Open DevCEDTeam opened 1 year ago
Step 1: Install Required Packages
Ensure that you have the necessary packages installed. You will need the google-auth
, google-auth-oauthlib
, and google-auth-httplib2
packages. You can install them using pip:
pip install google-auth google-auth-oauthlib google-auth-httplib2
Step 2: Create a Google Cloud Service Account If you haven't already, create a Google Cloud Service Account and download the JSON key file. Make sure it has the necessary permissions to access the Gmail API.
Step 3: Instructions on how to install a key file with JSON extension on Google Firebase:
Go to the Firebase console at console.firebase.google.com and select your project. Click on the gear icon in the top left corner and select "Project Settings". Click on the "Service Accounts" tab, which can be found at the bottom of the left-hand menu. Click on the "Generate New Private Key" button to download your key file, which will be in JSON format. Save the key file in a secure location on your server, and make note of the file path.
Step 4: Configure EXIM Open your EXIM configuration file and locate the relevant sections. Here's a sample configuration:
# Section: AUTH
firebase_auth_login:
driver = plaintext
public_name = LOGIN
client_send = : <YOUR_SERVICE_ACCOUNT_EMAIL> : <PATH_TO_KEY_FILE_WITH_JSON_EXT>
# Section: ROUTERSTART
send_via_firebase:
driver = manualroute
domains = ! +local_domains
transport = firebase_smtp
route_list = "* smtp.gmail.com::587 byname"
host_find_failed = defer
no_more
#Section: TRANSPORTSTART 1
spamgateway_smtp:
driver = smtp
hosts = google_functions:<YOUR_SERVER_IP>:587
hosts_require_auth = google_functions
hosts_require_tls = google_functions
firebase_smtp:
driver = smtp
hosts = gmail-api::587
hosts_require_auth = <YOUR_SERVICE_ACCOUNT_EMAIL> : <PATH_TO_KEY_FILE_WITH_JSON_EXT>
Replace the following placeholders with the appropriate values:
<YOUR_SERVICE_ACCOUNT_EMAIL>
: Replace with the email address of your Google service account:
firebase-adminsdk-bpwq7@gmail-bulk-sending-389112.iam.gserviceaccount.com
<PATH_TO_KEY_FILE_WITH_JSON_EXT>
: Replace with the path to your Google service account JSON key file:
/var/cpanel/ssl/domain_tls/mautic.cfored.com/gmail-bulk-sending-389112-firebase-adminsdk-bpwq7-1c8285bad0.json
<YOUR_SERVER_IP>
: Replace with the IP address of your server where the spam gateway is hosted.
IP Address: 34.145.37.45:587
/path/to/tls_certificate.crt
: Replace with the actual path to your TLS certificate: /var/cpanel/ssl/domain_tls/mautic.cfored.com/mautic_crt_key.crt
/path/to/tls_private_key.key
: Replace with the actual path to your TLS private key:
/var/cpanel/ssl/domain_tls/mautic.cfored.com/mautic_private_key.key
/path/to/verify_certificates.pem
: Replace with the actual path to your certificate verification file.
/var/cpanel/ssl/domain_tls/mautic.cfored.com/imap_cfored_com.pem
<YOUR_EMAIL_ADDRESS>
: Replace with your email address.
Email address: team@cfored.com
<PATH_TO_KEY_FILE_WITH_JSON_EXT>
: Replace with extension local path:
/var/cpanel/ssl/domain_tls/mautic.cfored.com/gmail-bulk-sending-389112-firebase-adminsdk-bpwq7-1c8285bad0.json
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Google Firebase's Outbound SMTP relay service:
firebase_auth_login: driver = plaintext public_name = LOGIN client_send = : firebase-adminsdk-bpwq7@gmail-bulk-sending-389112.iam.gserviceaccount.com : /var/cpanel/ssl/domain_tls/mautic.cfored.com/gmail-bulk-sending-389112-firebase-adminsdk-bpwq7-1c8285bad0.json
send_via_firebase: driver = manualroute domains = ! +local_domains transport = firebase_smtp route_list = "* smtp.gmail.com::587 byname" host_find_failed = defer no_more
spamgateway_smtp: driver = smtp hosts = google_functions:34.145.37.45:587 hosts_require_auth = google_functions hosts_require_tls = google_functions
firebase_smtp: driver = smtp hosts = gmail-api::587 hosts_require_auth = firebase-adminsdk-bpwq7@gmail-bulk-sending-389112.iam.gserviceaccount.com : /var/cpanel/ssl/domain_tls/mautic.cfored.com/gmail-bulk-sending-389112-firebase-adminsdk-bpwq7-1c8285bad0.json
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ DuoCircle's Outbound SMTP relay service:
spamgateway_login: driver = plaintext public_name = LOGIN client_send = : CEDU : 6k1MnF5hOz!
send_via_spamgateway: driver = manualroute domains = ! +local_domains transport = spamgateway_smtp route_list = "* outbound.mailhop.org::10025 byname" host_find_failed = defer no_more
spamgateway_smtp: driver = smtp hosts = outbound.mailhop.org hosts_require_auth = outbound.mailhop.org
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Section: AUTH firebase_auth_login: driver = plaintext public_name = LOGIN client_send = : firebase-adminsdk-bpwq7@gmail-bulk-sending-389112.iam.gserviceaccount.com : /ssl/json/gmail-bulk-sending-389112-firebase-adminsdk-bpwq7-1c8285bad0.json
Section: ROUTERSTART send_via_firebase: driver = manualroute domains = ! +local_domains transport = firebase_smtp route_list = "* smtp.gmail.com::587 byname" host_find_failed = defer no_more
Section: TRANSPORTSTART spamgateway_smtp: driver = smtp hosts = google_functions:34.145.37.45:587 hosts_require_auth = google_functions hosts_require_tls = google_functions
firebase_smtp: driver = smtp hosts = gmail-api::587 hosts_require_auth = firebase-adminsdk-bpwq7@gmail-bulk-sending-389112.iam.gserviceaccount.com : /ssl/json/gmail-bulk-sending-389112-f
Your assignment is to write an exim script for an exim router to transport email messages from my exim mail server using the firebase authenticator of JSON Web Key (JWK) to Gmail API layer. Use the Firebase Authenticator Json file hosted on the local server: hosts_require_auth = firebase-adminsdk-bpwq7@gmail-bulk-sending-389112.iam.gserviceaccount.com : /ssl/json/gmail-bulk-sending-389112-firebase-adminsdk-bpwq7-1c8285bad0.json Your second assignmnet is to include tls.
Apologies for the confusion. It appears you're referring to a PuTTY Private Key (.ppk
) instead of an SSL certificate (.pem
). Since Exim primarily works with SSL certificates (.pem
format) for SMTP TLS, you'll need to convert your PuTTY Private Key to the appropriate format.
To use the PuTTY Private Key (*.ppk
) with Exim, you can convert it to the OpenSSL-compatible format (.pem
). Here's how you can do that:
Convert PuTTY Private Key to PEM Format:
.ppk
key to .pem
format:
puttygen key.ppk -O private-openssh -o key.pem
Replace key.ppk
with the filename of your PuTTY Private Key. This will create a new key.pem
file in the OpenSSL-compatible format.
Configure Exim Router and Transport:
key.pem
file, you can proceed with the router and transport configuration. Below is the updated script:# exim.conf or a separate transport configuration file
# Define a router for emails to be sent via Gmail API with Firebase Authenticator
gmail_api_router:
driver = accept
domains = your_domain.com
# Add other conditions as needed to match the emails you want to route to Gmail API
transport = gmail_api_transport
# Define the transport for Gmail API
gmail_api_transport:
driver = smtp
hosts = smtp.gmail.com:587
tls = yes
tls_certificate = /path/to/certificate.pem # Replace with the path to your SSL certificate (not the .ppk key)
tls_privatekey = /path/to/key.pem # Replace with the path to the converted .pem private key
# Set authentication credentials for the Firebase Authenticator JSON Web Key (JWK)
headers_add = "Authorization: Bearer API_KEY"
headers_remove = "Bcc" # Remove Bcc header if necessary, as Gmail API handles Bcc differently
# Ensure the From header is set correctly (use the authenticated address)
headers_add = "From: ${if def:h_EnvelopeFrom {${quote:$h_EnvelopeFrom}} {${quote:$header_From:}}}"
# Specify the envelope sender (return path) for bounce handling
return_path_add
# Set other headers as needed for the Gmail API layer
# Use PIPELINING to improve performance
# pipelining_advertise_hosts = ${if eq {$tls_cipher}{}{}{*}}
# Authenticate with the Gmail API
hosts_require_auth = /etc/exim/gmail_api_key
Replace the following placeholders in the script:
your_domain.com
: Replace this with the domain(s) for which you want to use the Gmail API to send emails.API_KEY
: Replace this with the actual API key obtained from the Firebase Authenticator JSON Web Key./path/to/certificate.pem
: Replace this with the path to your SSL certificate file (not the .ppk
key)./path/to/key.pem
: Replace this with the path to the converted OpenSSL-compatible .pem
private key file.With the PuTTY Private Key converted to the .pem
format, you can now use it with Exim for secure communication with the Gmail API.
Your assignment is to write an exim script for an exim router to transport email messages from my exim mail server using the firebase authenticator of JSON Web Key (JWK) to Gmail API layer. Use the Firebase Authenticator Json file hosted on the local server: hosts_require_auth = firebase-adminsdk-bpwq7@gmail-bulk-sending-389112.iam.gserviceaccount.com : /ssl/json/gmail-bulk-sending-389112-firebase-adminsdk-bpwq7-1c8285bad0.json
Apologies for the confusion. You are right, the option openssl_verify_hosts
is not available in Exim's configuration by default. Instead, Exim uses the hosts_require_tls
and tls_verify_certificates
options for TLS-related settings.
Here's the updated Exim router and transport script without the openssl_verify_hosts
option:
# exim.conf or a separate transport configuration file
# Define a router for emails to be sent via Gmail API with Firebase Authenticator
gmail_api_router:
driver = accept
domains = your_domain.com
# Add other conditions as needed to match the emails you want to route to Gmail API
transport = gmail_api_transport
# Define the transport for Gmail API
gmail_api_transport:
driver = smtp
hosts = smtp.gmail.com:587
tls_certificate = /path/to/certificate.pem # Replace with the path to your SSL certificate (not the .ppk key)
# Set the From header to use the authenticated address
headers_add = "From: ${if def:h_EnvelopeFrom {${quote:$h_EnvelopeFrom}} {${quote:$header_From:}}}"
# Specify the envelope sender (return path) for bounce handling
return_path_add
# Set other headers as needed for the Gmail API layer
# Use PIPELINING to improve performance
# pipelining_advertise_hosts = ${if eq {$tls_cipher}{}{}{*}}
# Authenticate with the Gmail API using the Firebase Authenticator JSON Web Key (JWK)
headers_remove = "Authorization"
headers_add = "Authorization: Bearer API_KEY"
hosts_require_auth = /path/to/gmail-bulk-sending-389112-firebase-adminsdk-bpwq7-1c8285bad0.json
hosts_require_tls = *
tls_verify_certificates = /path/to/CA_certificate.pem # Optional: Replace with the path to additional CA certificate if needed
Replace the following placeholders in the script:
your_domain.com
: Replace this with the domain(s) for which you want to use the Gmail API to send emails.API_KEY
: Replace this with the actual API key obtained from the Firebase Authenticator JSON Web Key./path/to/certificate.pem
: Replace this with the path to your SSL certificate file (not the .ppk
key)./path/to/gmail-bulk-sending-389112-firebase-adminsdk-bpwq7-1c8285bad0.json
: Replace this with the actual path to the Firebase Authenticator JSON Web Key (JWK) file on your server./path/to/CA_certificate.pem
: Optional - Replace this with the path to additional CA certificate if needed. This option is used if you have specific CA certificates that you want Exim to trust.In this updated configuration, the hosts_require_tls
option specifies that all hosts should use TLS when connecting, and the tls_verify_certificates
option specifies the path to the CA certificate file if you have additional CA certificates that you want Exim to trust (optional).
Again, I apologize for the oversight earlier, and I hope this resolves the issue. If you encounter any further issues or have more questions, please feel free to ask.
Your new assignment is to analyis and develop a custom script that obtains the access token using your JSON Web Key (JWK) credentials and outputs it to stdout, 2 Save it as get_access_token.sh, transport Firebase gmp_nav20_authAuthentication, transports to App Engine, OAuth 2.0 Client, Gmail API:
App Engine key = 76446a0d52b4bd34ead45c7c9e0fd001bd404a5a App Engine email = gmail-bulk-sending-389112@appspot.gserviceaccount.com
OAuth 2.0 client secret = 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 OAuth 2.0 client ID = 895054114655-fj68j3v77or9tcnp4krguv029tktursl.apps.googleusercontent.com
API Key Name = gmail-bulk-sending (auto created by Firebase) API Key = AIzaSyCxkplcaDKe9d97JwwN2h8WJITr697UlzA
tls_certificate = /ssl/certs/gmail-bulk-sending-389112-OpenSSL-key.pem tls_privatekey = /ssl/certs/gmail-bulk-sending-389112-OpenSSL-key.pem JSON Web Key (JWK) file json_key="/ssl/json/gmail-bulk-sending-389112-firebase-adminsdk-bpwq7-1c8285bad0.json
normal_transport: driver = smtp hosts = smtp.gmail.com:587 tls_certificate = /ssl/certs/gmail-bulk-sending-389112-OpenSSL-key.pem tls_privatekey = /ssl/certs/gmail-bulk-sending-389112-OpenSSL-key.pem hosts_require_tls = * headers_add = "From: ${quote:$h_envelope_from}" return_path_add
auth_transport: driver = pipe command = /path/to/get_access_token.sh current_directory = /path/to/script_directory user = your_system_username # Replace with the appropriate system username group = mailgroup # Replace with the appropriate group
send_via_firebase: driver = manualroute route_list = * smtp.gmail.com::587 byname transport = normal_transport no_more
authenticate: driver = accept domains = +local_domains condition = "${if eq {$sender_address} {firebase-auth@yourdomain.com}}" transport = auth_transport no_more
Did the solution meet the assignment? Based on the problems you found, rewire the entire project step by step guide with CLI commands:
### OAuth 2.0 Client, and Gmail API
To complete the assignment, we need to create a custom script named get_access_token.sh
that obtains the access token using the provided JSON Web Key (JWK) credentials and outputs it to stdout. Additionally, we'll update the Exim configuration to include the new transport and authentication settings for Firebase gmp_nav20_authAuthentication, transports to App Engine, OAuth 2.0 Client, and Gmail API.
Here's the step-by-step guide with CLI commands:
Step 1: Create the get_access_token.sh Script
Open a terminal and create the get_access_token.sh
script with the following content:
#!/bin/bash
# Load the JSON Web Key (JWK) file into a variable
json_key=$(cat /ssl/json/gmail-bulk-sending-389112-firebase-adminsdk-bpwq7-1c8285bad0.json)
# Extract the private key from the JWK file
private_key=$(echo "$json_key" | jq -r '.private_key')
# Use openssl to generate the JWT assertion
jwt_assertion=$(echo -n "$json_key" | openssl dgst -sha256 -sign <(echo -n "$private_key") | base64 | tr -d '\n')
# Use curl to get the access token
response=$(curl -sS -X POST "https://www.googleapis.com/oauth2/v4/token" -H "Content-Type: application/x-www-form-urlencoded" -d "grant_type=urn%3Aietf%3Aparams%3Aoauth%3Agrant-type%3Ajwt-bearer&assertion=${jwt_assertion}")
# Extract the access token from the response
access_token=$(echo "$response" | jq -r '.access_token')
# Output the access token to stdout
echo "$access_token"
Save the script and make it executable:
chmod +x get_access_token.sh
Step 2: Update the Exim Configuration Open the Exim configuration file using a text editor as mentioned before. Add the following code to the configuration to include the new transport and authentication settings:
# Define the transport for normal email sending
normal_transport:
driver = smtp
hosts = smtp.gmail.com:587
tls_certificate = /ssl/certs/gmail-bulk-sending-389112-OpenSSL-key.pem
tls_privatekey = /ssl/certs/gmail-bulk-sending-389112-OpenSSL-key.pem
hosts_require_tls = *
headers_add = "From: ${quote:$h_envelope_from}"
return_path_add
# Define the transport for authentication
auth_transport:
driver = pipe
command = /path/to/get_access_token.sh
current_directory = /path/to/script_directory
user = your_system_username # Replace with the appropriate system username
group = mailgroup # Replace with the appropriate group
# Router to handle email sending
send_via_firebase:
driver = manualroute
route_list = * smtp.gmail.com::587 byname
transport = normal_transport
no_more
# Router to handle authentication
authenticate:
driver = accept
domains = +local_domains
condition = "${if eq {$sender_address} {firebase-auth@yourdomain.com}}"
transport = auth_transport
no_more
Step 3: Replace Placeholders Replace the following placeholders with the appropriate values:
/ssl/certs/gmail-bulk-sending-389112-OpenSSL-key.pem
with the actual path to your SSL certificate file./path/to/get_access_token.sh
with the actual path to the get_access_token.sh
script created in Step 1./path/to/script_directory
with the actual directory where the get_access_token.sh
script resides.your_system_username
with the username of the system user that should execute the authentication script.mailgroup
with the appropriate group name that should execute the authentication script.Step 4: Save and Restart Exim Save the changes to the Exim configuration file and restart the Exim service for the changes to take effect:
For SysVinit systems:
sudo service exim restart
For systemd systems:
sudo systemctl restart exim
Step 5: Test the Configuration Send a test email to ensure that the new configuration is working correctly. Check the Exim logs for any errors or issues:
sudo tail -f /var/log/exim/mainlog
That's it! You have now successfully set up the custom script to obtain the access token and integrated it into the Exim configuration for Firebase gmp_nav20_authAuthentication, transports to App Engine, OAuth 2.0 Client, and Gmail API.
Your new assignment is to analyze and develop a custom script that obtains the access token using your JSON Web Key (JWK) credentials and outputs it to stdout, 2 Save it as get_access_token.sh, transport Firebase gmp_nav20_authAuthentication, transport to App Engine, Gmail API:
App Engine key = 76446a0d52b4bd34ead45c7c9e0fd001bd404a5a App Engine email = gmail-bulk-sending-389112@appspot.gserviceaccount.com
API Key Name = gmail-bulk-sending (auto created by Firebase) API Key = AIzaSyCxkplcaDKe9d97JwwN2h8WJITr697UlzA
tls_certificate = /ssl/certs/gmail-bulk-sending-389112-OpenSSL-key.pem tls_privatekey = /ssl/certs/gmail-bulk-sending-389112-OpenSSL-key.pem JSON Web Key (JWK) file json_key="/ssl/json/gmail-bulk-sending-389112-firebase-adminsdk-bpwq7-1c8285bad0.json
normal_transport: driver = smtp hosts = smtp.gmail.com:587 tls_certificate = /ssl/certs/gmail-bulk-sending-389112-OpenSSL-key.pem tls_privatekey = /ssl/certs/gmail-bulk-sending-389112-OpenSSL-key.pem hosts_require_tls = * headers_add = "From: ${quote:$h_envelope_from}" return_path_add
auth_transport: driver = pipe command = /path/to/get_access_token.sh current_directory = /path/to/script_directory user = your_system_username # Replace with the appropriate system username group = mailgroup # Replace with the appropriate group
send_via_firebase: driver = manualroute route_list = * smtp.gmail.com::587 byname transport = normal_transport no_more
authenticate: driver = accept domains = +local_domains condition = "${if eq {$sender_address} {firebase-auth@yourdomain.com}}" transport = auth_transport no_more
Did the solution meet the assignment? Based on the problems you found, rewire the entire project step by step guide with CLI commands:
To complete the assignment, we need to create a custom script named get_access_token.sh
that obtains the access token using the provided JSON Web Key (JWK) credentials and outputs it to stdout. Additionally, we'll update the Exim configuration to include the new transport and authentication settings for Firebase gmp_nav20_authAuthentication, transports to App Engine, and Gmail API.
Here's the step-by-step guide with CLI commands:
Step 1: Create the get_access_token.sh Script
Open a terminal and create the get_access_token.sh
script with the following content:
#!/bin/bash
# Load the JSON Web Key (JWK) file into a variable
json_key=$(cat /ssl/json/gmail-bulk-sending-389112-firebase-adminsdk-bpwq7-1c8285bad0.json)
# Extract the private key from the JWK file
private_key=$(echo "$json_key" | jq -r '.private_key')
# Use openssl to generate the JWT assertion
jwt_assertion=$(echo -n "$json_key" | openssl dgst -sha256 -sign <(echo -n "$private_key") | base64 | tr -d '\n')
# Use curl to get the access token
response=$(curl -sS -X POST "https://www.googleapis.com/oauth2/v4/token" -H "Content-Type: application/x-www-form-urlencoded" -d "grant_type=urn%3Aietf%3Aparams%3Aoauth%3Agrant-type%3Ajwt-bearer&assertion=${jwt_assertion}")
# Extract the access token from the response
access_token=$(echo "$response" | jq -r '.access_token')
# Output the access token to stdout
echo "$access_token"
Save the script and make it executable:
chmod +x get_access_token.sh
Step 2: Update the Exim Configuration Open the Exim configuration file using a text editor:
sudo nano /etc/exim/exim.conf
Add the following code to the configuration to include the new transport and authentication settings:
# Define the transport for normal email sending
normal_transport:
driver = smtp
hosts = smtp.gmail.com:587
tls_certificate = /ssl/certs/gmail-bulk-sending-389112-OpenSSL-key.pem
tls_privatekey = /ssl/certs/gmail-bulk-sending-389112-OpenSSL-key.pem
hosts_require_tls = *
headers_add = "From: ${quote:$h_envelope_from}"
return_path_add
# Define the transport for authentication
auth_transport:
driver = pipe
command = /path/to/get_access_token.sh
current_directory = /path/to/script_directory
user = your_system_username # Replace with the appropriate system username
group = mailgroup # Replace with the appropriate group
# Router to handle email sending
send_via_firebase:
driver = manualroute
route_list = * smtp.gmail.com::587 byname
transport = normal_transport
no_more
# Router to handle authentication
authenticate:
driver = accept
domains = +local_domains
condition = "${if eq {$sender_address} {firebase-auth@yourdomain.com}}"
transport = auth_transport
no_more
Step 3: Replace Placeholders Replace the following placeholders with the appropriate values:
/ssl/certs/gmail-bulk-sending-389112-OpenSSL-key.pem
with the actual path to your SSL certificate file./path/to/get_access_token.sh
with the actual path to the get_access_token.sh
script created in Step 1./path/to/script_directory
with the actual directory where the get_access_token.sh
script resides.your_system_username
with the username of the system user that should execute the authentication script.mailgroup
with the appropriate group name that should execute the authentication script.Step 4: Save and Restart Exim Save the changes to the Exim configuration file and restart the Exim service for the changes to take effect:
sudo service exim restart
Step 5: Test the Configuration Send a test email to ensure that the new configuration is working correctly. Check the Exim logs for any errors or issues:
sudo tail -f /var/log/exim/mainlog
That's it! You have now successfully set up the custom script to obtain the access token and integrated it into the Exim configuration for Firebase gmp_nav20_authAuthentication, transports to App Engine, and Gmail API.
normal_transport:
driver = smtp
hosts = smtp.gmail.com:587
tls_certificate = /etc/ssl/certs/gmail-bulk-sending-389112-OpenSSL-key.pem
tls_privatekey = /etc/ssl/certs/gmail-bulk-sending-389112-OpenSSL-key.pem
tls_require_ciphers = high
tls_verify_certificates = /etc/ssl/certs/devced_com_c779b_144e9_1721083899_7b4671b185e2c240cd1dd070db7c71be.crt
hosts_require_tls = *
headers_add = "From: ${quote:$h_envelope_from}"
return_path_add
auth_transport:
driver = pipe
command = /public_html/tokens/get_access_token.sh
current_directory = /public_html/tokens
# Replace with the user account used by Exim for running scripts
user = mailnull
# Replace with the group account used by Exim for running scripts
group = mail
send_via_firebase:
driver = manualroute
route_list = * smtp.gmail.com::587 byname
transport = normal_transport
no_more
authenticate:
driver = accept
domains = +local_domains
condition = "${if eq {$sender_address} {firebase-auth@yourdomain.com}}"
transport = auth_transport
no_more
normal_transport:
driver = smtp
hosts = smtp.gmail.com:587
tls_certificate = /etc/ssl/certs/gmail-bulk-sending-389112-OpenSSL-ssh-vm.crt
tls_privatekey = /etc/ssl/certs/gmail-bulk-sending-389112-private-ssh-vm.key
tls_require_ciphers = high
tls_verify_certificates = /etc/ssl/certs/devced_com_c779b_144e9_1721083899_7b4671b185e2c240cd1dd070db7c71be.crt
hosts_require_tls = *
headers_add = "From: ${quote:$h_envelope_from}"
return_path_add
auth_transport:
driver = pipe
command = /public_html/tokens/get_access_token.sh
current_directory = /public_html/tokens
# Replace with the user account used by Exim for running scripts
user = mailnull
# Replace with the group account used by Exim for running scripts
group = mail
send_via_firebase:
driver = manualroute
route_list = * smtp.gmail.com::587 byname
transport = normal_transport
no_more
authenticate:
driver = accept
domains = +local_domains
condition = "${if eq {$sender_address} {firebase-auth@yourdomain.com}}"
transport = auth_transport
no_more
auth_transport:
driver = pipe
command = /public_html/tokens/get_access_token.sh
current_directory = /public_html/tokens
user = mailnull
group = mail
authenticate: driver = accept domains = +local_domains condition = "${if eq {$sender_address} {firebase-auth@yourdomain.com}}" transport = auth_transport no_more
normal_transport:
driver = smtp
hosts = smtp.gmail.com:587
tls_certificate = /etc/ssl/certs/gmail-bulk-sending-389112-OpenSSL-ssh-vm.crt
tls_privatekey = /etc/ssl/certs/gmail-bulk-sending-389112-private-ssh-vm.key
tls_require_ciphers = high
tls_verify_certificates = /etc/ssl/certs/devced_com_c779b_144e9_1721083899_7b4671b185e2c240cd1dd070db7c71be.crt
hosts_require_tls = *
headers_add = "From: ${quote:$h_envelope_from}"
return_path_add
auth_transport:
driver = pipe
command = /public_html/tokens/get_access_token.sh
current_directory = /public_html/tokens
user = mailnull
group = mail
send_via_firebase:
driver = manualroute
route_list = * smtp.gmail.com::587 byname
transport = normal_transport
no_more
authenticate:
driver = accept
domains = +local_domains
condition = "${if eq {$sender_address} {firebase-auth@yourdomain.com}}"
transport = auth_transport
no_more
firebase_auth_login:
driver = plaintext
public_name = LOGIN
client_send = : firebase-adminsdk-bpwq7@gmail-bulk-sending-389112.iam.gserviceaccount.com : /etc/ssl/json/gmail-bulk-sending-389112-firebase-adminsdk-bpwq7-0bdb258c11.json
# Router to handle email sending
send_via_firebase:
driver = manualroute
route_list = * smtp.gmail.com::587 byname
transport = normal_transport
no_more
# Router to handle authentication
authenticate:
driver = accept
domains = +local_domains
condition = "${if eq {$sender_address} {team@cfored.com}}"
transport = auth_transport
no_more
# Define the transport for normal email sending
normal_transport:
driver = smtp
hosts = smtp.devced.com:587
tls_certificate = /etc/ssl/certs/gmail-bulk-sending-389112-OpenSSL-ssh-vm.crt
tls_privatekey = /etc/ssl/certs/gmail-bulk-sending-389112-private-ssh-vm.key
tls_require_ciphers = high
tls_verify_certificates = /ssl/certs/mautic_devced_com_b5dc7_cbd81_1723593599_793c87bd13178d516ccf74fac4533730.crt
hosts_require_tls = *
headers_add = "From: ${quote:$h_envelope_from}"
return_path_add
# Define the transport for authentication
auth_transport:
driver = pipe
command = /public_html/tokens/get_access_token.sh
current_directory = /public_html/tokens
# Replace with the user account used by Exim for running scripts
user = mailnull
# Replace with the group account used by Exim for running scripts
group = mail
# Define the transport for normal email sending
normal_transport:
driver = smtp
hosts = smtp.devced.com:587
tls_certificate = /etc/ssl/certs/gmail-bulk-sending-389112-OpenSSL-ssh-vm.crt
tls_privatekey = /etc/ssl/certs/gmail-bulk-sending-389112-private-ssh-vm.key
tls_require_ciphers = high
tls_verify_certificates = /ssl/certs/mautic_devced_com_b5dc7_cbd81_1723593599_793c87bd13178d516ccf74fac4533730.crt
hosts_require_tls = *
headers_add = "From: ${quote:$h_envelope_from}"
return_path_add
# Define the transport for authentication
auth_transport:
driver = pipe
command = /public_html/tokens/get_access_token.sh
current_directory = /public_html/tokens
# Replace with the user account used by Exim for running scripts
user = mailnull
# Replace with the group account used by Exim for running scripts
group = mail
# Define the transport for authentication: Section: AUTH
firebase_auth_login:
driver = plaintext
public_name = LOGIN
client_send = : firebase-adminsdk-bpwq7@gmail-bulk-sending-389112.iam.gserviceaccount.com : /etc/ssl/json/gmail-bulk-sending-389112-firebase-adminsdk-bpwq7-0bdb258c11.json
# Router to handle authentication: Section: ROUTERSTART
# ... (other routers)
# Router to handle authentication with Firebase Gmail API
authenticate_firebase:
driver = accept
domains = +local_domains
condition = "${if eq {$sender_address} {team@cfored.com}}"
transport = auth_firebase_transport
no_more
# Define the transport for normal email sending:
# ... (other transports)
# Define the transport for Firebase Gmail API authentication
auth_firebase_transport:
driver = pipe
command = /public_html/tokens/get_firebase_access_token.sh
current_directory = /public_html/tokens
user = mailnull
group = mail
//
Sure, here's the updated Exim email plugin script with the changes you specified:
# Define the transport for authentication: Section: AUTH
firebase_auth_login:
driver = plaintext
public_name = LOGIN
client_send = : firebase-adminsdk-bpwq7@gmail-bulk-sending-389112.iam.gserviceaccount.com : /etc/ssl/json/gmail-bulk-sending-389112-firebase-adminsdk-bpwq7-0bdb258c11.json
# Router to handle authentication: Section: ROUTERSTART
# ... (other routers)
# Router to handle authentication with Firebase Gmail API
authenticate_firebase:
driver = accept
domains = +local_domains
condition = "${if eq {$sender_address} {team@cfored.com}}"
transport = auth_firebase_transport
no_more
# Define the transport for normal email sending:
# ... (other transports)
# Define the transport for Firebase Gmail API authentication
auth_firebase_transport:
driver = pipe
command = /public_html/tokens/get_firebase_access_token.sh
current_directory = /public_html/tokens
user = mailnull
group = mail
Changes made:
authenticate_firebase
to handle authentication using the Firebase Gmail API.condition
to match the sender address ("team@cfored.com") for Firebase Gmail API authentication.auth_firebase_transport
for Firebase Gmail API authentication, using the pipe
driver.command
and current_directory
to use the Firebase access token script.Please note that I've added comments in the script for clarity. You'll need to update the paths and configuration details based on your setup.
Certainly, here's the modified Gmail API script with support for OAuth 2.0 client authentication only:
# Define the transport for normal email sending:
# ... (other transports)
# Define the transport for authentication using OAuth 2.0 client
auth_transport_oauth2:
driver = pipe
command = /public_html/tokens/get_oauth2_access_token.sh
current_directory = /public_html/tokens
user = mailnull
group = mail
# Router to handle authentication with OAuth 2.0 client
authenticate_oauth2:
driver = accept
domains = +local_domains
condition = "${if eq {$sender_address} {team@cfored.com}}"
transport = auth_transport_oauth2
no_more
Changes made:
auth_transport_oauth2
for OAuth 2.0 client authentication, using the pipe
driver.command
and current_directory
to use the OAuth 2.0 access token script.authenticate_oauth2
to handle authentication using OAuth 2.0 client.condition
to match the sender address ("team@cfored.com") for OAuth 2.0 client authentication.Please remember to replace the paths, script names, and configuration details based on your setup. This script supports OAuth 2.0 client authentication only and removes the Firebase-related configurations.
auth_transport_oauth2:
driver = pipe
command = /var/cpanel/ssl/token/get_access_token.sh
current_directory = /var/cpanel/ssl/token
user = mailnull
group = mail
authenticate_oauth2: driver = accept domains = +local_domains condition = "${if eq {$sender_address} {team@cfored.com}}" transport = auth_transport_oauth2 no_more
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Section: AUTH
firebase_auth_login: driver = plaintext public_name = LOGIN client_send = : firebase-adminsdk-bpwq7@gmail-bulk-sending-389112.iam.gserviceaccount.com : /etc/ssl/json/gmail-bulk-sending-389112-firebase-adminsdk-bpwq7-0bdb258c11.json
Section: ROUTERSTART
send_via_firebase: driver = manualroute route_list = * smtp.gmail.com::587 byname transport = normal_transport no_more
authenticate: driver = accept domains = +local_domains condition = "${if eq {$sender_address} {team@cfored.com}}" transport = auth_transport no_more
Section: TRANSPORTSTART
normal_transport: driver = smtp hosts = smtp.devced.com:587 tls_certificate = /etc/ssl/certs/gmail-bulk-sending-389112-OpenSSL-ssh-vm.crt tls_privatekey = /etc/ssl/certs/gmail-bulk-sending-389112-private-ssh-vm.key tls_require_ciphers = high tls_verify_certificates = /ssl/certs/mautic_devced_com_b5dc7_cbd81_1723593599_793c87bd13178d516ccf74fac4533730.crt hosts_require_tls = * headers_add = "From: ${quote:$h_envelope_from}" return_path_add
auth_transport: driver = pipe command = /public_html/tokens/get_access_token.sh current_directory = /public_html/tokens
user = mailnull
group = mail
normal_transport: driver = smtp hosts = smtp.devced.com:587 tls_certificate = /var/cpanel/ssl/ssl/gmail-bulk-sending-389112-OpenSSL-ssh-vm.crt tls_require_ciphers = high hosts_require_tls = * headers_add = "From: ${quote:$h_envelope_from}" return_path_add
auth_transport: driver = pipe command = /var/cpanel/ssl/token/get_access_token.sh current_directory = /public_html/tokens
user = mailnull
group = mail
firebase_auth_login: driver = plaintext public_name = LOGIN client_send = : firebase-adminsdk-bpwq7@gmail-bulk-sending-389112.iam.gserviceaccount.com : /var/cpanel/ssl/json/gmail-bulk-sending-389112-firebase-adminsdk-bpwq7-0bdb258c11.json
authenticate_firebase: driver = accept domains = +local_domains condition = "${if eq {$sender_address} {team@cfored.com}}" transport = auth_firebase_transport no_more
auth_firebase_transport: driver = pipe command = /var/cpanel/ssl/token/get_access_token.sh current_directory = /var/cpanel/ssl/token user = mailnull group = mail
EXIM Section | google_functions solution: AUTH (with TLS Encryption): replace the current EXIM configuration (#Section: AUTH, #Section: ROUTERSTART, #Section: TRANSPORTSTART) from "spamgateway", SmartHost, to SSL/TLS encryption using Auth 2.0 client and Google Functions: