Unable to check mail from other accounts in Gmail using Dovecot/POP3

Question

Score:1

Server

Unable to check mail from other accounts in Gmail using Dovecot/POP3

Eric Jonas

3/19/24, 5:26 PM

I have a VPS running on AlmaLinux. For SMTP, I use sendmail, which successfully sends and received emails for both of my domain names. I have Dovecot set up to handle IMAP/POP3. I want to allow a Gmail account to get emails from one of my domain names (let's call it example.com) using the "Check mail from other accounts" feature Gmail provides. Unfortunately, I cannot get this to work.

Here is where things stand:

I am pretty sure Dovecot is correctly configured to handle POP3 connections. From my computer, I can enter the following in the command line:

openssl s_client -starttls pop3 -connect mail.example.com:110

If I then enter USER fake_username and PASS fake_password, I can execute POP commands (e.g. LIST and STAT) and get correct responses.

Furthermore, I configured Thunderbird on my local machine to read emails using POP3 from mail.example.com. In Thunderbird, I am able to read emails with the following Account Settings:

Server Name: mail.example.com
Port: 110
User Name: fake_username
Connection Security: STARTTLS
Authentication Method: Normal Password

...and emails come though without a hitch.

When I use the same information (mail.example.com, port 110, correct username, correct password) in Gmail, however, I get one of two error messages, based on whether I check the checkbox reading "Always use a secure connection (SSL) when retrieving mail."

If I leave the checkbox unchecked, on the web form, I see the following error message:

"Server denied POP3 access for the given username and password."

On my server log (dovecot.log), I see the following:

Mar 19 12:27:36 pop3-login: Info: Disconnected: Disconnected: Too many bad commands (no auth attempts in 0 secs): user=<>, rip=209.85.128.137, lip=103.72.79.234, session=<cR/KSUP3MIvRVYCJ>

If I check the "always use SSL" checbox, on the front end Gmail shows this error message:

"There was a problem connecting to mail.example.com"

And in dovecot.log, I see:

Mar 19 12:27:01 pop3-login: Debug: SSL: where=0x2001, ret=1: before SSL initialization
Mar 19 12:27:01 pop3-login: Debug: SSL: where=0x2002, ret=-1: before SSL initialization
Mar 19 12:27:01 pop3-login: Debug: SSL: where=0x2002, ret=-1: before SSL initialization
Mar 19 12:27:01 pop3-login: Debug: SSL: where=0x2002, ret=-1: before SSL initialization
Mar 19 12:27:01 pop3-login: Debug: SSL: where=0x2001, ret=1: before SSL initialization
Mar 19 12:27:01 pop3-login: Debug: SSL: where=0x2001, ret=1: SSLv3/TLS read client hello
Mar 19 12:27:01 pop3-login: Debug: SSL: where=0x2001, ret=1: SSLv3/TLS write server hello
Mar 19 12:27:01 pop3-login: Debug: SSL: where=0x2001, ret=1: SSLv3/TLS write change cipher spec
Mar 19 12:27:01 pop3-login: Debug: SSL: where=0x2001, ret=1: TLSv1.3 write encrypted extensions
Mar 19 12:27:01 pop3-login: Debug: SSL: where=0x2001, ret=1: SSLv3/TLS write certificate
Mar 19 12:27:01 pop3-login: Debug: SSL: where=0x2001, ret=1: TLSv1.3 write server certificate verify
Mar 19 12:27:01 pop3-login: Debug: SSL: where=0x2001, ret=1: SSLv3/TLS write finished
Mar 19 12:27:01 pop3-login: Debug: SSL: where=0x2001, ret=1: TLSv1.3 early data
Mar 19 12:27:01 pop3-login: Debug: SSL: where=0x2002, ret=-1: TLSv1.3 early data
Mar 19 12:27:01 pop3-login: Debug: SSL: where=0x2002, ret=-1: TLSv1.3 early data
Mar 19 12:27:01 pop3-login: Debug: SSL: where=0x2002, ret=-1: TLSv1.3 early data
Mar 19 12:27:01 pop3-login: Debug: SSL: where=0x2002, ret=-1: TLSv1.3 early data
Mar 19 12:27:01 pop3-login: Debug: SSL: where=0x2001, ret=1: TLSv1.3 early data
Mar 19 12:27:01 pop3-login: Debug: SSL: where=0x2001, ret=1: SSLv3/TLS read finished
Mar 19 12:27:01 pop3-login: Debug: SSL: where=0x20, ret=1: SSLv3/TLS write session ticket
Mar 19 12:27:01 pop3-login: Debug: SSL: where=0x2001, ret=1: SSLv3/TLS write session ticket
Mar 19 12:27:01 pop3-login: Debug: SSL: where=0x2001, ret=1: SSLv3/TLS write session ticket
Mar 19 12:27:01 pop3-login: Debug: SSL: where=0x2002, ret=1: SSL negotiation finished successfully
Mar 19 12:27:01 pop3-login: Info: Login: user=<fake_username>, method=PLAIN, rip=71.232.112.192, lip=[MY SERVER'S IP ADDRESS], mpid=949498, TLS, session=<waq2R0P3fM1H6HDA>
Mar 19 12:27:01 pop3(fake_username)<949498><waq2R0P3fM1H6HDA>: Info: Disconnected: Logged out top=0/0, retr=0/0, del=0/0, size=0
Mar 19 12:27:01 pop3-login: Debug: SSL alert: close notify

In my file /etc/dovecot/10-auth.conf, the only lines I have uncommented are:

auth_mechanisms = plain login
!include auth-system.conf.ext

And there is nothing related to auth in dovecot.conf

I assume there is some mismatch between how I am authorizing the session via command line and in Thunderbird on the one hand (Thunderbird can't connect to mail.example.com via POP3 unless I use STARTTLS), and how Gmail is trying to connect on the other hand. Unfortunately, the error logs are all Greek to me, and I can't make enough sense of the Dovecot documentation to figure out how to let Dovecot grant access to Gmail.

Does any kind soul understand what is/might be going on here and how I can fix it?

137

1 + 0

pop3

gmail

dovecot

Unable to check mail from other accounts in Gmail using Dovecot/POP3

Post an answer