Can't archive Gmail

Hi, I’ve used MailStore before on my old laptop, to archive my gmail accounts. I have a new laptop now so I downloaded mailstore and authorized access to my gmail account but when I try to start the archive I get the error message

… before starting I went into my google account and “allowed less secure apps” as I’ve had to do that before.
The error detail is:
14:56:41.880 [65] INFO: Worker started.
14:56:41.885 [65] INFO: Notify:SetTitle ‘john********@gmail.com
14:56:41.885 [65] INFO: Notify:WriteLine ‘Initializing…’
14:56:41.885 [65] INFO: Initializing…
14:56:41.898 [65] INFO: Connecting to imap.gmail.com:993, protocol: IMAP-SSL
14:56:41.967 [65] EXCEPTION: Worker has thrown an exception.
Rebex.Net.TlsException: Unable to perform revocation check of the server certificate.
at Rebex.Net.Imap.TryUpgrade(TlsParameters parameters, Boolean failOnClosed)
at Rebex.Net.Imap.ConnectSync(String serverName, Int32 serverPort, TlsParameters parameters, SslMode security)
at Rebex.Net.Imap.ConnectInternal(String serverName, Int32 serverPort, TlsParameters parameters, SslMode security)
at #UAb.#1rg.#Trg()
at #UAb.#1rg…ctor(String serverName, Int32 port, String protocol, Int32 timeout, ICertificateVerifier certificateVerifier, #29g authentication, #tG connectionDebugLog, #8lg connectionMonitor)
at MailStore.Connectors.Mailboxes.ImapMailbox…ctor(String serverName, Int32 port, String protocol, Int32 timeout, ICertificateVerifier certificateVerifier, #eah mailboxType, #29g authentication, Boolean writeConnectionDebugLog, #8lg connectionMonitor, #Lpg mailboxCache)
at #UAb.#hHb.#dHb(#SEb #cXb)
at #UAb.#hHb.#1Gb(#SEb #cXb)
at #I9g.#W9g.#zAb(Boolean #y3f)
at #Xzb.#DAb.#BAb()
at #Xzb.#sNb.#pz()
at #gib.#fib.#4hb()

*** Inner Exception ***
Rebex.Net.TlsException: Unable to perform revocation check of the server certificate.
   at Rebex.Net.TlsBase.Process()
   at Rebex.Net.TlsBase.Negotiate()
   at Rebex.Net.TlsSocket.Negotiate()
   at Rebex.Net.ImapSocket.Upgrade(TlsParameters parameters)
   at Rebex.Net.Imap.TryUpgrade(TlsParameters parameters, Boolean failOnClosed)

*** Inner Exception ***
Rebex.Net.TlsException: Unable to perform revocation check of the server certificate.
   at Rebex.Net.TlsHandshake.VerifyCertificate(String commonName, CertificateChain certificate)
   at Rebex.Net.TlsHandshake.OnHandshakeReceivedClient(Byte[] buffer, Int32 offset, Int32 count, Handshake h)
   at Rebex.Net.TlsHandshake.OnHandshakeReceived(Byte[] buffer, Int32 offset, Int32 count)
   at Rebex.Net.TlsBase.ProcessHandshake(Byte[] buffer, Int32 offset, Int32 length)
   at Rebex.Net.TlsBase.Process()

Hope you can help
Thanks

Hello @John,

which version of MailStore Home are you using?
You can see this directly on the dashboard of the program.

The reason I am asking is that GMail hardened some mechanisms a while ago and we reacted accordingly with program modifications. Older versions do of course not have these improvements.

Hi

Its 12.0.3

Thanks for your help

Hi @John,

maybe it is as simple as an expired token.

To renew the token you can do the following:

Navigate to “Archive E-Mails”, mark the profile and right click on it.
Select “Settings” and in the settings window, click on “Test”.
It fails. It also then shows “not authorized”.
Click “test” again to re-authorize, which will open a browser and lets you authorize MailStore Home with GMail again. When finished, close the profile configuration by zapping through “next”, “next”, “finish”.
Does it archive again now?

2 Likes

Dear Rebecca,

I tried the same but did not work.

I still get the same Error and it wont archive emails from Gmail even after multiple authorization from browser.

Please help as I need to clear space in gmail ASAP :slight_smile:

Hi @kholjevac,

what anticirus / security solution are you using?

Some have features to monitor SSL connections and/or email traffic.
They interfere with secure email connections.
As nice as these features sound, they tend to disturb communication.

Have a look at your av options.
Are there features like “https scanning” or “secure web” or similar,
and also maybe “secure email” ?

Please temporarily disable these features or the av solution to compare the result.
In case it works then, you know where to search for and what features you might want to tweak, such as adding exceptions for MailStoreHome.exe etc.

Thanks Rebecca, I followed your instructions and reauthorized ok, but get the same error message.

Any other ideas?

Thx

I am also getting the same issue and am unable to resolve it. Where can I go to check off the ignore option??

Hello @John and @kholjevac,

as I already stated:

Something is definitely corrupting your connection to GMail.
Please try to disable your AV solution (and restart, most of them will only be truly bypassed then),
then run the archiving again.
In case it works, you should of course not leave your AV solution disabled, but now you know the cause and can narrow it down by disabling features, such as “mail security” or whatever names the features have in your solution.
Also be aware of additional gateways and firewalls you might have in your infrastructure.
If you have an advanced gateway to the internet, it might be trying the exact same thing - sneaking into secure connections to protect them … but also disturbing in some cases.

This is a generic message for all secure connections in all profile types.
For GMail, there is no “ignore insecure certificates”, because there are no self signed, unsafe certificates from GMail. They always use officially assigned ones.
So whenever you receive an insecure certificate from Google, something’s wrong.
Some “man-in-the-middle-attack” is injecting an insecure certificate.

1 Like

by temporarily disabling the AVAST antivirus, I was able to download GMAIL mail.

1 Like

Yep! I disabled Avast and downloaded gmail with no problems. :grinning:
Not great that I have to allow less secure apps access in google and disable my antivirus while the backup is running tho!
Thanks for your help

Hi @John,

You wrote :

Let’s blame the 1st one on Google.
They have hardened security so much that numerous apps and email clients are considered
" insecure" by their standards.
Google had a campaign that started last year and continued this year that simply withdrew using
Google’s API with the app .
As a result a whole slew of apps disappeared.
The apps could be resubmitted if they revised their code according to Google’s requirements,
but this came at a high cost so most threw in the towel…

A better way is to use an App Password (or code) for MSH.
Some links to inform yourself.
Sign in using App Passwords
https://support.google.com/accounts/answer/185833?hl=en

Google Accounts Help
https://support.google.com/accounts/answer/185833?hl=en

Signing in settings
https://support.google.com/accounts/topic/7188761?hl=en&ref_topic=6152259

As for the AV program - please re-read the answer by Rebecca:
eg :

The MSH archive should never be scanned by an AV app,- certainly not while archiving -
so add an exclusion in eg Avast for the MSH archive in the settings of Avast - for both scanning modes - On Demand scanning and Resident (always on) mode.

That should alleviate your concerns.

Peter E.

Thanks Peter,
I’ve now set up an exception in Avast for MailstoreHome.exe so it is excluded from all shields and scans.
I also obtained a google app password - but can’t see where to input the password in Mailstore. Can you suggest how/where to do this? I guess this is because I’ve already input my google password when I first set up and ran the archive.
John

Hi @John/

Thanks for the feedback but I’m afraid that some misunderstanding has slipped in.
My advice was to also exclude the archive from being scanned.
By default MSH installs to C:\Program Files (x86)\MailStore\MailStore Home
with its archive in C:\Users\UserName\Documents\MailStore Home
https://help.mailstore.com/en/home/Installation
That folder should be excluded from scanning by Avast.

As for the app password - that code is different from your regular password which you
use for Gmail to login to Gmail webmail and you can continue to use that.
For MSH the app password is used wen you set up the archiving profile and is only used for that purpose.
I don’t see how you already obtained an app password before you setup the archiving profile
and not remember obtaining it before you knew about it. *** See below

In any case the app password can be changed in the setup of the archiving profile.

*** MSH uses OAuth and in that case is a Google approved app.
In that case you could’ve gotten to Gmail is via a popup panel from Google/Gmail to approve
the use of MSH to access your Gmail account.
In that case you do provide your regular password for that account.
MSH will then be listed as a (approved) connected app in your Google account.

If you’re already archiving successfully,then the latter will be the case, but is in my view
something you would remember, since it’s a separate event from other events that occur
while setting up your archiving profile.

Peter E.

Thanks Peter, I’ll add another exclusion for the archive.

The order of events has been that I set up my MSH profile with my google account password but couldn’t archive, Rebecca identified the problems as a) Avast and b) Google so I disabled Avast and set Google to allow less secure apps, then I was able to run the archive (on the profile set up with my google password).

Then you suggested how I could get round the insecure way I was managing this.

Are saying that I’ll have to set up a new profile and archive again from scratch? or continue with current profile but need to allow less secure apps?

Thanks for your help

John

Thanks for your feedback.
Sorry for the hiatus - Sat. tends to be a busy day…

Yes, maybe 2 > 1 for the Resident scan mode (always on)
and 1 for the On Demand scanning mode…

Yes - the Less secure apps setting …It’s not as dire as G makes it out to be,
but it is a less secure way.
Because of this you’ll be getting fairly frequent reminders from Google that your account is insecure
and at risc.

In the end it’s your choice - unless G takes away that option to use less secure apps.
In that case it becomes G’s choice…

Of course the App password is the better way, but I wish MSH were coded to Login to Gmail
and then provide your credentials by using your regular email and password via a pop-up window
in your default browser - as is done for other apps. - including some email clients.

Yes, I believe that setting up the profile with the app pass code will create another archive for the same
email account.
However, if you want to try to edit the password for the existing profile - only do so after you make a backup of the existing archive - using the built-in backup utility and saving it eg on your drive
or external drive.

Before you even start - can you make screenshots of your profile setttings panels?
Obfuscate personal info .

In fact I’d like to continue this via PM - this thread has become too long since the topic was somewhat
hijacked by the last addition.
I’m sorry - I should’ve advised you earlier.

I will send a PM - please respond in kind - via PM
Your email will say Visit Message - instead of Visit Topic

Peter