apps that are using less secure sign-in technology

artlessknave · Mar 4, 2022, 11:19 PM

I have been using gmail to send myself notifications, but it looks like google has decided I am too stupid to know how to do that correctly, and will unilaterally disable the ability to do this (I have an account that does nothing but send the emails, it doesnt need to be" secure", so this is very annoying.

TrueNAS has OATH, but i don't see that in pfsense. what kind of options are available for the simplest way to send out such notifications? I dont have a mail server setup, and I think it's safe to assume most smtp will be going away from free options.
I would use prefer to use protonmail, but it doesn't have smtp already.

"To help keep your account secure, Google will no longer support the use of third-party apps or devices which ask you to sign in to your Google Account using only your username and password. Instead, you’ll need to sign in using Sign in with Google or other more secure technologies, like OAuth 2.0. Learn moreWhat do you need to do?

An app or device which uses Simple Mail Transfer Protocol (SMTP) to send emails using your Google Account has less secure access to your Gmail. This might be an older device, like a printer or scanner. To continue using your Google Account with this app or device:

App - Remove your Google Account from the app or device and sign in again using Sign in with Google
Device - Change your device’s settings so you’re using more secure sign-in technology"

SteveITS · Mar 4, 2022, 11:36 PM

@artlessknave If you're sending to yourself you can just email your MX. So for you@gmail.com use gmail-smtp-in.l.google.com as the SMTP server, port 25, no login or password.

If you have a residential or dynamic IP sometimes mail servers can get picky about that being spammy and reject it, but you could at least try it.

artlessknave · Mar 5, 2022, 2:12 AM

@steveits said in apps that are using less secure sign-in technology:

gmail-smtp-in.l.google.com

mail servers is not something I know much about. what does "email your MX" mean?

I nuked everything but email server, port, and destination email addressed, and i get:

Failed to connect to gmail-smtp-in.l.google.com:25 [SMTP: Failed to connect socket: Operation timed out (code: -1, response: )]

tquade · Mar 5, 2022, 2:03 AM

@artlessknave Does your ISP provide email services?

Ted

SteveITS · Mar 5, 2022, 2:12 AM

@artlessknave An MX is a Mail Exchange, a mail server that receives mail for a domain. Sending mail to a domain looks up the MX record in DNS and sends mail there.

If you are on a residential connection it's quite possible your ISP has blocked port 25. They often do that because residential customers normally don't deliver mail on port 25 unless they're infected.

Ideas:

a cheap web site that has email
your ISP's SMTP as Ted noted
some SMTP service like smtp2go.com (never used them myself)

artlessknave · Mar 5, 2022, 4:56 AM

@tquade said in apps that are using less secure sign-in technology:

Does your ISP provide email services?

yes. with 2fa. useless with pfsense, since 2fa is basically the problem. sigh
ive thought of maybe sending mails to truenas and then through gmail, but that kinda relying on my truenas also working. hmm.

artlessknave · Mar 6, 2022, 1:43 AM

ok, I put in a feature request and a suggestion came from that about app passwords, which I had no idea existed because they are only available once you have 2fa turned on, and I never had it turned on because I only used the password for this account that only sends these notification emails.

that has given me another path i can use, at least until google decides to change things again.

SteveITS · Mar 6, 2022, 1:43 AM

@artlessknave ah, yes if they allow that. Basically a second password but the idea is it’s long and random and not used anywhere else.

Gertjan · Mar 7, 2022, 9:45 AM

@artlessknave said in apps that are using less secure sign-in technology:

it doesnt need to be" secure", so this is very annoying.

The identification has to be secured, if not, the mail address will get used for spamming. Look what happened to yahoo/msn/hotmail : they started thinking way to late.

App paswords have to be used by apps. (humm, seems logic) That is : everything that is not a native gmail app, or a web browser logging (oath will get used if the device used is unknown).

pfSense works just fine with gmail, I've been using it for years. Not only all my pfSense routers are using gmail, also my printers, NASs etc.

Btw : no need tp use the gmail auth smtp to receive a gmail notification on your phone.
You can also use the mail server of your ISP, or any other mail server. The destination mail should be your gmail mail address. But, be careful, the mails send by devices as pfSEnse have a greater chance of being "blocked as spam".

artlessknave · Mar 7, 2022, 6:10 PM

the problem is already solved.
the account was already secured. by a password 30 characters long randomly generated.
it was not at risk.
it only serves this purpose, its not my email account, so i never log into it, except when they break things in the name of "security".

because i never log into it, i had no idea app passwords was a thing that could be used; they don't show up as even existing until you have 2fa on, but why would I turn 2fa on and break my notifications, thus, creating a circle.

i have another account that is for arctual google services that doesn't use external apps, and all my google-fu failed to find any reference to app passwords. the first I heard of it was by chance in the feature request. once I knew that existed, i was able to find out that 2fa needs to be ON to even see it.

i know perfectly well how to read my email...