Re: Sendmail on FreeBSD 14, gmail problem

On 4/17/24 20:39, bp@www.zefox.net wrote:

Pulling the conversation back to sendmail, if I get apache24 to accept and work with https connections have I laid a reasonable foundation to let sendmail authenticate with gmail?

While both Apache and Sendmail use the same underlying TLS libraries; oft OpenSSL, sometimes an alternative, what they do with it and how they make use of them are separate.
About the only thing that Apache will bring to the email party is infrastructure to host the policy file for MTA-STS.
You can use the same certificate file and key for both Apache and Sendmail.
"authenticate with gmail" means a couple of different things to me in 2924:
1)  Requirements for senders to be /authenticated/; e.g. SPF and / or DKIM.
2)  OAuth 2.0 authentication to send relay email to the world via Gmail.   Read: use Gmail as a smart host in Sendmail parlance.
Which of these are you asking about?
1.SPF is easy to do with TXT records in DNS.
1.DKIM is a bit more complicated and requires a milter to sign outgoing messages as well as various DNS records to support DKIM.
2 is another critter entirely.  I am not aware of a recipe to make this work.  I feel certain that there is on and I'm just unaware of it.  I can see some plumbing to create a new mailer that does the OAuth w/ Gmail and sends messages.  I know how to add mailers to Sendmail, but I have no idea what such a mailer would look like.
I've heard about people using -- what I think -- are called application passwords with Gmail to make non-OAuth aware software work with Gmail. Maybe this will work allow Sendmail to use Gmail as a smart host using authentication using the App Password.
I've read that app passwords are still a thing but require multi-factor to be enabled to get access to them.
I could also be a decade behind the times when it comes to OAuth.

Thanks for writing!

:-)
--
Grant. . . .