support Oauth

Use this forum if you want to suggest a new feature to hMailServer. Before posting, please search the forum to confirm that it has not already been suggested.
Post Reply
jpm
New user
New user
Posts: 1
Joined: 2019-12-17 14:32

support Oauth

Post by jpm » 2019-12-17 14:47

I've been using hmailserver for years, at hundreds of clients, but only for one specific purpose: SMTP Relay

For example...
local copier or temperature sensor or alerting system (such as PRTG) > hMailServer > smtp.gmail.com with authentication to a user account (mailbox) in the GSuite domain

This gives the sysadmin greater control and logging of messages sent out, and gives end-users further security by being able to see that all messages come from the same email account on their domain.

Today I received this announcement...
https://gsuiteupdates.googleblog.com/20 ... t.html?m=1

I realize the article says copiers and devices using smtp will continue to work, but I strongly suspect that is related to the "Google sanctioned" method where you whitelist the WAN IP of your device to Google and let it send unauthenticated to smtp.google.com
This method is undesirable for several reasons, not the least of which is no local log/retention of mail that's supposedly gone out, but also impossible to implement with any sense of reliability if your WAN IP is dynamic and not static.

So ... would it be possible/imparative for hMailServer to support OAuth directly?

User avatar
mattg
Moderator
Moderator
Posts: 22435
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: support Oauth

Post by mattg » 2019-12-17 16:04

That link says in part

'No change is required for scanners or other devices using simple mail transfer protocol (SMTP) or LSAs to send emails. '
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

palinka
Senior user
Senior user
Posts: 4455
Joined: 2017-09-12 17:57

Re: support Oauth

Post by palinka » 2019-12-17 16:12

jpm wrote:
2019-12-17 14:47
I realize the article says copiers and devices using smtp will continue to work, but I strongly suspect that is related to the "Google sanctioned" method where you whitelist the WAN IP of your device to Google and let it send unauthenticated to smtp.google.com
This method is undesirable for several reasons, not the least of which is no local log/retention of mail that's supposedly gone out, but also impossible to implement with any sense of reliability if your WAN IP is dynamic and not static.

So ... would it be possible/imparative for hMailServer to support OAuth directly?
I could be wrong about this, but I believe when they say "scanners and printers" what they really mean is anything using smtp to relay mail through smtp.gmail.com.

The way it works (I think) is not about a particular device, but rather giving permission to use gmail's relay and for that all they can know about any SMTP connection is the IP address. The oauth allows access. If you've already obtained access permission for your IP, you won't need to do it again. So if you're relaying through hmailserver > smtp.gmail.com, then your hmailserver is the legacy device and you shouldn't have problems in the future.

I have had issues in the past gaining permission and the way I did it was to go into the gsuite admin console and manually allow it. Some apps and scripts that don't support oauth probably won't even get a notice for the reason it was blocked, so in those cases I went to the admin console, found it and allowed it. I'm not sure how this will work in the future, but I suspect that for SMTP it will remain the same because by its very nature its a password only protocol.

Apps that do support oauth open a browser window the first time you connect and that allow you to authorize it on the spot. That would be a good feature for hmailserver since finding the reason through the gsuite admin console is neither intuitive nor simple.

simplehmsuser
New user
New user
Posts: 1
Joined: 2021-02-04 09:07

Re: support Oauth

Post by simplehmsuser » 2021-02-04 09:10

Hello everyone!
Want to bump this thread for a few questions.

Some background.
I'm using hMailServer as a small LAN mail server.
And I'm also using External accounts to download messages from
several G Suite accounts.

So the question is, will that POP3 download still work when Google
turns off access to LSAs for all G Suite accounts?

Possible workarounds?

palinka
Senior user
Senior user
Posts: 4455
Joined: 2017-09-12 17:57

Re: support Oauth

Post by palinka » 2021-02-04 13:20

simplehmsuser wrote:
2021-02-04 09:10
Hello everyone!
Want to bump this thread for a few questions.

Some background.
I'm using hMailServer as a small LAN mail server.
And I'm also using External accounts to download messages from
several G Suite accounts.

So the question is, will that POP3 download still work when Google
turns off access to LSAs for all G Suite accounts?

Possible workarounds?
I don't think anything changed or will change. You can still authorize "less secure connections" and they still allow pop/imap access.

greg b
New user
New user
Posts: 1
Joined: 2020-03-03 20:45

Re: support Oauth

Post by greg b » 2023-03-10 03:02

Was OAuth 2.0 or "Modern Authentication" ever implemented to allow hMailServer to relay mail to O365 / Exchange online accounts now that basic authentication has been disabled for SMTP connections to Microsoft?

User avatar
mattg
Moderator
Moderator
Posts: 22435
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: support Oauth

Post by mattg » 2023-03-10 03:09

NO, however an APP password set in O365 (or gMail) will work fine.
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

Post Reply