Integrating RT Email with Google Mail (Gmail): Difference between revisions
(Created page with "== Incoming emails == Assuming "your_account@gmail.com" is RT's correspond address: Set( $CorrespondAddress, 'your_account@gmail.com' ); === Using getmail 5.6+ to fetch emails === ==== Set up OAuth2 client on google side ==== Based on https://developers.google.com/identity/protocols/oauth2/native-app, here are some notes: Enable "Gmail API" On "OAuth consent screen" create, select "Internal" user type, add scrop: "Gmail API .../auth/gmail.modify Read,...") |
No edit summary |
||
(One intermediate revision by the same user not shown) | |||
Line 1: | Line 1: | ||
== | == Retrieving email from a Google Mailbox == | ||
The utility [https://pyropus.ca/software/getmail/ getmail] version 5.6 and later comes with a script <code>getmail-gmail-xoauth-tokens</code> which can be used to set up the required OAuth2 configuration to fetch email. The steps for setting up this configuration are described below, starting with configuration in Google. | |||
=== Set up OAuth2 client in Google === | |||
To run getmail on an RT server, set it up as a "Desktop App", one of the options noted in the [https://developers.google.com/identity/protocols/oauth2/native-app Google documentation]. Following instructions on that page, keeping the following notes in mind: | |||
* Enable the "Gmail API" as noted in the docs. | |||
* On the "OAuth consent screen" create, select "Internal" user type, add scope: "Gmail API .../auth/gmail.modify Read, compose, and send emails from your Gmail account" | |||
* On client id create, set the application type to "Desktop app" | |||
Save the provided "Client ID" and "Client secret" values. These are needed in the next step. | |||
=== Set up getmail on RT server === | |||
The following are based on [https://www.bytereef.org/howto/oauth2/getmail.html Stefan Krah's notes], with a few updates. | |||
1. Get the initial OAuth2 token | |||
1. Get initial OAuth2 token | |||
Create /home/user/.getmail/gmail.json | Create /home/user/.getmail/gmail.json | ||
Line 37: | Line 30: | ||
"auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs"} | "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs"} | ||
Fill "client_id" and "client_secret" with the real values from previous step. | Fill "client_id" and "client_secret" with the real values from the previous step. | ||
Note that redirect_uri "urn:ietf:wg:oauth:2.0:oob" | Note that redirect_uri "urn:ietf:wg:oauth:2.0:oob" no longer works. You need to give it a URL, which Google will redirect to once you approve the access. | ||
chmod 600 /home/user/.getmail/gmail.json | chmod 600 /home/user/.getmail/gmail.json | ||
Then run | Then run: | ||
getmail-gmail-xoauth-tokens --init /home/user/.getmail/gmail.json | getmail-gmail-xoauth-tokens --init /home/user/.getmail/gmail.json | ||
This outputs a Google URL and a prompt will wait for a token. Go to that URL and approve it as "your_account@gmail.com". It will then redirect to a URL like: | |||
http://localhost/?code=A-VERY-LONG-STRING&scope=https://mail.google.com/ | http://localhost/?code=A-VERY-LONG-STRING&scope=https://mail.google.com/ | ||
Copy the code value | Copy the URL and extract the code value, then paste it in the <code>getmail-gmail-xoauth-tokens</code> prompt that is waiting. Hit Return and <code>getmail-gmail-xoauth-tokens</code> should quit silently. | ||
2. | 2. Configure getmail to retrieve email | ||
The following is similar to a standard getmail configuration. | |||
Create /home/user/.getmail/getmailrc | Create /home/user/.getmail/getmailrc: | ||
[retriever] | [retriever] | ||
Line 85: | Line 77: | ||
*/3 * * * * user /usr/bin/getmail --rcfile=/home/user/.getmail/getmailrc --quiet | */3 * * * * user /usr/bin/getmail --rcfile=/home/user/.getmail/getmailrc --quiet | ||
== Sending email via Google SMTP == | |||
For RT, we usually configure postfix to relay to Google via SMTP. For this to work, you need to allow the RT server to send via your Google account. See the [https://support.google.com/a/answer/2956491 Google documentation], along with the following notes: | |||
* In step 6 (Allowed senders section), choose "Only addresses in my domains" | |||
* In step 7 (Authentication section), choose "Only accept mail from the specified IP addresses". do not choose "Require SMTP Authentication" | |||
* In step 8 (Add allowed IP), add public IP address of RT server | |||
Turn on sender envelope in RT site config: | Turn on sender envelope in RT site config: | ||
Set( $SetOutgoingMailFrom, 1 ); | Set( $SetOutgoingMailFrom, 1 ); |
Latest revision as of 10:42, 19 May 2022
Retrieving email from a Google Mailbox
The utility getmail version 5.6 and later comes with a script getmail-gmail-xoauth-tokens
which can be used to set up the required OAuth2 configuration to fetch email. The steps for setting up this configuration are described below, starting with configuration in Google.
Set up OAuth2 client in Google
To run getmail on an RT server, set it up as a "Desktop App", one of the options noted in the Google documentation. Following instructions on that page, keeping the following notes in mind:
- Enable the "Gmail API" as noted in the docs.
- On the "OAuth consent screen" create, select "Internal" user type, add scope: "Gmail API .../auth/gmail.modify Read, compose, and send emails from your Gmail account"
- On client id create, set the application type to "Desktop app"
Save the provided "Client ID" and "Client secret" values. These are needed in the next step.
Set up getmail on RT server
The following are based on Stefan Krah's notes, with a few updates.
1. Get the initial OAuth2 token
Create /home/user/.getmail/gmail.json
{"scope": "https://mail.google.com/", "user": "your_account@gmail.com", "client_id": "xzy.apps.googleusercontent.com", "client_secret": "foo", "token_uri": "https://accounts.google.com/o/oauth2/token", "auth_uri": "https://accounts.google.com/o/oauth2/auth", "redirect_uri": "http://localhost/", "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs"}
Fill "client_id" and "client_secret" with the real values from the previous step.
Note that redirect_uri "urn:ietf:wg:oauth:2.0:oob" no longer works. You need to give it a URL, which Google will redirect to once you approve the access.
chmod 600 /home/user/.getmail/gmail.json
Then run:
getmail-gmail-xoauth-tokens --init /home/user/.getmail/gmail.json
This outputs a Google URL and a prompt will wait for a token. Go to that URL and approve it as "your_account@gmail.com". It will then redirect to a URL like:
http://localhost/?code=A-VERY-LONG-STRING&scope=https://mail.google.com/
Copy the URL and extract the code value, then paste it in the getmail-gmail-xoauth-tokens
prompt that is waiting. Hit Return and getmail-gmail-xoauth-tokens
should quit silently.
2. Configure getmail to retrieve email
The following is similar to a standard getmail configuration.
Create /home/user/.getmail/getmailrc:
[retriever] type = SimpleIMAPSSLRetriever server = imap.gmail.com username = your_account@gmail.com use_xoauth2 = True password_command = ("getmail-gmail-xoauth-tokens", "/home/user/.getmail/gmail.json") [destination] type = MDA_external path = /opt/rt5/bin/rt-mailgate user = root group = root arguments = ("--url", "http://localhost", "--queue", "General", "--action", "correspond",) [options] read_all = false
Test it:
/usr/bin/getmail --rcfile=/home/user/.getmail/getmailrc
Then edit /etc/cron.d/rt to fetch mail regularly:
*/3 * * * * user /usr/bin/getmail --rcfile=/home/user/.getmail/getmailrc --quiet
Sending email via Google SMTP
For RT, we usually configure postfix to relay to Google via SMTP. For this to work, you need to allow the RT server to send via your Google account. See the Google documentation, along with the following notes:
- In step 6 (Allowed senders section), choose "Only addresses in my domains"
- In step 7 (Authentication section), choose "Only accept mail from the specified IP addresses". do not choose "Require SMTP Authentication"
- In step 8 (Add allowed IP), add public IP address of RT server
Turn on sender envelope in RT site config:
Set( $SetOutgoingMailFrom, 1 );