0

The Requirement is that when the form is submitted the mail has to be sent the specified email address. For this I am using PHPMailer.

When I ran the code first time from localhost, I received Critical Security Alert received in Gmail, which I resolved by turning on "Allow Less Secure Apps" and also checked and approved the security event.

Now the code works perfectly in localhost powered by xampp but not in shared hosting. When I hit the submit button in the Form page present in shared hosting, I get the following message:

2020-02-25 09:48:40 SERVER -&gt; CLIENT: 220 smtp.gmail.com ESMTP t131sm5033428oih.35 - gsmtp<br>
2020-02-25 09:48:40 CLIENT -&gt; SERVER: EHLO www.domain_name.com<br>
2020-02-25 09:48:40 SERVER -&gt; CLIENT: 250-smtp.gmail.com at your service, [AAA.BB.CCC.DD]250-SIZE 35882577250-8BITMIME250-STARTTLS250-ENHANCEDSTATUSCODES250-PIPELINING250-CHUNKING250 SMTPUTF8<br>
2020-02-25 09:48:40 CLIENT -&gt; SERVER: STARTTLS<br>
2020-02-25 09:48:40 SERVER -&gt; CLIENT: 220 2.0.0 Ready to start TLS<br>
2020-02-25 09:48:44 CLIENT -&gt; SERVER: EHLO www.domain_name.com<br>
2020-02-25 09:48:44 SERVER -&gt; CLIENT: 250-smtp.gmail.com at your service, [AAA.BB.CCC.DD]250-SIZE 35882577250-8BITMIME250-AUTH LOGIN PLAIN XOAUTH2 PLAIN-CLIENTTOKEN OAUTHBEARER XOAUTH250-ENHANCEDSTATUSCODES250-PIPELINING250-CHUNKING250 SMTPUTF8<br>
2020-02-25 09:48:44 CLIENT -&gt; SERVER: AUTH LOGIN<br>
2020-02-25 09:48:44 SERVER -&gt; CLIENT: 334 VXNlcm5hbWU6<br>
2020-02-25 09:48:44 CLIENT -&gt; SERVER: [credentials hidden]<br>
2020-02-25 09:48:44 SERVER -&gt; CLIENT: 334 UGFzc3dvcmQ6<br>
2020-02-25 09:48:44 CLIENT -&gt; SERVER: [credentials hidden]<br>
2020-02-25 09:48:45 SERVER -&gt; CLIENT: 534-5.7.14 &lt;https://accounts.google.com/signin/continue?sarp=1&amp;scc=1&amp;plt=AKgnsbv534-5.7.14 ymrjiXdYur3ddtR_6o2GrGNO2DfOQ7VhdphcGz7dq3__0gTNj1-oIXqZ__3KYGCWXt-ZC534-5.7.14 znNW-khosAGrPwCN1mDscVVYa5ms25Ann9jrAUU39WELRqwVrSmhOMGa91Ec4JRu&gt;534-5.7.14 Please log in via your web browser and then try again.534-5.7.14  Learn more at534 5.7.14  https://support.google.com/mail/answer/78754 t131sm5033428oih.35 - gsmtp<br>
2020-02-25 09:48:45 SMTP ERROR: Password command failed: 534-5.7.14 &lt;https://accounts.google.com/signin/continue?sarp=1&amp;scc=1&amp;plt=AKgnsbv534-5.7.14 ymrjiXdYur3ddtR_6o2GrGNO2DfOQ7VhdphcGz7dq3__0gTNj1-oIXqZ__3KYGCWXt-ZC534-5.7.14 znNW-khosAGrPwCN1mDscVVYa5ms25Ann9jrAUU39WELRqwVrSmhOMGa91Ec4JRu&gt;534-5.7.14 Please log in via your web browser and then try again.534-5.7.14  Learn more at534 5.7.14  https://support.google.com/mail/answer/78754 t131sm5033428oih.35 - gsmtp<br>
SMTP Error: Could not authenticate.<br>
2020-02-25 09:48:45 CLIENT -&gt; SERVER: QUIT<br>
2020-02-25 09:48:45 SERVER -&gt; CLIENT: 221 2.0.0 closing connection t131sm5033428oih.35 - gsmtp<br>
SMTP Error: Could not authenticate.<br>

The PHPMailer code for sending mail follows:

try {
            //Server settings
            $mail->SMTPDebug = SMTP::DEBUG_SERVER;                      // Enable verbose debug output
            $mail->isSMTP();                                            // Send using SMTP

            $mail->Host       = 'smtp.gmail.com';                           // Set the SMTP server to send through
            $mail->SMTPAuth   = true;                                   // Enable SMTP authentication
            $mail->isHTML();
            $mail->Username   = '[email protected]';   // SMTP username
            $mail->Password   = 'password';                     // SMTP password

            $mail->SMTPSecure = PHPMailer::ENCRYPTION_STARTTLS;         // Enable TLS encryption; `PHPMailer::ENCRYPTION_SMTPS` also accepted
            $mail->Port       = 587;                                    // TCP port to connect to

            //Recipients
            $mail->setFrom('[email protected]');
            $mail->addAddress('[email protected]');    // Add a recipient

            // Content
            $mail->isHTML(true);                                        // Set email format to HTML
            $mail->Subject = 'Mail subject';
            $mail->Body = 'Mail Body';

            $mail->send();
            echo 'done';
        } catch (Exception $e) {
            echo "Mailer";
        }


The following actions have been taken:

  1. Username and Password combination is correct and is not expired. Verified manually by logging via web and also sending mails from the localhost.

  2. $mail->SMTPAuth=false cannot be set because majority of shared hosting providers seems to have disabled this for security reasons (mainly to avoid spamming and sending of unsolicited emails)

Improve this question
5
  • 1
    If "Allow less secure apps" is On, it might be possible you have 2-Step Verification enabled in your Gmail account. If this is the case, you need to create an App-specific password. lifewire.com/…
    – Shashank Shah
    Commented Feb 25, 2020 at 12:59
  • @ShashankShah Thanks for responding :) In this scenario, Two Factor authentication is not setup. In short, authentication is based on Username and Password. If it was there, I would have not been able to send mails even from localhost, which is possible. I can send mails from localhost
    – thebuddingdeveloper
    Commented Feb 25, 2020 at 13:38
  • Seems like You just need to enable less secure apps for the Gmail account mentioned in $mail->setFrom( [email protected] ) to solve this.
    – Shashank Shah
    Commented Feb 25, 2020 at 13:48
  • @ShashankShah brother, Actually I have already mentioned that in my post.
    – thebuddingdeveloper
    Commented Feb 25, 2020 at 13:50
  • 1
    Yeah, All possible cases I am reviewing is this only! Let me dig into it
    – Shashank Shah
    Commented Feb 25, 2020 at 13:53

2 Answers 2

Reset to default
4

Just for others info! To resolve this issue you have to go to:

https://myaccount.google.com/security?pli=1#connectedapps then click Allow less secure app to YES

enter image description here

what does it mean to be less secure app? could we change our FAQ instructions and/or implementation so that users do not need to do this extra step?

if not possible, we should at least document in FAQ that user also need to change the setting on their google security account

Your solution :

Your server not supporting phpmailer.

Your account taken as a spam read here : Prevent mail to Gmail users from being blocked or sent to spam

Use or fix App password

If you've turned on 2-Step Verification and are trying to sign in to your Google Account through a device, mobile app, or desktop app, you'll need to enter an App Password.

See more and follow steps here : Use or fix App password

If you're using SMTP (i.e. you're calling isSMTP()), you can get a detailed transcript of the SMTP conversation using the SMTPDebug property. The settings are as follows:

Enabling debug output and troubleshooting

If you are having problems connecting or sending emails through your SMTP server, the SMTP class can provide more information about the processing/errors taking place.

Use the debug functionality of the class to see what's going on in your connections. To do that, set the debug level in your script.

Allow error levels For example:

$mail->SMTPDebug = SMTP::DEBUG_SERVER;
$mail->SMTPDebug = 4; //from 1 to 4 to get more details.

I had error almost same and this code was solved my problem because of my self signed certificate.

$mail->SMTPOptions = array(
    'ssl' => array(
    'verify_peer' => false,
    'verify_peer_name' => false,
    'allow_self_signed' => true
    )
);

Once again see SMTP Debugging

Debug levels

Debug output format

Looks like you are trying to connect by curl api or something SERVER: EHLO if so! please add your codes to question.

Improve this answer
4
  • While this does "fix" some issues, the "right" way as far as google is concerned is not to use the less secure apps switch, but to use XOAUTH2 for authentication instead, and that is covered in PHPMailer docs and examples. It's fiddly to set up, but it does work.
    – Synchro
    Commented Feb 25, 2020 at 20:31
  • Yep I agree with you for big sites! Google says it’s not a good way to use less secure accounts, I do for years and didn’t have any problem except limitation 50 emails a day :) best way of sending mail is find a good hosting or vps server or build your own server, and setup as you like, for a small site I wouldn’t worry about less secure google account, none can hack it if you use secure password and securing your codes. Actually I don’t care what google says, they all wants us to use their products and earn money (all about money). So, read them but do what you want, not what they want :)
    – user1805543
    Commented Feb 25, 2020 at 21:02
  • @Dlk Thanks for responding. I've already taken the steps that you have mentioned in your solution, which I've stated in my question too except XOAuth since that is not needed in my scenario. My server supports PHPMailer and the SMTP error log is also posted. Is there anything else I've been missing?
    – thebuddingdeveloper
    Commented Feb 26, 2020 at 4:13
  • $mail->SMTPSecure = 'tls'; I have set. So should my array key be tls?
    – mehmet
    Commented Mar 4, 2023 at 6:11
2

Well, after a long battle I somehow managed to solve this. I activated DisplayUnlockCaptcha from the following URL: https://accounts.google.com/b/0/DisplayUnlockCaptcha

Probably because Gmail might have viewed the logins received from PHP file lying in hosting server as untrusted requests. This is because the hosting servers may reside in different places or countries and the login authentication request received would appear different other than the one from where the Gmail account is logged in frequently. So as a security measure, it would have use some captcha mechanism in the background (which which cannot be viewed)

Improve this answer

Not the answer you're looking for? Browse other questions tagged or ask your own question.