Re: May 30th 2022, Google and IMAP
On Friday March 04 2022 16:45:04 A. F. Cano wrote: >This assumes that they let you open ports. Obviously for your camera it >worked, but I encountered problems. Then I configured the cable >modem as a bridge and all problems disappeared. Yes, every ISP modem/router I've ever had had the possibility to open specific ports. However I'm not certain any had the possibility to be configured as a bridge, apart from opening all ports or disabling the firewall. Either way this approach is currently not feasible for me but I'll keep the possibility in mind. R.
Re: May 30th 2022, Google and IMAP
On Fri, Mar 04, 2022 at 09:18:42PM +0100, René J.V. Bertin wrote: > On Friday March 04 2022 14:22:27 A. F. Cano wrote: > > >If you run the FreedomBox in a standalone box as the gateway/firewall, > >like I do, and the email server is on it, it is not in your lan. The > > I don't know where you are, but here internet connectivity is provided > through modem/routers that are provided by the ISP, and have the firewall > etc. installed. It's their property running a firmware they provide and Same here. > keep up to date, and that makes updating (and hopefully also breaches > and the like) their problem as long as I don't do anything too wild with > the configuration. With the default set-up the entire LAN is invisible In router mode, that is the case here too. I ran the FreedomBox "behind router/in NAT mode" (this is a setting in the FreedomBox) for a while, but encountered issues with certain apps. The ISP doesn't always have your flexibility and convenience in mind. I hated it when things wouldn't work as expected and I had to waste time figuring out that they were blocking this or that, and sometimes with an update of their software the behavior would change, and I have no choice about their updates. > from the outside world, except for devices that know how to tunnel to > the outside (I had a surveillance camera for our puppy that did this). > TBH that suits me just fine! This assumes that they let you open ports. Obviously for your camera it worked, but I encountered problems. Then I configured the cable modem as a bridge and all problems disappeared. Even in this mode, the FreedomBox makes my internal networks invisible to the outside but I can initiate connections from the inside, which is how I use fetchmail for instance. I like the fact that all the configuration (in the FreedomBox) is open source, transparent, with good support from the developers via the mailing list, and not subject to corporate interests that might conflict with what I want to do. > ... A.
Re: May 30th 2022, Google and IMAP
On Friday March 04 2022 14:22:27 A. F. Cano wrote: >If you run the FreedomBox in a standalone box as the gateway/firewall, >like I do, and the email server is on it, it is not in your lan. The I don't know where you are, but here internet connectivity is provided through modem/routers that are provided by the ISP, and have the firewall etc. installed. It's their property running a firmware they provide and keep up to date, and that makes updating (and hopefully also breaches and the like) their problem as long as I don't do anything too wild with the configuration. With the default set-up the entire LAN is invisible from the outside world, except for devices that know how to tunnel to the outside (I had a surveillance camera for our puppy that did this). TBH that suits me just fine! It turns out that after activating 2-factor auth you indeed get the possibility to define app-specific passwords. Just like with Apple's iCloud you can use those pws to log in with your username. And as with iCloud, there's nothing app-specific in these passwords; you can define one of them and use it with each and every app you want, from each and every host you have. The only additional security you get is that these are random, strong passwords (but if you define 10 of them that increases the chance to brute-force one by a factor 10, I think). Well, that, and someone who does guess the pw cannot lock you out, I presume. I did not (yet) get a warning email on the account where I had that enabled, so we'll see on May 30th if this continues to work. R
Re: May 30th 2022, Google and IMAP
On Fri, Mar 04, 2022 at 05:35:54PM +0100, René J.V. Bertin wrote: > On Friday March 04 2022 09:31:18 A. F. Cano wrote: > > >Well, not remote and not managed for you, but the next release > >(migrating to stable in a few days) of FreedomBox > >(https://www.freedombox.org), is finally adding a mail server. > > That would mean running a server that you need to be able to access from > wherever you want to read your email? Not really what I'm looking for, Fair enough. If you wanted to have your server accessible 24/7 you'd have to have it on all the time. For email you'd get warnings or bounces if that weren't the case. > I'd rather have something that is either provided by a 3rd party or that > I can run on my laptop (Mac or Linux). FreedomBox is a bootable Debian on an SD card with a web interface, it can run in a virtual machine on your laptop or stand-alone in a server box. The latter could be in a variety of cheap hardware as can be seen here: https://www.freedombox.org/download/ I run it on a PC engines APU1D4, with 3 network interfaces, so it is also my firewall between the cable modem and my internal networks. Still, if you ran it in a VM on your laptop and turned it off regularly, you'd still get warnings/bounces. > ... > GMail only gets information from me that I don't mind exposing to them. > As I said, email is inherently insecure. Having to expose a server in > my LAN is a much bigger potential security risk, I fear. If you run the FreedomBox in a standalone box as the gateway/firewall, like I do, and the email server is on it, it is not in your lan. The FreedomBox has good secusity and privacy, and many other apps. I use just a subset of the apps available: privoxy, a matrix server for video conferencing, the meta-search-engine searx, the radicale server to sync all contacts/calendars/todo lists with Kaddressbook, Korganizer, phones, ikiwiki blog, chat servers (ejabberd and mumble), the Sharing app to have files accessible for download, syncthing, gobby server for shared editing, and there are many more that I haven't tried yet. >...
Re: May 30th 2022, Google and IMAP
On Friday March 04 2022 09:31:18 A. F. Cano wrote: >Well, not remote and not managed for you, but the next release >(migrating to stable in a few days) of FreedomBox >(https://www.freedombox.org), is finally adding a mail server. That would mean running a server that you need to be able to access from wherever you want to read your email? Not really what I'm looking for, I'd rather have something that is either provided by a 3rd party or that I can run on my laptop (Mac or Linux). >I am curious, isn't the filtering and sorting into folders a function of >the client? Doesn't Kmail do that? KMail can, but if the server can do it you don't have to set up the filtering rules in every imap client you might use (and having 2 or more running at the same time might be problematic with that). >One of the reasons I'm not using gmail any more is the constant changes >and the collection of information (in the name of security) by google. GMail only gets information from me that I don't mind exposing to them. As I said, email is inherently insecure. Having to expose a server in my LAN is a much bigger potential security risk, I fear. On Friday March 04 2022 16:01:37 Patrick Nagel wrote: >I guess you're referring to Google forcing OAuth instead of username/password >authentication? Care to post a link to that announcement? Activate "insecure access" and you'll get an email... Here are the contents: https://arstechnica.com/civis/viewtopic.php?f=16&t=1482849&p=40716726#p40716726 >Pretty sure there is a way to make KMail4 work as well with OAuth. Probably >something like https://github.com/oauth2-proxy/oauth2-proxy should work. But >then again, what's wrong with KMail5? 😀 (it can even insert emojis, see? 😉) There's probably nothing wrong with KMail5 if you're one of the people for whom it never acts up, and if you don't mind the fact it uses QtWebEngine which is vastly overkill for rendering simple html email. When they refused even to consider supporting QtWebkit as well I more or less vowed I would never upgrade (also because going back from an upgrade is basically impossible). There's also the fact that I have a few custom mods in KMail, like an option not to select any message when changing to a new folder, and that I currently build and package all my KF5 stuff myself. Which would be a lot of work for KDEPIM5... I did remember though that I probably disabled the insecure access from a secondary account and configured KMail4 on one of my machines to work with that. Possibly because this was announced a (long) while ago. I'll just have to find which machine and which account, plus remember how I did it. R.
Re: May 30th 2022, Google and IMAP
Hi, On Friday, 4 March 2022 12:53:35 CET René J.V. Bertin wrote: > So it appears that on May 30th Google is going to cut off "good old" IMAP > access to GMail (as if email is such an inherently secure medium that you > really need that additional login security...). If I hadn't come to depend on > having around 15Gb of free remote email storage with (remote filtering into) > lots of folders I'd jump ship now, but I wouldn't really know where. > > I suppose KMail5 will continue to work, but not KMail4 which I still vastly > prefer. I know some of you use claws as a fallback ... what options will > there be to continue to use a traditional imap client with GMail? I guess you're referring to Google forcing OAuth instead of username/password authentication? Care to post a link to that announcement? Pretty sure there is a way to make KMail4 work as well with OAuth. Probably something like https://github.com/oauth2-proxy/oauth2-proxy should work. But then again, what's wrong with KMail5? 😀 (it can even insert emojis, see? 😉) Patrick.
Re: May 30th 2022, Google and IMAP
On Fri, Mar 04, 2022 at 12:53:35PM +0100, René J.V. Bertin wrote: > Hi, > > [Apologies if you get this twice!] > > So it appears that on May 30th Google is going to cut off "good old" > IMAP access to GMail (as if email is such an inherently secure medium > that you really need that additional login security...). If I hadn't > come to depend on having around 15Gb of free remote email storage with > (remote filtering into) lots of folders I'd jump ship now, but I > wouldn't really know where. Well, not remote and not managed for you, but the next release (migrating to stable in a few days) of FreedomBox (https://www.freedombox.org), is finally adding a mail server. This project is designed to decentralize the internet and provide the usual cloud services on inexpensive hardware with easy setup and no maintenance. It is steadily being improved. I've been running one for years and couldn't do without it. > I suppose KMail5 will continue to work, but not KMail4 which I still > vastly prefer. I know some of you use claws as a fallback ... what > options will there be to continue to use a traditional imap client > with GMail? The filtering into multiple folders I do with xbuffy and procmail. but I don't use Kmail. The server part at least would be handled by the FreedomBox. I am curious, isn't the filtering and sorting into folders a function of the client? Doesn't Kmail do that? > I suppose it should be possible to write an interface that connects > to GMail via a sanctioned method and presents itself as a standard > IMAP server to email clients. Maybe such a thing exists already? One of the reasons I'm not using gmail any more is the constant changes and the collection of information (in the name of security) by google. I want to set up something (like email), get it to work and then forget about it. I hope this helps somehow. Once I set up the FreedomBox mail server, I plan to try it with Kmail, in addition to my regular fetchmail/procmail/xbuffy/mutt setup. Augustine
May 30th 2022, Google and IMAP
Hi, [Apologies if you get this twice!] So it appears that on May 30th Google is going to cut off "good old" IMAP access to GMail (as if email is such an inherently secure medium that you really need that additional login security...). If I hadn't come to depend on having around 15Gb of free remote email storage with (remote filtering into) lots of folders I'd jump ship now, but I wouldn't really know where. I suppose KMail5 will continue to work, but not KMail4 which I still vastly prefer. I know some of you use claws as a fallback ... what options will there be to continue to use a traditional imap client with GMail? I suppose it should be possible to write an interface that connects to GMail via a sanctioned method and presents itself as a standard IMAP server to email clients. Maybe such a thing exists already? Thanks, R.