SMTP Relay with Google Workspace

pseudopunk
New Contributor III

Has anyone had success setting up SMTP in JSS using Google's SMTP relay? We are struggling to find settings that work. This is the doc I'm referencing: https://support.google.com/a/answer/2956491?hl=en

2 ACCEPTED SOLUTIONS

scottlep
Contributor II

Google/Gmail no longer work since Google has dropped "less secure app" access for SMTP. See https://support.google.com/accounts/answer/6010255?hl=en. We have been looking for a replacement since that happened almost a year ago. Jamf teased us in a survey a while back that they would be adding the ability to add a SMTP server that would be supplied by Jamf but that has not yet happened.

 

Screenshot 2023-04-10 at 12.57.29 PM.png

View solution in original post

bigben54
New Contributor III

The replacement for that Google setting, in places where you cannot use "Sign in with Google" such as the SMTP settings in Jamf, are App Passwords.

Essentially, while logged in with the user that will be used for SMTP, go to the Google Account settings > Security > Signing in to Google > App Passwords.

Add one and give it a descriptive name like Jamf SMTP, and copy the 16 character password it generates, then use that when setting up SMTP in Jamf.

It can only be used by a single "app", so after the first time you test it in Jamf, that password will be invalid for anything else to use.

If you want to be fancy, you can customize the sender to be different than the primary email of the user by first adding the desired alias to the user in Google admin, then adding that alias within the users Gmail settings > Accounts > Send mail as. Send a test from gmail with that alias, and you can then use it as the sender email in Jamf SMTP server settings without issues in most cases (there are some gmail service settings that could flag it as spam for your users without additional configuration).

 

Btw you'll only have the option to use App Passwords with 2-step auth enabled on the account in question. Check the Google page for full info.

Btw, this is also the best way to enable SMTP on printers these days! Used to whitelist the public IP in Google and do a no-auth SMTP, but that's got a lot of potential issues and seems deprecated.

 

bigben54_0-1681170811061.png

 

View solution in original post

7 REPLIES 7

scottlep
Contributor II

Google/Gmail no longer work since Google has dropped "less secure app" access for SMTP. See https://support.google.com/accounts/answer/6010255?hl=en. We have been looking for a replacement since that happened almost a year ago. Jamf teased us in a survey a while back that they would be adding the ability to add a SMTP server that would be supplied by Jamf but that has not yet happened.

 

Screenshot 2023-04-10 at 12.57.29 PM.png

bigben54
New Contributor III

The replacement for that Google setting, in places where you cannot use "Sign in with Google" such as the SMTP settings in Jamf, are App Passwords.

Essentially, while logged in with the user that will be used for SMTP, go to the Google Account settings > Security > Signing in to Google > App Passwords.

Add one and give it a descriptive name like Jamf SMTP, and copy the 16 character password it generates, then use that when setting up SMTP in Jamf.

It can only be used by a single "app", so after the first time you test it in Jamf, that password will be invalid for anything else to use.

If you want to be fancy, you can customize the sender to be different than the primary email of the user by first adding the desired alias to the user in Google admin, then adding that alias within the users Gmail settings > Accounts > Send mail as. Send a test from gmail with that alias, and you can then use it as the sender email in Jamf SMTP server settings without issues in most cases (there are some gmail service settings that could flag it as spam for your users without additional configuration).

 

Btw you'll only have the option to use App Passwords with 2-step auth enabled on the account in question. Check the Google page for full info.

Btw, this is also the best way to enable SMTP on printers these days! Used to whitelist the public IP in Google and do a no-auth SMTP, but that's got a lot of potential issues and seems deprecated.

 

bigben54_0-1681170811061.png

 

pseudopunk
New Contributor III

Don't you have to enable less secure app access in order to create an app password?

pseudopunk
New Contributor III

This was the answer. I will say though that I was unable to find "app passwords" as a listed option in security settings. I had to search for it, but then it worked. THANK YOU!

scottlep
Contributor II

@bigben54, thanks for this info! Going to give your suggestion a try later this morning.

bigben54
New Contributor III

@pseudopunk yeah I see what you mean about the option not being visible, super odd and hope it doesn't imply this is also being phased out. Along with searching for it in the settings, the direct link is https://myaccount.google.com/u/1/apppasswords.

Happy to help!

awjohnso
New Contributor

Sadly we've been having issues with this. I've been in contact with Jamf support with seemingly no solution in sight. We are on Jamf Pro Cloud 11.1.1. So a recap of everything.

  1. In December we were contacted by Jamf to ensure their new IP range was not being blocked by our campus. Networking affirmed that we are not blocking those new IPs.
  2. I was successful in using our existing public facing SMTP server for the past 3 years or so. However it got taken offline for good and we were told to use Google.
  3. A Google account was setup for me. I turned on 2-step verification. I created an App Password. I tested sending mail through smtp.google.com from on and off campus to ensure things were working correctly. And all functions as it should.
  4. Next I set up Jamf with the following: Server: smtp.google.com. Encryption: none, TLS, and SSL (with the corresponding port numbers). We tried the App Password (with and without spaces) and the account password.
  5. With each test, we keep getting the same error message : Error sending message. Ensure you can connect to the SMTP server.
  6. With out access to further data, that error to me indicates that Jamf Cloud located on AWS (NOT our campus network) is having issues communicating with Google since the error does not seem to indicate any kind of authentication issue, but I could be wrong since even the server logs are not telling me much.
  7. Lastly in the SMTP field when I edit the information and add the password to the account there is no Verify Password input field, I am not sure if this is by design or not.
  8. I have tried all manners of Time Out.

Screenshot 2024-01-05 at 11.52.22.PNG

Screenshot 2024-01-05 at 12.06.24 copy.PNG