Integrating RT Email with Google Mail (Gmail)

From Request Tracker Wiki
Revision as of 09:23, 19 May 2022 by Sunnavy (talk | contribs) (Created page with "== Incoming emails == Assuming "your_account@gmail.com" is RT's correspond address: Set( $CorrespondAddress, 'your_account@gmail.com' ); === Using getmail 5.6+ to fetch emails === ==== Set up OAuth2 client on google side ==== Based on https://developers.google.com/identity/protocols/oauth2/native-app, here are some notes: Enable "Gmail API" On "OAuth consent screen" create, select "Internal" user type, add scrop: "Gmail API .../auth/gmail.modify Read,...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Incoming emails

Assuming "your_account@gmail.com" is RT's correspond address:

   Set( $CorrespondAddress, 'your_account@gmail.com' );


Using getmail 5.6+ to fetch emails

Set up OAuth2 client on google side

Based on https://developers.google.com/identity/protocols/oauth2/native-app, here are some notes:

   Enable "Gmail API"
   On "OAuth consent screen" create, select "Internal" user type, add scrop: "Gmail API .../auth/gmail.modify Read, compose, and send emails from your Gmail account"
   On client id create, set the application type to "Desktop app"

Save the "Client ID" and "Client secret" values, which we will need in the next step.

Setup getmail on RT server

Based on https://www.bytereef.org/howto/oauth2/getmail.html

1. Get initial OAuth2 token

Create /home/user/.getmail/gmail.json

   {"scope": "https://mail.google.com/",
    "user": "your_account@gmail.com",
    "client_id": "xzy.apps.googleusercontent.com",
    "client_secret": "foo",
    "token_uri": "https://accounts.google.com/o/oauth2/token",
    "auth_uri": "https://accounts.google.com/o/oauth2/auth",
    "redirect_uri": "http://localhost/",
    "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs"}

Fill "client_id" and "client_secret" with the real values from previous step.

Note that redirect_uri "urn:ietf:wg:oauth:2.0:oob" does not work any more, we need to give it a URL, which google will redirect to once user approves the access.

   chmod 600 /home/user/.getmail/gmail.json

Then run command:

   getmail-gmail-xoauth-tokens --init /home/user/.getmail/gmail.json

It outputs a google URL, go to that URL and approves it as "your_account@gmail.com", which will redirects to URL like:

   http://localhost/?code=A-VERY-LONG-STRING&scope=https://mail.google.com/

Copy the code value from URL and paste it to the previous getmail-gmail-xoauth-tokens command window, then hit "Return". If everything goes well, getmail-gmail-xoauth-tokens shall quit silently.


2. Fetch emails


Create /home/user/.getmail/getmailrc

   [retriever]
   type = SimpleIMAPSSLRetriever
   server = imap.gmail.com
   username = your_account@gmail.com
   use_xoauth2 = True
   password_command = ("getmail-gmail-xoauth-tokens", "/home/user/.getmail/gmail.json")
   
   [destination]
   type = MDA_external
   path = /opt/rt5/bin/rt-mailgate
   user = root
   group = root
   arguments = ("--url", "http://localhost", "--queue", "General", "--action", "correspond",)
   
   [options]
   read_all = false

Test it:

   /usr/bin/getmail --rcfile=/home/user/.getmail/getmailrc

Then edit /etc/cron.d/rt to fetch mail regularly:

   */3 * * * * user /usr/bin/getmail --rcfile=/home/user/.getmail/getmailrc --quiet


Outgoing emails

Route through Google

Based on https://support.google.com/a/answer/2956491, here are a few extra notes:

   In step 6(Allowed senders section), choose "Only addresses in my domains"
   In step 7(Authentication section), choose "Only accept mail from the specified IP addresses", do not choose "Require SMTP Authentication"
   In step 8(Add allowed IP), add public IP address of RT server

Turn on sender envelope in RT site config:

   Set( $SetOutgoingMailFrom, 1 );