Gmail from Pi

I'm currently sending emails from various Pis via Gmail. I'm assuming that the forthcoming changes to Gmail authentication will break this. Has anyone worked out how to resolve this ? I've had a look online, but nothing has shown up. I'm using a combination of msmtp and mpack to send.

Thanks

Adrian

msmtp seems to support "auth xoauth2"

Re: Re: Gmail from Pi By: Ahem A Rivet's Shot to Shaun Buzza on Sun Apr 03 2022 07:10 am

[MASSIVE SNIP]

I have not had bad issues operating my own email server - despise all the bad press suggesting otherwise. You need to have your SPF, DKIM etc. right but that is about it. If you ISP is not an asshole org it helps a lot.

That said, I am willing to believe that if you serve a significant number of users, one will eventually act dickish and get you in a spam list, which is where I guess problems will begin.

There are comercial SMTP relays out there which will act as your output point for a fee, so even if you DO have probems keeping your infrastructure reputable, you can pay this trouble off if need be.

Thanks, I'll have a play when I've got some time.

Adrian

I had to enable DKIM on my mail server. This seemed to resolve most of the issues I had with gmail.

knute...

Find a provider that isn't trying to lock you into their surveillance state.

No> The bottom line is that it is not that difficult or expensive to do and as No> part of a hobby, it can actually be enjoyable.

Exactly. In fact, I may just try to do this myself, just out of curiosity. As you say: as part of this hobby, it could be an enjoyable adventure.

Then again, I seem to have a pretty agreeable ISP, who hasn't blocked *any* traffic that I'm aware of...yet... (o_O)

McDoob SysOp, PiBBS pibbs.sytes.net

... 640K ought to be enough for anybody. -Bill Gates, 1981.

CG> About a year ago my ISP, Telus, decided to get out of the e-mail hosting CG> business. They sold their entire customer list (including the telus.net CG> domain) to Google. So now all former Telus mail customers' traffic is CG> subject to Google's analytics - as well as the U.S. Patriot Act despite CG> their being Canadian.

I hate to be the one to break it to ya, bud; there's a lot more than just that, that the Canuck ISPs are doing wrong! Be glad you don't have 'Ma Bell' Canada!

The American public isn't the only one suffering from too little competition in the communications sector. Trust me on this, we're getting bent over, too. I know this, because every time 'Ma Bell' raises her price, every other ISP in my area is forced to do the same, because they're using at least a part of her network. Quite literally, no matter which ISP I choose, I'm still paying 'Ma Bell' for internet access. I'm willing to assume that the same thing applies to any ISP that is forced to rely on Telus for the 'last mile'. Or SaskTel, or MTS, or whatever, depending on your province.

And don't even get me started on the potential data-mining going on...

McDoob SysOp, PiBBS pibbs.sytes.net

... 640K ought to be enough for anybody. -Bill Gates, 1981.

Ad> >In other words, be your own provider? Any company that offers 'free' emai Ad> >making their money somewhere else...often through the sale of 'user data' Ad> >

Ad> Ad> If anyone can make money out of a daily summary of my weather station Ad> data, good luck to them.

At this point, I would suggest that you've already disqualified yourself, sir. (o_-)

Ad> >It's not impossible to set up your own email server at home, provided you Ad> >a valid web address to route it through... Ad> Ad> That may well be the case, but, for various reasons, it is something Ad> that I have no desire to do.

And that's entirely okay! Not every server is properly built, nor intended, for that purpose! It would be a *huge* mistake for me to try and host my own mail server, too. Just ask Gamgee if you don't believe me!

McDoob SysOp, PiBBS pibbs.sytes.net

... Nine times out of ten the statisticians are wrong

They have forthcoming authentication changes, they'll be disabling their "allow less secure apps" setting, and will prefer you to use oAuth2, failing that you'll have to enable 2-step verification on the gmail account which will allow you to create an "app specific password" for IMAP/POP/SMTP clients.

If you're allergic to giving them your phone number and leaving 2-step verification enabled, better find a different email provider.

_______________^^^^^^^^^^^

You do know that global email is more than a decade older than the world wide web ? Make that a domain you'll need. You will also need a static IP address (you can use DDNS but things are going to be iffy when the IP address changes, especially if the new holder of your old IP is also running a mail server) for your mail server. Then you'll need to configure it - offline until you have it secure!

Once you have the basics you'll need to set up incoming and outgoing SMTP - you'd best find a trusted relay for outgoing because unless that static IP address is on your own network (you have an ASN and an IP range) then it's almost certainly in a blacklisted domestic range and nobody will accept mail originating there. That's before you get into all the fun and games required to be a trusted mail source in this massively spam filtered world even when your IP address isn't on some blacklist along with the rest of the range.

Many ISPs seem to have given up trying to maintain their own trusted relays (probably because sooner or later some idiot customer tries spamming) and will reluctantly tell you of one you can use but refuse to guarantee delivery through it. I went for the free tier of a commercial provider whose main customers are businesses that need reliable email and don't want the trouble of running their own.

Once you have the incoming and outgoing transport set up you'll need spam filtering, delivery, and an IMAP and/or POP3 server unless delivery is to a single machine. If you want access outside your LAN for POP3 and IMAP then you'll have to think about security - a VPN into the LAN is one option (the one I use).

Oh yes on the subject of security the less there is running on your router the harder it is to hack the network from outside - so don't run your mail servers on the router, instead run every service in its own container on an internal host.

Yes it is possible to run your own mail server at home, I do it and I wouldn't have it any other way. It is nowhere near as simple as it was in 1992 when I first did it with KA9Q.

The key is to set up a VPS outside of your own internal network in internet land.

Then you need to set up a mail system - Postgres, sendmail or exim - to send and receive mail from it, and a POP3 or IMAP server (dovecot) to collect mail from it. You may or may not want to add some spam filters to that, and of course you strictly want to add SMTP passwords for relaying. Otherwise you will become a spam relay in ait half an hour from switchon, and blacklisted by the end of the day..

Most VPNs that allow you to have a reverse IP lookup will be trusted by most people.

A VPS out there in internet land is globally accessible if you use IMAP. Its your own gmail type service

It is not hard to set up.

It is a lot easier to do it on a VPS. And safer

The common problem I've seen is that the ISP has enough customers who try spamming that their whole block gets blacklisted somewhere, or they don't bother with reverse DNS at all on their IP block and that gets it blacklisted or ...

Some of them even have a free tier that's way more than any normal person or family could use - that's my current solution to the problem.

I feel safer with the data inside my firewall on my storage[1], but yes putting the relay(s) outside on a VPS is a good approach especially if you lock down the link to the outgoing relay to a VPN.

[1] The thing with a VPS is the hypervisor has an open door below the OS to the VPS "hardware" so everything on a VPS is wide open to anyone with control of the hypervisor.

Personally, I wouldn't touch Gmail, Microsoft or any other free mail service because I *know* they'll be selling everything they can find out about me to anybody that wants it: how else do you think they can provide a 'free' service to you?

I've used essentially the same setup since the late '90s. My mail is routed in and out via an ISP, Demon at first, then UKFSN, now Zen and all ISP changes have been painless because I own a domain name, hosted by a

3rd party. The domain name host redirects mail and HTML requests to my current ISP, so if I change ISPs, I edit edit the domain redirects to send mail and web traffic to the new ISP, who also hosts the public-facing copy of my websites.

For security, my LAN's firewall is invisible to external access: this is possible because:

- FTP connections to update my websites connect outward from here to my ISP. I run a local webserver where web pages are edited and checked before being made visible externally by copying them to the website mirror on my ISP's webserver.

- I use getmail to retrieve incoming mail from my inbox at my ISP and pass it, via Spamassassin, to my local Postfix mailserver for distribution on my LAN.

- Outgoing mail is passed to my local Postfix mailserver which forwards it to my outbox at my ISP, from where my ISP passes it to its destination.

- I do not use or need any internet services that accept connections from outside my LAN's firewall. About the only maintenance this setup needs, apart from regular Linux distro updates, is periodic updates to local antispam rules used by Spamassassin as new spammers appear or old spammers learn new tricks.

in the same way that all of your email is open to anyone with admin access to e.g. gmails servers?

>

Good point. I have run a personal sendmail mail server on Slackware for years. At first I relayed through my ISP, then they used gmail with their domain name, and finally went back to doing it all themselves. The only problem was that after the last change, if you relayed through them, they made it very obvious it was coming from them. I forget the details now, but it was something like "from snipped-for-privacy@mysip.com on behalf of snipped-for-privacy@mydomain.com". As a result for at least the last ten years, I have paid less than $2 a month for a commercial email account with no storage that I can forward through using a smarthost configuration. The only way to know it came from them is to look at the header that shows the routing and two different DKIM signatures. Fortunately my ISP still only blocks port 25 outbound and not port 25 inbound so incoming mail is not a problem. The bottom line is that it is not that difficult or expensive to do and as part of a hobby, it can actually be enjoyable.

Note: If my ISP ever does decide to block port 25 in both directions, it would be a real killer. I would not be surprised if that does occur, that it will be because some idiot did something stupid they shouldn't have and killed the goose that laid the golden egg. There always seems to be one person who ends up ruining a good thing for everyone.

About a year ago my ISP, Telus, decided to get out of the e-mail hosting business. They sold their entire customer list (including the telus.net domain) to Google. So now all former Telus mail customers' traffic is subject to Google's analytics - as well as the U.S. Patriot Act despite their being Canadian.

I believe the term for this is "sold down the river".

Fortunately, I get e-mail through a local provider that I've been using since the dial-up days, so I'm not affected.

Mine is not - it is accessible to anyone with admin access to my server - IOW me and anyone who takes the not inconsiderable trouble to hack into my LAN.