Gmail blocking mutt
I finally got it to work by enabling Google 2-step verification and using an app-specific password for mutt.
More detail:
I enabled 2-step verification on my Google account, which means that when I log in to Google, I have to enter a pin number from either a text or from the Google Authenticator app.
Then I had to get an app-specific password for mutt. You can generate an app specific password here.
Then I used that app-specific password for logging into mutt instead of my normal password. And then I don't have to enter a pin number.
As one of the comments says it looks like Google have moved to blocking apps that are using IMAP/SMTP PLAIN authentication by default and you can read official blogs stating that Google strongly recommends IMAP/SMTP protocol users switch to OAuth 2.0 (as XMPP is also listed I wonder if (older?) OSX iChat will stop working with GTalk at some point). Elsewhere, there's some fun speculation as to the rationale for this change. At the time of writing anecdotal investigation suggests:
- Google business accounts won't see this issue - they continue to automatically accept password based IMAP/SMTP logins and there's currently no setting to refuse them (can't be causing trouble for all those paying users with programs using "legacy" password logins eh?).
- Non-"business" Google accounts now have a setting to allow or disallow password based IMAP/SMTP logins ("less secure apps"). Google accounts that have existed for years can automatically have opted to disallow but this might not happen to everyone.
I've tried first logging into GMail using a web browser then using mutt from the same machine. I've tried changing muttrc settings to ensure TLS is always used. I've tried the unlock captcha link. All have failed to let my mutt work with a "do not allow less secure apps" GMail account (but may solve login problems in different scenarios). Your choices are:
- Switch your Google account to require 2-step verification and create an app-specific password for mutt.
- Switch to mutt 1.11.0 or later and configure OAUTHBEARER support.
- Use the Google account setting that allows less secure apps to connect.
- Move to another IMAP client that does OAuth.
(Whoever voted up my original reply - thank you)
Judging by aharris88's description, Gmail was blocking access to his account via mutt because mutt is using insecure connections when communicating with Gmail's servers. This means that your username and password are being sent across the local network and the Internet in an unencrypted form; generally a really bad idea, and something to be avoided whenever possible. Gmail was attempting to discourage this risky configuration by rejecting mutt's connection attempt. Changing your Google account settings to allow "Access for less secure apps" overrode this behavior, allowing mutt to connect in an insecure fashion.
One solution for this is to configure mutt to use TLS security when connecting to Gmail. This way, your credentials aren't sent in plain-text form, and you can thus disable "Access for less secure apps" in your Google account settings.
To use TLS, edit your mutt configuration file (~/.muttrc) to be similar to the following:
set realname = 'Your Full Name'
set imap_user = '[email protected]'
set smtp_url = "smtp://[email protected]:587/"
set spoolfile = imaps://imap.gmail.com:993/INBOX
set folder = "imaps://imap.gmail.com:993"
set record="+[Gmail]/Sent Mail"
set postponed="+[Gmail]/Drafts"
set header_cache="~/.mutt/cache/headers"
set message_cachedir="~/.mutt/cache/bodies"
set certificate_file=~/.mutt/certificates
# These two lines appear to be needed on some Linux distros, like Arch Linux
set ssl_starttls = yes
set ssl_force_tls = yes
Also, create the directories and files mutt will use to cache message information and store certificates by executing:
mkdir -p ~/.mutt/cache/bodies
mkdir ~/.mutt/cache/headers
touch ~/.mutt/certificates
Lines 3-5 of the mutt configuration file tell mutt to connect to Gmail using secure ports and protocols. Make sure you fill in 'Your Full Name' on line 1, and replace "youraccount" in both lines 2 and 3. The last two lines will force mutt to connect securely, and may be required on some Linux distributions. The rest of the configuration is a pretty common setup to make mutt play nice with Gmail.
You'll also need to have OpenSSL (or something equivalent) installed on your system, though most systems will probably already have this.
Now, start mutt. You'll be prompted for your Gmail account password. You may also be prompted to accept a certificate that the Gmail server will send you; go ahead and do so. If you see your inbox, you should be all set!
If it's still not connecting, something else is preventing mutt from connecting securely. Try executing: mutt -v
to display mutt's version and compile options. In the "Compile options" section of the output, look for +USE_SSL
or something similar like +USE_SSL_OPENSSL
or +USE_SSL_GNUTLS
. If none of these appear with a plus next to them, then mutt was compiled without the ability to connect with TLS, and you'd need to recompile it.
Another possibility is that OpenSSL (or an equivalent SSL package) is not yet installed on your system. The method of installing it will be dependent on which Linux/Unix distribution you are using. Try searching for guides specific to your distribution. You may also need to install an additional package containing Certificate Authorities.
Once you do get things working, if you don't want to type your Gmail password every time you run mutt, you can store it directly in the ~/.muttrc file by adding a line like:
set imap_pass = 'yourpassword'
Note, however, that this presents a security risk, particularly if you share a system with other users. To reduce this risk, you can make ~/.muttrc readable only by you by executing:
chmod 600 ~/.muttrc
This prevents non-root users and services running on your system from reading your password stored in the ~/.muttrc file.