search

Tatoeba / tatoeba2

Tatoeba is a platform whose purpose is to create a collaborative and open dataset of sentences and their translations.
https://tatoeba.org
GNU Affero General Public License v3.0
697 stars 132 forks source link

Email notifications are not being sent #2953

Closed Yorwba closed 2 years ago

Yorwba commented 2 years ago

It seems like email notifications stopped being sent sometime between June 6th (I received a comment notification on that day) and June 7th (when I wasn't notified of this comment even though I should've been). Other people seem to have the same problem.

I suspect that this was caused by Google disabling access via "less-secure apps" (a.k.a. normal password-based login). The deadline for that was May 30th in theory, but I noticed that K-9 Mail (which I use on my Android phone) was only briefly blocked on that date and then worked again until sometime this week. (Might've been June 7th, but I don't remember clearly.)

The way out that Google offers is to use "more secure apps" (haha), by which they mean those using "Sign in with Google" (i.e. OAuth 2.0, I think) or alternatively use an app-specific password. The problem is that to do that, the account needs to have 2-factor authentication enabled, which most likely means that someone would have to keep confirming 2-factor prompts to allow Tatoeba to keep sending email.

I'm getting the impression that Google doesn't really want people to automate sending email via a GMail account. (Understandable, from a spam-prevention perspective.)

So we should probably look for another provider or self-host. I've heard good things about Fastmail, who charge $30 per user and year for the basic plan and $50 for the standard plan that would allow using a custom domain to send notifications from e.g. noreply@tatoeba.org instead of some @fastmail.com address. They also offer a 20% discount for nonprofits. I can't say whether that's good value for money compared to self-hosting and keeping on top of spam blacklists etc. or whether there's some other, cheaper provider that would be good enough for our needs.

trang commented 2 years ago

I've set up an App Password and updated the Tatoeba prod config to use this password. I think email notifications now works again. @Yorwba I let you close this after checking on your side.

The problem is that to do that, the account needs to have 2-factor authentication enabled, which most likely means that someone would have to keep confirming 2-factor prompts to allow Tatoeba to keep sending email.

Authentication with the App Password doesn't require 2FA.

Yorwba commented 2 years ago

I can confirm that email notifications work again now. Thanks!

Authentication with the App Password doesn't require 2FA.

That is curious, since Google clearly states on their page about App Passwords that

App Passwords can only be used with accounts that have 2-Step Verification turned on.

Hopefully it will keep working in the future.

trang commented 2 years ago

Yea, the Google account itself needs to have 2FA enabled for you to be able to create App Passwords, but then the "App Password" is kinda like an API token.