Form email authentication w/ Gmail SMTP

Hi, I’ve set up a basic Cockpit form in a Vue app using Gmail’s SMTP server to send email notifications, and I’m wondering if there’s a way to configure the mailer settings in such a way that Google recognizes it as a “secure app”? If I use the typical mailer settings-- as described in this Github thread– I need to allow my Gmail account to use “less secure apps” for the server to accept mail requests (which is not ideal, as it appears Google sometimes reverses this setting when it hasn’t been used for a while, and thus rejects requests.) I’ve read that PHPMailer 6.0+ has support for more secure authentication methods (e.g. XOAUTH2) and I’m wondering if it’s possible to configure Cockpit’s PHPMailer implementation in this way so as to not need to enable the “less secure app” flag? I may just end up using an alternative SMTP server altogether, but I figured I’d see if it’s even possible to go this route w/ Gmail.

Thanks for any guidance here!

I’m not familiar with Gmail anymore. I decided to use privacy friendly alternatives. But I’m sure, this problem will pop up in the future again if clients love that Google service too much or if other providers start to restrict smtp access… So I did some research…

I found this resource:

It looks a bit complicated, but doable… If I understood it correctly, you would have to

  1. add new dependencies league/oauth2-client and league/oauth2-google
  2. create a public api endpoint to create the token
  3. pass the credentials to PHPMailer

Number 1 and 2 could be in an addon.
Number 3 would require an update in the core to pass more options to the Mailer class or you would have to override the mailer service in an addon.

I wouldn’t add it all to the core, because it only fixes an edge case, but the update to the Mailer class to allow more/custom options should be fine.


@nickpish If you want to try to write that addon, I can offer more help - but I won’t start it on my own, because I don’t care much about compatibility with privacy violating services.

Hi @raffaelj - thanks for your detailed reply; given the complexity, I think I’ll likely pursue a different route, as I was mostly interested in using Gmail’s mail service for the (potential) ease. It’s probably not worth the effort to develop an addon (at least for my own purposes), since I’m just looking for a simple email notification method for a basic contact form. I can probably use the SMTP server associated w/ my website hosting provider, but I’d be curious to hear from others if they’ve implemented different solutions.