Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    apps that are using less secure sign-in technology

    Scheduled Pinned Locked Moved General pfSense Questions
    10 Posts 4 Posters 1.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      artlessknave
      last edited by artlessknave

      I have been using gmail to send myself notifications, but it looks like google has decided I am too stupid to know how to do that correctly, and will unilaterally disable the ability to do this (I have an account that does nothing but send the emails, it doesnt need to be" secure", so this is very annoying.

      TrueNAS has OATH, but i don't see that in pfsense. what kind of options are available for the simplest way to send out such notifications? I dont have a mail server setup, and I think it's safe to assume most smtp will be going away from free options.
      I would use prefer to use protonmail, but it doesn't have smtp already.

      "To help keep your account secure, Google will no longer support the use of third-party apps or devices which ask you to sign in to your Google Account using only your username and password. Instead, you’ll need to sign in using Sign in with Google or other more secure technologies, like OAuth 2.0. Learn moreWhat do you need to do?

      An app or device which uses Simple Mail Transfer Protocol (SMTP) to send emails using your Google Account has less secure access to your Gmail. This might be an older device, like a printer or scanner. To continue using your Google Account with this app or device:

      App - Remove your Google Account from the app or device and sign in again using Sign in with Google
Device - Change your device’s settings so you’re using more secure sign-in technology"

      A1SRi-2758F//32GB//Chelsio T520-CR//
      SC721TQ-250B//2x WD5000LPCX-00VHAT0

      S T GertjanG 3 Replies Last reply Reply Quote 0
      • S
        SteveITS Galactic Empire @artlessknave
        last edited by

        @artlessknave If you're sending to yourself you can just email your MX. So for you@gmail.com use gmail-smtp-in.l.google.com as the SMTP server, port 25, no login or password.

        If you have a residential or dynamic IP sometimes mail servers can get picky about that being spammy and reject it, but you could at least try it.

        Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
        When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
        Upvote 👍 helpful posts!

        A 1 Reply Last reply Reply Quote 0
        • A
          artlessknave @SteveITS
          last edited by artlessknave

          @steveits said in apps that are using less secure sign-in technology:

          gmail-smtp-in.l.google.com

          mail servers is not something I know much about. what does "email your MX" mean?

          I nuked everything but email server, port, and destination email addressed, and i get:

          Failed to connect to gmail-smtp-in.l.google.com:25 [SMTP: Failed to connect socket: Operation timed out (code: -1, response: )]

          A1SRi-2758F//32GB//Chelsio T520-CR//
          SC721TQ-250B//2x WD5000LPCX-00VHAT0

          S 1 Reply Last reply Reply Quote 0
          • T
            tquade @artlessknave
            last edited by

            @artlessknave Does your ISP provide email services?

            Ted

            A 1 Reply Last reply Reply Quote 0
            • S
              SteveITS Galactic Empire @artlessknave
              last edited by

              @artlessknave An MX is a Mail Exchange, a mail server that receives mail for a domain. Sending mail to a domain looks up the MX record in DNS and sends mail there.

              If you are on a residential connection it's quite possible your ISP has blocked port 25. They often do that because residential customers normally don't deliver mail on port 25 unless they're infected.

              Ideas:

              • a cheap web site that has email
              • your ISP's SMTP as Ted noted
              • some SMTP service like smtp2go.com (never used them myself)

              Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
              When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
              Upvote 👍 helpful posts!

              1 Reply Last reply Reply Quote 0
              • A
                artlessknave @tquade
                last edited by artlessknave

                @tquade said in apps that are using less secure sign-in technology:

                Does your ISP provide email services?

                yes. with 2fa. useless with pfsense, since 2fa is basically the problem. sigh
                ive thought of maybe sending mails to truenas and then through gmail, but that kinda relying on my truenas also working. hmm.

                A1SRi-2758F//32GB//Chelsio T520-CR//
                SC721TQ-250B//2x WD5000LPCX-00VHAT0

                A 1 Reply Last reply Reply Quote 0
                • A
                  artlessknave @artlessknave
                  last edited by artlessknave

                  ok, I put in a feature request and a suggestion came from that about app passwords, which I had no idea existed because they are only available once you have 2fa turned on, and I never had it turned on because I only used the password for this account that only sends these notification emails.

                  that has given me another path i can use, at least until google decides to change things again.

                  A1SRi-2758F//32GB//Chelsio T520-CR//
                  SC721TQ-250B//2x WD5000LPCX-00VHAT0

                  S 1 Reply Last reply Reply Quote 0
                  • S
                    SteveITS Galactic Empire @artlessknave
                    last edited by

                    @artlessknave ah, yes if they allow that. Basically a second password but the idea is it’s long and random and not used anywhere else.

                    Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
                    When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
                    Upvote 👍 helpful posts!

                    1 Reply Last reply Reply Quote 0
                    • GertjanG
                      Gertjan @artlessknave
                      last edited by

                      @artlessknave said in apps that are using less secure sign-in technology:

                      it doesnt need to be" secure", so this is very annoying.

                      The identification has to be secured, if not, the mail address will get used for spamming. Look what happened to yahoo/msn/hotmail : they started thinking way to late.

                      App paswords have to be used by apps. (humm, seems logic) That is : everything that is not a native gmail app, or a web browser logging (oath will get used if the device used is unknown).

                      pfSense works just fine with gmail, I've been using it for years. Not only all my pfSense routers are using gmail, also my printers, NASs etc.

                      Btw : no need tp use the gmail auth smtp to receive a gmail notification on your phone.
                      You can also use the mail server of your ISP, or any other mail server. The destination mail should be your gmail mail address. But, be careful, the mails send by devices as pfSEnse have a greater chance of being "blocked as spam".

                      No "help me" PM's please. Use the forum, the community will thank you.
                      Edit : and where are the logs ??

                      A 1 Reply Last reply Reply Quote 1
                      • A
                        artlessknave @Gertjan
                        last edited by artlessknave

                        the problem is already solved.
                        the account was already secured. by a password 30 characters long randomly generated.
                        it was not at risk.
                        it only serves this purpose, its not my email account, so i never log into it, except when they break things in the name of "security".

                        because i never log into it, i had no idea app passwords was a thing that could be used; they don't show up as even existing until you have 2fa on, but why would I turn 2fa on and break my notifications, thus, creating a circle.

                        i have another account that is for arctual google services that doesn't use external apps, and all my google-fu failed to find any reference to app passwords. the first I heard of it was by chance in the feature request. once I knew that existed, i was able to find out that 2fa needs to be ON to even see it.

                        i know perfectly well how to read my email...

                        A1SRi-2758F//32GB//Chelsio T520-CR//
                        SC721TQ-250B//2x WD5000LPCX-00VHAT0

                        1 Reply Last reply Reply Quote 1
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.