We have an application that uses a couple different Google APIs (Login, Classroom). We originally wrote end-to-end tests to make sure that these integrations worked on a very basic level. Unfortunately, it looks like our end-to-end tests have started failing because Google is detecting "suspicious" login activity from the Google accounts we created to do the integration testing and is presenting Captcha's etc..
Is there anyway to get Google to whitelist an account so that they don't run it through all their security checks? We literally only use these accounts for automated testing.
As much as Email whitelisting goes this is what I found from the docs
Email whitelist:
An email whitelist is a list of IP addresses from which your users
expect to receive legitimate mail. When you add an IP address to your
email whitelist, mails sent from this IP address will generally not be
marked spam. To instead approve specific senders based on their email
address or domain name, create an approved sender list using the Spam
setting.
Please note that email whitelist is not exclusive. If you create a
whitelist for your G Suite account, it will affect your entire domain.
There's currently no functionality in place for you or your users to
only receive mail from a self-defined list of senders.
After you configure an advanced Gmail setting, it may take up to one
hour for that configuration to propagate to individual user accounts.
You can track prior changes under Admin console audit log.
To add IP addresses to your email whitelist:
Sign in to the Google Admin console. From the dashboard, go to Apps >
G Suite > Gmail > Advanced settings. In the Organizations section,
highlight your domain. In the Email whitelist section, enter the IP
addresses of your contact's domain host to make sure any mail
originating from these IP addresses are not labeled spam. If you would
like to add more than one IP address, enter an IP range in CIDR
notation or separate each IP address with a comma. Click Save changes.
Related
Due to server change, I need to make another account in Outlook so that it can take over when the new server is up and running.
I have created the new email address on the new server, but when I try to create it in outlook, I can't make an account with the same email address despite that the servers for in and out are different from the current server.
How to solve this?
If that is an Exchange account, you won't have much luck - autodiscover will redirect to the active server. You cannot explicitly specify the serve parameters.
Google API Server To Server service account key is a simple json or p12 file which can be compromised in some scenarios. Is there a way to limit its use to specific IPs or domains from Google Developer Console? The support topics there are not helpful at all.
No service accounts cant be restricted to IPs or Domains. Currently if you have the correct credentials then you can use them.
This is why you need to keep them safe. However that being said i think its a good idea. I am going to see if i can find someplace to add it as a feature request.
Note for openid signin
Signin returns an id token this id token can be verified verify the hd claim matches your domain name. Again this only works if you are authenticating with the openid scope.
Response from Google
I contacted one of the developers on Google identity this was his response.
IP restrictions had some value many years ago. Now, most of the apps are hosted in the cloud and traffic can move around the world thus making the IP restriction not very useful. If service account credentials are compromised, it is time to get a new credential or they were used in an incorrect way.
I am using Backendless.com as a BAAS for my application. I have some custom logic running on their servers which need to make an HTTP request to the Google Places API.
I'm trying to generate an API key for the Backendless.com server to run this request but i'm not sure what API key I need to generate. The Google developer console gives me 4 options. Server Key, Browser Key, Android Key, & iOS Key.
Server key seems to be the one I want to use... but I need to provide it with some IP addresses... I don't know where or how to find those! The console states that they are optional, but it seems insecure to not add the server IP address. What are the risks? Where can I find Backendless.com app server IP's?
Server key is what you want. Restricting access is a good additional security step to take, it is not however required. They basically make it so that if someone manages to steal your API Key, they can't use it from IPs that are not whitelisted. You will have to ask backendless.com if they have a finite list of IPs they can gurentee your requests will come from.
I am trying to integrate SES with Sendmail in My EC2 Server.
I looked this documents and followed steps, but didn't work out.
http://docs.amazonwebservices.com/ses/latest/DeveloperGuide/SMTP.MTAs.Sendmail.html
I hoped to see video, but there wasn't anything about this one.
I couldn't even find a good article or blog about this.
Can you help me out? I just need to set up Sendmail via SSH.
This is now possible -- log into your AWS Console, to the SES Dashboard, and you'll see a section titled "SMTP Settings" on the lefthand nav. There you will find instructions and a mechanism to create your own SMTP credentials.
At that point you will need to set up your Postfix or Sendmail to act as a relay for outbound mail, redirecting it to the AWS SES Service API.
HOWEVER a few caveats:
You won't be able to use this as some normal SMTP gateway or outbound mail host unless you were to verify any possible sender for mail headed out of your instance. A more ideal case for this is a vendor who sends out large marketing mails to its customers, or a service that pushes out mail on a subscription or alert basis, all of which come from just one or a small handful of addresses.
Also, using SES means you'll have to live by AWS's thresholds, even once you've requested production access. An AWS engineer told me in training that they generally keep an eye on your mailflow and any bounces or rejects, as well as complaints made about your mail, and so long as things look good they will continue to throttle you up in that regard.
Good luck to you.
Using Google Apps for your Domain, is it possible to set up a catch-all address to act as a proxy for various other addresses on a hypothetical virtual mailbox system and, if so, how would you go about setting this up?
Set up Google Apps so that all mail delivered to a non existant address gets sent to a certain address, log into that mailbox via POP, download all mail addressed to x#your-service.com
You might try the free service described at http://groups.google.com/group/google-appengine/browse_thread/thread/7f48e15a7cedafa6 ; I believe the ability for app engine to directly receive email is on Google's roadmap, but I don't know when it's scheduled to appear, or whether it will be available for free, etc, etc.