19 Mar
2023
19 Mar
'23
4:18 p.m.
Hi Folks,
I want to use gmail to send myself backup logs, since my mail server is not available
during backup. I continue to get a credential error, but the credentials I am using are
correct. I suspect that this is the result of "two-factor" authentication, which
I am not using on gmail, but which has caused the "allow less secure access" to
be disabled. I could use my ISP and configure an "Upstream SMTP-Smart Host", but
then I have a detail to remember and reconfigure should I ever change my ISP.
Is anybody doing this successfully, without submitting to "Google Workspaces" or
"Microsoft Office 365"?
Thanks for the help,
--
Chris.
V:916.799.9461
F:916.974.0428
A: Because we read from top to bottom, left to right.
Q: > Why should I start my reply below the quoted text?
19 Mar
19 Mar
5 p.m.
Thanks for the idea that there is a way around gmail two-factor authentication. I only
use Gmail for things like boarding passes now because I couldn't log in with mutt.
IMHO the whole two-factor identification thing has gotten way out of conttrol. Especially
if you mostly use a desktop system. I now have an old phone and a $9/month cellphone plan
just to accomodate it. That phone never goes anywhere except my office.
-Gary
On Sun, Mar 19, 2023 at 09:18:26AM -0700, Chris Miller wrote:
Hi Folks,
I want to use gmail to send myself backup logs, since my mail server is not available
during backup. I continue to get a credential error, but the credentials I am using are
correct. I suspect that this is the result of "two-factor" authentication, which
I am not using on gmail, but which has caused the "allow less secure access" to
be disabled. I could use my ISP and configure an "Upstream SMTP-Smart Host", but
then I have a detail to remember and reconfigure should I ever change my ISP.
Is anybody doing this successfully, without submitting to "Google Workspaces"
or "Microsoft Office 365"?
Thanks for the help,
--
Chris.
V:916.799.9461
F:916.974.0428
A: Because we read from top to bottom, left to right.
Q: > Why should I start my reply below the quoted text?
_______________________________________________
Lug-nuts mailing list -- lug-nuts(a)bigbrie.com
To unsubscribe send an email to lug-nuts-leave(a)bigbrie.com
20 Mar
20 Mar
7:16 a.m.
Gary,
There is not doubt in my mind that 2FA is the way forward. I think you
need a different token than your cell phone, such as the Yubi key. Here
is an article on Yubikey and Google.
"In 2009 Google was the target of sophisticated cyber attacks capable of
circumventing traditional security controls. With a lack of viable
two-factor authentication (2FA) options to effectively prevent these
attacks and account takeovers, Google began working closely with Yubico
to extend the capabilities of the YubiKey two factor authentication
technology to also include public key cryptography."
https://www.yubico.com/resources/reference-customers/google/
You can generate an application password for Google.
https://myaccount.google.com/apppasswords
Some other settings
Gmail SMTP server address: smtp.gmail.com
Gmail SMTP name: Your full name
Gmail SMTP username: Your full Gmail address (e.g. you(a)gmail.com)
Gmail SMTP password: The password that you use to log in to Gmail
Gmail SMTP port (TLS): 587
Gmail SMTP port (SSL): 465
Requires SSL: Yes
Requires TLS: Yes
Requires authentication / Use authentication: Yes
Requires secure connection / Use secure connection: Yes
Brian
On Sun, Mar 19, 2023 at 10:00:02AM -0700, Gary wrote:
Thanks for the idea that there is a way around gmail
two-factor authentication. I only use Gmail for things like boarding passes now because I
couldn't log in with mutt.
IMHO the whole two-factor identification thing has gotten way out of conttrol.
Especially if you mostly use a desktop system. I now have an old phone and a $9/month
cellphone plan just to accomodate it. That phone never goes anywhere except my office.
-Gary
On Sun, Mar 19, 2023 at 09:18:26AM -0700, Chris Miller wrote:
--
Brian Lavender
http://www.brie.com/brian/
"There are two ways of constructing a software design. One way is to
make it so simple that there are obviously no deficiencies. And the other
way is to make it so complicated that there are no obvious deficiencies."
Professor C. A. R. Hoare
The 1980 Turing award lecture
Hi Folks,
I want to use gmail to send myself backup logs, since my mail server is not available
during backup. I continue to get a credential error, but the credentials I am using are
correct. I suspect that this is the result of "two-factor" authentication, which
I am not using on gmail, but which has caused the "allow less secure access" to
be disabled. I could use my ISP and configure an "Upstream SMTP-Smart Host", but
then I have a detail to remember and reconfigure should I ever change my ISP.
Is anybody doing this successfully, without submitting to "Google Workspaces"
or "Microsoft Office 365"?
Thanks for the help,
--
Chris.
V:916.799.9461
F:916.974.0428
A: Because we read from top to bottom, left to right.
Q: > Why should I start my reply below the quoted text?
_______________________________________________
Lug-nuts mailing list -- lug-nuts(a)bigbrie.com
To unsubscribe send an email to lug-nuts-leave(a)bigbrie.com
_______________________________________________
Lug-nuts mailing list -- lug-nuts(a)bigbrie.com
To unsubscribe send an email to lug-nuts-leave(a)bigbrie.com
1:28 p.m.
Hi Brian,
You can generate an application password for Google.
SMTP
"relay" does not count as an "application", so this is not my problem,
but assuming it was, where in the list below is the opportunity to use it?
Gmail SMTP server address: smtp.gmail.com
Gmail SMTP name: Your full name
Gmail SMTP username: Your full Gmail address (e.g. you(a)gmail.com)
Gmail SMTP password: The password that you use to log in to Gmail
Gmail SMTP port (TLS): 587
Gmail SMTP port (SSL): 465
Requires SSL: Yes
Requires TLS: Yes
Requires authentication / Use authentication: Yes
Requires secure connection / Use secure connection: Yes
Thanks for the help,
--
Chris.
V:916.799.9461
F:916.974.0428
A: Because we read from top to bottom, left to right.
Q: > Why should I start my reply below the quoted text?
5:13 p.m.
I was just giving details for relaying through Google smtp server. I
guess you are relaying through someone else?
On Mon, Mar 20, 2023 at 06:28:08AM -0700, Chris Miller wrote:
Hi Brian,
You can generate an application password for Google.
https://myaccount.google.com/apppasswords
SMTP "relay" does not count as an "application", so this is not
my
problem, but assuming it was, where in the list below is the
opportunity to use it?
Gmail SMTP server address: smtp.gmail.com
Gmail SMTP name: Your full name
Gmail SMTP username: Your full Gmail address (e.g. you(a)gmail.com)
Gmail SMTP password: The password that you use to log in to Gmail
Gmail SMTP port (TLS): 587
Gmail SMTP port (SSL): 465
Requires SSL: Yes
Requires TLS: Yes
Requires authentication / Use authentication: Yes
Requires secure connection / Use secure connection: Yes
Thanks for the help,
--
Chris.
V:916.799.9461
F:916.974.0428
A: Because we read from top to bottom, left to right.
Q: > Why should I start my reply below the quoted text?
_______________________________________________
Lug-nuts mailing list -- lug-nuts(a)bigbrie.com
To unsubscribe send an email to lug-nuts-leave(a)bigbrie.com
--
Brian Lavender
http://www.brie.com/brian/
"There are two ways of constructing a software design. One way is to
make it so simple that there are obviously no deficiencies. And the other
way is to make it so complicated that there are no obvious deficiencies."
Professor C. A. R. Hoare
The 1980 Turing award lecture
21 Mar
21 Mar
4:55 p.m.
Hi Brian,
I was just giving details for relaying through Google
smtp server.
Thanks for the description of how to relay e-mail through SMTP, but it
does not address the original problem. It was not clear in the original message that I do
know how to do this, but as I asked, are you actually using this? I can't
authenticate. You addressed the "authentication" question, in an inconsistent
manner. The "GMail" credentials are not the same as an "AppPassword",
and I see no authentication in SMTP but "GMail" credentials. It appears that
SMTP relay through Google is only available for "Google Workspaces" customers,
unless somebody knows something I don't.
I guess you are relaying through someone else?
Actually, no. I have not found a suitable "host". I am "relaying
through my own "Mail.Tryx.org". This is usually a fine solution, but I should
really be sending my logs through a service with 100% uptime, and I have to bring Zimbra
down for daily backups, at a minimum. Webhosting is pretty cheap, but I can probably
simply time the Zimbra e-mail backup such that it is completes before anything else
starts, and be done with it. Only conflict would be a process that takes longer than 24
hours to complete, and that is also a problem, but a different problem.
Thanks for the help,
--
Chris.
V:916.799.9461
F:916.974.0428
A: Because we read from top to bottom, left to right.
Q: > Why should I start my reply below the quoted text?
23 Mar
23 Mar
5:46 p.m.
On Tue, Mar 21, 2023 at 09:55:26AM -0700, Chris Miller wrote:
Hi Brian,
I was just giving details for relaying through Google smtp server.
Thanks for the description of how to relay e-mail through SMTP, but it
does not address the original problem. It was not clear in the original
message that I do know how to do this, but as I asked, are you actually
using this? I can't authenticate. You addressed the "authentication"
question, in an inconsistent manner. The "GMail" credentials are not
the same as an "AppPassword", and I see no authentication in SMTP but
"GMail" credentials. It appears that SMTP relay through Google is only
available for "Google Workspaces" customers, unless somebody knows
something I don't.
I am not using the gmail smtp. Yet, it appears that you have to create
an app password and use that as the password for your smtp auth. You
certainly wouldn't want to use your regular password that you log into
your gmail account with. I use an app password for committing to github.
I use the same user name, yet I use a generated password to do commits.
That way, it only has certain access.
Did you try creating an app password and using it?
--
Brian Lavender
http://www.brie.com/brian/
"There are two ways of constructing a software design. One way is to
make it so simple that there are obviously no deficiencies. And the other
way is to make it so complicated that there are no obvious deficiencies."
Professor C. A. R. Hoare
The 1980 Turing award lecture
24 Mar
24 Mar
5:09 p.m.
Hi Brian,
I am not using the gmail smtp.
Then you may not
understand the problem. We all know how to "relay" under "normal"
circumstances.
Yet, it appears that you have to create an app
password and use that as the
password for your smtp auth. You certainly wouldn't want to use your regular
password that you log into your gmail account with.
Sure. So what is the
"app" that I claim needs the password? I don't think this is an
"AppPassword" problem, but I would love to be proven wrong.
( ... several minutes later ... )
Dude, you might be right. It might be an "AppPassword" problem. Apparently
"sendmail" and "postfix" qualify as applications that GMail can
identify. When I asked "gmail apppassword for postfix" I found:
https://www.systoolsgroup.com/add/postfix-to-gmail-account/
In deference to my ignorance, I will suspend further invective until I have tried what the
above instructions tell me to try.
Thanks for the help,
--
Chris.
V:916.799.9461
F:916.974.0428
A: Because we read from top to bottom, left to right.
Q: > Why should I start my reply below the quoted text?
20 Mar
20 Mar
5:19 p.m.
On Mon, Mar 20, 2023 at 06:28:08AM -0700, Chris Miller wrote:
Hi Brian,
You can generate an application password for Google.
https://myaccount.google.com/apppasswords
SMTP "relay" does not count as an "application", so this is not
my
problem, but assuming it was, where in the list below is the
opportunity to use it?
Gmail SMTP server address: smtp.gmail.com
Gmail SMTP name: Your full name
Gmail SMTP username: Your full Gmail address (e.g. you(a)gmail.com)
Gmail SMTP password: The password that you use to log in to Gmail
The two lines above I would imagine.
--
Brian Lavender
http://www.brie.com/brian/
"There are two ways of constructing a software design. One way is to
make it so simple that there are obviously no deficiencies. And the other
way is to make it so complicated that there are no obvious deficiencies."
Professor C. A. R. Hoare
The 1980 Turing award lecture
21 Mar
21 Mar
5 p.m.
Hi Brian,
No. Those are "GMail" credentails. I have a GMail
account, "cjm51213(a)gmail.com".com", so I have such credentials, but it is
insufficient permission for Google to relay email on my behalf.
Thanks for the help,
--
Chris.
V:916.799.9461
F:916.974.0428
A: Because we read from top to bottom, left to right.
Q: > Why should I start my reply below the quoted text?
> ... where in the list below is the opportunity to
use it?
Gmail SMTP
server address: smtp.gmail.com
Gmail SMTP name: Your full name
Gmail SMTP username: Your full Gmail address (e.g. you(a)gmail.com)
Gmail SMTP password: The password that you use to log in to Gmail
The two lines
above I would imagine.
20 Mar
20 Mar
4:56 p.m.
Anything that makes a task more difficult, makes it more secure. The question always is,
is the extra effort "worth it".
The Yubikey seems to be a hard token. I've used them. They are a pain.
Orginally, at this point, I wrote a bunch about attack vectors and on and on. But the
bottom line is that I'm not willing to go through 2FA to access my Gmail account
remotely, so I don't use it. It's not "worth it." They've gone too
far. I don't like a lot of the things my Google account gets used for.
And, I don't want to turn my phone into a security device of any kind and no, I
won't install an app on my phone to access your service. I don't have a choice
with Gmail. That is making it hard to deal with some institutions. So I caved and set up a
second phone.
But I'm also questioning whether I rely on, or am exposed to, the internet too much..
An issue is that the banks, whatever, seem to have a poor understanding of what the threat
is. Golden1 once, not that long ago, sent me a legitimate email that looked exactly like
a phishing scam. I sent them an email referencing their initial correspondence and that,
no , I wouldn't respond that way. And at least for awhile, they included instruction
on how to reply after logging in.
The social attacks are still working. I've never spoken to anyone who knows of a
reasonable userid/password being brute forced. Guessing that the password is
"password" counts as a socail attack in my book.
So we pile on armor in places where the attack never succeeds and leave ourselves bare
where it does.
-Gary
On Mon, Mar 20, 2023 at 12:16:19AM -0700, Brian E. Lavender wrote:
Gary,
There is not doubt in my mind that 2FA is the way forward. I think you
need a different token than your cell phone, such as the Yubi key. Here
is an article on Yubikey and Google.
"In 2009 Google was the target of sophisticated cyber attacks capable of
circumventing traditional security controls. With a lack of viable
two-factor authentication (2FA) options to effectively prevent these
attacks and account takeovers, Google began working closely with Yubico
to extend the capabilities of the YubiKey two factor authentication
technology to also include public key cryptography."
https://www.yubico.com/resources/reference-customers/google/
You can generate an application password for Google.
https://myaccount.google.com/apppasswords
Some other settings
Gmail SMTP server address: smtp.gmail.com
Gmail SMTP name: Your full name
Gmail SMTP username: Your full Gmail address (e.g. you(a)gmail.com)
Gmail SMTP password: The password that you use to log in to Gmail
Gmail SMTP port (TLS): 587
Gmail SMTP port (SSL): 465
Requires SSL: Yes
Requires TLS: Yes
Requires authentication / Use authentication: Yes
Requires secure connection / Use secure connection: Yes
Brian
On Sun, Mar 19, 2023 at 10:00:02AM -0700, Gary wrote:
Thanks for the idea that there is a way around
gmail two-factor authentication. I only use Gmail for things like boarding passes now
because I couldn't log in with mutt.
IMHO the whole two-factor identification thing has gotten way out of conttrol.
Especially if you mostly use a desktop system. I now have an old phone and a $9/month
cellphone plan just to accomodate it. That phone never goes anywhere except my office.
-Gary
On Sun, Mar 19, 2023 at 09:18:26AM -0700, Chris Miller wrote:
--
Brian Lavender
http://www.brie.com/brian/
"There are two ways of constructing a software design. One way is to
make it so simple that there are obviously no deficiencies. And the other
way is to make it so complicated that there are no obvious deficiencies."
Professor C. A. R. Hoare
The 1980 Turing award lecture
_______________________________________________
Lug-nuts mailing list -- lug-nuts(a)bigbrie.com
To unsubscribe send an email to lug-nuts-leave(a)bigbrie.com Hi Folks,
I want to use gmail to send myself backup logs, since my mail server is not available
during backup. I continue to get a credential error, but the credentials I am using are
correct. I suspect that this is the result of "two-factor" authentication, which
I am not using on gmail, but which has caused the "allow less secure access" to
be disabled. I could use my ISP and configure an "Upstream SMTP-Smart Host", but
then I have a detail to remember and reconfigure should I ever change my ISP.
Is anybody doing this successfully, without submitting to "Google Workspaces"
or "Microsoft Office 365"?
Thanks for the help,
--
Chris.
V:916.799.9461
F:916.974.0428
A: Because we read from top to bottom, left to right.
Q: > Why should I start my reply below the quoted text?
_______________________________________________
Lug-nuts mailing list -- lug-nuts(a)bigbrie.com
To unsubscribe send an email to lug-nuts-leave(a)bigbrie.com
_______________________________________________
Lug-nuts mailing list -- lug-nuts(a)bigbrie.com
To unsubscribe send an email to lug-nuts-leave(a)bigbrie.com
534
days inactive
539
days old
10 comments
3 participants
participants (3)
-
Brian E. Lavender -
Chris Miller -
Gary