SMTP Gmail Not sending emails due to "password" error (need to create app password)

While using an Oracle Linux 9, I’ve set up Gmail as the SMTP provider, but it won’t send anything.
This is my /etc/passbolt/passbolt.php e-mail configuration:

'EmailTransport' => [
	'default' => [
		'host' => 'smtp.gmail.com',
		'port' => 587,
		'username' => 'correct_email@gmail.com',
		'password' => 'correct_password',
		// Is this a secure connection? true if yes, null if no.
		'tls' => true,
		//'timeout' => 30,
		//'client' => null,
		//'url' => null,
	],
],
'Email' => [
	'default' => [
		// Defines the default name and email of the sender of the emails.
		'from' => ['correct_email@gmail.com' => 'Correct_Email PassBolt'],
		//'charset' => 'utf-8',
		//'headerCharset' => 'utf-8',
	],
]

All notifications are enabled and the Cron service is running.

$ sudo systemctl status crond.service
- crond.service - Command Scheduler
     Loaded: loaded (/usr/lib/systemd/system/crond.service; enabled; vendor preset: enabled)
     Active: active (running) since Sun 2022-10-30 11:02:56 -03; 1h 3min ago
   Main PID: 107 (crond)
      Tasks: 1 (limit: 204165)
     Memory: 2.4M
        CPU: 425ms
     CGroup: /system.slice/crond.service
             └─107 /usr/sbin/crond -n

Oct 30 12:04:01 PassBolt.my.domain su[3509]: pam_unix(su:session): session closed for user nginx
Oct 30 12:05:01 PassBolt.my.domain CROND[3567]: (root) CMD (su -s /bin/bash nginx $PASSBOLT_BASE_DIR/bin/cron)
Oct 30 12:05:01 PassBolt.my.domain su[3567]: (to nginx) root on none
Oct 30 12:05:01 PassBolt.my.domain su[3567]: pam_unix(su:session): session opened for user nginx(uid=993) by (uid=0)
Oct 30 12:05:01 PassBolt.my.domain su[3567]: pam_unix(su:session): session closed for user nginx
Oct 30 12:06:01 PassBolt.my.domain CROND[3653]: (root) CMD (su -s /bin/bash nginx $PASSBOLT_BASE_DIR/bin/cron)
Oct 30 12:06:01 PassBolt.my.domain su[3653]: (to nginx) root on none
Oct 30 12:06:01 PassBolt.my.domain su[3653]: pam_unix(su:session): session opened for user nginx(uid=993) by (uid=0)
Oct 30 12:06:01 PassBolt.my.domain su[3653]: pam_unix(su:session): session closed for user nginx
Oct 30 12:06:01 PassBolt.my.domain CROND[3652]: (root) CMDEND (su -s /bin/bash nginx $PASSBOLT_BASE_DIR/bin/cron)

When testing the mail, I get a “password” error.

$ sudo -H -u nginx bash -c "/usr/share/php/passbolt/bin/cake cache clear_all"
Clearing default
Cleared default cache
Clearing _cake_core_
Cleared _cake_core_ cache
Clearing _cake_model_
Cleared _cake_model_ cache

$ sudo -H -u nginx bash -c "/usr/share/php/passbolt/bin/cake passbolt send_test_email --recipient=user@gmail.com"
-------------------------------------------------------------------------------
Email configuration
-------------------------------------------------------------------------------
Host: smtp.gmail.com
Port: 587
Username: correct_email@gmail.com
Password: *********
TLS: true
Sending email from: Correct_Email PassBolt <correct_email@gmail.com>
Sending email to: user@gmail.com
-------------------------------------------------------------------------------
Trace
[220] smtp.gmail.com ESMTP a5-20020a05683012c500b00666a5b5d20fsm1797444otq.32 - gsmtp
> EHLO localhost
[250] smtp.gmail.com at your service, [public_ipv6]
[250] SIZE 35882577
[250] 8BITMIME
[250] STARTTLS
[250] ENHANCEDSTATUSCODES
[250] PIPELINING
[250] CHUNKING
[250] SMTPUTF8
> STARTTLS
[220] 2.0.0 Ready to start TLS
> EHLO localhost
[250] smtp.gmail.com at your service, [public_ipv6]
[250] SIZE 35882577
[250] 8BITMIME
[250] AUTH LOGIN PLAIN XOAUTH2 PLAIN-CLIENTTOKEN OAUTHBEARER XOAUTH
[250] ENHANCEDSTATUSCODES
[250] PIPELINING
[250] CHUNKING
[250] SMTPUTF8
> AUTH PLAIN xxxxxxxx*****
[535] 5.7.8 Username and Password not accepted. Learn more at
[535] 5.7.8  https://support.google.com/mail/?p=BadCredentials a5-20020a05683012c500b00666a5b5d20fsm1797444otq.32 - gsmtp
> AUTH LOGIN
[334] xxxxxxxx
> *****
[334] xxxxxxxx
Could not send the test email.
Error: SMTP server did not accept the password.

So, it seems the password is wrong, but it is not.
Also, this Gmail account does not use 2FA.

One thing I could not change was the Gmail “Less secure app access” since it is not configurable anymore, at least not for regular users.
I’m not sure that’s the issue.

Any idea, please?

Hi @markfree,

So with Gmail and almost all other smtp services, they have disabled the use of your actual password. That is done for security reasons.

You will need to generate an App Password for your gmail account and use the generated app password to send emails using smtp.

You can find more information on how to create an app password here:

Regards,
Bond

That was it.
I had to enable 2FA before App Passwords were available.
After that, I can send e-mails.

Thank you Mr. Bond