Outdated mailspring-provider-settings for @ucsd.edu accounts

yichi-yang · April 18, 2022, 6:50pm

Description

Can’t connect with a @ucsd.edu account since the template in mailspring-provider-settings.json is outdated.

To Reproduce…

Steps to reproduce the behavior:

Under menu, pick “Add Account”
Select Gmail or G Suite (since mine is a Google Workspace account)
Pick my ucsd account on the Google OAuth page and allow access

Expected Behavior

My account gets added to Mailspring.

Screenshots

Console log:

Using Mailspring Template: {
  "imap_host": "mail.ucsd.edu",
  "imap_port": "993",
  "imap_security": "SSL / TLS",
  "imap_user_format": "email-without-domain",
  "smtp_host": "smtp.ucsd.edu",
  "smtp_port": "587",
  "smtp_security": "STARTTLS",
  "smtp_user_format": "email"
}

Setup

OS and Version: Windows 10 Home 21H1 build 19043.1645
- Installation Method: installer
Mailspring Version: 1.10.3-a476c230

Additional Context

I think UCSD switched to Google Workspace and Office 365 Exchange a while ago, and the mail servers in mailspring-provider-settings.json are no longer used.

https://blink.ucsd.edu/technology/email/tasks/clients/

I think simply deleting the UCSD template from mailspring-provider-settings.json will solve the issue. People with a @ucsd.edu account will use either the Gmail or the Office 365 option to set up their account (which works for my accounts at other institutions that use Google Workspace).

yichi-yang · April 18, 2022, 6:55pm

I did a custom build and removed the UCSD template. Now I get this:

"Using Mailspring Template: {
  "imap_host": "imap.gmail.com",
  "imap_port": "993",
  "imap_security": "SSL / TLS",
  "imap_user_format": "email",
  "smtp_host": "smtp.gmail.com",
  "smtp_port": "465",
  "smtp_security": "SSL / TLS",
  "smtp_user_format": "email"
}"

...

Error: Gmail IMAP is not enabled. Visit Gmail settings to turn it on. (IMAP)
    at ChildProcess.<anonymous> (file:///C:/Users/Yichi Yang/Documents/Others/Mailspring/app/src/mailsync-process.ts:228:27)
    at ChildProcess.emit (node:events:390:28)
    at ChildProcess.emit (node:domain:475:12)
    at maybeClose (node:internal/child_process:1064:16)
    at Process.ChildProcess._handle.onexit (node:internal/child_process:301:5) {
  rawLog: '----------IMAP----------\n' +
    'connect <mailcore::IMAPSession:00CFF304>\r\n' +
    '* OK Gimap ready for requests from 76.87.62.170 bc25mb166984290oib\r\n' +
    'ssl connect imap.gmail.com 993 2\r\n' +
    'OpenSSL version: OpenSSL 1.1.0f  25 May 2017\r\n' +
    '1 CAPABILITY\r\n' +
    '* CAPABILITY IMAP4rev1 UNSELECT IDLE NAMESPACE QUOTA ID XLIST CHILDREN X-GM-EXT-1 XYZZY SASL-IR AUTH=XOAUTH2 AUTH=PLAIN AUTH=PLAIN-CLIENTTOKEN AUTH=OAUTHBEARER AUTH=XOAUTH\r\n' +
    '1 OK Thats all she wrote! bc25mb166984290oib\r\n' +
    'connect ok\r\n' +
    'login\r\n' +
    '2 AUTHENTICATE XOAUTH2 <SASL XOAUTH2 Client Response>\r\n' +
    '+ eyJzdGF0dXMiOiI0MDAiLCJzY2hlbWVzIjoiQmVhcmVyIiwic2NvcGUiOiJodHRwczovL21haWwuZ29vZ2xlLmNvbS8ifQ==\r\n' +
    '\r\n' +
    '2 NO [ALERT] IMAP access is disabled for this mail client for your domain. Please contact your domain administrator for questions about this feature. (Failure)\r\n'

The SASL XOAUTH2 Client Response decodes to 'user=<my-username>@ucsd.edu\x01auth=Bearer <OAUTH2 TOEKN>\x01\x01' and looks well-formed to me. The next line, however, decodes to: '{"status":"400","schemes":"Bearer","scope":"https://mail.google.com/"}'.

So I guess the OAuth2 token we used to authenticate with the IMAP server is somehow not valid?

The weird part is I have IMAP enabled and apparently Thunderbird works fine with this account (IMAP).

Edit: I tried connecting my other Google Workspace .edu account (managed by another institution) using the dev build. It works fine and reports the same template (the imap.gmail.com one) in console logs. I guess it has something to do with Google Workspace settings specific to each institution? I would appreciate pointers to how I can collect more information and help debug.

This might be helpful:

Phylu · April 23, 2022, 10:31pm

I am really unsure where this comes from (as I mainly work on the Mailspring frontend). I think that you can allow/block certain applications for the full workspace. Maybe this is the case here if the reported error is true:

yichi-yang · April 23, 2022, 10:51pm

I tried Thunderbird (authenticate with OAuth2) and that worked for me, so I think (at least in some cases?) IMAP isn’t disabled.

I looked at the Thunderbird IMAP log, but the interesting part ( things after AUTHENTICATE XOAUTH2) was replaced with *** for security reasons (and in general I don’t think there’s an easy way for me to check if a OAuth2 token is valid) so that wasn’t helpful. Maybe Thunderbird is using a slightly different authentication flow under the hood?

jpolitz · January 2, 2025, 5:05pm

Just wanted to confirm that I’m running into this issue as well, same error message as in the original post, with my @ucsd.edu account, which works with other applications’ default flows (e.g. Mimestream, Airmail).

As one more bit of information, I didn’t get into a custom build like @yichi-yang , but I opened dev tools, set a breakpoint, and cleared out the defaults with mailspring_provider_settings_json_1.default = {} to trigger the Using Fallback Template path, and got the same error message.

jpolitz · January 2, 2025, 6:03pm

Update: I got this to work. I set a breakpoint for the console.log for Using Fallback Template, and then did this in the console:

mstemplate.imap_host = 'imap.gmail.com'
mstemplate.smtp_host = 'smtp.gmail.com'

I think I only have to do this once for the initial setup and now everything is happily connected and stored, but we’ll see.

(Note: I re-typed this because the console closed when the connection succeeded, so there may be typos I’m not noticing because I didn’t directly copy-paste what I did).