0

I'm working on building a contact form for my new Web site and want to send mail through Google's SMTP relay server (smtp-relay.gmail.com) because I want to set up a "dummy", "no-reply" address from which to send the mail. Also, I tried sending it through the regular SMTP server (smtp.gmail.com) using my own actual Gmail credentials for that account and it got blocked as an insecure app. I'd rather not turn on the "Less secure app access" option (it's not really an option for me anyway because I use 2FA on this account), so this seems like the best way to get there - if I can get it working.

The domain's mail is hosted in G Suite and I've configured the SMTP relay service in the Google Admin Console for my domain as per the instructions in the support article, SMTP relay: Route outgoing non-Gmail messages through Google. I have the relay configured using both the public static IP address of my Web site, as well as the static IP address of the firewall behind which the Web server lies. I configured the relay to accept mail from my domain(s) to allow for the "dummy" address that doesn't actually have a mailbox, and set it to require SMTP Authentication and TLS encryption:

SMTP relay service configuration

I've set up DNS records for MX, SPF, and DKIM with my domain registrar.

DNS Configuration Details

I've waited over 24-hours for the changes to take effect (as per the notification when making the changes in the Google Admin Console)

I've even set up an app password for my Web site to use for my domain e-mail address:

App password

I'm using an ASP.NET (VB) Web site on IIS. My code for sending looks like this:

Dim NewContact As New System.Net.Mail.MailMessage()

With NewContactMessage
    .From = New System.Net.Mail.MailAddress("no-reply@mydomain.com")
    .To.Add("myaddress@mydomain.com")
    .Subject= "TEST MESSAGE"
    .IsBodyHtml= True
    .BodyEncoding = System.Text.Encoding.UTF8
    .Body = "This is a test."
    .Priority = System.Net.Mail.MailPriority.Normal
End With
 
Dim Server As New System.Net.Mail.SmtpClient()

With Server
    .Port= 587
    .Host= "smtp-relay.gmail.com"
    .EnableSsl= True
    .Send(NewContactMessage)
End With

However, when I try to submit my contact form, I get an error, Mailbox unavailable. The server response was: 5.7.1 Invalid credentials for relay [X.X.X.X]. The IP address you've:

5.7.1 error sending through smtp-relay.gmail.com

It looks like there should definitely be more to that actual error message, but it's apparently being truncated somewhere along the way.

I've tried feeding the credentials in the SmtpClient block:

With Server
    .Credentials = New System.Net.NetworkCredential("myaddress@mydomain.com", "my_app_password")
    .Port= 587
    .Host= "smtp-relay.gmail.com"
    .EnableSsl= True
    .Send(NewContactMessage)
End With

In this case, I get a different error: The SMTP server requires a secure connection or the client was not authenticated. The server response was: 5.7.0 Authentication Required. Learn more at. (If I use the credentials with the "default" Gmail SMTP server (smtp.gmail.com), I get the same error.)

According to the Audit Logs, it appears that all of my configuration setting changes have completed. Everything appears to be correct for this to work, but what am I missing?

G_Hosa_Phat
  • 976
  • 2
  • 18
  • 38
  • I've read the proposed duplicate question and, while it has a number of possible solutions, it does not include the one solution from [Send mail via google app with smtp relay](https://stackoverflow.com/q/30046227/2569697) that actually resolved my issue - to turn off the **Require SMTP Authentication** option in the SMTP relay service configuration. While that question doesn't have an accepted answer, it is actually a more appropriate "duplicate" than the one proposed. Would it be better to post this as an answer to the proposed duplicate, even though that one already has an accepted answer? – G_Hosa_Phat Sep 25 '20 at 13:58

1 Answers1

3

Just before posting this question, I found this Q&A - Send mail via google app with smtp relay - with the simple fix to my issue: Turn off the Require SMTP Authentication option in the SMTP relay service configuration settings.

SMTP Authentication disabled for relay service

Once I disabled that setting and tried again, everything is flowing normally. I suppose I should have figured that out on my own, but according to Google's support article for setting up the SMTP relay (emphasis mine in the first sentence):

  1. In the Authentication section, check one or both boxes to set an authentication method:
    • Only accept mail from the specified IP addresses — The system only accepts mail sent from these IP addresses as coming from your domains.
    • Require SMTP Authentication — Enforces the use of SMTP authentication to identify the sending domain. Using this option requires your clients to connect via TLS.

The wording here seems a bit misleading and appears to indicate that you can have both of these options enabled without one "interfering" with the other. As I said, I probably should have figured this out on my own - especially since I'm trying to send from a "dummy" e-mail account - but I guess it just didn't occur to me.

I considered deleting this question, but I had done a fair amount of searching before writing this question up and somehow never ran across that particular post. I'm not sure how I could have missed it, but I'm leaving my question here in hopes that someone else has an easier time of finding this solution in the future.

G_Hosa_Phat
  • 976
  • 2
  • 18
  • 38