Posts Tagged Gmail

Simple outbound email configuration for Ubuntu Server 12.04 using sSMTP

If all you really want from your Ubuntu Server is to be able to send you email if something goes wrong, or the occasional email to a trusted partner, friend, colleague, etc, then you want a simple solution. Although Postfix or sendmail, etc, will work in a satellite configuration, it’s still too heavy and over-the-top for this type of setup.

Enter sSMTP.

apt-get install ssmtp

Now open /etc/ssmtp/ssmtp.conf in your favorite text editor and, to get it working on an example gmail account, set it up like so:

root=youremail@gmail.com
mailhub=smtp.gmail.com:587
AuthUser=username
AuthPass=password
UseTLS=YES
UseSTARTTLS=YES
AuthMethod=LOGIN

Save the file, and you’re done.

Example for Amazon SES users. Be sure the sending domain is verified or mail will get rejected.:

root=youremail@gmail.com
# from SES SMTP settings
mailhub=email-smtp.us-east-1.amazonaws.com:587
AuthUser=username
AuthPass=password
UseTLS=YES
AuthMethod=LOGIN

Important: You’re leaving your Gmail account password in a plaintext file. Make sure you’re using strong passwords. Even better, use Google 2-factor authentication so you can use an application-specific password for sSMTP.

UPDATE: Lastly, update the permissions

chown root:mail /etc/ssmtp/ssmtp.conf
chmod 640 /etc/ssmtp/ssmtp.conf

Unprivileged users who have a need to send mail using sendmail must be a member of the mail group, or they will receive the following error:

mail: Cannot open mailhub:25

This was written for Ubuntu Server 12.04 64-bit.

Further reading:

Advertisements

, , , , ,

Leave a comment

How to share a Google Calendar using iCal

Sharing Google calendars between Google users is easy, but what if you want to create and share a Google calendar with someone who doesn’t use Google?

It’s actually not very difficult at all, and I’ll explain how to do it using your calendar’s private link. This will enable your viewer to see all event details, but due to the technical limitation of using iCal, they won’t be able to make any edits. This may be a good thing or a bad thing, depending on your specific situation.

So here’s how it works.

First, go to your Google calendar and locate the calendar you wish to share on the left side. In this case, I want to share my ‘work’ calendar. Hover over the calendar name and click the down arrow that appears next to it:

gcal_share_1

On the menu that appears, click ‘Calendar Settings’:

gcal_share_2

Scroll down to the bottom to where it says ‘Private Address’

gcal_share_3

In this case we want the iCal address link. You can either right-click the green iCal button and say ‘Copy Link Location’ (depending on your browser), or click it for a pop-up that gives you the link you can copy and paste, like so:

gcal_share_4

Now, if you want to ever revoke access to that calendar’s private link at a later date, just use the ‘Reset private URLs’ link which appears next to the private links.

, ,

Leave a comment

Switching from ActiveSync (Microsoft Exchange) to IMAP and CardDAV for Google Gmail on iPhone

Since Google is discontinuing it’s ActiveSync services, which allowed iPhone (and other handhelds) to sync account data using ActiveSync, you may want to reconfigure your devices now, or simply remember how to do this for the future. Note these steps are iPhone-specific, but can be easily adapted for other phones.

I’ll explain how to delete the ActiveSync setup, then how to add an IMAP account configuration for mail and calendars, and a CardDAV setup for contacts. If you only want to add a new setup, simply skip the first section here.

Deleting the existing ActiveSync setup

You can delete the existing ActiveSync setup by going to Settings > Mail, Contacts, Calendars and locating the account under Accounts. Touch the account name, then scroll to the bottom and click Delete Account. This will remove the data associated with the sync from your phone.

Creating the sync accounts

You’ll want to create both a Gmail IMAP account (for mail, calendars, and notes) and a CardDAV setup (for contacts). If you want reminders as well, you’ll have to create a CalDAV setup.

Creating the Gmail IMAP setup

Creating this sync account is very easy on the iPhone. First, in Settings > Mail, Contacts, Calendars, touch Add Account….  Next, touch Gmail, and enter your account information.

Creating the CardDAV setup

Similiar to the above. Go to Settings > Mail, Contacts, Calendars, touch Add Account…, then scroll down and touch Other. Touch Add CardDAV Account. For Server, enter google.com, and continue with the rest of your account information.

For CalDAV, choose Add CalDAV Account instead of CardDAV, and follow the same account information.

If you use two-factor authentication for your Google account, be sure to use your application-specific password instead of your account password.

Google Apps setup is exactly the same as a standard Google account, just substitute your full email address for the username.

, , , , , , ,

Leave a comment

Streamline your emergency contacts with an emergency email address

By now you’ve heard of In Case of Emergency (ICE), the encouragement to store one or more phone numbers in your phone prefixed with ICE, so that they can be quickly identified in case of a need to contact a close friend or loved one if something should happen to you. But there are several situations in which this could be improved:

What if your contact(s) are away from their phone, on vacation, or in areas of poor reception?

What if you have a large number of people that you would like to have reached in case of emergency, such as a large family or extended family?

What if you want to respect your contact’s right to privacy until the need arises that they be contacted?

Enter the use of an emergency email address.

Email is as ubiquitous as text messaging now, and is often an easier way to communicate. Many of us have our email delivered to our cell phones or our desk computers. An emergency email address has a huge number of benefits:

  • Quickly have all of your emergency contacts notified at the same time.
  • Have your contact’s right to privacy respected until the need arises.
  • Have a central point where all of your emergency contacts can quickly reach each other (through the use of your emergency email address) to quickly exchange information.
  • Have email alerts delivered via SMS text message to cell phones which don’t have email, via an SMS gateway.
  • Have a caregiver or doctor notified who can keep up with changes in a medical condition.

Setting it up is as easy as setting up an email distribution list which includes your emergency contacts, and creating a card with that emergency contact information you can carry around with you.

Here’s a quick walkthrough for Gmail users to set it up with their existing Gmail account, using the plus sign trick:

Before you can set this up, you will need to add a list of forwarding contacts who will receive your messages. In order to add forwarding addresses in Gmail, you will need to add and validate each of them individually. You can follow the instructions below for reference.

Adding forwarding contacts

Log into your email and click the gear icon and go to Settings.

Click on Forwarding and POP/IMAP, and click Add a forwarding address:

Add and confirm your forwarding address:

You will be notified that a confirmation code has been sent to verify permission.

You will need to get the confirmation code from the recipient in order to verify the address.

Once you’ve verified at least one address, the following will appear. You want to leave forwarding disabled, as you’ll be setting up filters later to handle the actual forwarding.

Repeat with any additional forwarding addresses.

Creating the filters

Now, decide what your plus sign suffix will be. It can be anything, and since it’s based on your email address, nothing is “already taken.” For this example, we’ll say my current email address is me@gmail.com, and I’ve decided to use +ice as the suffix. So, my emergency contact email will be me+ice@gmail.com.

Then, go to Filters, scroll to the bottom and click Create a new filter.

Then, in the new filter, enter your email address and emergency suffix in the To box. Since I’m using me+ice@gmail.com, that’s what I’m putting. Don’t copy and paste, use your own. Then, click Create filter with this search.

In the next step, check the box for Forward it to and select one of your destination addresses. Since Gmail only allows you to select one forwarding destination, you will need to create a separate filter for each destination address, using the same rules. I have tested it and it does indeed work.

After creating in this case two filters, I see the following in my filters list:

At this point, you’re done and can send the address a test message if you like.

Questions, comments, or thoughts about this? Please feel free to comment below!

, ,

Leave a comment

Why good password practices are no longer optional — Part 1

This is the first part in a two-part series in password security practices and storage. Be sure to click here to read part two if you haven’t already!

If you — like many people — are in the habit of using simple passwords, or even the same password over multiple sites, you’re setting yourself up for disaster.

Let me briefly explain: If you’re using a simple password it becomes much easier for a hacker to brute-force your password and gain access to your account. You should always use the strongest password — lower- and upper-case letters, numbers, and special characters — that any particular website supports.

If you’re already using strong passwords, good for you. However, if you’re using that same password — or a variation of it — on multiple sites, you’re undercutting the security of it. If one website that you use it on becomes compromised and that password is revealed or released, any other website that you use it on has also become compromised.

One example of this disaster is the RockYou hack. In  January of 2010, Imperva released data regarding passwords exposed in the RockYou.com breach. In this attack, 32 million accounts were compromised and led to the disclosure of the top ten most used passwords, which potentially led to countless more accounts being compromised which used passwords that were on that list. This list was later updated to the 25 most often used passwords, as listed on Yahoo Finance.

Another example of this disaster waiting to happen is a phishing attack. This type of social engineering attack starts with a convincing-looking email that leads you to a website where you will “log in” or provide some other account details. The site that you’re directed to — while looking like the real site — is often a fake, designed to get you to provide your account information. Once the site has it, your account information can be used to log in to the real site. From there, a hacker can seize control of your account (changing the email address, password, and security questions), and attempting to use that information to log into other sites. Again, if you’re using the same password on multiple sites, the hacker now has access to all of those other sites.

Think you can identify a phishing email? Take a few minutes and take the SONICwall Phishing IQ Test now. I got 100% on this test, feel free to post your score in the comments below! You can also try the OpenDNS phishing quiz. I scored 14 out of 14 on the OpenDNS quiz. Feel free to post your scores and feedback in the comments below.

The implications of this are almost limitless if an attacker manages to take control of your email account. Once that happens they can start issuing password reset requests on other sites, and start taking control of them as well. For that reason, protecting the security of your email account should always been first and foremost. Google for one agrees, and offers users the option of 2-factor authentication, which provides a very strong level of security. If you have a Google (Gmail) or Google Apps account, I recommend you go and set this up immediately. It only takes about 15 minutes.

Do you have any other password security practices that you would recommend? Do you have a story to share about an account being compromised? Do you have anything to share that I didn’t cover above? Please feel free to share in the comments below! Also — check back for part two of this article, coming soon!

, , , , ,

Leave a comment

I put down my Android and picked up an iPhone… here’s what I noticed

I’ve been getting more than a few expressions of “You? Got an iPhone?” from friends and family lately, after they see my iPhone 4S. While I’ve been known not to be the biggest fan of Apple up until now, I’m starting to realize why the device has gotten to be so popular — it’s an easy-to-use, reliable device that doesn’t frustrate.

Although learning a new smartphone OS hasn’t been terribly difficult, here’s some of the major points between the two that I’ve found myself having to adjust to.

The Home Screen

The home screen on an Android phone is more-or-less a “blank slate”, waiting for you to fill it to your liking with widgets and shortcuts, to make it just the way you want it. If you want to access all your installed apps you open what’s typically referred to as the “app drawer.”

On an iPhone, that “app drawer” is your home screen. No widgets here, though apps do have what’s called “badges” that can show an indicator on the icon if the app has something that wants your attention, such as a number of missed calls over the phone icon, unread texts over the messages icon, and so on.

Removable Storage

Android-based phones feature a microSD card slot for removable storage. It’s an optional — but highly recommended — additional storage space that you can use for media, and on some versions of Android, even apps. You can upgrade this by simply popping out the card, copying the contents to a new, presumably larger card, and putting that card in your phone.

On an iPhone on the other hand, what you buy is what you get — buy a 16GB iPhone, get a gross total of 16GB. Likewise for the other sizes, such as 32GB.

However, there’s some distinct differences:

Android phones by default have their apps installed on the phone’s lower-capacity internal memory. Since the internal memory is smaller than the microSD card, (Sprint’s Epic 4G for example, only has 1GB internal memory), you are sharply limited for the space your apps have to share with everything else. Starting with Android version 2.2 (Froyo) and up you had the ability to move apps to the SD card. This frees up internal memory. However, its up to the app developer to support this feature, and if they did, most apps still required that you move it yourself from within the phone’s settings. Remember those widgets? Don’t plan on them working if you move your app to the SD card.

iPhones on the other hand have a single unified storage area for everything. Assuming you get a 16GB iPhone, that storage space is used for everything — there’s no need to move anything. Apps, media, and the OS all share a single storage space. You might say “this is less overall than an Android phone”, and you would be right. But — you aren’t going to have to try to balance what apps are stored on SD card versus the phone’s internal memory.

When you plug your Android-based smartphone into your computer’s USB port, you’ll likely get a message asking if you want to charge-only, or mount as removable storage. If you select to mount as removable storage you have full access to the SD card in the phone. This is handy if you want to use your phone’s memory card as a makeshift USB flash drive. However, once you mount it to the PC, you don’t have access to it from the phone. Apps that are installed on the SD card cannot be run, and you won’t have access to any media on the card until you unmount it from the PC.

Media

Installing media on an Android phone isn’t difficult. Simply mount the phone to your PC as USB storage (or insert the microSD card into your computer), and copy music, pictures, or anything else you like to it. When you unmount (or insert the card back into the phone) the media scanner will automatically detect your media and propagate the media libraries. But — it’s up to you to get your own music.

With an iPhone and a Windows or Mac computer running iTunes you simply connect your phone to your PC, select what media — such as music, movies, or other — you want to sync, and iTunes adds it to your device. You can purchase your music through iTunes as well. However, you have to use iTunes. Don’t expect your iPhone and Linux-based PC to get along very well.

Backup and Restore

With an iPhone, completely backing up your device is as quick and easy as plugging it into iTunes and right-clicking on it and choosing “Backup.” iTunes takes care of it, and makes restoring it just as painless.

With an stock Android, you don’t have any options to make a “full” backup. You can sync your contacts, calendar, etc to your Google (or other) account, and there they will sit in case you need them. In case of a serious issue, you can boot your phone to recovery mode and wipe it from there, restoring it to stock configuration, after which, prepare to spend some time reinstalling and reconfiguring your apps and account. Rooted users have a few additional options, such as ClockworkMod’s Nandroid backup and restore, and the third party app Titanium Backup.

There’s a lot more differences between the two that I didn’t cover above. But I will say this: When people ask me why I got an iPhone, my typical response is something along the lines of “it’s easy to use without having to think about.” I really enjoy my iPhone, and I don’t think I’ll be picking up an Android phone again anytime soon.

What about you, reader? What are you experiences with Android and iPhones? Do you have anything to share or compare that I didn’t cover in the above? Please feel free to share your thoughts in the comments below!

, , , , , , , ,

2 Comments

How to import Android phone contacts to Gmail contacts

If you set up your Google account using your Android phone, or you added contacts to your phone but didn’t set them as Google account contacts, you will find they’re not synced to your Google account. This means that they’re not available as contacts when composing messages, and worse, you’re not using your Google account as a backup in case your phone is lost or damaged, or you swap phones.

You can easily fix this by doing the following steps from your Android phone:

  • Open Contacts
  • Hit menu > Import/Export
  • Export to SD card, then hit OK to confirm.

After a few moments, your data will be exported.

Next, we delete all contacts, to prevent confusion

  • In Contacts, hit menu > delete > Select All > delete

If you don’t have this option, try Delete All Contacts from Android Market.

(If you’re concerned about deleting your contacts before re-importing them, you can always import them, then resolve the duplicates manually, but you will have stale contacts in your phone. Deleting your contacts then re-importing them a second time will take care of that.)

Lastly, re-import all the contacts to your Google account

  • Hit Import/Export again
  • Select Import from SD Card
  • Select Save contact to… (your Google account) NOT phone

After a few moments, your data will be re-imported, and synced with your Google account online. Note that it may take up to a few minutes for the contacts to start appearing in your Google account.

If you mistakenly import multiple times, you may end up with duplicates in your online Google account. To fix this, simply open more > Find and Merge duplicates from your Contact manager as shown below:

Yes, I really do have 329 contacts.

Note: It is not possible to preserve group information during an export/import. It’s not supported by Google.

Questions and comments are welcome below, thank you!

, ,

82 Comments

Google adds two-factor (2-factor) authentication for Gmail and Google Apps

Two-factor authentication finally comes for Google accounts, including Google Apps.

From Google:

Using 2-step verification will help prevent strangers from accessing your account with just a stolen password. When you sign in with 2-step verification, you’ll verify your identity using both a password and a code that you receive on your phone. Learn more

The one-time-password (OTP) that you receive on your phone can come from one of two different methods: Either a time-based password using the Google Authenticator app for your smartphone (BlackBerry, iPhone, Android), or as a text message. Google also provides you a set of codes that you can print out, in case you don’t get your code or your phone is lost. Keep them in a safe place, because if you lose your phone and your codes, getting access to your account is a royal pain — but that’s the way it’s supposed to be:

You’ll need to fill out an account recovery form to verify ownership of the account. Take time to answer each question to the best of your ability. The form was designed to ensure that no one can gain access to your account except you. Since Google doesn’t collect a lot of information about you when you sign up for an account, we will ask you questions like when you created your account, what Google services you use, and who you email frequently (if you use Gmail) to make certain you are authorized to access your account.

Two-factor needs to be turned on in your Google Account settings, and Google has an excellent walk-though on how to activate and test two-factor during the setup. Google calls their two-factor authentication simply “2-step verification.”

To access your account settings from your Gmail or Google Apps mail screen, click Settings in the top right, then click the Accounts tab, then Google Account Settings. then click the “2-step verification” link.

Google says that setting up their 2-step verification takes about 15 minutes, and it’s a good estimate. Budget longer if you’re less savvy or want to be more careful. There’s a testing step involved, so there’s little risk of locking yourself out of your account.

There are major security advantages to using two-factor authentication. One of the biggest simply being that if your password is compromised, there’s still a barrier preventing someone from logging in and having their way with your account.

Along with this, Google introduces what they call “Application specific passwords.” These are workaround passwords for applications (IMAP/POP/SMTP clients, Google Talk, etc) that can’t present the OTP passwords required for two-factor authentication. Instead, you generate a different password — one for each resource if you like — and enter that in your application instead of your normal password. Sound confusing? It’s not, really. This has the added advantage that if someone gains access to your applications configuration files (e.g. Outlook) and pulls your password out, they can’t use it to log directly into your Google account. You can also go into your Google account and revoke these generated passwords at a later date if a resource does become compromised.

After enabling 2-step authentication, you’ll receive an email with information which includes information about application specific passwords:

IMPORTANT: What to Do If Some Applications Stop Working

Some applications that access Google data do not accept verification codes. They
only accept usernames and passwords. Examples include:

-Smartphones (e.g., Android, iPhone)
-Mail clients that use IMAP/POP (e.g., Outlook Express or Thunderbird)
-Chat clients (e.g., Google Talk)
-Picasa desktop application

Now that you have signed up for 2-step verification, these applications will
temporarily stop working. You can get them working again by entering an
application-specific password into the password box, instead of your regular
password or your verification code.

That email will contain a link to generate those application-specific passwords.

Security-minded individuals will no doubt embrace these changes to Google. I for one appreciate that Google is going to such great lengths to provide easy-to-implement security tools that benefit the consumer. I believe that Google may have done something really great here — users who are really concerned about security in Internet resources may now seriously consider creating Google account. Less technical consumers may still use Google using conventional username/password combinations if they so desire.

What do you think of Google decision to add two-factor authentication to accounts? Are you, or will you be, taking advantage of it?

, , , , ,

Leave a comment

Quick list of useful SPF DNS records

Sender Policy Framework (SPF) is a DNS record that’s used to authenticate who is allowed to send mail appearing to come from a specific domain. It is used to help prevent email spamming and spoofing, and works by making available a list of what domains, mailservers, and IP addresses are authorized to send mail from a domain, and what to do with mail that does not match those rules.

SPF is a DNS text record, and is added to your DNS records for the domain that matches the part after the @ sign in the email address. For example, for @example.com, the SPF TXT record should be added to the example.com domain.

I’m not going to cover every possible SPF setup, simply the ones I use most often and the rationale behind them. You can check the documentation links below my examples if you want to build more elaborate or specific SPF records.

In the below examples, substitute with your web server’s IP address in dotted-quad format without a space. E.g. IP:10.1.2.3. You can also specify a CIDR range such as IP:10.1.2.3/20.

Allow from the domains IP, it’s listed mailservers, and a specific IP. Soft-fail all others (Messages that return a SOFTFAIL are accepted but tagged). The recommended configuration for most dedicated/VPS web server environments. Used when you send/receive mail at your domain, and software on your domain may send mail out as you, but no other mail server or mail exchanger will send mail as you. Users of shared hosting environments will probably want to ask their web hosting provider for the recommended SPF record to use.

v=spf1 a mx ip4: ~all

Include Google’s SPF records, if you use Google Apps as your domains mail. Add include:_spf.google.com, similar in rationale to the above, but used if you use Google Apps for email, and your software on your web server may also send mail as you.

v=spf1 a mx ip4: include:_spf.google.com ~all

Fail all mail. Used only if you send no mail. Example: a parked domain or a domain that is not used in email at all.

v=spf1 -all

In all the examples above except for the last, I denote soft-fail (~all) instead of fail (-all). This is because you may inadvertently make a mistake or misconfiguration, and soft-failing will not prevent mail from being delivered, it will simply flag it in the email headers. You can also specify neutral (?all) as an alternative.

Here’s an example email header from Gmail which includes the SPF record’s lookup result. I’ve edited the email address and IP, of course.

Received-SPF: pass (google.com: domain of email@example.com designates IP as permitted sender) client-ip=IP;
Authentication-Results: mx.google.com; spf=pass (google.com: domain of email@example.com designates IP as permitted sender) smtp.mail=email@example.com

By this example, you can see the SPF record matched and was passed.

SPF records are a good tool for many reasons. They give mail servers the ability to authenticate your email to your domain, which helps keep it out of recipient’s spam folders, and they help prevent others from spoofing your domain in email, which could cause serious trouble.

Also, SPF records do not decide whether or not to accept mail for delivery — they only serve as an authentication mechanism for who is allowed to send mail appearing to come from that domain.

Further reading:

Questions, comments, or feedback about the above SPF records or how they’ve been explained? Please share your thoughts in the comments below! Thank you.

, , ,

Leave a comment

My rant on Blackberry

So there’s a lot of things the Blackberry does RIGHT:

  • Good-sized full-QWERTY keyboard, without having to slide/rotate the phone.
  • Easy navigation via the trackball/trackpad (depending on model)
  • Fully multitasking OS
  • Quality speakerphone / microphone without echo
  • Durable hardware and great battery life

Now here’s where my rant begins:

For one, the Blackberry has a distinctive LACK of available “fun” software. There are a fair amount of games, but not nearly the selection of other mobiles. WinMo, Palm, and the iPhone especially have a wider variety of games, and other “fun” software.

For two, the Blackberry apps are quite a bit more expensive. From $2.99 per app on the cheap side all the way up to $50 for the priciest apps.

And for my biggest gripe, the distinct LACK of good IMAP support for BIS users. While the “push” email is great and all (email delivered to the phone when it’s delivered to the mailbox; no having to “poll” the mailbox), the inablility to use IMAP folders other than Inbox is a serious setback. More so, you’re only able to get new messages on the device, rather than being able to download mail that’s already in your box.

The IMAP issue is something that WinMo, Palm, and iPhone and some other phones already do quite nicely. this puts the Blackberry at a distinct disadvantage compared to other devices.

While this issue seems generally solved for Gmail users (through the “Enhanced Gmail plugin for Blackberry”), this is only for the single provider.

In my opinion this is something that RIM needs to get on with a quickness. This lack of proper IMAP support has me looking at other phones for the future.

If I could find a phone with a good QWERTY keypad with features like the Blackberry (along with proper IMAP) I’d definately consider switching when my times comes due.

Of course, if they enabled proper IMAP support in BIS, I think I’d be pretty happy indeed.

Time will tell. Maybe I’ll just learn to live with it.

, , ,

Leave a comment