OS and Version: Windows 10 Home 21H1 build 19043.1645
Installation Method: installer
Mailspring Version: 1.10.3-a476c230
Additional Context
I think UCSD switched to Google Workspace and Office 365 Exchange a while ago, and the mail servers in mailspring-provider-settings.json are no longer used.
I think simply deleting the UCSD template from mailspring-provider-settings.json will solve the issue. People with a @ucsd.edu account will use either the Gmail or the Office 365 option to set up their account (which works for my accounts at other institutions that use Google Workspace).
I did a custom build and removed the UCSD template. Now I get this:
"Using Mailspring Template: {
"imap_host": "imap.gmail.com",
"imap_port": "993",
"imap_security": "SSL / TLS",
"imap_user_format": "email",
"smtp_host": "smtp.gmail.com",
"smtp_port": "465",
"smtp_security": "SSL / TLS",
"smtp_user_format": "email"
}"
...
Error: Gmail IMAP is not enabled. Visit Gmail settings to turn it on. (IMAP)
at ChildProcess.<anonymous> (file:///C:/Users/Yichi Yang/Documents/Others/Mailspring/app/src/mailsync-process.ts:228:27)
at ChildProcess.emit (node:events:390:28)
at ChildProcess.emit (node:domain:475:12)
at maybeClose (node:internal/child_process:1064:16)
at Process.ChildProcess._handle.onexit (node:internal/child_process:301:5) {
rawLog: '----------IMAP----------\n' +
'connect <mailcore::IMAPSession:00CFF304>\r\n' +
'* OK Gimap ready for requests from 76.87.62.170 bc25mb166984290oib\r\n' +
'ssl connect imap.gmail.com 993 2\r\n' +
'OpenSSL version: OpenSSL 1.1.0f 25 May 2017\r\n' +
'1 CAPABILITY\r\n' +
'* CAPABILITY IMAP4rev1 UNSELECT IDLE NAMESPACE QUOTA ID XLIST CHILDREN X-GM-EXT-1 XYZZY SASL-IR AUTH=XOAUTH2 AUTH=PLAIN AUTH=PLAIN-CLIENTTOKEN AUTH=OAUTHBEARER AUTH=XOAUTH\r\n' +
'1 OK Thats all she wrote! bc25mb166984290oib\r\n' +
'connect ok\r\n' +
'login\r\n' +
'2 AUTHENTICATE XOAUTH2 <SASL XOAUTH2 Client Response>\r\n' +
'+ eyJzdGF0dXMiOiI0MDAiLCJzY2hlbWVzIjoiQmVhcmVyIiwic2NvcGUiOiJodHRwczovL21haWwuZ29vZ2xlLmNvbS8ifQ==\r\n' +
'\r\n' +
'2 NO [ALERT] IMAP access is disabled for this mail client for your domain. Please contact your domain administrator for questions about this feature. (Failure)\r\n'
The SASL XOAUTH2 Client Response decodes to 'user=<my-username>@ucsd.edu\x01auth=Bearer <OAUTH2 TOEKN>\x01\x01' and looks well-formed to me. The next line, however, decodes to: '{"status":"400","schemes":"Bearer","scope":"https://mail.google.com/"}'.
So I guess the OAuth2 token we used to authenticate with the IMAP server is somehow not valid?
The weird part is I have IMAP enabled and apparently Thunderbird works fine with this account (IMAP).
Edit: I tried connecting my other Google Workspace .edu account (managed by another institution) using the dev build. It works fine and reports the same template (the imap.gmail.com one) in console logs. I guess it has something to do with Google Workspace settings specific to each institution? I would appreciate pointers to how I can collect more information and help debug.
I am really unsure where this comes from (as I mainly work on the Mailspring frontend). I think that you can allow/block certain applications for the full workspace. Maybe this is the case here if the reported error is true:
I tried Thunderbird (authenticate with OAuth2) and that worked for me, so I think (at least in some cases?) IMAP isn’t disabled.
I looked at the Thunderbird IMAP log, but the interesting part ( things after AUTHENTICATE XOAUTH2) was replaced with *** for security reasons (and in general I don’t think there’s an easy way for me to check if a OAuth2 token is valid) so that wasn’t helpful. Maybe Thunderbird is using a slightly different authentication flow under the hood?
