lists
2020-Oct-27 23:13 UTC
SV: Looking for a guide to collect all e-mail from the ISP mail server
I would have to also hack the email client since I don't enter my 20 character high entropy password when I send or retrieve email. You really need an email standard to integrate TOTP. To be realistic, you need Gmail to use it. Whatever Gmail wants is essentially a defacto standard. I live in the real world, so whatever Google wants, I comply. ? Original Message ? From: jtam.home at gmail.com Sent: October 27, 2020 3:57 PM To: dovecot at dovecot.org Subject: Re: SV: Looking for a guide to collect all e-mail from the ISP mail server On Tue, 27 Oct 2020, Sebastian Nielsen wrote:> Kind of stupid that there doesn't exist some common standard for 2FA that > works in email clients.You can bodge it for HOTP/TOTP hardware token generators.? Dovecot allows custom plugins to check passwords.? The plugin can take passwords of the form {password}+{2fa-token}, then split each part to check against authentication systems to check validity. Joseph Tam <jtam.home at gmail.com>
Sebastian Nielsen
2020-Oct-28 00:56 UTC
SV: SV: Looking for a guide to collect all e-mail from the ISP mail server
>>Whatever Gmail wants is essentially a defacto standard.Gmail have solved it with a Oauth authorization scheme. Basically, first time setting up mail, you are asked to authenticate by 2FA in a webview, then a shared secret is established, that is used during SMTP and IMAP time. Both Hotmail and Gmail is using this hackish webview solution for Outlook integration (and integration in some other email clients). Thats why Google and Microsoft have their own buttons inside Outlook and some other mail clients. -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 5715 bytes Desc: S/MIME Cryptographic Signature URL: <https://dovecot.org/pipermail/dovecot/attachments/20201028/bc0fd4f6/attachment-0001.p7s>
lists
2020-Oct-28 01:38 UTC
SV: SV: Looking for a guide to collect all e-mail from the ISP mail server
And which email clients can do this? A defacto standard needs to be adopted. If I don't provide SPF or DKIM, I am likely to be deemed spammy, hence a defacto standard has been established. I don't see this with TOTP. I'm all for TOTP, but I'm not going to code my own. ? Original Message ? From: sebastian at sebbe.eu Sent: October 27, 2020 5:56 PM To: dovecot at dovecot.org Reply-to: dovecot at dovecot.org Subject: SV: SV: Looking for a guide to collect all e-mail from the ISP mail server>>Whatever Gmail wants is essentially a defacto standard.Gmail have solved it with a Oauth authorization scheme. Basically, first time setting up mail, you are asked to authenticate by 2FA in a webview, then a shared secret is established, that is used during SMTP and IMAP time. Both Hotmail and Gmail is using this hackish webview solution for Outlook integration (and integration in some other email clients). Thats why Google and Microsoft have their own buttons inside Outlook and some other mail clients.
Apparently Analagous Threads
- SV: Looking for a guide to collect all e-mail from the ISP mail server
- SV: Looking for a guide to collect all e-mail from the ISP mail server
- SV: SV: Looking for a guide to collect all e-mail from the ISP mail server
- SV: Looking for a guide to collect all e-mail from the ISP mail server
- SV: SV: Looking for a guide to collect all e-mail from the ISP mail server