From: Andrew C A. <fet...@ai...> - 2024-05-11 13:53:04
|
Executive Summary: Google Less Secure Apps (LSA) will be turned off in two stages: Beginning June 15, 2024: No new accounts Beginning September 30, 2024: Access to LSAs will be turned off for all Google Workspace accounts. OAuth and App Password access to smtp/imap/pop etc. will continue. https://workspaceupdates.googleblog.com/2023/09/winding-down-google-sync-and-le$ -- Andrew C. Aitchison Kendal, UK an...@ai... |
From: Andrew C A. <fet...@ai...> - 2024-05-11 14:00:19
|
On Sat, 11 May 2024, Andrew C Aitchison wrote: > Executive Summary: > > Google Less Secure Apps (LSA) will be turned off in two stages: > Beginning June 15, 2024: > No new accounts > Beginning September 30, 2024: > Access to LSAs will be turned off for all Google Workspace accounts. > > OAuth and App Password access to smtp/imap/pop etc. will continue. Oops. Cut and paste failure. The correct address is: https://workspaceupdates.googleblog.com/2023/09/winding-down-google-sync-and-less-secure-apps-support.html?m=1 -- Andrew C. Aitchison Kendal, UK an...@ai... |
From: Matthias A. <mat...@gm...> - 2024-05-13 21:31:26
|
Am 11.05.24 um 15:40 schrieb Andrew C Aitchison: > > Executive Summary: > > Google Less Secure Apps (LSA) will be turned off in two stages: > Beginning June 15, 2024: > No new accounts > Beginning September 30, 2024: > Access to LSAs will be turned off for all Google Workspace > accounts. > > OAuth and App Password access to smtp/imap/pop etc. will continue. > > https://workspaceupdates.googleblog.com/2023/09/winding-down-google-sync-and-le$ > > Yep. And all the while they are doing that, EC is considering if they want to ban calling apps "less secure" if whatever. I don't really care. Fetchmail isn't "less secure" because it doesn't bring the web browser that requires 100 security fixes every month, quite the contrary. We've had Kerberos/GSSAPI for ages. So then, app password access it will be. https://support.google.com/mail/answer/185833?hl=en&sjid=3175199933505007620-EU#app-passwords |
From: Lucio C. <lu...@la...> - 2024-05-15 19:21:36
|
On Mon, 13 May 2024, Matthias Andree wrote: > So then, app password access it will be. Yes, insofar it works. I do not really understand in what an app password is different from any other password (though I never dared trying it with webmail access, which I do extremely seldom). Currently I use app password for *occasional* Gsuite checks from my alpine MUA (for spam folder once per day, or for mail "in transit" before it is fetchmailed). I could use the same app password with fetchmail, but I preferred to forward Gsuite mail to a third party and fetch it from there. I feel inclined IMVHO to thing G*** itself is a PITA. Just yesterday I added a cousin's address to a series of crontab for birthday wishes (used since years), and it bounced because of an SPF error. Apparently this was due to the fact mailx (the MUA used by crontab) issued a From of the form us...@ma...main (while alpine uses user@domain which passes SPF on the SMTP for the domain). A mailx -r cured it. -- Lucio Chiappetti - INAF/IASF - via Corti 12 - I-20133 Milano (Italy) For more info : http://www.iasf-milano.inaf.it/~lucio/personal.html ------------------------------------------------------------------------ "All that is google does not glitter Nor all who use alpine/procmail are lost" |
From: Matthias A. <mat...@gm...> - 2024-05-18 09:16:12
|
Am 15.05.24 um 21:01 schrieb Lucio Chiappetti: > On Mon, 13 May 2024, Matthias Andree wrote: > >> So then, app password access it will be. > > Yes, insofar it works. > > I do not really understand in what an app password is different from > any other password (though I never dared trying it with webmail > access, which I do extremely seldom). Lucio, The idea behind "app passwords" is that * they give only limited access for *one* particular service or sub-area of the entire suite of services of some larger offering. Like, you cannot log into your Google account, or Google Meet, or use this app password to change your global account password, etc. (That is assuming you keep your recovery e-mail address separate from a service you can access with this app password for email.) * they are not subject to two-factor authentication (2FA), so easier to set up for an application that cannot do 2FA or where trusted. > > I feel inclined IMVHO to thin[k] G*** itself is a PITA. Just yesterday > I added a cousin's address to a series of crontab for birthday wishes > (used since years), and it bounced because of an SPF error. Apparently > this was due to the fact mailx (the MUA used by crontab) issued a From > of the form us...@ma...main (while alpine uses user@domain which > passes SPF on the SMTP for the domain). A mailx -r cured it. For my own convenience, on my computers, I have added SPF workarounds such that I usually set up source-address-based routing to the SMTP submission server [mail.gmx.net]:submission, and authentication to my Postfix ages ago to overcome this SPF madness. |
From: Carlos E. R. <rob...@te...> - 2024-05-18 12:58:17
Attachments:
OpenPGP_signature.asc
|
On 2024-05-13 23:31, Matthias Andree via Fetchmail-users wrote: > Am 11.05.24 um 15:40 schrieb Andrew C Aitchison: >> >> Executive Summary: >> >> Google Less Secure Apps (LSA) will be turned off in two stages: >> Beginning June 15, 2024: >> No new accounts >> Beginning September 30, 2024: >> Access to LSAs will be turned off for all Google Workspace >> accounts. >> >> OAuth and App Password access to smtp/imap/pop etc. will continue. >> >> https://workspaceupdates.googleblog.com/2023/09/winding-down-google-sync-and-le$ >> >> > Yep. And all the while they are doing that, EC is considering if they > want to ban calling apps "less secure" if whatever. Sorry, what or who is "EC"? > I don't really > care. Fetchmail isn't "less secure" because it doesn't bring the web > browser that requires 100 security fixes every month, quite the > contrary. We've had Kerberos/GSSAPI for ages. > > So then, app password access it will be. > > https://support.google.com/mail/answer/185833?hl=en&sjid=3175199933505007620-EU#app-passwords -- Cheers / Saludos, Carlos E. R. (from 15.5 x86_64 at Telcontar) |
From: Matthias A. <mat...@gm...> - 2024-05-18 15:11:12
|
Am 18.05.24 um 14:42 schrieb Carlos E. R. > On 2024-05-13 23:31, Matthias Andree via Fetchmail-users wrote: >> Am 11.05.24 um 15:40 schrieb Andrew C Aitchison: >>> >>> Executive Summary: >>> >>> Google Less Secure Apps (LSA) will be turned off in two stages: >>> Beginning June 15, 2024: >>> No new accounts >>> Beginning September 30, 2024: >>> Access to LSAs will be turned off for all Google Workspace >>> accounts. >>> >>> OAuth and App Password access to smtp/imap/pop etc. will continue. >>> >>> https://workspaceupdates.googleblog.com/2023/09/winding-down-google-sync-and-le$ >>> >>> >>> >> Yep. And all the while they are doing that, EC is considering if they >> want to ban calling apps "less secure" if whatever. > > Sorry, what or who is "EC"? European Commission, the executive body of the European Union. |
From: Carlos E. R. <rob...@te...> - 2024-05-18 16:13:57
Attachments:
OpenPGP_signature.asc
|
On 2024-05-18 17:11, Matthias Andree via Fetchmail-users wrote: > Am 18.05.24 um 14:42 schrieb Carlos E. R. >> On 2024-05-13 23:31, Matthias Andree via Fetchmail-users wrote: >>> Am 11.05.24 um 15:40 schrieb Andrew C Aitchison: ... >>> Yep. And all the while they are doing that, EC is considering if they >>> want to ban calling apps "less secure" if whatever. >> >> Sorry, what or who is "EC"? > > European Commission, the executive body of the European Union. Ah! That move would be nice of them :-) -- Cheers / Saludos, Carlos E. R. (from 15.5 x86_64 at Telcontar) |