I did notice Gmail disable less secure enable options but I don't know does this mean Gmail SMTP will stop working if that requires less security enable like localhost requires that?
I think it stops working from May 2022 or something. Just wanna make sure about it.
Related
while looking at past questions, it seems like if I wanted to mail from localhost I would be able to use a gmail account through google's smtp service. However as of may 2022 it is no longer possible for external apps to use my google account: 1
Seemed like all information online was focused on using google's smtp on xampp, so I was wondering if anyone had a updated method they used for emailing from localhost?
Thanks in advance!
I'm thinking about a solution for the following scenario. We have an internal email server which can currently be reached from the internet via HTTPS and IMAP(S).
Now I need to integrate an external application which will do two-way-sync of one specific mailbox using IMAP. However, I don't want to just open port 993/TCP so any mailbox can be accessed via IMAP over the internet. Since we don't use IMAP internally, one possibility would be to disable IMAP for all mailboxes that don't need it.
Another solution that would work without opening up a port at all would be to sync messages from the internal mailbox to an external, publicly accessible mailbox using a tool such as imapsync. I'm just afraid this might not be the most reliable solution.
What I'd prefer is to set up an IMAP proxy server (with SSL of course) that would filter connections by user and would only allow white-listed users to actually connect to our internal IMAP server. I didn't find any software that is able to do this out of the box. The thing that comes closest is a scripted solution using nginx and Perl - not maintained and might have security issues. Does anyone know of an IMAP proxy that is able to do filtering or pre-authentication?
Thanks!
I am a newbie at play, and I am trying at least to use HTTPS on a login and sign up pages in order to have more security on sensitive user data.
I have a range of questions regarding this:
I have configured my play application to use https on the application.conf file with the https.port property. However in my development environment I cant seem to start the server with https capability unless I use the command: play -Dhttps.port=<port>
Why does this happen? I would think that I could use a dev.conf (right now is the application.conf) file in order to do this. Can't I start the server in dev mode while using this kind of settings specified on the configuration file?
Although I start the server with https capabilities, what is the correct way to use https on play? I already created a java key store that I use, and tried to redirect (from a controller) requests to a https url using redirect(securedIndexCall.absoluteURL(request, secure)). But it does not seem to work at least on my dev enviroment (localhost). The logs specify exceptions like:
java.lang.IllegalArgumentException: empty text
java.lang.IllegalArgumentException: invalid version format: M¥å/=<junk characters continue>
Should I use https on the whole application, or just securing the login and sign up requests is sufficient?
I feel the official documentation provided is rather insufficient and I am at a loss here trying to figure out how I should do this.
Any help would be really appreciated!
I agree with Fernando, I think it's easier to set up a front end web server. In my case I used Lighttpd and it was fairly straightforward to set up. I'd recommend:
Configure Lighttpd as per these instructions (at this stage, don't worry about HTTPS just get HTTP working): http://www.playframework.com/documentation/2.3.x/HTTPServer
Then configure HTTPS in Lighttpd: http://redmine.lighttpd.net/projects/1/wiki/HowToSimpleSSL. If you intend on buying an SSL certificate then there will be a few more options to set (e.g. intermediate certificate). The following page has more information: http://redmine.lighttpd.net/projects/1/wiki/Docs_SSL
Answers to your main questions:
1) Enabling HTTPS in Play
Yes, you have to explicitly say you want to use HTTPS when starting up
http://www.playframework.com/documentation/2.3.x/ConfiguringHttps
2) The "java.lang.IllegalArgumentException" error message
There might be an issue with the keystore. This SO article seems to discuss in more detail: Play framework 2.2.1 HTTPs fails on connection attempt
3) SSL for login page or whole app
Personally, I would go for the whole app. If you're taking the time to set up HTTPS I think you might as well cover the whole site. I guess there are slight performance overheads in running HTTPS but realistically it's not something you'd notice.
You should use a front end server for HTTPS, and use HTTPS for the whole application.
Please see Setting up a front end HTTP server and see the commented out nginx settings.
I am working on .net applicaton that need to send emails to clients. I am trying to figure out what would be that best solution to send emails. Here is what i have considered. Could you please suggest what would be the best way to go for?
1>Windows server 2008 in built smtp
service.
2>Exchange server hosted in our
datacenter.
3>Use google apps for sending
emails(Basically same as gmail like
for custom domain).
I have explored all options and below are findings.
1>I think would be way to go. Also
supports drop in directory to send
emails so can achieve disconnected
email activity.
2>Application would be tied up with
availability of exchange server and
we dont have any exchange server
support personal. Only developers
poke around in exchange server and
got it working. So if option 1 is as
good as 2 then would like to go with 1.
Is there any drop in directory feature in exchange server like 1?
3>Tried gmail smtp stuff didnt
work. I was receiving timeout error.
Also there is no guarantee that
gmail will send our mail
reliability. They can decide anytime
to stop sending our mails as we are
using free standard version of
google apps.
Other questions:
I installed smtp service in windows server 2008. Now to use this do i need to change any MX record and anything? What i need to do so it can send email using my domain name. Or it can send email for any domain?
I would use a hybrid of 1 and 2. Use local SMTP, but have it relay to your exchange server. Emails will queue if it can't relay to exchange and you have one server(s) that handle all of your outgoing/incoming mail. This support doc explains this setup: http://support.microsoft.com/kb/303734
You only need an MX record if you'll be receiving mail from that domain too.
I would also put in a reverse DNS entry for your domain, which will help with spam detection.
I have a website in which I want to be able to detect a certain user based upon a permanent attribute of a specific user.
My original plan was to use an ip address but those are difficult to maintain since they can change frequently.
Cookie's and Sessions are almost out of question because they expire and tend to be difficult to manipulate.
Basically what i want to be able to do is detect if the current client visiting the website is a special user without having to deal with logins / passwords. To use something more permanent.
The user agent plugin could work but then, if i ever upgrade firefox or whatever i would have to go in and manually update the user agent string.
I found this script: https://addons.mozilla.org/en-US/firefox/addon/6895 but it doesn't work for newest version of firefox 3. It would be a perfect solution because it sends special headers at specific websites.
Short of writing my own extension does anyone have ideas of what to do? Do i need an extension? Should i try to write my own?
You could generate a SSL client certificate, and have your users install it. From then on, their browser would identify them using their certificate.
HOWTO: Securing A Website With Client SSL Certificates
SSL and Certificats (IIS 6.0)