sendmail script

[Jeffrey Young]

Why would we not continue with curl and an app password?

Also, it looks like OOB OAuth is going away too.

For me, it a chance to try something new (at my age, I like to tackle new projects so I keep my mind working). Second, the question was asked. Prior to the question, I actually knew nothing about Oauth, other than it existed.

I believe the notion was floating around that Google was turning off the less secure app feature. I've even seen posts and articles about it. After some digging, it looks like Google was turning off less secure access "as a default", but it would still be there.

The up side, I now know a lot more about Oauth2 But I too plan on staying with the mail script that I have. My RaspPi router project is taking most of my free time now (an hour there, an hour here - you summer - other things to do).

 

[noric]

Why would we not continue with curl and an app password?

Also, it looks like OOB OAuth is going away too.

App passwords require 2-factor authentication turned on. I would rather not leak my phone number to Google.

 

[noric]

I believe the notion was floating around that Google was turning off the less secure app feature. I've even seen posts and articles about it. After some digging, it looks like Google was turning off less secure access "as a default", but it would still be there.

It's not only about "default". They are completely phasing out "less secure apps": https://support.google.com/accounts/answer/6010255?hl=en

 

[Jeffrey Young]

It's not only about "default". They are completely phasing out "less secure apps": https://support.google.com/accounts/answer/6010255?hl=en

I might be doing some re-write work in my email scripts in June then. We will have to wait and see.

Thanks for the link

EDIT: I don't think this will affect "app passwords". Just the less secure application. I switched from using less secure access to app passwords last year for the remaining 3rd party legacy stuff that I use.

 

[elorimer]

App passwords require 2-factor authentication turned on. I would rather not leak my phone number to Google.

Ah. But all you have to do is verify one number. You have 2FA enabled for a credit card, right? This is one reason I am hanging on to a $3/month burner phone. If you use your gmail address instead of a phone, Google knows about your bank account. And, while we are at it, even if you use Oauth, Google is hoovering up every word in the email you are sending, so your number is the least of it.

 

[Bengt Månsson]

Success

As expected, my email notifications via gmail stopped working. I got me an Application Password and just used it instead of my old login password.
Works fine.

My script is based on the script available at the wiki.
No need to edit /jffs/configs/google_root.pem.
No need for OAUTH.
(I don't mind to use 2fa.)


/Bengt

Honestly, it took me hours to get it working because I created the application password from the wrong account. Maybe I'm not alone with that

 

[Jeffrey Young]

Sweet, all I have ever used was application passwords as Google was blocking me from the start (three years ago), so I never noticed a change (got status messages this morning from remote UPSs)