Sstrhsrtj

When I try to log in to gmail with mutt, it flashes a quick Webalert with a url, something like accounts.gmail.com or something. It's too quick for me to see or copy it. Then it says Login failed.

Then I get an email from Gmail saying:

Google Account: sign-in attempt blocked



Hi Adam, 



We recently blocked a sign-in attempt to your Google Account [a...@gmail.com]. 



Sign in attempt details

Date & Time: Wednesday, December 10, 2014 11:55:21 PM UTC 

Location: Utah, USA 



If this wasn't you

Please review your Account Activity page at         https://security.google.com/settings/security/activity to see if anything looks suspicious.     Whoever tried to sign in to your account knows your password; we recommend that you change it right away. 



If this was you

You can switch to an app made by Google such as Gmail to access your account (recommended) or change your settings at https://www.google.com/settings/security/lesssecureapps so that your account is no longer protected by modern security standards. 



To learn more, see https://support.google.com/accounts/answer/6010255. 



Sincerely,

The Google Accounts team

I can go to the link and enable "Access for less secure apps" and then I can log in just fine, but is there a way to login with mutt without having to turn on this less secure option in Gmail?

Update:

I'm on mac os x Yosemite
When I run mutt -v, in the compile options, it does contain +USE_SSL_OPENSSL
I'm not using google 2-step verification
I'm not using an application specific password
Here are the messages that I get when I try to log in:

Reading imaps://imap.gmail.com:993/INBOX...

Looking up imap.gmail.com...

Connecting to imap.gmail.com...

TLSv1.2 connection using TLSv1/SSLv3 (ECDHE-RSA-AES128-GCM-SHA256)

Logging in...

[WEBALERT https://accounts.google.com/ContinueSignIn?sarp=1&scc=1&plt=AKgnsbsm0P......

I found this answer, but it didn't work: https://stackoverflow.com/a/25209735/1665818

As one of the comments says it looks like Google have moved to blocking apps that are using IMAP/SMTP PLAIN authentication by default and you can read official blogs stating that Google strongly recommends IMAP/SMTP protocol users switch to OAuth 2.0 (as XMPP is also listed I wonder if (older?) OSX iChat will stop working with GTalk at some point). Elsewhere, there's some fun speculation as to the rationale for this change. At the time of writing anecdotal investigation suggests:

• Google business accounts won't see this issue - they continue to automatically accept password based IMAP/SMTP logins and there's currently no setting to refuse them (can't be causing trouble for all those paying users with programs using "legacy" password logins eh?).


• Non-"business" Google accounts now have a setting to allow or disallow password based IMAP/SMTP logins ("less secure apps"). Google accounts that have existed for years can automatically have opted to disallow but this might not happen to everyone.

I've tried first logging into GMail using a web browser then using mutt from the same machine. I've tried changing muttrc settings to ensure TLS is always used. I've tried the unlock captcha link. All have failed to let my mutt work with a "do not allow less secure apps" GMail account (but may solve login problems in different scenarios). Your choices are:

• Switch your Google account to require 2-step verification and create an app-specific password for mutt.


• Use the Google account setting that allows less secure apps to connect.


• Move to another IMAP client that does OAuth.


• Create a patch for mutt to support OAuth.

(Whoever voted up my original reply - thank you)

I finally got it to work by enabling Google 2-step verification and using an app-specific password for mutt.

More detail:

I enabled 2-step verification on my Google account, which means that when I log in to Google, I have to enter a pin number from either a text or from the Google Authenticator app.

Then I had to get an app-specific password for mutt. You can generate an app specific password here.

Then I used that app-specific password for logging into mutt instead of my normal password. And then I don't have to enter a pin number.

Judging by aharris88's description, Gmail was blocking access to his account via mutt because mutt is using insecure connections when communicating with Gmail's servers. This means that your username and password are being sent across the local network and the Internet in an unencrypted form; generally a really bad idea, and something to be avoided whenever possible. Gmail was attempting to discourage this risky configuration by rejecting mutt's connection attempt. Changing your Google account settings to allow "Access for less secure apps" overrode this behavior, allowing mutt to connect in an insecure fashion.

One solution for this is to configure mutt to use TLS security when connecting to Gmail. This way, your credentials aren't sent in plain-text form, and you can thus disable "Access for less secure apps" in your Google account settings.

To use TLS, edit your mutt configuration file (~/.muttrc) to be similar to the following:

set realname = 'Your Full Name'

set imap_user = 'youraccount@gmail.com'

set smtp_url = "smtp://youraccount@smtp.gmail.com:587/"

set spoolfile = imaps://imap.gmail.com:993/INBOX

set folder = "imaps://imap.gmail.com:993"

set record="+[Gmail]/Sent Mail"

set postponed="+[Gmail]/Drafts"

set header_cache="~/.mutt/cache/headers"

set message_cachedir="~/.mutt/cache/bodies"

set certificate_file=~/.mutt/certificates



# These two lines appear to be needed on some Linux distros, like Arch Linux

set ssl_starttls = yes

set ssl_force_tls = yes

Also, create the directories and files mutt will use to cache message information and store certificates by executing:

mkdir -p ~/.mutt/cache/bodies

mkdir ~/.mutt/cache/headers

touch ~/.mutt/certificates

Lines 3-5 of the mutt configuration file tell mutt to connect to Gmail using secure ports and protocols. Make sure you fill in 'Your Full Name' on line 1, and replace "youraccount" in both lines 2 and 3. The last two lines will force mutt to connect securely, and may be required on some Linux distributions. The rest of the configuration is a pretty common setup to make mutt play nice with Gmail.

You'll also need to have OpenSSL (or something equivalent) installed on your system, though most systems will probably already have this.

Now, start mutt. You'll be prompted for your Gmail account password. You may also be prompted to accept a certificate that the Gmail server will send you; go ahead and do so. If you see your inbox, you should be all set!

If it's still not connecting, something else is preventing mutt from connecting securely. Try executing: mutt -v to display mutt's version and compile options. In the "Compile options" section of the output, look for +USE_SSL or something similar like +USE_SSL_OPENSSL or +USE_SSL_GNUTLS. If none of these appear with a plus next to them, then mutt was compiled without the ability to connect with TLS, and you'd need to recompile it.

Another possibility is that OpenSSL (or an equivalent SSL package) is not yet installed on your system. The method of installing it will be dependent on which Linux/Unix distribution you are using. Try searching for guides specific to your distribution. You may also need to install an additional package containing Certificate Authorities.

Once you do get things working, if you don't want to type your Gmail password every time you run mutt, you can store it directly in the ~/.muttrc file by adding a line like:

set imap_pass = 'yourpassword'

Note, however, that this presents a security risk, particularly if you share a system with other users. To reduce this risk, you can make ~/.muttrc readable only by you by executing:

chmod 600 ~/.muttrc

This prevents non-root users and services running on your system from reading your password stored in the ~/.muttrc file.

Create an app specific password for mutt:
https://support.google.com/accounts/answer/185833
https://security.google.com/settings/security/apppasswords