Turn off insecure access to your inbox

[gordon]

When I manually login to my yahoo acct, I get this message:
"Turn off insecure access to your inbox"
This is obviously in reference to PP.
My PP acct is
SSL/TLS
IMAP
imap.mail.yahoo.com

Is there some PP setting that will make this more secure and avoid
this yahoo warning?
thanks

[mjs]

Since you are using the recommended IMAP protocol, try enabling OAuth2 which is done by editing the account then pressing the "OAuth2" button and following the ensuing steps. What the recommended OAuth2 does is provide a more secure access to server resources.

You will find additional information as to the two options you have regarding this issue by clicking on this FAQ: http://www.esumsoft.com/products/pop-pe ... ahooOauth2.

[gordon]

lakrsrool,
I enabled OAuth2 in PP and I no longer get the yahoo
nag balloon when logging in to yahoo manually
I was also able to delete my PP password for that acct
thanks

[gordon]

lakrsrool,
OK, this is related, so same thread.
The original post was for receiving mail, and that works.

I cannot send mail using Oauth2.
This is the error message:
The following errors occurred while attempting to send mail:
account: xxxxxxxxxxxxxxx
error verifying "from"
server returned: 2.0.0 OK (#250)
Press OK to open the outbox

send option: SMTP
SMIP server: smtp.mail.yahoo.com
STARTTLS

[mjs]

Since you are getting errors, please provide the entire "Error Overview" information by clicking on the exclamation in the lower-right corner of the main POP Peeper window interface and press the "Copy" button and then "Paste" that information here in this topic (right-click and select "paste"). This will help us with much more detail as far as additional information regarding the issue you are having with your Yahoo account, i.e. for one thing what Sendmail plugin version you are using among other things including various account settings. (be sure and remove personal information from this data as you did above)

[gordon]

lakrsrool,
Here is the error log.
OK, I think I see the problem.
When I use Oauth2, am I required to put the password for that account in PP?
I thought Oauth2 was based on replacing the password with the Oauth2 key
for both receiving and sending mail.
Can you clarify ?

gordon

--- Version ---
OS: Windows 7 (x64)
POP Peeper: 4.3.0.0
Webmail: 4.2.5.0
SSL: 1.0.1.8
IMAP: 4.3.0.0
RSS: 4.3.0.0
SendMail: 4.3.0.0
Notification Voice: 4.3.0.0
Profile Picture: 4.3.0.0
AntiJunk: 4.3.0.0
Spell Checker: 4.3.0.0
Web of Trust: 4.3.0.0

--- Error ---
AAAYahoogordoo55IMAP [1000: IMAP] ['imap.mail.yahoo.com' (993) SSL: 1] [Smtp: 'smtp.mail.yahoo.com' (587) SSL: 2]
Send Mail: Suspended (Too many errors; edit and re-send this message)
* Suspended - Error verifying 'From'
Server Returned: 2.0.0 OK (#250)

[Jeff]

OAuth2 is used for both imap and smtp.

There happens to be a test version of POP Peeper available which provides additional information for SMTP errors, so yours would be an excellent case to test that this works.

You can download the test version (v4.3 test 2) here:
http://www.esumsoft.com/pop-peeper-beta/

Follow the instructions to install it and then do the "error overview" again which will hopefully provide additional information.

[gordon]

Jeff,
Here is the error log:


--- Version ---
OS: Windows 7 (x64)
POP Peeper: 4.3.0.9002
Webmail: 4.2.5.0
SSL: 1.0.1.8
IMAP: 4.3.0.0
RSS: 4.3.0.0
SendMail: 4.3.0.0
Notification Voice: 4.3.0.0
Profile Picture: 4.3.0.0
AntiJunk: 4.3.0.0
Spell Checker: 4.3.0.0
Web of Trust: 4.3.0.0

--- Error ---
AAAYahoogordoIMAP [1000: IMAP] ['imap.mail.yahoo.com' (993) SSL: 1] [Smtp: 'smtp.mail.yahoo.com' (587) SSL: 2]
Send Mail: Error verifying 'From'
Server Returned: 2.0.0 OK (#250)

[Jeff]

Yeah, ummm...

v4.3 Test 02 didn't include SendMail.dll, which is necessary for the extended smtp information.

Sorry, but I'll have to ask you to try again with Test 03, which *does* include sendmail.dll:
http://www.esumsoft.com/pop-peeper-beta/

[gordon]

Jeff,
Here is the test03 error log text.
thanks

--- Version ---
OS: Windows 7 (x64)
POP Peeper: 4.3.0.9003
Webmail: 4.2.5.0
SSL: 1.0.1.8
IMAP: 4.3.0.0
RSS: 4.3.0.0
SendMail: 4.3.0.9003
SendMail: 4.3.0.0
Notification Voice: 4.3.0.0
Profile Picture: 4.3.0.0
AntiJunk: 4.3.0.0
Spell Checker: 4.3.0.0
Web of Trust: 4.3.0.0

--- Error ---
AAAYahoogordonwilson55IMAP [1000: IMAP] ['imap.mail.yahoo.com' (993) SSL: 1] [Smtp: 'smtp.mail.yahoo.com' (587) SSL: 2]
Send Mail: Error verifying 'From'
Server Returned: 5.7.1 Authentication required (#530)

2.0.0 OK (#250)

[Jeff]

Ah, that's better!

> Server Returned: 5.7.1 Authentication required (#530)

Edit the account
Select "Send Mail" page
Enable: "Server requires authentication"
Press Update



btw, it looks like you made a copy of the SendMail plugin and that's why there are 2 entries:
SendMail: 4.3.0.9003
SendMail: 4.3.0.0

When you make a backup, rename the extension, e.g. SendMail-v4300.dxx

[gordon]

Jeff,
You ask me to enable: "Server requires authentication"
It was already enabled. So no change.
thanks

Here is another error log with only one sendmail:

--- Version ---
OS: Windows 7 (x64)
POP Peeper: 4.3.0.9003
Webmail: 4.2.5.0
SSL: 1.0.1.8
IMAP: 4.3.0.0
RSS: 4.3.0.0
SendMail: 4.3.0.9003
Notification Voice: 4.3.0.0
Profile Picture: 4.3.0.0
AntiJunk: 4.3.0.0
Spell Checker: 4.3.0.0
Web of Trust: 4.3.0.0

--- Error ---
AAAYahoog55IMAP [1000: IMAP] ['imap.mail.yahoo.com' (993) SSL: 1] [Smtp: 'smtp.mail.yahoo.com' (587) SSL: 2]
Send Mail: Error verifying 'From'
Server Returned: 5.7.1 Authentication required (#530)

2.0.0 OK (#250)



I wonder if this is a problem with 2 PP accounts for the same yahoo account.
Long ago I created a POP account: gw
Then I copied that account and created: gwIMAP (same yahoo account)
And I disabled the gw account.
I did not delete the gw account because I was concerned that it might delete mail
that was received under the gw PP account.
That seems to be unnecessary as I do not see any mail in the gw PP account.
When I edit the gw PP account, it does not have the Oauth2 button. That seems like a clue.

Another experiment, I mailed from PP account gw3 (Oauth2) to PP gw account and it worked ok.
So there is something funny with PP accounts gw and gwIMAP when sending.
I think if I deleted PP account gw, it might work ok.
I did not delete the PP account gw in case you might want me to try something first.

[Jeff]

Ok, perhaps you changed the smtp login settings? Go back to where you were: edit the account, "send mail" page and press the "settings" button. Click the option for "use same login as incoming mail server"

I tested by using "use these settings" and then deleting the login/password and I got the same "authentication required" that you did, so hopefully that will resolve it, once and for all...

[Jeff]

"When I edit the gw PP account, it does not have the Oauth2 button. That seems like a clue."

That account is probably set to use WebMail (server type = "Yahoo") or POP3 instead of IMAP. OAuth2 only applies to IMAP.

One account in PP won't have any impact on another account, so you can delete the unused account if you want.

[gordon]

Jeff,

>edit the account, "send mail" page and press the "settings" button.
>Click the option for "use same login as incoming mail server"
It was already set at "use same login as incoming mail server"
So that is not the problem.

Ohh is this the problem
general/login name
When the login name is "gordon", PP will send nonAuth2 mail ok.
If you do the same with Auth2 it will fail with "Server requires authentication"
If you change login name to gordon@[...] then Auth2 send mail works.
Can you confirm?

It is not clear to me why the general tab has both a
"Email address"
and
"login name"
Seems like they are always the same?

[Jeff]

Ah.... Good catch! Sorry you had to be the guinea pig.

For smtp, POP Peeper was using the login ID to retrieve the OAuth2 credentials instead of the email address. In cases where OAuth2 are involved, these are usually the same, which is why this bug wasn't discovered earlier. This has been fixed for the next release. In the meantime, you can and should use the full email address to. No need to change it back when the fix is released; using the full email address is probably better, as it tells yahoo that you have a @yahoo.com address instead of one of their other domains, e.g. @rocketmail.com or @y7mail.com, etc.

The "email address" and "login name" are often, but not always, the same. There are some ISPs that will fail if the full email address is used for the login instead of just the user-id. Apple's email system is a prime example -- if one encryption method is used, it requires the full email address and if another is used, it requires just the user-id. This was an issue when I updated POP Peeper to default to using a stronger method a few versions back and people who use Apple's email were suddenly getting login errors for previously-working accounts.