Shadowmail and Checking Gmail Accounts


URL: https://sailmail.com/shadowmail-checking-gmail-accounts
Date: 10 Nov 2024 14:29:19 -0000

(Converted from HTML)
“Shadowmail” is a service for Sailmail members which monitors a separate email account via POP3 access. For basic information about Shadowmail see this page: https://sailmail.com/shadowmail-info/  or send a (blank) email to: shadowinfo@saildocs.com.

This page describes how to use Shadowmail with Google’s Gmail accounts. Gmail POP3 email access is a bit “quirky” (some would say “distinctly odd”). The three great things about Gmail are that it is free, you get lots of space, and of course Gmail has great search tools for archived email. The “quirky” part is that Google is very strict about security, and also –depending on your GMail settings — POP3 can try to forward everything in your Gmail account, not just recent mail in your “inbox”. That is a problem if you have a large number of archived messages in your Gmail account (which may be the whole point of Gmail). If you pick the wrong option in setting up GMail’s POP3 access, then Shadowmail will try to send headers for all of those messages. This is bad, so please read the notes below on using the “recent:” prefix.

Setting up Shadowmail access for GMail involves three steps:
Enabling POP3 access via settings in your Gmail account;
Entering your Gmail login info into Airmail’s Shadowmail settings; and
Resolving any security or access issues.

One caution: Do this when you have internet access, and be sure that your internet connection allows Airmail to access Sailmail directly. See this page for more info: https://sailmail.com/sailmail-messages-via-the-internet/  or send a (blank) email to: internet@saildocs.com.

Step 1: Setting up Gmail for POP3 access:
=========================================

First, you need to enable POP3 access from Gmail. Go to your Gmail account, click “settings” (the “gear” icon in the upper-right), then “See all settings”, then select the “Forwarding and POP/IMAP” tab.

In the “POP Download” section you can enable POP access either for “all mail (even mail that’s already been downloaded)”, or “only for mail that arrives from now on”. The first “all mail” choice is the equivalent of Gmail’s “All Mail” selection on the web, and shows all messages. IMPORTANT: If you select this, then use the “Recent:” login prefix– see below.

The second “from now on” selection is Gmail’s “Inbox”, which shows newly-arrived messages. The problem with this is that messages disappear from Inbox once they have been read, so if you are also checking mail from another device or the web page then Shadowmail won’t see them.

RECOMMENDATION: Select “All Mail”, and use the “Recent” prefix for your login.

In either case, select “Keep Gmail’s copy in the inbox”, it doesn’t matter for POP3 access but does affect how new messages are presented on the Gmail web page.

Step 2: Airmail settings for Shadowmail:
========================================

The basic Shadowmail setup for Gmail is the same as for any account: The server address is “pop.gmail.com” (without the quotes), the login name is your complete gmail.com email address (with the “recent:” prefix), and the password is your Gmail account password. A secure connection is required via port 995 but Shadowmail handles that automatically.

IMPORTANT: If you did selected “all mail” in your GMail settings, then you should restrict POP3 access to only recent messages (less than 30 days old). Do this by adding “recent:” to your login name in your Shadowmail settings– for example  “recent:username@gmail.com” instead of “username@gmail.com”– no spaces. This will cause Gmail to only show recent messages to Shadowmail, and older messages will be ignored.

Keep in mind that (no matter what options are selected) GMail’s POP3 access includes sent-messages which were sent from GMail’s web-page. Also, unless you are using the “recent:” login-prefix described above, messages which have been read via GMail, or retrieved via POP3, are NO LONGER included in the POP3 index- they will disappear from your Shadowmail folder, but are accessible via Gmail. However, if the “recent:” prefix is used, then all recent messages are available to Shadowmail. (Like we said, “quirky”).

Once you get your Shadowmail settings set up for your Gmail account, then connect to Sailmail (via internet, initially) and Airmail will send the settings message to the server. Shadowmail will immediately check your Gmail inbox, and you should get the initial batch of “new mail” messages. This will sync your Gmail “Shadow Folder” to your Gmail account.

Instead of a batch of “New Mail” messages, you may get an error message instead– have a look in “Shadow archive” folder under Airmail’s “Inbox”.

Use an “App Password” for Shadowmail:
=============================================

Gmail previously allowed you to check email with your normal Google password, once a new device was authorized. This has become more difficult but may still work if you have recently updated your Google password. With an older password, Gmail will not allow access from a new device. So one option is to update your password. But a more reliable method is to get a special “App Password” for Shadowmail. However, Google only makes this available if “2-Step Verification” is enabled.

So the first step is to turn on “2-Step Verification” (if not already done).  This is now required in order to get an App Password. This also helps to protect your Google account. This means that you can only access your main Google account (including Gmail via the web) if you can also verify access with a second step: Either a smart-phone with internet access, or a simple cellphone capable of receiving text messages, or — most important for our needs– a list of one-time “backup Codes” printed on paper.

To learn more, and turn on 2-Step Verification, see this Google web page:  https://support.google.com/accounts/answer/185839

Once that is done, go to your Google account settings (under your icon in the upper-right), select “Security”, then “Signing In”, then “App Passwords”. For “Select App” click “Other”, enter “Shadowmail” and then copy the password shown (a 16-digit number, don’t include the spaces).

For more informal about App-Passwords see this web page:    https://support.google.com/accounts/answer/185833

Other security issues:
========================================

If you have entered the incorrect username or password then you will see:
“[AUTH] Username and password not accepted”. Check your username and password. If you are using an App Password then do not include any spaces.

Alternately you may have run afoul of GMail’s security checks, in which case you will see a message something like this:
Exception while connecting: [AUTH] Web login required:
https://support.google.com/mail/bin/answer.py?answer=78754

That is stunningly unhelpful, but if you follow that link then you will get some vague advice about updating your email client (not applicable),  using App Passwords, or allowing “less secure apps”.

Allowing “less secure apps” means allowing access with a username and password. With a strong password and a secure connection (which Shadowmail uses) this is quite secure, the problem is that if your password gets stolen then that allows access to all of your Google accounts. Selecting “Allow less-secure apps” worked previously for POP3 access, but we could not make it work in our testing (mid-July 2021), and is also not available when 2-Step Verification is enabled. Therefore we recommend 2-Step Verification as the

Turning on “2-Step Verification” is a nuisance but is a reliable solution. Select as many alternate devices as you can, and if you have a security key then use that also.

And be sure to select “Backup-codes” and save that. This is a list of ten one-time codes that can be used to access your Google account (not Shadowmail). Cross them off once used, and get a new set after you’ve used a few.

Once you have sorted out your Google settings, you can trigger Shadowmail to check your account as follows:
Open Airmail’s Shadowmail settings (Tools menu)
UN-check the “Account active” box. This creates a new settings message.
Connect to Sailmail (preferably via internet) to send the settings.
Go back to Shadowmail settings and CHECK the “Account active” box.
Connect again to Sailmail, to send the updated settings message.

This disables and then re-enables Shadowmail, and will trigger a new-mail check. Be sure to connect to Sailmail via internet each time, to send the updated Shadowmail settings message.

Wait a minute or two and check Sailmail again– you should have a batch of “new mail” messages.

Finally…
===========
As with other web-based email accounts, keep your Inbox tidy by archiving messages that you want to save and deleting the rest. Gmail does not provide separate archive folders but you can add labels which is basically the same thing.

Please note that this information is current as of late 2022, but internet security evolves rapidly and things change. Please send a note to support if you have problems and we will try to help sort it out.

Revised 2022-10-06 by Jim, Sailmail support