Deutsch English Français Italiano |
<uvq8lc$234ve$1@dont-email.me> View for Bookmarking (what is this?) Look up another Usenet article |
Path: ...!eternal-september.org!feeder3.eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail From: <bp@www.zefox.net> Newsgroups: comp.mail.sendmail Subject: Re: Sendmail on FreeBSD 14, gmail problem Date: Thu, 18 Apr 2024 04:47:41 -0000 (UTC) Organization: A noiseless patient Spider Lines: 65 Message-ID: <uvq8lc$234ve$1@dont-email.me> References: <uvjlje$csmt$1@dont-email.me> <uvl7an$qcb5$2@dont-email.me> <uvncb2$1cfpj$1@dont-email.me> <uvndqu$2t37$2@gal.iecc.com> <uvptjv$1t6l3$1@dont-email.me> <uvq3uv$gvm$1@tncsrv09.home.tnetconsulting.net> Injection-Date: Thu, 18 Apr 2024 06:47:41 +0200 (CEST) Injection-Info: dont-email.me; posting-host="851675a296bfb3931390234d39cb78c4"; logging-data="2200558"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX18JNLheGQi9VZ6RXlcn5YnqIlbmTuQJO/M=" User-Agent: tin/2.6.2-20221225 ("Pittyvaich") (FreeBSD/14.0-RELEASE-p5 (arm64)) Cancel-Lock: sha1:f6qEfxp9mQnmZtCASRjn2Rgjfsk= Bytes: 3707 Grant Taylor <gtaylor@tnetconsulting.net> wrote: > On 4/17/24 20:39, bp@www.zefox.net wrote: >> Pulling the conversation back to sendmail, if I get apache24 to accept >> and work with https connections have I laid a reasonable foundation >> to let sendmail authenticate with gmail? > > While both Apache and Sendmail use the same underlying TLS libraries; > oft OpenSSL, sometimes an alternative, what they do with it and how they > make use of them are separate. > > About the only thing that Apache will bring to the email party is > infrastructure to host the policy file for MTA-STS. > > You can use the same certificate file and key for both Apache and Sendmail. > That suggests that getting apache working https will complete a necessary, if not sufficient, step toward authentication using sendmail. For my purposes that's a worthwhile step. If the certificat can be the one already used for ssh, that's a bit of gravy. > "authenticate with gmail" means a couple of different things to me in 2924: > > 1) Requirements for senders to be /authenticated/; e.g. SPF and / or DKIM. > 2) OAuth 2.0 authentication to send relay email to the world via Gmail. > Read: use Gmail as a smart host in Sendmail parlance. > > Which of these are you asking about? > I simply want to reply, as an individual, to email received from a gmail account. > 1.SPF is easy to do with TXT records in DNS. > > 1.DKIM is a bit more complicated and requires a milter to sign outgoing > messages as well as various DNS records to support DKIM. > Hopefully SPF will be enough to get gmail to accept my replies > 2 is another critter entirely. I am not aware of a recipe to make this > work. I feel certain that there is on and I'm just unaware of it. I > can see some plumbing to create a new mailer that does the OAuth w/ > Gmail and sends messages. I know how to add mailers to Sendmail, but I > have no idea what such a mailer would look like. > > I've heard about people using -- what I think -- are called application > passwords with Gmail to make non-OAuth aware software work with Gmail. > Maybe this will work allow Sendmail to use Gmail as a smart host using > authentication using the App Password. > > I've read that app passwords are still a thing but require multi-factor > to be enabled to get access to them. > > I could also be a decade behind the times when it comes to OAuth. > I fear you're giving me far more credit than I deserve! OAuth is unknown to me. Thanks for helping me find my bearings! I'm still kinda lost, but am forming an inkling which way is up. bob prohaska