Difference between revisions of "Integrating RT Email with Google Mail (Gmail)"

From Request Tracker Wiki
Jump to navigation Jump to search
m (Jbrandt moved page Set Up RT With Gmail to Integrating RT Email with Google Mail (Gmail) without leaving a redirect)
 
Line 1: Line 1:
== Incoming emails ==
== Retrieving email from a Google Mailbox ==


Assuming "your_account@gmail.com" is RT's correspond address:
The utility [https://pyropus.ca/software/getmail/ getmail] version 5.6 and later comes with a script <code>getmail-gmail-xoauth-tokens</code> which can be used to set up the required OAuth2 configuration to fetch email. The steps for setting up this configuration are described below, starting with configuration in Google.


    Set( $CorrespondAddress, 'your_account@gmail.com' );
=== Set up OAuth2 client in Google ===


To run getmail on an RT server, set it up as a "Desktop App", one of the options noted in the [https://developers.google.com/identity/protocols/oauth2/native-app Google documentation]. Following instructions on that page, keeping the following notes in mind:


=== Using getmail 5.6+ to fetch emails ===
* Enable the "Gmail API" as noted in the docs.
* On the "OAuth consent screen" create, select "Internal" user type, add scope: "Gmail API .../auth/gmail.modify Read, compose, and send emails from your Gmail account"
* On client id create, set the application type to "Desktop app"


==== Set up OAuth2 client on google side ====
Save the provided "Client ID" and "Client secret" values. These are needed in the next step.


Based on https://developers.google.com/identity/protocols/oauth2/native-app, here are some notes:
=== Set up getmail on RT server ===


    Enable "Gmail API"
The following are based on [https://www.bytereef.org/howto/oauth2/getmail.html Stefan Krah's notes], with a few updates.


    On "OAuth consent screen" create, select "Internal" user type, add scrop: "Gmail API .../auth/gmail.modify Read, compose, and send emails from your Gmail account"
1. Get the initial OAuth2 token
 
    On client id create, set the application type to "Desktop app"
 
Save the "Client ID" and "Client secret" values, which we will need in the next step.
 
==== Setup getmail on RT server ====
 
Based on https://www.bytereef.org/howto/oauth2/getmail.html
 
1. Get initial OAuth2 token


Create /home/user/.getmail/gmail.json
Create /home/user/.getmail/gmail.json
Line 37: Line 30:
     "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs"}
     "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs"}


Fill "client_id" and "client_secret" with the real values from previous step.
Fill "client_id" and "client_secret" with the real values from the previous step.


Note that redirect_uri "urn:ietf:wg:oauth:2.0:oob" does '''not''' work any more, we need to give it a URL, which google will redirect to once user approves the access.
Note that redirect_uri "urn:ietf:wg:oauth:2.0:oob" no longer works. You need to give it a URL, which Google will redirect to once you approve the access.


     chmod 600 /home/user/.getmail/gmail.json
     chmod 600 /home/user/.getmail/gmail.json


Then run command:
Then run:


     getmail-gmail-xoauth-tokens --init /home/user/.getmail/gmail.json
     getmail-gmail-xoauth-tokens --init /home/user/.getmail/gmail.json


It outputs a google URL, go to that URL and approves it as "your_account@gmail.com", which will redirects to URL like:
This outputs a Google URL and a prompt will wait for a token. Go to that URL and approve it as "your_account@gmail.com". It will then redirect to a URL like:


     http://localhost/?code=A-VERY-LONG-STRING&scope=https://mail.google.com/
     http://localhost/?code=A-VERY-LONG-STRING&scope=https://mail.google.com/


Copy the code value from URL and paste it to the previous getmail-gmail-xoauth-tokens command window, then hit "Return".
Copy the URL and extract the code value, then paste it in the <code>getmail-gmail-xoauth-tokens</code> prompt that is waiting. Hit Return and <code>getmail-gmail-xoauth-tokens</code> should quit silently.
If everything goes well, getmail-gmail-xoauth-tokens shall quit silently.
 


2. Fetch emails
2. Configure getmail to retrieve email


The following is similar to a standard getmail configuration.


Create /home/user/.getmail/getmailrc
Create /home/user/.getmail/getmailrc:


     [retriever]
     [retriever]
Line 85: Line 77:
     */3 * * * * user /usr/bin/getmail --rcfile=/home/user/.getmail/getmailrc --quiet
     */3 * * * * user /usr/bin/getmail --rcfile=/home/user/.getmail/getmailrc --quiet


== Sending email via Google SMTP ==


== Outgoing emails ==
For RT, we usually configure postfix to relay to Google via SMTP. For this to work, you need to allow the RT server to send via your Google account. See the [https://support.google.com/a/answer/2956491 Google documentation], along with the following notes:
 
=== Route through Google ===
 
Based on https://support.google.com/a/answer/2956491, here are a few extra notes:


    In step 6(Allowed senders section), choose "Only addresses in my domains"
* In step 6 (Allowed senders section), choose "Only addresses in my domains"
    In step 7(Authentication section), choose "Only accept mail from the specified IP addresses", do '''not''' choose "Require SMTP Authentication"
* In step 7 (Authentication section), choose "Only accept mail from the specified IP addresses". do not choose "Require SMTP Authentication"
    In step 8(Add allowed IP), add public IP address of RT server
* In step 8 (Add allowed IP), add public IP address of RT server


Turn on sender envelope in RT site config:
Turn on sender envelope in RT site config:


     Set( $SetOutgoingMailFrom, 1 );
     Set( $SetOutgoingMailFrom, 1 );

Latest revision as of 11:42, 19 May 2022

Retrieving email from a Google Mailbox

The utility getmail version 5.6 and later comes with a script getmail-gmail-xoauth-tokens which can be used to set up the required OAuth2 configuration to fetch email. The steps for setting up this configuration are described below, starting with configuration in Google.

Set up OAuth2 client in Google

To run getmail on an RT server, set it up as a "Desktop App", one of the options noted in the Google documentation. Following instructions on that page, keeping the following notes in mind:

  • Enable the "Gmail API" as noted in the docs.
  • On the "OAuth consent screen" create, select "Internal" user type, add scope: "Gmail API .../auth/gmail.modify Read, compose, and send emails from your Gmail account"
  • On client id create, set the application type to "Desktop app"

Save the provided "Client ID" and "Client secret" values. These are needed in the next step.

Set up getmail on RT server

The following are based on Stefan Krah's notes, with a few updates.

1. Get the initial OAuth2 token

Create /home/user/.getmail/gmail.json

   {"scope": "https://mail.google.com/",
    "user": "your_account@gmail.com",
    "client_id": "xzy.apps.googleusercontent.com",
    "client_secret": "foo",
    "token_uri": "https://accounts.google.com/o/oauth2/token",
    "auth_uri": "https://accounts.google.com/o/oauth2/auth",
    "redirect_uri": "http://localhost/",
    "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs"}

Fill "client_id" and "client_secret" with the real values from the previous step.

Note that redirect_uri "urn:ietf:wg:oauth:2.0:oob" no longer works. You need to give it a URL, which Google will redirect to once you approve the access.

   chmod 600 /home/user/.getmail/gmail.json

Then run:

   getmail-gmail-xoauth-tokens --init /home/user/.getmail/gmail.json

This outputs a Google URL and a prompt will wait for a token. Go to that URL and approve it as "your_account@gmail.com". It will then redirect to a URL like:

   http://localhost/?code=A-VERY-LONG-STRING&scope=https://mail.google.com/

Copy the URL and extract the code value, then paste it in the getmail-gmail-xoauth-tokens prompt that is waiting. Hit Return and getmail-gmail-xoauth-tokens should quit silently.

2. Configure getmail to retrieve email

The following is similar to a standard getmail configuration.

Create /home/user/.getmail/getmailrc:

   [retriever]
   type = SimpleIMAPSSLRetriever
   server = imap.gmail.com
   username = your_account@gmail.com
   use_xoauth2 = True
   password_command = ("getmail-gmail-xoauth-tokens", "/home/user/.getmail/gmail.json")
   
   [destination]
   type = MDA_external
   path = /opt/rt5/bin/rt-mailgate
   user = root
   group = root
   arguments = ("--url", "http://localhost", "--queue", "General", "--action", "correspond",)
   
   [options]
   read_all = false

Test it:

   /usr/bin/getmail --rcfile=/home/user/.getmail/getmailrc

Then edit /etc/cron.d/rt to fetch mail regularly:

   */3 * * * * user /usr/bin/getmail --rcfile=/home/user/.getmail/getmailrc --quiet

Sending email via Google SMTP

For RT, we usually configure postfix to relay to Google via SMTP. For this to work, you need to allow the RT server to send via your Google account. See the Google documentation, along with the following notes:

  • In step 6 (Allowed senders section), choose "Only addresses in my domains"
  • In step 7 (Authentication section), choose "Only accept mail from the specified IP addresses". do not choose "Require SMTP Authentication"
  • In step 8 (Add allowed IP), add public IP address of RT server

Turn on sender envelope in RT site config:

   Set( $SetOutgoingMailFrom, 1 );