How to Fix “send-mail: Authorization Failed 534 5.7.14” Error in SSMTP Gmail Configuration


3 views

The error 534 5.7.14 typically indicates an authentication failure when trying to send emails through Gmail's SMTP server. This commonly occurs due to security settings in your Google account or incorrect SSMTP configuration.

# Updated ssmtp.conf configuration
root=your_email@gmail.com
mailhub=smtp.gmail.com:587
AuthUser=your_email@gmail.com
AuthPass=your_app_specific_password
UseTLS=YES
UseSTARTTLS=YES
rewriteDomain=gmail.com
hostname=your_local_hostname
FromLineOverride=YES

For modern Gmail SMTP authentication, you must:

  • Enable "Less secure app access" (if using basic authentication)
  • OR create an App Password if using 2FA
  • Ensure TLS/STARTTLS is properly configured

For accounts with 2FA enabled:

  1. Go to your Google Account Security settings
  2. Under "Signing in to Google," select App Passwords
  3. Generate a new password for "Mail" application
  4. Use this 16-character password in your AuthPass field

After making changes, test with:

echo "Test message" | mail -s "Test Subject" recipient@example.com

If issues persist, consider:

  • Using a different SMTP service like SendGrid or Mailgun
  • Switching to Postfix instead of SSMTP
  • Verifying your system's time synchronization (NTP)

Always:

  • Restrict file permissions: chmod 600 /etc/ssmtp/ssmtp.conf
  • Never store plaintext passwords in version control
  • Consider using environment variables for credentials
# /etc/ssmtp/ssmtp.conf
root=alerts@mydomain.com
mailhub=smtp.gmail.com:587
AuthUser=service.account@gmail.com
AuthPass=abcd efgh ijkl mnop  # App Password
UseTLS=YES
UseSTARTTLS=YES
rewriteDomain=gmail.com
hostname=myserver.local
FromLineOverride=YES

# /etc/ssmtp/revaliases
root:alerts@mydomain.com:smtp.gmail.com:587

When setting up email alerts for SSH root login attempts using ssmtp and mailutils, the 534 authentication error typically occurs due to Google's security policies rejecting the login attempt. The error message explicitly references Google's support page about "less secure apps," which is our first clue.

The ssmtp.conf file needs several critical elements for Gmail SMTP:

mailhub=smtp.gmail.com:587
AuthUser=your@gmail.com
AuthPass=your_password
UseSTARTTLS=YES
UseTLS=YES

1. App Password Requirement: Since May 2022, Google no longer supports "Less Secure Apps." You must:

  • Enable 2FA on your Google account
  • Generate an App Password for your Linux server
  • Replace the password in ssmtp.conf with this 16-character app password

2. Configuration File Permissions:

chmod 600 /etc/ssmtp/ssmtp.conf
chmod 600 /etc/ssmtp/revaliases

Here's a verified working configuration for 2023:

# /etc/ssmtp/ssmtp.conf
root=alert@yourdomain.com
mailhub=smtp.gmail.com:587
AuthUser=your@gmail.com
AuthPass=your_app_password  # NOT your regular password
UseSTARTTLS=YES
UseTLS=YES
hostname=your-server-name
FromLineOverride=YES

Create a test script:

#!/bin/bash
echo "Test message body" | mail -s "SSH Alert Test" recipient@email.com

For more reliable delivery, consider Postfix with Gmail relay:

# In /etc/postfix/main.cf
relayhost = [smtp.gmail.com]:587
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options = noanonymous
smtp_tls_security_level = encrypt

If issues persist, check:

  1. SMTP logs: journalctl -u ssmtp -f
  2. Network connectivity: telnet smtp.gmail.com 587
  3. Gmail account activity page for login attempts