Description

[DevCEDTeam]

EXIM Section | google_functions solution: AUTH (with TLS Encryption): replace the current EXIM configuration (#Section: AUTH, #Section: ROUTERSTART, #Section: TRANSPORTSTART) from "spamgateway", SmartHost, to SSL/TLS encryption using Auth 2.0 client and Google Functions:

[DevCEDTeam]

Step 1: Install Required Packages Ensure that you have the necessary packages installed. You will need the google-auth, google-auth-oauthlib, and google-auth-httplib2 packages. You can install them using pip:

pip install google-auth google-auth-oauthlib google-auth-httplib2

Step 2: Create a Google Cloud Service Account If you haven't already, create a Google Cloud Service Account and download the JSON key file. Make sure it has the necessary permissions to access the Gmail API.

Step 3: Instructions on how to install a key file with JSON extension on Google Firebase:

Go to the Firebase console at console.firebase.google.com and select your project. Click on the gear icon in the top left corner and select "Project Settings". Click on the "Service Accounts" tab, which can be found at the bottom of the left-hand menu. Click on the "Generate New Private Key" button to download your key file, which will be in JSON format. Save the key file in a secure location on your server, and make note of the file path.

Step 4: Configure EXIM Open your EXIM configuration file and locate the relevant sections. Here's a sample configuration:

# Section: AUTH
firebase_auth_login:
  driver = plaintext
  public_name = LOGIN
  client_send = : <YOUR_SERVICE_ACCOUNT_EMAIL> : <PATH_TO_KEY_FILE_WITH_JSON_EXT>

# Section: ROUTERSTART
send_via_firebase:
  driver = manualroute
  domains = ! +local_domains
  transport = firebase_smtp
  route_list = "* smtp.gmail.com::587 byname"
  host_find_failed = defer
  no_more

#Section: TRANSPORTSTART 1
spamgateway_smtp:
  driver = smtp
  hosts = google_functions:<YOUR_SERVER_IP>:587
  hosts_require_auth = google_functions
  hosts_require_tls = google_functions

firebase_smtp:
  driver = smtp
  hosts = gmail-api::587
  hosts_require_auth = <YOUR_SERVICE_ACCOUNT_EMAIL> : <PATH_TO_KEY_FILE_WITH_JSON_EXT>

Replace the following placeholders with the appropriate values:

• <YOUR_SERVICE_ACCOUNT_EMAIL>: Replace with the email address of your Google service account: firebase-adminsdk-bpwq7@gmail-bulk-sending-389112.iam.gserviceaccount.com

• <PATH_TO_KEY_FILE_WITH_JSON_EXT>: Replace with the path to your Google service account JSON key file: /var/cpanel/ssl/domain_tls/mautic.cfored.com/gmail-bulk-sending-389112-firebase-adminsdk-bpwq7-1c8285bad0.json

• <YOUR_SERVER_IP>: Replace with the IP address of your server where the spam gateway is hosted. IP Address: 34.145.37.45:587

• /path/to/tls_certificate.crt: Replace with the actual path to your TLS certificate: /var/cpanel/ssl/domain_tls/mautic.cfored.com/mautic_crt_key.crt

• /path/to/tls_private_key.key: Replace with the actual path to your TLS private key: /var/cpanel/ssl/domain_tls/mautic.cfored.com/mautic_private_key.key

• /path/to/verify_certificates.pem: Replace with the actual path to your certificate verification file. /var/cpanel/ssl/domain_tls/mautic.cfored.com/imap_cfored_com.pem

• <YOUR_EMAIL_ADDRESS>: Replace with your email address. Email address: team@cfored.com

• <PATH_TO_KEY_FILE_WITH_JSON_EXT>: Replace with extension local path: /var/cpanel/ssl/domain_tls/mautic.cfored.com/gmail-bulk-sending-389112-firebase-adminsdk-bpwq7-1c8285bad0.json

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Google Firebase's Outbound SMTP relay service:

Section: AUTH

firebase_auth_login: driver = plaintext public_name = LOGIN client_send = : firebase-adminsdk-bpwq7@gmail-bulk-sending-389112.iam.gserviceaccount.com : /var/cpanel/ssl/domain_tls/mautic.cfored.com/gmail-bulk-sending-389112-firebase-adminsdk-bpwq7-1c8285bad0.json

Section: ROUTERSTART

send_via_firebase: driver = manualroute domains = ! +local_domains transport = firebase_smtp route_list = "* smtp.gmail.com::587 byname" host_find_failed = defer no_more

Section: TRANSPORTSTART

spamgateway_smtp: driver = smtp hosts = google_functions:34.145.37.45:587 hosts_require_auth = google_functions hosts_require_tls = google_functions

firebase_smtp: driver = smtp hosts = gmail-api::587 hosts_require_auth = firebase-adminsdk-bpwq7@gmail-bulk-sending-389112.iam.gserviceaccount.com : /var/cpanel/ssl/domain_tls/mautic.cfored.com/gmail-bulk-sending-389112-firebase-adminsdk-bpwq7-1c8285bad0.json

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ DuoCircle's Outbound SMTP relay service:

Section: AUTH

spamgateway_login: driver = plaintext public_name = LOGIN client_send = : CEDU : 6k1MnF5hOz!

Section: ROUTERSTART

send_via_spamgateway: driver = manualroute domains = ! +local_domains transport = spamgateway_smtp route_list = "* outbound.mailhop.org::10025 byname" host_find_failed = defer no_more

Section: TRANSPORTSTART

spamgateway_smtp: driver = smtp hosts = outbound.mailhop.org hosts_require_auth = outbound.mailhop.org

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

[DevCEDTeam]

Section: AUTH firebase_auth_login: driver = plaintext public_name = LOGIN client_send = : firebase-adminsdk-bpwq7@gmail-bulk-sending-389112.iam.gserviceaccount.com : /ssl/json/gmail-bulk-sending-389112-firebase-adminsdk-bpwq7-1c8285bad0.json

Section: ROUTERSTART send_via_firebase: driver = manualroute domains = ! +local_domains transport = firebase_smtp route_list = "* smtp.gmail.com::587 byname" host_find_failed = defer no_more

Section: TRANSPORTSTART spamgateway_smtp: driver = smtp hosts = google_functions:34.145.37.45:587 hosts_require_auth = google_functions hosts_require_tls = google_functions

firebase_smtp: driver = smtp hosts = gmail-api::587 hosts_require_auth = firebase-adminsdk-bpwq7@gmail-bulk-sending-389112.iam.gserviceaccount.com : /ssl/json/gmail-bulk-sending-389112-f

[DevCEDTeam]

Your assignment is to write an exim script for an exim router to transport email messages from my exim mail server using the firebase authenticator of JSON Web Key (JWK) to Gmail API layer. Use the Firebase Authenticator Json file hosted on the local server: hosts_require_auth = firebase-adminsdk-bpwq7@gmail-bulk-sending-389112.iam.gserviceaccount.com : /ssl/json/gmail-bulk-sending-389112-firebase-adminsdk-bpwq7-1c8285bad0.json Your second assignmnet is to include tls.

[DevCEDTeam]

Apologies for the confusion. It appears you're referring to a PuTTY Private Key (.ppk) instead of an SSL certificate (.pem). Since Exim primarily works with SSL certificates (.pem format) for SMTP TLS, you'll need to convert your PuTTY Private Key to the appropriate format.

To use the PuTTY Private Key (*.ppk) with Exim, you can convert it to the OpenSSL-compatible format (.pem). Here's how you can do that:

1. Convert PuTTY Private Key to PEM Format:

   • If you don't have OpenSSL installed on your system, you can download a version suitable for your operating system.
   • Open a command prompt or terminal and use the following command to convert the .ppk key to .pem format:

     puttygen key.ppk -O private-openssh -o key.pem

     Replace key.ppk with the filename of your PuTTY Private Key. This will create a new key.pem file in the OpenSSL-compatible format.

2. Configure Exim Router and Transport:

   • After obtaining the key.pem file, you can proceed with the router and transport configuration. Below is the updated script:

# exim.conf or a separate transport configuration file

# Define a router for emails to be sent via Gmail API with Firebase Authenticator
gmail_api_router:
  driver = accept
  domains = your_domain.com
  # Add other conditions as needed to match the emails you want to route to Gmail API
  transport = gmail_api_transport

# Define the transport for Gmail API
gmail_api_transport:
  driver = smtp
  hosts = smtp.gmail.com:587
  tls = yes
  tls_certificate = /path/to/certificate.pem   # Replace with the path to your SSL certificate (not the .ppk key)
  tls_privatekey = /path/to/key.pem           # Replace with the path to the converted .pem private key

  # Set authentication credentials for the Firebase Authenticator JSON Web Key (JWK)
  headers_add = "Authorization: Bearer API_KEY"
  headers_remove = "Bcc"  # Remove Bcc header if necessary, as Gmail API handles Bcc differently

  # Ensure the From header is set correctly (use the authenticated address)
  headers_add = "From: ${if def:h_EnvelopeFrom {${quote:$h_EnvelopeFrom}} {${quote:$header_From:}}}"

  # Specify the envelope sender (return path) for bounce handling
  return_path_add

  # Set other headers as needed for the Gmail API layer

  # Use PIPELINING to improve performance
  # pipelining_advertise_hosts = ${if eq {$tls_cipher}{}{}{*}}

  # Authenticate with the Gmail API
  hosts_require_auth = /etc/exim/gmail_api_key

Replace the following placeholders in the script:

• your_domain.com: Replace this with the domain(s) for which you want to use the Gmail API to send emails.
• API_KEY: Replace this with the actual API key obtained from the Firebase Authenticator JSON Web Key.
• /path/to/certificate.pem: Replace this with the path to your SSL certificate file (not the .ppk key).
• /path/to/key.pem: Replace this with the path to the converted OpenSSL-compatible .pem private key file.

With the PuTTY Private Key converted to the .pem format, you can now use it with Exim for secure communication with the Gmail API.

[DevCEDTeam]

Your assignment is to write an exim script for an exim router to transport email messages from my exim mail server using the firebase authenticator of JSON Web Key (JWK) to Gmail API layer. Use the Firebase Authenticator Json file hosted on the local server: hosts_require_auth = firebase-adminsdk-bpwq7@gmail-bulk-sending-389112.iam.gserviceaccount.com : /ssl/json/gmail-bulk-sending-389112-firebase-adminsdk-bpwq7-1c8285bad0.json

[DevCEDTeam]

Apologies for the confusion. You are right, the option openssl_verify_hosts is not available in Exim's configuration by default. Instead, Exim uses the hosts_require_tls and tls_verify_certificates options for TLS-related settings.

Here's the updated Exim router and transport script without the openssl_verify_hosts option:

# exim.conf or a separate transport configuration file

# Define a router for emails to be sent via Gmail API with Firebase Authenticator
gmail_api_router:
  driver = accept
  domains = your_domain.com
  # Add other conditions as needed to match the emails you want to route to Gmail API
  transport = gmail_api_transport

# Define the transport for Gmail API
gmail_api_transport:
  driver = smtp
  hosts = smtp.gmail.com:587
  tls_certificate = /path/to/certificate.pem   # Replace with the path to your SSL certificate (not the .ppk key)

  # Set the From header to use the authenticated address
  headers_add = "From: ${if def:h_EnvelopeFrom {${quote:$h_EnvelopeFrom}} {${quote:$header_From:}}}"

  # Specify the envelope sender (return path) for bounce handling
  return_path_add

  # Set other headers as needed for the Gmail API layer

  # Use PIPELINING to improve performance
  # pipelining_advertise_hosts = ${if eq {$tls_cipher}{}{}{*}}

  # Authenticate with the Gmail API using the Firebase Authenticator JSON Web Key (JWK)
  headers_remove = "Authorization"
  headers_add = "Authorization: Bearer API_KEY"
  hosts_require_auth = /path/to/gmail-bulk-sending-389112-firebase-adminsdk-bpwq7-1c8285bad0.json
  hosts_require_tls = *
  tls_verify_certificates = /path/to/CA_certificate.pem  # Optional: Replace with the path to additional CA certificate if needed

Replace the following placeholders in the script:

• your_domain.com: Replace this with the domain(s) for which you want to use the Gmail API to send emails.
• API_KEY: Replace this with the actual API key obtained from the Firebase Authenticator JSON Web Key.
• /path/to/certificate.pem: Replace this with the path to your SSL certificate file (not the .ppk key).
• /path/to/gmail-bulk-sending-389112-firebase-adminsdk-bpwq7-1c8285bad0.json: Replace this with the actual path to the Firebase Authenticator JSON Web Key (JWK) file on your server.
• /path/to/CA_certificate.pem: Optional - Replace this with the path to additional CA certificate if needed. This option is used if you have specific CA certificates that you want Exim to trust.

In this updated configuration, the hosts_require_tls option specifies that all hosts should use TLS when connecting, and the tls_verify_certificates option specifies the path to the CA certificate file if you have additional CA certificates that you want Exim to trust (optional).

Again, I apologize for the oversight earlier, and I hope this resolves the issue. If you encounter any further issues or have more questions, please feel free to ask.

[DevCEDTeam]

Your new assignment is to analyis and develop a custom script that obtains the access token using your JSON Web Key (JWK) credentials and outputs it to stdout, 2 Save it as get_access_token.sh, transport Firebase gmp_nav20_authAuthentication, transports to App Engine, OAuth 2.0 Client, Gmail API:

App Engine key = 76446a0d52b4bd34ead45c7c9e0fd001bd404a5a App Engine email = gmail-bulk-sending-389112@appspot.gserviceaccount.com

OAuth 2.0 client secret = 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 OAuth 2.0 client ID = 895054114655-fj68j3v77or9tcnp4krguv029tktursl.apps.googleusercontent.com

API Key Name = gmail-bulk-sending (auto created by Firebase) API Key = AIzaSyCxkplcaDKe9d97JwwN2h8WJITr697UlzA

tls_certificate = /ssl/certs/gmail-bulk-sending-389112-OpenSSL-key.pem tls_privatekey = /ssl/certs/gmail-bulk-sending-389112-OpenSSL-key.pem JSON Web Key (JWK) file json_key="/ssl/json/gmail-bulk-sending-389112-firebase-adminsdk-bpwq7-1c8285bad0.json

Define the transport for normal email sending

normal_transport: driver = smtp hosts = smtp.gmail.com:587 tls_certificate = /ssl/certs/gmail-bulk-sending-389112-OpenSSL-key.pem tls_privatekey = /ssl/certs/gmail-bulk-sending-389112-OpenSSL-key.pem hosts_require_tls = * headers_add = "From: ${quote:$h_envelope_from}" return_path_add

Define the transport for authentication

auth_transport: driver = pipe command = /path/to/get_access_token.sh current_directory = /path/to/script_directory user = your_system_username # Replace with the appropriate system username group = mailgroup # Replace with the appropriate group

Router to handle email sending

send_via_firebase: driver = manualroute route_list = * smtp.gmail.com::587 byname transport = normal_transport no_more

Router to handle authentication

authenticate: driver = accept domains = +local_domains condition = "${if eq {$sender_address} {firebase-auth@yourdomain.com}}" transport = auth_transport no_more

Did the solution meet the assignment? Based on the problems you found, rewire the entire project step by step guide with CLI commands:

[DevCEDTeam]

### OAuth 2.0 Client, and Gmail API

To complete the assignment, we need to create a custom script named get_access_token.sh that obtains the access token using the provided JSON Web Key (JWK) credentials and outputs it to stdout. Additionally, we'll update the Exim configuration to include the new transport and authentication settings for Firebase gmp_nav20_authAuthentication, transports to App Engine, OAuth 2.0 Client, and Gmail API.

Here's the step-by-step guide with CLI commands:

Step 1: Create the get_access_token.sh Script Open a terminal and create the get_access_token.sh script with the following content:

#!/bin/bash

# Load the JSON Web Key (JWK) file into a variable
json_key=$(cat /ssl/json/gmail-bulk-sending-389112-firebase-adminsdk-bpwq7-1c8285bad0.json)

# Extract the private key from the JWK file
private_key=$(echo "$json_key" | jq -r '.private_key')

# Use openssl to generate the JWT assertion
jwt_assertion=$(echo -n "$json_key" | openssl dgst -sha256 -sign <(echo -n "$private_key") | base64 | tr -d '\n')

# Use curl to get the access token
response=$(curl -sS -X POST "https://www.googleapis.com/oauth2/v4/token" -H "Content-Type: application/x-www-form-urlencoded" -d "grant_type=urn%3Aietf%3Aparams%3Aoauth%3Agrant-type%3Ajwt-bearer&assertion=${jwt_assertion}")

# Extract the access token from the response
access_token=$(echo "$response" | jq -r '.access_token')

# Output the access token to stdout
echo "$access_token"

Save the script and make it executable:

chmod +x get_access_token.sh

Step 2: Update the Exim Configuration Open the Exim configuration file using a text editor as mentioned before. Add the following code to the configuration to include the new transport and authentication settings:

# Define the transport for normal email sending
normal_transport:
  driver = smtp
  hosts = smtp.gmail.com:587
  tls_certificate = /ssl/certs/gmail-bulk-sending-389112-OpenSSL-key.pem
  tls_privatekey = /ssl/certs/gmail-bulk-sending-389112-OpenSSL-key.pem
  hosts_require_tls = *
  headers_add = "From: ${quote:$h_envelope_from}"
  return_path_add

# Define the transport for authentication
auth_transport:
  driver = pipe
  command = /path/to/get_access_token.sh
  current_directory = /path/to/script_directory
  user = your_system_username  # Replace with the appropriate system username
  group = mailgroup  # Replace with the appropriate group

# Router to handle email sending
send_via_firebase:
  driver = manualroute
  route_list = * smtp.gmail.com::587 byname
  transport = normal_transport
  no_more

# Router to handle authentication
authenticate:
  driver = accept
  domains = +local_domains
  condition = "${if eq {$sender_address} {firebase-auth@yourdomain.com}}"
  transport = auth_transport
  no_more

Step 3: Replace Placeholders Replace the following placeholders with the appropriate values:

• Replace /ssl/certs/gmail-bulk-sending-389112-OpenSSL-key.pem with the actual path to your SSL certificate file.
• Replace /path/to/get_access_token.sh with the actual path to the get_access_token.sh script created in Step 1.
• Replace /path/to/script_directory with the actual directory where the get_access_token.sh script resides.
• Replace your_system_username with the username of the system user that should execute the authentication script.
• Replace mailgroup with the appropriate group name that should execute the authentication script.

Step 4: Save and Restart Exim Save the changes to the Exim configuration file and restart the Exim service for the changes to take effect:

For SysVinit systems:

sudo service exim restart

For systemd systems:

sudo systemctl restart exim

Step 5: Test the Configuration Send a test email to ensure that the new configuration is working correctly. Check the Exim logs for any errors or issues:

sudo tail -f /var/log/exim/mainlog

That's it! You have now successfully set up the custom script to obtain the access token and integrated it into the Exim configuration for Firebase gmp_nav20_authAuthentication, transports to App Engine, OAuth 2.0 Client, and Gmail API.

[DevCEDTeam]

Without OAuth 2.0 Client

Your new assignment is to analyze and develop a custom script that obtains the access token using your JSON Web Key (JWK) credentials and outputs it to stdout, 2 Save it as get_access_token.sh, transport Firebase gmp_nav20_authAuthentication, transport to App Engine, Gmail API:

App Engine key = 76446a0d52b4bd34ead45c7c9e0fd001bd404a5a App Engine email = gmail-bulk-sending-389112@appspot.gserviceaccount.com

API Key Name = gmail-bulk-sending (auto created by Firebase) API Key = AIzaSyCxkplcaDKe9d97JwwN2h8WJITr697UlzA

tls_certificate = /ssl/certs/gmail-bulk-sending-389112-OpenSSL-key.pem tls_privatekey = /ssl/certs/gmail-bulk-sending-389112-OpenSSL-key.pem JSON Web Key (JWK) file json_key="/ssl/json/gmail-bulk-sending-389112-firebase-adminsdk-bpwq7-1c8285bad0.json

Define the transport for normal email sending

normal_transport: driver = smtp hosts = smtp.gmail.com:587 tls_certificate = /ssl/certs/gmail-bulk-sending-389112-OpenSSL-key.pem tls_privatekey = /ssl/certs/gmail-bulk-sending-389112-OpenSSL-key.pem hosts_require_tls = * headers_add = "From: ${quote:$h_envelope_from}" return_path_add

Define the transport for authentication

auth_transport: driver = pipe command = /path/to/get_access_token.sh current_directory = /path/to/script_directory user = your_system_username # Replace with the appropriate system username group = mailgroup # Replace with the appropriate group

Router to handle email sending

send_via_firebase: driver = manualroute route_list = * smtp.gmail.com::587 byname transport = normal_transport no_more

Router to handle authentication

authenticate: driver = accept domains = +local_domains condition = "${if eq {$sender_address} {firebase-auth@yourdomain.com}}" transport = auth_transport no_more

Did the solution meet the assignment? Based on the problems you found, rewire the entire project step by step guide with CLI commands:

[DevCEDTeam]

To complete the assignment, we need to create a custom script named get_access_token.sh that obtains the access token using the provided JSON Web Key (JWK) credentials and outputs it to stdout. Additionally, we'll update the Exim configuration to include the new transport and authentication settings for Firebase gmp_nav20_authAuthentication, transports to App Engine, and Gmail API.

Here's the step-by-step guide with CLI commands:

Step 1: Create the get_access_token.sh Script Open a terminal and create the get_access_token.sh script with the following content:

#!/bin/bash

# Load the JSON Web Key (JWK) file into a variable
json_key=$(cat /ssl/json/gmail-bulk-sending-389112-firebase-adminsdk-bpwq7-1c8285bad0.json)

# Extract the private key from the JWK file
private_key=$(echo "$json_key" | jq -r '.private_key')

# Use openssl to generate the JWT assertion
jwt_assertion=$(echo -n "$json_key" | openssl dgst -sha256 -sign <(echo -n "$private_key") | base64 | tr -d '\n')

# Use curl to get the access token
response=$(curl -sS -X POST "https://www.googleapis.com/oauth2/v4/token" -H "Content-Type: application/x-www-form-urlencoded" -d "grant_type=urn%3Aietf%3Aparams%3Aoauth%3Agrant-type%3Ajwt-bearer&assertion=${jwt_assertion}")

# Extract the access token from the response
access_token=$(echo "$response" | jq -r '.access_token')

# Output the access token to stdout
echo "$access_token"

Save the script and make it executable:

chmod +x get_access_token.sh

Step 2: Update the Exim Configuration Open the Exim configuration file using a text editor:

sudo nano /etc/exim/exim.conf

Add the following code to the configuration to include the new transport and authentication settings:

# Define the transport for normal email sending
normal_transport:
  driver = smtp
  hosts = smtp.gmail.com:587
  tls_certificate = /ssl/certs/gmail-bulk-sending-389112-OpenSSL-key.pem
  tls_privatekey = /ssl/certs/gmail-bulk-sending-389112-OpenSSL-key.pem
  hosts_require_tls = *
  headers_add = "From: ${quote:$h_envelope_from}"
  return_path_add

# Define the transport for authentication
auth_transport:
  driver = pipe
  command = /path/to/get_access_token.sh
  current_directory = /path/to/script_directory
  user = your_system_username  # Replace with the appropriate system username
  group = mailgroup  # Replace with the appropriate group

# Router to handle email sending
send_via_firebase:
  driver = manualroute
  route_list = * smtp.gmail.com::587 byname
  transport = normal_transport
  no_more

# Router to handle authentication
authenticate:
  driver = accept
  domains = +local_domains
  condition = "${if eq {$sender_address} {firebase-auth@yourdomain.com}}"
  transport = auth_transport
  no_more

Step 3: Replace Placeholders Replace the following placeholders with the appropriate values:

• Replace /ssl/certs/gmail-bulk-sending-389112-OpenSSL-key.pem with the actual path to your SSL certificate file.
• Replace /path/to/get_access_token.sh with the actual path to the get_access_token.sh script created in Step 1.
• Replace /path/to/script_directory with the actual directory where the get_access_token.sh script resides.
• Replace your_system_username with the username of the system user that should execute the authentication script.
• Replace mailgroup with the appropriate group name that should execute the authentication script.

Step 4: Save and Restart Exim Save the changes to the Exim configuration file and restart the Exim service for the changes to take effect:

sudo service exim restart

Step 5: Test the Configuration Send a test email to ensure that the new configuration is working correctly. Check the Exim logs for any errors or issues:

sudo tail -f /var/log/exim/mainlog

That's it! You have now successfully set up the custom script to obtain the access token and integrated it into the Exim configuration for Firebase gmp_nav20_authAuthentication, transports to App Engine, and Gmail API.

[DevCEDTeam]

Define the transport for normal email sending:

normal_transport:
  driver = smtp
  hosts = smtp.gmail.com:587
  tls_certificate = /etc/ssl/certs/gmail-bulk-sending-389112-OpenSSL-key.pem
  tls_privatekey = /etc/ssl/certs/gmail-bulk-sending-389112-OpenSSL-key.pem
  tls_require_ciphers = high
  tls_verify_certificates = /etc/ssl/certs/devced_com_c779b_144e9_1721083899_7b4671b185e2c240cd1dd070db7c71be.crt
  hosts_require_tls = *
  headers_add = "From: ${quote:$h_envelope_from}"
  return_path_add

Define the transport for authentication:

auth_transport:
  driver = pipe
  command = /public_html/tokens/get_access_token.sh
  current_directory = /public_html/tokens
  # Replace with the user account used by Exim for running scripts
  user = mailnull  
  # Replace with the group account used by Exim for running scripts
  group = mail 

Router to handle email sending:

send_via_firebase:
  driver = manualroute
  route_list = * smtp.gmail.com::587 byname
  transport = normal_transport
  no_more

Router to handle authentication:

authenticate:
  driver = accept
  domains = +local_domains
  condition = "${if eq {$sender_address} {firebase-auth@yourdomain.com}}"
  transport = auth_transport
  no_more

[DevCEDTeam]

Define the transport for normal email sending:

normal_transport:
  driver = smtp
  hosts = smtp.gmail.com:587
  tls_certificate = /etc/ssl/certs/gmail-bulk-sending-389112-OpenSSL-ssh-vm.crt
  tls_privatekey = /etc/ssl/certs/gmail-bulk-sending-389112-private-ssh-vm.key
  tls_require_ciphers = high
  tls_verify_certificates = /etc/ssl/certs/devced_com_c779b_144e9_1721083899_7b4671b185e2c240cd1dd070db7c71be.crt
  hosts_require_tls = *
  headers_add = "From: ${quote:$h_envelope_from}"
  return_path_add

Define the transport for authentication:

auth_transport:
  driver = pipe
  command = /public_html/tokens/get_access_token.sh
  current_directory = /public_html/tokens
  # Replace with the user account used by Exim for running scripts
  user = mailnull  
  # Replace with the group account used by Exim for running scripts
  group = mail 

Router to handle email sending:

send_via_firebase:
  driver = manualroute
  route_list = * smtp.gmail.com::587 byname
  transport = normal_transport
  no_more

Router to handle authentication:

authenticate:
  driver = accept
  domains = +local_domains
  condition = "${if eq {$sender_address} {firebase-auth@yourdomain.com}}"
  transport = auth_transport
  no_more

[DevCEDTeam]

Define the transport for authentication:

auth_transport: driver = pipe command = /public_html/tokens/get_access_token.sh current_directory = /public_html/tokens user = mailnull
group = mail

Router to handle authentication:

authenticate: driver = accept domains = +local_domains condition = "${if eq {$sender_address} {firebase-auth@yourdomain.com}}" transport = auth_transport no_more

Define the transport for normal email sending:

normal_transport:
  driver = smtp
  hosts = smtp.gmail.com:587
  tls_certificate = /etc/ssl/certs/gmail-bulk-sending-389112-OpenSSL-ssh-vm.crt
  tls_privatekey = /etc/ssl/certs/gmail-bulk-sending-389112-private-ssh-vm.key
  tls_require_ciphers = high
  tls_verify_certificates = /etc/ssl/certs/devced_com_c779b_144e9_1721083899_7b4671b185e2c240cd1dd070db7c71be.crt
  hosts_require_tls = *
  headers_add = "From: ${quote:$h_envelope_from}"
  return_path_add

Define the transport for authentication:

auth_transport:
  driver = pipe
  command = /public_html/tokens/get_access_token.sh
  current_directory = /public_html/tokens
  user = mailnull  
  group = mail 

Router to handle email sending:

send_via_firebase:
  driver = manualroute
  route_list = * smtp.gmail.com::587 byname
  transport = normal_transport
  no_more

Router to handle authentication:

authenticate:
  driver = accept
  domains = +local_domains
  condition = "${if eq {$sender_address} {firebase-auth@yourdomain.com}}"
  transport = auth_transport
  no_more

[DevCEDTeam]

Define the transport for authentication: Section: AUTH

firebase_auth_login:
driver = plaintext
public_name = LOGIN
client_send = : firebase-adminsdk-bpwq7@gmail-bulk-sending-389112.iam.gserviceaccount.com : /etc/ssl/json/gmail-bulk-sending-389112-firebase-adminsdk-bpwq7-0bdb258c11.json 

Router to handle authentication: Section: ROUTERSTART

# Router to handle email sending
send_via_firebase:
  driver = manualroute
  route_list = * smtp.gmail.com::587 byname
  transport = normal_transport
  no_more

# Router to handle authentication
authenticate:
  driver = accept
  domains = +local_domains
  condition = "${if eq {$sender_address} {team@cfored.com}}"
  transport = auth_transport
  no_more

Define the transport for normal email sending:

# Define the transport for normal email sending
normal_transport:
  driver = smtp
  hosts = smtp.devced.com:587
  tls_certificate = /etc/ssl/certs/gmail-bulk-sending-389112-OpenSSL-ssh-vm.crt
  tls_privatekey = /etc/ssl/certs/gmail-bulk-sending-389112-private-ssh-vm.key
  tls_require_ciphers = high
  tls_verify_certificates = /ssl/certs/mautic_devced_com_b5dc7_cbd81_1723593599_793c87bd13178d516ccf74fac4533730.crt
  hosts_require_tls = *
  headers_add = "From: ${quote:$h_envelope_from}"
  return_path_add

# Define the transport for authentication
auth_transport:
  driver = pipe
  command = /public_html/tokens/get_access_token.sh
  current_directory = /public_html/tokens
  # Replace with the user account used by Exim for running scripts
  user = mailnull  
  # Replace with the group account used by Exim for running scripts
  group = mail 

[DevCEDTeam]

Define the transport for normal email sending:

# Define the transport for normal email sending
normal_transport:
  driver = smtp
  hosts = smtp.devced.com:587
  tls_certificate = /etc/ssl/certs/gmail-bulk-sending-389112-OpenSSL-ssh-vm.crt
  tls_privatekey = /etc/ssl/certs/gmail-bulk-sending-389112-private-ssh-vm.key
  tls_require_ciphers = high
  tls_verify_certificates = /ssl/certs/mautic_devced_com_b5dc7_cbd81_1723593599_793c87bd13178d516ccf74fac4533730.crt
  hosts_require_tls = *
  headers_add = "From: ${quote:$h_envelope_from}"
  return_path_add

# Define the transport for authentication
auth_transport:
  driver = pipe
  command = /public_html/tokens/get_access_token.sh
  current_directory = /public_html/tokens
  # Replace with the user account used by Exim for running scripts
  user = mailnull  
  # Replace with the group account used by Exim for running scripts
  group = mail 

# Define the transport for authentication: Section: AUTH
firebase_auth_login:
driver = plaintext
public_name = LOGIN
client_send = : firebase-adminsdk-bpwq7@gmail-bulk-sending-389112.iam.gserviceaccount.com : /etc/ssl/json/gmail-bulk-sending-389112-firebase-adminsdk-bpwq7-0bdb258c11.json 

# Router to handle authentication: Section: ROUTERSTART
# ... (other routers)

# Router to handle authentication with Firebase Gmail API
authenticate_firebase:
  driver = accept
  domains = +local_domains
  condition = "${if eq {$sender_address} {team@cfored.com}}"
  transport = auth_firebase_transport
  no_more

# Define the transport for normal email sending:
# ... (other transports)

# Define the transport for Firebase Gmail API authentication
auth_firebase_transport:
  driver = pipe
  command = /public_html/tokens/get_firebase_access_token.sh
  current_directory = /public_html/tokens
  user = mailnull
  group = mail

[DevCEDTeam]

//

[DevCEDTeam]

Sure, here's the updated Exim email plugin script with the changes you specified:

# Define the transport for authentication: Section: AUTH
firebase_auth_login:
driver = plaintext
public_name = LOGIN
client_send = : firebase-adminsdk-bpwq7@gmail-bulk-sending-389112.iam.gserviceaccount.com : /etc/ssl/json/gmail-bulk-sending-389112-firebase-adminsdk-bpwq7-0bdb258c11.json 

# Router to handle authentication: Section: ROUTERSTART
# ... (other routers)

# Router to handle authentication with Firebase Gmail API
authenticate_firebase:
  driver = accept
  domains = +local_domains
  condition = "${if eq {$sender_address} {team@cfored.com}}"
  transport = auth_firebase_transport
  no_more

# Define the transport for normal email sending:
# ... (other transports)

# Define the transport for Firebase Gmail API authentication
auth_firebase_transport:
  driver = pipe
  command = /public_html/tokens/get_firebase_access_token.sh
  current_directory = /public_html/tokens
  user = mailnull
  group = mail

Changes made:

1. Added a new router named authenticate_firebase to handle authentication using the Firebase Gmail API.
2. Modified the condition to match the sender address ("team@cfored.com") for Firebase Gmail API authentication.
3. Created a new transport named auth_firebase_transport for Firebase Gmail API authentication, using the pipe driver.
4. Updated the command and current_directory to use the Firebase access token script.
5. Kept the existing routers and transports for normal email sending intact.

Please note that I've added comments in the script for clarity. You'll need to update the paths and configuration details based on your setup.

[DevCEDTeam]

Certainly, here's the modified Gmail API script with support for OAuth 2.0 client authentication only:

# Define the transport for normal email sending:
# ... (other transports)

# Define the transport for authentication using OAuth 2.0 client
auth_transport_oauth2:
  driver = pipe
  command = /public_html/tokens/get_oauth2_access_token.sh
  current_directory = /public_html/tokens
  user = mailnull  
  group = mail 

# Router to handle authentication with OAuth 2.0 client
authenticate_oauth2:
  driver = accept
  domains = +local_domains
  condition = "${if eq {$sender_address} {team@cfored.com}}"
  transport = auth_transport_oauth2
  no_more

Changes made:

1. Removed the previous transport and router definitions related to Firebase Gmail API authentication.
2. Created a new transport named auth_transport_oauth2 for OAuth 2.0 client authentication, using the pipe driver.
3. Updated the command and current_directory to use the OAuth 2.0 access token script.
4. Created a new router named authenticate_oauth2 to handle authentication using OAuth 2.0 client.
5. Updated the condition to match the sender address ("team@cfored.com") for OAuth 2.0 client authentication.

Please remember to replace the paths, script names, and configuration details based on your setup. This script supports OAuth 2.0 client authentication only and removes the Firebase-related configurations.

[DevCEDTeam]

Define the transport for normal email sending:

Define the transport for authentication using OAuth 2.0 client

auth_transport_oauth2: driver = pipe command = /var/cpanel/ssl/token/get_access_token.sh current_directory = /var/cpanel/ssl/token user = mailnull
group = mail

Router to handle authentication with OAuth 2.0 client

authenticate_oauth2: driver = accept domains = +local_domains condition = "${if eq {$sender_address} {team@cfored.com}}" transport = auth_transport_oauth2 no_more

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Section: AUTH

firebase_auth_login: driver = plaintext public_name = LOGIN client_send = : firebase-adminsdk-bpwq7@gmail-bulk-sending-389112.iam.gserviceaccount.com : /etc/ssl/json/gmail-bulk-sending-389112-firebase-adminsdk-bpwq7-0bdb258c11.json

Section: ROUTERSTART

Router to handle email sending

send_via_firebase: driver = manualroute route_list = * smtp.gmail.com::587 byname transport = normal_transport no_more

Router to handle authentication

authenticate: driver = accept domains = +local_domains condition = "${if eq {$sender_address} {team@cfored.com}}" transport = auth_transport no_more

Section: TRANSPORTSTART

Define the transport for normal email sending

normal_transport: driver = smtp hosts = smtp.devced.com:587 tls_certificate = /etc/ssl/certs/gmail-bulk-sending-389112-OpenSSL-ssh-vm.crt tls_privatekey = /etc/ssl/certs/gmail-bulk-sending-389112-private-ssh-vm.key tls_require_ciphers = high tls_verify_certificates = /ssl/certs/mautic_devced_com_b5dc7_cbd81_1723593599_793c87bd13178d516ccf74fac4533730.crt hosts_require_tls = * headers_add = "From: ${quote:$h_envelope_from}" return_path_add

Define the transport for authentication

auth_transport: driver = pipe command = /public_html/tokens/get_access_token.sh current_directory = /public_html/tokens

Replace with the user account used by Exim for running scripts

user = mailnull

Replace with the group account used by Exim for running scripts

group = mail

[DevCEDTeam]

Exim Define the transport for normal email sending

normal_transport: driver = smtp hosts = smtp.devced.com:587 tls_certificate = /var/cpanel/ssl/ssl/gmail-bulk-sending-389112-OpenSSL-ssh-vm.crt tls_require_ciphers = high hosts_require_tls = * headers_add = "From: ${quote:$h_envelope_from}" return_path_add

Define the transport for authentication

auth_transport: driver = pipe command = /var/cpanel/ssl/token/get_access_token.sh current_directory = /public_html/tokens

Replace with the user account used by Exim for running scripts

user = mailnull

Replace with the group account used by Exim for running scripts

group = mail

Define the transport for authentication: Section: AUTH

firebase_auth_login: driver = plaintext public_name = LOGIN client_send = : firebase-adminsdk-bpwq7@gmail-bulk-sending-389112.iam.gserviceaccount.com : /var/cpanel/ssl/json/gmail-bulk-sending-389112-firebase-adminsdk-bpwq7-0bdb258c11.json

Router to handle authentication: Section: ROUTERSTART

... (other routers)

Router to handle authentication with Firebase Gmail API

authenticate_firebase: driver = accept domains = +local_domains condition = "${if eq {$sender_address} {team@cfored.com}}" transport = auth_firebase_transport no_more

Define the transport for normal email sending:

... (other transports)

Define the transport for Firebase Gmail API authentication

auth_firebase_transport: driver = pipe command = /var/cpanel/ssl/token/get_access_token.sh current_directory = /var/cpanel/ssl/token user = mailnull group = mail