Hello again Josef.
Steffen Nurpmeso wrote in
<20220517210812.yhzh_%stef...@sdaoden.eu>:
| <6283fcae.U3on3Kd7Xa2MGeWQ%jurek@computer-room01>:
....
||However, recently, Google has announced the following:
...
|| On May 30, you may lose access to apps that are using less
|| secure sign-in technology
||
|| To help keep your account secure, Google will no longer
|| support the use of third-party apps or devices which ask
|| you to sign in to your Google Account using only your
|| username and password. Instead, you’ll need to sign in
|| using Sign in with Google or other more secure technologies,
|| like OAuth 2.0.
||
||So, it looks like with my current .mailrc file,
||"heirloom mailx 12.5" and "s-nail 14.9.23" will stop
||working on May 30.
||
||Can anyone coach me how to configure my .mailrc file so that
||I can continue to use gmail?
|
|You have two options, they are in the FAQ section of the s-nail
|manual:
|
| I cannot login to Google mail (via OAuth)
|and
| But, how about XOAUTH2 / OAUTHBEARER?
|
|In short, you either use "2-step verification" and create an
|application specific password, or you use "oauthbearer" (falsely
|named) authentification.
|
|For Heirloom mailx only the former works.
|I switched to the former for one of my Google accounts, finally,
|and have not yet received more than the initial SMS on my mobile
|phone. (But i do not use this account for real.)
|
|The latter only works for S-nail, and it requires a monstrous user
|unfriendly setup (shown in the FAQ -- ask for further help!).
|Note the Google support scripts shown in the FAQ no longer work
|without hacks ([1]). I .. could try to find time tomorrow and do
|something about that, hmm.
By sheer luck i saw on the OpenBSD port ML a new port request for
cyrus-sasl-xoauth2, and out of interest that lead me to [1], which
is a good instruction, much better than the short FAQ entry of us.
He offers oauthbearerScripts-2020-11-03.tar.bz2[2].
So i downloaded this, and the contained script fetchmail-oauth2.py
works nicely with Python3!
With the info from [1] and the software from [2] i run
# python3 ./fetchmail-oauth2.py \
-c /tmp/x/oauthbearerScripts/xx.rc \
--obtain_refresh_token_file
on a config like
client_id=...
client_secret=...
refresh_token_file=/tmp/x/refresh_file
access_token_file=/tmp/x/access_file
max_age_sec=1900
(granted i had the client_id and the client_secret already, but
[1] shows..) and it said
To authorize token, visit this url and follow the directions:
https://accounts.google.com/o/oauth2/auth?....
^ Google stuff..
Enter verification code: ....
Refresh token saved to '/tmp/x/refresh_file'
Initial access token saved to '/tmp/x/access_file'
Access Token Expiration Seconds: 3599
And it works.
Easier than the Google script ever was, and still working!
[1] http://mmogilvi.users.sourceforge.net/software/oauthbearer.html
[2]
http://mmogilvi.users.sourceforge.net/downloads/oauthbearerScripts-2020-11-03.tar.bz2
So if "2-step verification" is not for you, you could go this way,
but only with S-nail.
In the meantime i remember something i may have overseen in what
the Google guy said, regarding nmh that i talked about. In the
meantime i have become a Google Workspace member, and with that
i will possibly be able to choose "Internal" type for s-mailx, and
maybe like this i can manage that S-nail v14.10 does not enforce
to do the dance shown at [1], but only the software from [2].
(Or, maybe even that, even though Python3 is practically
everywhere (?), link against curl and jsmn and do it all from
within S-nail itself.)
Hope this helps.
Ciao Josef!
--steffen
|
|Der Kragenbaer, The moon bear,
|der holt sich munter he cheerfully and one by one
|einen nach dem anderen runter wa.ks himself off
|(By Robert Gernhardt)
