cancel
Showing results for 
Search instead for 
Did you mean: 
albertatarxxus New Member
New Member

027-779 It attestation-fails by SMTP-A

Hello, we experienced this problem a few weeks ago.  I'm guessing G Suite had upgraded and perhaps deprecated some older ciphers which caused the scan service on our Xerox to stop working (though I did not confirm this nor which specific cipher it was).  We have been using the GMail SMTP server configuration method, with a dedicated email account for each printer.  We also have 2FA required for our domain but a generated "application password" for the printer has been working fine - the printer does not need to 2FA.

 

Using the resources at GMail (https://support.google.com/a/answer/176600?hl=en) I tried changing ports, mail server hostname, authentication method, etc. - a whole variety of setting changes but nothing worked.  A call with support revealed that lowering our organization's GMail security setting to Allow Insecure Apps would fix the problem, but this was not something we wanted to do.  We had considered running a secondary GMail domain just for the scanner, but this also was not an option we wanted to consider.

 

I found that instead that changing to use the SMTP Relay Service method (option #1 in the link above) instead of a dedicated user on the Gmail SMTP server (#2 in the link above) worked.  See the link above for full details, but basically the mail server becomes smtp-relay.gmail.com instead of smtp.gmail.com and the Login Credentials are None instead of SMTP AUTH (this method authenticates by source IP rather than auth).  The printer still uses TLS and port 465, although Gmail may be configured to not require TLS for the mail relay service (I suspect if it is configured to require TLS, it may fail for the same reason as the original method failed).  Also, for this to work you need to enable the SMTP Mail Relay service in G Suite - see https://support.google.com/a/answer/2956491?hl=en for more info.

 

We had our printer's bios upgraded by a technician which I had hoped would upgrade the security protocols/ciphers and fix the problem, but it did not.  I would hope that in the near future, Xerox would release a bios upgrade that strengthens the SSL/TLS so that Gmail no longer considers it low security.  For now, the above workaround is adequate for us.  Hope this helps someone.

 

Cheers,

Albert

 

P.S.  Don't forget to use Internet Explorer and not Chrome or Firefox to change the settings.  I spent a good 5 hours changing settings on the printer in Chrome and FireFox to have the SMTP AUTH tickbox always default back to none.  Later found out from support this was a javascript incompatibility with those browsers!  Using IE my selections were saved properly.

0 Kudos
3 Replies
albertatarxxus New Member
New Member

Re: 027-779 It attestation-fails by SMTP-A

P.P.S.  After some additional reading, perhaps it's not so much a security/cipher version issue as I had originally thought, but rather that Google considers a userid/password entered into a third party app UI less secure than OAuth2 (which is now the preferred and more secure method of sharing account authorization).  Perhaps Xerox would need to enhance the UI CentreWare UI to bounce over to Gmail to establish a refresh token and then bounce back.  This would eliminate the need for the UI to store the userid/password which might be why Gmail considers it less secure...?

0 Kudos
Analyst Nation Moderator Joe053204-hcl
Analyst Nation Moderator

Re: 027-779 It attestation-fails by SMTP-A

Lately it has worked much better on most devices to use SMTP.gmail.com on port 587 with STARTTLS.

Don't use port 465 (SSL) at all with Gmail, it is much better to use 587 (TLS) and specifically choose STARTTLS and not STARTTLS (If Available)

 

I don't know what printers you are talking about so I can't say if you will have those options though.

 

It is very unlikely Xerox will ever be able to implement 2FA on most current devices, possibly in upcoming ones with faster and more robust UI panels.

Please be sure to select "Accept Solution" and or select the thumbs up icon to enter Kudos for posts that resolve your issues. Your feedback counts!

Joe
0 Kudos
Fabio Valued Advisor
Valued Advisor

Re: 027-779 It attestation-fails by SMTP-A

what the model numbers of the new hardware?

we moved from 75xx to 78xx , 79xx, now 80xx ? :)

0 Kudos