vine wrote on 12/9/21 1:23 AM:
> On Wed, 8 Dec 2021 16:49:01 +0100
> Ralph Spitzner <rasp@spitzner.org> wrote:
>> Rinaldi wrote on 12/7/21 7:26 PM:
>>> I'm currently using fetchmail to draw from various POP accounts and distribute on my server using fetchmail, procmail, and dovecot.  It has worked flawlessly for several years going back to when imapd was the serving daemon.
>>>
>>> I received notification that Gmail will be going to 2FA (two factor authentication) as of December 14.
>>>
>>> Switching to 2FA at gmail results in a fetchmail authentication error. Obviously the challenge/response required to log in is missing in fetchmail, just the POP password is submitted.
>>>
>>> Does this signal the end of my current mail service and force us to use webmail?  If not, how can I satisfy gmail's need for 2FA via fetchmail? Is there an alternative to fetchmail that will provide this authentication requirement?
>>>
>>> Rinaldi
>>
>> all good just generate an "application-specific" password an use that instead of "your" password
>
> Would you care to elaborate?
>
what happens if you google google ? :-)

gmail application specific password
first hit :

Sign in with App Passwords - Google Account Help

On Wed, 8 Dec 2021 19:27:08 -0600
Rinaldi <rm@nunya.inv> wrote:
> On 12/8/21 18:23, Chris Vine wrote:
> > On Wed, 8 Dec 2021 16:49:01 +0100
> > Ralph Spitzner <rasp@spitzner.org> wrote:
> >> Rinaldi wrote on 12/7/21 7:26 PM:
> >>> I'm currently using fetchmail to draw from various POP accounts and distribute on my server using fetchmail, procmail, and dovecot.  It has worked flawlessly for several years going back to when imapd was the serving daemon.
> >>>
> >>> I received notification that Gmail will be going to 2FA (two factor authentication) as of December 14.
> >>>
> >>> Switching to 2FA at gmail results in a fetchmail authentication error.. Obviously the challenge/response required to log in is missing in fetchmail, just the POP password is submitted.
> >>>
> >>> Does this signal the end of my current mail service and force us to use webmail?  If not, how can I satisfy gmail's need for 2FA via fetchmail? Is there an alternative to fetchmail that will provide this authentication requirement?
> >>>
> >>> Rinaldi
> >>
> >> all good just generate an "application-specific" password an use that instead of "your" password
> >
> > Would you care to elaborate?
>
> Got app specific passwords for fetchmail and t-bird. This stanza is
> working for gmail in ~/.fetchmailrc.
>
> poll pop.gmail.com with proto POP3 service 995
> user '$USER' there with password '$2FAPWD' is '$USER' here ssl

Thanks. I use fetchmail for receiving from pop.gmail.com and for
sending I generally use postfix as a local server on localhost with
smtp.gmail.com as relay, or sometimes mailx and sylpheed directly
forwarding to smtp.gmail.com as relay. I also have two or three
different laptops which I use with my gmail account.

Do all these different applications require their own application
specific password? If so, given that each laptop would also seem to
require its own set of passwords, this all sounds somewhat tedious.

Chris

Chris Vine wrote on 12/9/21 12:56 PM:
[...]
> Do all these different applications require their own application
> specific password? If so, given that each laptop would also seem to
> require its own set of passwords, this all sounds somewhat tedious.
>
> Chris
>
I recently switched from a laptop to a mini-pc and it's still working, so my guess is no ....
-rasp

On Thu, 9 Dec 2021 14:14:54 +0100
Ralph Spitzner <rasp@spitzner.org> wrote:
> Chris Vine wrote on 12/9/21 12:56 PM:
> [...]
> > Do all these different applications require their own application
> > specific password? If so, given that each laptop would also seem to
> > require its own set of passwords, this all sounds somewhat tedious.
> >
> > Chris
> >
> I recently switched from a laptop to a mini-pc and it's still working, so my guess is no ....

Interesting. Possibly you could use the same "application specific
password" for all your gmail applications on all your computers. I had
assumed that google in some way hashed some characteristic of each
computer into the password, and maybe some characteristic of each
application, but apparently not.

If so, this makes using google's not very application specific passwords
more tractable. This would still address what appears to be google's
main concern, which is people re-using passwords on other (non-google)
sites.

Chris Vine wrote on 12/9/21 4:16 PM:
> On Thu, 9 Dec 2021 14:14:54 +0100
[...]
ll your computers. I had
> assumed that google in some way hashed some characteristic of each
> computer into the password, and maybe some characteristic of each
> application, but apparently not.
>
> If so, this makes using google's not very application specific passwords
> more tractable. This would still address what appears to be google's
> main concern, which is people re-using passwords on other (non-google)
> sites.
>
I guess it's pretty hard to 'footprint' something connecting to port 995...

you could, of course just copy that pw and use it somewhere else :-/

I think it's more or less that you have to authenricate with 2fa with google
to get such a password,which THEY generate make it pretty safe to say that
it's either you, or someone using your credentials an phone that's logging in ....

-rasp