| Deutsch English Français Italiano |
|
<uvq8lc$234ve$1@dont-email.me> View for Bookmarking (what is this?) Look up another Usenet article |
Path: ...!eternal-september.org!feeder3.eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail
From: <bp@www.zefox.net>
Newsgroups: comp.mail.sendmail
Subject: Re: Sendmail on FreeBSD 14, gmail problem
Date: Thu, 18 Apr 2024 04:47:41 -0000 (UTC)
Organization: A noiseless patient Spider
Lines: 65
Message-ID: <uvq8lc$234ve$1@dont-email.me>
References: <uvjlje$csmt$1@dont-email.me> <uvl7an$qcb5$2@dont-email.me> <uvncb2$1cfpj$1@dont-email.me> <uvndqu$2t37$2@gal.iecc.com> <uvptjv$1t6l3$1@dont-email.me> <uvq3uv$gvm$1@tncsrv09.home.tnetconsulting.net>
Injection-Date: Thu, 18 Apr 2024 06:47:41 +0200 (CEST)
Injection-Info: dont-email.me; posting-host="851675a296bfb3931390234d39cb78c4";
logging-data="2200558"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX18JNLheGQi9VZ6RXlcn5YnqIlbmTuQJO/M="
User-Agent: tin/2.6.2-20221225 ("Pittyvaich") (FreeBSD/14.0-RELEASE-p5 (arm64))
Cancel-Lock: sha1:f6qEfxp9mQnmZtCASRjn2Rgjfsk=
Bytes: 3707
Grant Taylor <gtaylor@tnetconsulting.net> wrote:
> On 4/17/24 20:39, bp@www.zefox.net wrote:
>> Pulling the conversation back to sendmail, if I get apache24 to accept
>> and work with https connections have I laid a reasonable foundation
>> to let sendmail authenticate with gmail?
>
> While both Apache and Sendmail use the same underlying TLS libraries;
> oft OpenSSL, sometimes an alternative, what they do with it and how they
> make use of them are separate.
>
> About the only thing that Apache will bring to the email party is
> infrastructure to host the policy file for MTA-STS.
>
> You can use the same certificate file and key for both Apache and Sendmail.
>
That suggests that getting apache working https will complete a necessary,
if not sufficient, step toward authentication using sendmail. For my
purposes that's a worthwhile step. If the certificat can be the one
already used for ssh, that's a bit of gravy.
> "authenticate with gmail" means a couple of different things to me in 2924:
>
> 1) Requirements for senders to be /authenticated/; e.g. SPF and / or DKIM.
> 2) OAuth 2.0 authentication to send relay email to the world via Gmail.
> Read: use Gmail as a smart host in Sendmail parlance.
>
> Which of these are you asking about?
>
I simply want to reply, as an individual, to email received from a gmail
account.
> 1.SPF is easy to do with TXT records in DNS.
>
> 1.DKIM is a bit more complicated and requires a milter to sign outgoing
> messages as well as various DNS records to support DKIM.
>
Hopefully SPF will be enough to get gmail to accept my replies
> 2 is another critter entirely. I am not aware of a recipe to make this
> work. I feel certain that there is on and I'm just unaware of it. I
> can see some plumbing to create a new mailer that does the OAuth w/
> Gmail and sends messages. I know how to add mailers to Sendmail, but I
> have no idea what such a mailer would look like.
>
> I've heard about people using -- what I think -- are called application
> passwords with Gmail to make non-OAuth aware software work with Gmail.
> Maybe this will work allow Sendmail to use Gmail as a smart host using
> authentication using the App Password.
>
> I've read that app passwords are still a thing but require multi-factor
> to be enabled to get access to them.
>
> I could also be a decade behind the times when it comes to OAuth.
>
I fear you're giving me far more credit than I deserve! OAuth is
unknown to me.
Thanks for helping me find my bearings! I'm still kinda lost, but
am forming an inkling which way is up.
bob prohaska