Comments (5)
Finally, I figure out how to bypass AppArmor in my issue!
Here is the step-by-step to configure msmtp + OAuth2 in a Debian Testing (Linux marcelo 5.7.0-2-amd64 #1 SMP Debian 5.7.10-1 (2020-07-26) x86_64 GNU/Linux)
- Read the Christian Tenllado's tutorial at here.
- Download
oauth2token
from here andoauth2.py
from here. - Save those files in /home/youruser/bin/OAuth2/ (my suggestion).
chmod u+r+x oauth2.py
andchmod u+r+x oauth2token
.- Edit the
msmtprc
file. This is relevant section:
account YZYZYZ
host smtp.gmail.com
from [email protected]
port 587
protocol smtp
tls on
tls_trust_file /etc/ssl/certs/ca-certificates.crt
auth oauthbearer
user [email protected]
passwordeval /home/youruser/bin/OAuth2/oauth2token [email protected] YZYZYZ
Pay particular attention to YZYZYZ
is repeated five times.
- Proceed to Luxing Huang tutorial steps 1 to 5 and setup the Google recommended OAuth 2.0 way for Mutt, msmtp, offlineimap and so on.
- You’ll be given an OAuth client ID and secret. Write this down somewhere.
- Run this command:
$ ./oauth2.py [email protected] --client_id=2345...0123.apps.googleusercontent.com --client_secret=s_ec_ret --generate_oauth2_token
- Access the link given, authenticate yourself, login and grant permission.
- Paste the response code back to terminal.
- Write down the access token and refresh token in somewhere.
- Store the client-id, client-secret and refresh keys by using secret-tool (
apt install libsecret-tools
):
secret-tool store --label=msmtp-oauth2 YZYZYZ client-id
Password:<copy client-id and paste it here>
secret-tool store --label=msmtp-oauth2 YZYZYZ client-secret
Password:<copy client-secret and paste it here>
secret-tool store --label=msmtp-oauth2 YZYZYZ refresh
Password:<copy refresh and paste it here>
Pay particular attention to YZYZYZ
.
Open gnome-keyring
(apt install gnome-keyring
) and check if those tokens are correct.
- Verify if
msmtp
is ruled byAppArmor
by runing:
$ sudo aa-status | grep msmtp
msmtp
msmtp//helpers
If you see an output like the above, it is ruled.
Edit /etc/apparmor.d/usr.bin.msmtp
and insert these rules:
@{HOME}/bin/OAuth2/oauth2.py PUx,
@{HOME}/bin/OAuth2/oauth2token PUx,
- The end of
/etc/apparmor.d/usr.bin.msmtp
file will be like this:
owner /tmp/* rw,
/usr/bin/secret-tool PUx,
/usr/bin/gpg{,2} PUx,
/usr/bin/pass PUx,
/usr/bin/head PUx,
/usr/bin/keyring PUx,
/{,usr/}bin/cat PUx,
@{HOME}/bin/OAuth2/oauth2.py PUx,
@{HOME}/bin/OAuth2/oauth2token PUx,
}
#include <local/usr.bin.msmtp>
}
- Run:
$ sudo aa-enforce /etc/apparmor.d/usr.bin.msmtp
To test, send me a e-mail at marcelolaia at gmail dot com
(Please, can an expert read this steps and revise it, please?)
from msmtp.
I found two issues:
-
I need to disable
/etc/apparmor.d/usr.bin.msmtp
profile temporarily by runningsudo aa-disable /etc/apparmor.d/usr.bin.msmtp
-
The correct way to store the client-id, client-secret and refresh keys are:
secret-tool store --label=msmtp-oauth2 <account-name> client-id
secret-tool store --label=msmtp-oauth2 <account-name> client-secret
secret-tool store --label=msmtp-oauth2 <account-name> refresh
Now, I need to figure out how adding rules for msmtp+oauth2token+oauth2.py
in /etc/apparmor.d/usr.bin.msmtp
file.
from msmtp.
Thank you very much for figuring this out. This is yet another example of AppArmor creating a problem that is hard to debug. I added a news entry on the msmtp web site about this in the hope that it may help others find this information.
from msmtp.
I can confirm the ^ apparmor changes worked for me too; I independently arrived at the same conclusion. I couldn't figure out how to get the equivalent change in /etc/apparmor.d/local/usr.bin.msmtp
to work (which would be way more ideal)
from msmtp.
There is hope that the AppArmor profile will be fixed or will be opt-in, see
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=975333
from msmtp.
Related Issues (20)
- trying to somewhat manually compile on old Debian Wheezy HOT 8
- [request] ability to work with custom headers HOT 3
- msmtpd authentication does not work with mutt HOT 2
- Canonical repo HOT 1
- msmtp running on GCP VM Centos7 HOT 4
- `msmtp --help` and msmtp’s man page disagree about `-F` and `-v` HOT 1
- msmtp’s man page doesn’t mention `-A` HOT 1
- Subaddress matching disables wildcard support HOT 4
- configure - syntax error near unexpected token libgnutls HOT 3
- full-name in From: header HOT 3
- Listen to several interfaces HOT 1
- Account fallback HOT 1
- `Date:` header added is wrong HOT 2
- msmtpq as sendmail piping mail through pager when used with mutt-ical.py HOT 6
- ENV Variables in /etc/msmtp config HOT 1
- Mail rejected with smtpstatus=552 by server HOT 5
- Recipient not rewritten for mail to a local user when address contains the local hostname/mailname HOT 1
- About Undisclosed Recipients HOT 1
- Improved Documentation Request: Configuration File Requirement: Default Account HOT 2
- Version 1.8.26: error: 'GNUTLS_CB_TLS_EXPORTER' undeclared HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from msmtp.