Turnpike/Stunnel/Gmail

[John Hall]

I've just had an email from Google that suggests that the
Turnpike/Stunnel/Gmail combination may no longer work after 30th May,
which if correct is going to be a real nuisance.

They say:
--------------------------------------------
On 30 May, you may lose access to apps that are using less secure
sign-in technology
*******@gmail.com
To help keep your account secure, Google will no longer support the use
of third-party apps or devices which ask you to sign in to your Google
Account using only your username and password. Instead, you’ll need to
sign in using Sign in with Google or other more secure technologies,
like OAuth 2.0.
What do you need to do?
Email software, like Outlook 2016 or earlier, has less secure access to
your Gmail. Switch to Office 365, Outlook 2019 or newer, or any other
email software where you can sign in using Sign in with Google.
------------------------------------------

The email also included a couple of "Learn more" links, which I haven't
yet had a chance to follow up.
--
John Hall
"Home is heaven and orgies are vile,
But you *need* an orgy, once in a while."
Ogden Nash (1902-1971)

[Tim Lamb]

In message <T42X+iFpCfIiFwCu@jhall_nospamxx.co.uk>, John Hall
<john_...@jhall.co.uk> writes

>I've just had an email from Google that suggests that the
>Turnpike/Stunnel/Gmail combination may no longer work after 30th May,
>which if correct is going to be a real nuisance.
>
>They say:
>--------------------------------------------
>On 30 May, you may lose access to apps that are using less secure
>sign-in technology
> *******@gmail.com
>To help keep your account secure, Google will no longer support the use
>of third-party apps or devices which ask you to sign in to your Google
>Account using only your username and password. Instead, you’ll need to
>sign in using Sign in with Google or other more secure technologies,
>like OAuth 2.0.
>What do you need to do?
>Email software, like Outlook 2016 or earlier, has less secure access to
>your Gmail. Switch to Office 365, Outlook 2019 or newer, or any other
>email software where you can sign in using Sign in with Google.
>------------------------------------------
>
>The email also included a couple of "Learn more" links, which I haven't
>yet had a chance to follow up.

Mail to a g-mail address has bounced on similar *security grounds*
although I am using Thunderbird.

--
Tim Lamb

[John Hall]

In message <T42X+iFpCfIiFwCu@jhall_nospamxx.co.uk>, John Hall
<john_...@jhall.co.uk> writes

>I've just had an email from Google that suggests that the
>Turnpike/Stunnel/Gmail combination may no longer work after 30th May,
>which if correct is going to be a real nuisance.
>
>They say:
>--------------------------------------------
>On 30 May, you may lose access to apps that are using less secure
>sign-in technology
> *******@gmail.com
>To help keep your account secure, Google will no longer support the use
>of third-party apps or devices which ask you to sign in to your Google
>Account using only your username and password. Instead, you’ll need to
>sign in using Sign in with Google or other more secure technologies,
>like OAuth 2.0.
>What do you need to do?
>Email software, like Outlook 2016 or earlier, has less secure access to
>your Gmail. Switch to Office 365, Outlook 2019 or newer, or any other
>email software where you can sign in using Sign in with Google.
>------------------------------------------
>
>The email also included a couple of "Learn more" links, which I haven't
>yet had a chance to follow up.

I don't suppose that using "Sign in with Google" is an option with TP,
but someone has asked on the Stunnel mailing list whether OAuth 2.0 is
possible with Stunnel, so I shall read any replies with keen interest.

[SilverE]

At 10:57:45 on Fri, 4 Mar 2022, John Hall wrote in
<T42X+iFpCfIiFwCu@jhall_nospamxx.co.uk>

>I've just had an email from Google that suggests that the
>Turnpike/Stunnel/Gmail combination may no longer work after 30th May,
>which if correct is going to be a real nuisance.
>
>They say:
>--------------------------------------------
>On 30 May, you may lose access to apps that are using less secure
>sign-in technology
> *******@gmail.com
>To help keep your account secure, Google will no longer support the use
>of third-party apps or devices which ask you to sign in to your Google
>Account using only your username and password. Instead, you’ll need to
>sign in using Sign in with Google or other more secure technologies,
>like OAuth 2.0.
>What do you need to do?
>Email software, like Outlook 2016 or earlier, has less secure access to
>your Gmail. Switch to Office 365, Outlook 2019 or newer, or any other
>email software where you can sign in using Sign in with Google.
>------------------------------------------
>
>The email also included a couple of "Learn more" links, which I haven't
>yet had a chance to follow up.

Someone else has asked me about this, I think that setting up 2-factor
auth and getting an app password to replace the current one will keep it
working. I only use the Gmail app on my phone, which is "secure", so
can't confirm.

--
SilverE

[J. P. Gilliver (John)]

On Fri, 4 Mar 2022 at 14:09:42, SilverE <w...@localhost.invalid> wrote
(my responses usually FOLLOW):
[]

>Someone else has asked me about this, I think that setting up 2-factor
>auth and getting an app password to replace the current one will keep
>it working. I only use the Gmail app on my phone, which is "secure", so
>can't confirm.
>

Yes, from what I've read elsewhere - this was about using Agent, but I
think will be the same - I think you turn on this 2FA (presumably in the
webmail interface), generate this "app password", then put that into
your "less secure" software (I'm not sure if _in addition to_ your
normal gmail password or instead of it), and then carry on; I think it
basically just generates such an "app password" for each device you want
to connect with. The source I read suggested you can turn it off again
once you've generated the "app password".
--
J. P. Gilliver. UMRA: 1960/<1985 MB++G()AL-IS-Ch++(p)Ar@T+H+Sh0!:`)DNAf

Remembrance of things past is not necessarily the remembrance of things as
they were. - Marcel Proust

[SilverE]

At 16:31:57 on Fri, 4 Mar 2022, J. P. Gilliver (John) wrote in
<Vocl99x97jIiFwiF@a.a>

>On Fri, 4 Mar 2022 at 14:09:42, SilverE <w...@localhost.invalid> wrote
>(my responses usually FOLLOW):
>[]
>>Someone else has asked me about this, I think that setting up 2-factor
>>auth and getting an app password to replace the current one will keep
>>it working. I only use the Gmail app on my phone, which is "secure",
>>so can't confirm.
>>
>Yes, from what I've read elsewhere - this was about using Agent, but I
>think will be the same - I think you turn on this 2FA (presumably in
>the webmail interface),

In the Google Account security settings

>generate this "app password", then put that into your "less secure"
>software (I'm not sure if _in addition to_ your normal gmail password
>or instead of it),

Instead of

> and then carry on; I think it basically just generates such an "app
>password" for each device you want to connect with.

Outlook's app passwords are reusable in multiple apps, Google may (or
may not) be the same.

>The source I read suggested you can turn it off again once you've
>generated the "app password".

Turn the 2FA off? Maybe worth a try but it's good to have it anyway, it
stops your Google account being hacked. Which is the whole point. But
make sure you set backup methods to get into the account, if it's just
via your phone you can lose that...


--
SilverE

[SilverE]

At 11:26:46 on Fri, 4 Mar 2022, Tim Lamb wrote in
<GvlK7GL2...@marfordfarm.demon.co.uk>

I've been given this link showing that TB has OA2 built in, so that will
be a different problem

https://support.mozilla.org/en-US/questions/1269204
--
SilverE

[Tim Lamb]

In message <KTtuyiFO...@inspace.screaming.net>, SilverE
<w...@localhost.invalid> writes

Thanks for that.
Totally unconnected, I had a busy afternoon setting all my Google
preferences! They are now only going to keep a record of any U Tube
video I happen to watch for 3 months rather than 2 years! Whoopee!

--
Tim Lamb

[John Hall]

In message <hwjpVGBgzhIiFwEw@jhall_nospamxx.co.uk>, John Hall

I've just tried entering my phone number into my Google account profile,
as if 2FA is going to be required in in setting up Oath 2 then it looks
like they will need it. Unfortunately I don't have a mobile phone, and
when I tried to enter my land-line number it wouldn't accept it, even
though my line supports text to voice for incoming messages.

[Andy]

In message <y3dd0tEY6nIiFwHj@jhall_nospamxx.co.uk>, John Hall
<john_...@jhall.co.uk> wrote
[]

> Unfortunately I don't have a mobile phone, and when I tried to enter
>my land-line number it wouldn't accept it, even though my line supports
>text to voice for incoming messages.

RANT=ON
I've noticed an increasing tendency for I T designers to assume all
customers have (and use) a mobile - indeed, it probably doesn't cross
their minds that anybody could not be thus equipped. That's why I now
have one - I was going abroad last November so needed to be able to fill
in the Locator Form while in Austria. The trip was covidded, but the
phone remains.
rant=off
--
Andy Taylor FRPSL
President, Treasurer & Editor of the Austrian Philatelic Society.

[John Hall]

In message <QOY1OtAG...@kitzbuhel.co.uk>, Andy
<an...@kitzbuhel.co.uk> writes

>In message <y3dd0tEY6nIiFwHj@jhall_nospamxx.co.uk>, John Hall
><john_...@jhall.co.uk> wrote
>[]
>> Unfortunately I don't have a mobile phone, and when I tried to enter
>>my land-line number it wouldn't accept it, even though my line
>>supports text to voice for incoming messages.
>
>RANT=ON
>I've noticed an increasing tendency for I T designers to assume all
>customers have (and use) a mobile - indeed, it probably doesn't cross
>their minds that anybody could not be thus equipped.

I've noticed that too. As long as 12 years ago, Sky's website insisted
on one before it would let me order their service, and I had to give
them my brother's (with his prior agreement, of course); in all the time
since, I don't think they've ever rung that number. But giving someone
else's number isn't practical for things like 2FA. Fortunately my bank,
as well as Paypal, though they say they want a mobile number now seem to
be happy with my land-line number, and I've successfully used my
land-line for transactions where they wanted 2FA.

> That's why I now have one - I was going abroad last November so needed
>to be able to fill in the Locator Form while in Austria. The trip was
>covidded, but the phone remains.
>rant=off

I had that issue around the same time as you, going with a tour group to
Malta. Fortunately I learned that the hotel had a couple of PCs that
those of us without a smart phone (a basic mobile phone not being any
use) could use to complete the locator form and print it off. When we
returned to Heathrow, it turned out that they were only checking the
Covid-related paperwork of a tiny fraction of the returning passengers,
as otherwise the already lengthy queue would have stretched for a mile
or more. Perhaps with the relaxation in the UK's travel rules, which
it's being suggested might happen in time for the Easter holidays, if
locator forms aren't scrapped altogether maybe it will become possible
to complete them prior to travelling rather than within 48 hours of
one's return.

Incidentally, why is one's NHS vaccination certification letter only
supposed to be valid for thirty days from the date of issue? Having been
vaccinated, one can't become unvaccinated! It's going to be annoying if
one has to apply for a new one every time one goes abroad for the
foreseeable future.

Going back to Gmail, fortunately it's very much my secondary email
provider, and it won't be too much of an inconvenience if I have to
resort to their webmail occasionally to check if any email has arrived
in my inbox.

[Andy]

In message <KFczo9AeG0IiFwzX@jhall_nospamxx.co.uk>, John Hall
<john_...@jhall.co.uk> wrote
[]

>Incidentally, why is one's NHS vaccination certification letter only
>supposed to be valid for thirty days from the date of issue? Having
>been vaccinated, one can't become unvaccinated! It's going to be
>annoying if one has to apply for a new one every time one goes abroad
>for the foreseeable future.
>

The version obtainable on a smartphone with the NHS App renews itself
every time you log on and access it. This is useful if you are faced
with a QR code reader; less so in some disreputable bar in Vienna's
Bermuda Triangle...

[J. P. Gilliver (John)]

On Sat, 5 Mar 2022 at 10:55:26, John Hall <john_...@jhall.co.uk>

wrote (my responses usually FOLLOW):

>In message <QOY1OtAG...@kitzbuhel.co.uk>, Andy
><an...@kitzbuhel.co.uk> writes
>>In message <y3dd0tEY6nIiFwHj@jhall_nospamxx.co.uk>, John Hall
>><john_...@jhall.co.uk> wrote
>>[]
>>> Unfortunately I don't have a mobile phone, and when I tried to enter
>>>my land-line number it wouldn't accept it, even though my line
>>>supports text to voice for incoming messages.
>>
>>RANT=ON
>>I've noticed an increasing tendency for I T designers to assume all
>>customers have (and use) a mobile - indeed, it probably doesn't cross
>>their minds that anybody could not be thus equipped.

RANT=JOIN
The most infuriating example I've come across is the government CoViD
system for either ordering, or reporting the results of, tests.
Initially, you got several screens into the process before it asked for
your mobile number, and although it had a "I don't use one" box, if you
ticked that, it just told you to dial 119 and wouldn't let you go
further. (Dialling 119 involves much waiting, and eventually getting
through to someone who isn't sympathetic, and asks all the same
questions the website did, but obviously has some other option when
reaching the mobile number option [I think it may be just a dummy number
to enter].) The website now _does_ tell you on the first screen that you
will need a mobile number, but it's easy to miss and carry on to the
same frustrating point.

(Reporting a test result: if you give in and _give_ them a mobile
number, and report a negative test result on the website, you get a text
saying "you've reported a negative test" [followed by the same advice
the website gave me about continuing to be careful etc.]. Yes, I know
that: I just told _you_ that!)
[]

>my bank, as well as Paypal, though they say they want a mobile number
>now seem to be happy with my land-line number, and I've successfully
>used my land-line for transactions where they wanted 2FA.

Mine - can't remember if it is credit-card company or bank - haven't
made it clear; when they first told me I don't use a mobile, they said
they were looking into the problem, but I don't think they've actually
clearly said they've sorted it. Like you, I've used landline for
something involving 2FA - you get a synthesized voice reading out the
numbers.

A year or two _earlier_, when I wanted to open an account of a type they
only do online, and told them I don't have a mobile, the bank (First
Direct - part of HSBC [was part of Midland when I joined it!]) sent me -
in the post - a thing like a tiny calculator that I had to type a number
into, and it gave me a different number to type back. Apart from when
opening that account (an ISA of some sort), I think I've used the device
either 0 or 1 time(s).
[]

>Incidentally, why is one's NHS vaccination certification letter only
>supposed to be valid for thirty days from the date of issue? Having

That does seem to be a question for lots of things - passport being the
first that comes to mind: why do they expire? Sure, I can understand an
obligation to tell them if some detail (address being most obvious, but
name, medical condition [_if_ relevant], marital status, ...) changes,
but _automatic_ expiry seems pointless (or money-grabbing).
[]

>Going back to Gmail, fortunately it's very much my secondary email
>provider, and it won't be too much of an inconvenience if I have to
>resort to their webmail occasionally to check if any email has arrived
>in my inbox.

Can you set autoforwarding for gmail addresses? I've never had one.

--
J. P. Gilliver. UMRA: 1960/<1985 MB++G()AL-IS-Ch++(p)Ar@T+H+Sh0!:`)DNAf

"Do you want to be right, or friends?"
- a friend quoted by Vicky Ayech in UMRA, 2018-12-4

[Jim Crowther]

In demon.ip.support.turnpike, on Sat, 5 Mar 2022 12:41:38, J. P.

Gilliver (John) wrote:

>Can you set autoforwarding for gmail addresses? I've never had one.

Yes. My email works like this:

anya...@my.domain (except for postmaster) gets sent to
mya...@gmail.com.

Gmail sends what it thinks is spam into my gmail spam folder, and both
puts all the rest into the inbox AND forwards them onto
postm...@my.domain.

TP then picks up the postmaster emails and sorts them accordingly.

If I send email directly from the gmail webpage then it gets sent 'From'
mya...@my.domain, not from my gmail address, which isn't really used
for anything.

Having emails kept in the gmail inbox (and never deleted) makes
searching older emails very quick - I find it preferable by far to
searching within TP.


--
Jim Crowther

[J. P. Gilliver (John)]

On Sat, 5 Mar 2022 at 07:28:20, Jim Crowther
<Don't_bo...@blackhole.do-not-spam.me.uk> wrote (my responses usually
FOLLOW):

Sounds as if it never deletes them - or does it and "old" doesn't mean
that old? If it doesn't, presumably there is _some_ total size limit,
unless you pay (well, even if you do, though presumably a bigger limit)?

--
J. P. Gilliver. UMRA: 1960/<1985 MB++G()AL-IS-Ch++(p)Ar@T+H+Sh0!:`)DNAf

WANTED, Dead AND Alive: Schrodinger's Cat

[John Hall]

In message <uCjLHWDCq1IiFwmv@a.a>, "J. P. Gilliver (John)"
<G6...@255soft.uk> writes

>On Sat, 5 Mar 2022 at 10:55:26, John Hall <john_...@jhall.co.uk>
>wrote (my responses usually FOLLOW):

<snip>

>
>A year or two _earlier_, when I wanted to open an account of a type
>they only do online, and told them I don't have a mobile, the bank
>(First Direct - part of HSBC [was part of Midland when I joined it!])
>sent me - in the post - a thing like a tiny calculator that I had to
>type a number into, and it gave me a different number to type back.
>Apart from when opening that account (an ISA of some sort), I think
>I've used the device either 0 or 1 time(s).

My bank sent me one of those well over 10 years ago now, when I first
signed up for online banking. I've had to use it for with credit/debit
card transactions, and for those they use 2FA maybe one transaction in
ten or less.

>[]
>>Incidentally, why is one's NHS vaccination certification letter only
>>supposed to be valid for thirty days from the date of issue? Having
>
>That does seem to be a question for lots of things - passport being the
>first that comes to mind: why do they expire? Sure, I can understand an
>obligation to tell them if some detail (address being most obvious, but
>name, medical condition [_if_ relevant], marital status, ...) changes,
>but _automatic_ expiry seems pointless (or money-grabbing).

I suppose with passports you can argue that, if too many years have
elapsed, you may no longer resemble your passport photo too closely,
which is probably more important now that Heathrow and Gatwick have
automatic gates for passport checking, where the software is less likely
than a human to recognise that though you've changed a bit it's still
you.

>[]
>>Going back to Gmail, fortunately it's very much my secondary email
>>provider, and it won't be too much of an inconvenience if I have to
>>resort to their webmail occasionally to check if any email has arrived
>>in my inbox.
>
>Can you set autoforwarding for gmail addresses? I've never had one.

I was wondering about that. I'll have to check. I'll need to make sure
that I don't have any auto-forwarding set up from my main account to
gmail for any reason, or some emails could potentially be caught in an
endless loop!

[John Hall]

In message <J3pZHaAlm6IiFwRb@jhall_nospamxx.co.uk>, John Hall
<john_...@jhall.co.uk> writes

>In message <uCjLHWDCq1IiFwmv@a.a>, "J. P. Gilliver (John)"
><G6...@255soft.uk> writes
>>On Sat, 5 Mar 2022 at 10:55:26, John Hall <john_...@jhall.co.uk>
>>wrote (my responses usually FOLLOW):
><snip>
>>
>>A year or two _earlier_, when I wanted to open an account of a type
>>they only do online, and told them I don't have a mobile, the bank
>>(First Direct - part of HSBC [was part of Midland when I joined it!])
>>sent me - in the post - a thing like a tiny calculator that I had to
>>type a number into, and it gave me a different number to type back.
>>Apart from when opening that account (an ISA of some sort), I think
>>I've used the device either 0 or 1 time(s).
>
>My bank sent me one of those well over 10 years ago now, when I first
>signed up for online banking. I've had to use it for with credit/debit
>card transactions, and for those they use 2FA maybe one transaction in
>ten or less.

Oops. I seen to have mangled that. It was meant to say:

My bank sent me one of those well over 10 years ago now, when I first

signed up for online banking. I've had to use it for making transfers
from my account. It's not used for online credit/debit card transactions
though, and for those they use 2FA instead, though only maybe one

transaction in ten or less.

[Jim Crowther]

In demon.ip.support.turnpike, on Sat, 5 Mar 2022 17:40:05, J. P.

Gilliver (John) wrote:

>On Sat, 5 Mar 2022 at 07:28:20, Jim Crowther
><Don't_bo...@blackhole.do-not-spam.me.uk> wrote (my responses usually
>FOLLOW):
>>In demon.ip.support.turnpike, on Sat, 5 Mar 2022 12:41:38, J. P.
>>Gilliver (John) wrote:
>>
>>>Can you set autoforwarding for gmail addresses? I've never had one.
>>
>>Yes. My email works like this:
>>
>>anya...@my.domain (except for postmaster) gets sent to
>>mya...@gmail.com.
>>
>>Gmail sends what it thinks is spam into my gmail spam folder, and both
>>puts all the rest into the inbox AND forwards them onto
>>postm...@my.domain.
>>
>>TP then picks up the postmaster emails and sorts them accordingly.
>>
>>If I send email directly from the gmail webpage then it gets sent
>>'From' mya...@my.domain, not from my gmail address, which isn't
>>really used for anything.
>>
>>Having emails kept in the gmail inbox (and never deleted) makes
>>searching older emails very quick - I find it preferable by far to
>>searching within TP.
>>
>>
>Sounds as if it never deletes them - or does it and "old" doesn't mean
>that old? If it doesn't, presumably there is _some_ total size limit,
>unless you pay (well, even if you do, though presumably a bigger limit)?

It deletes the spam after 30 days (my setting), but keeps the other
emails seemingly for ever. The oldest one in my gmail account is from
March 2008 - about the time I set up this system, though I had been
using gmail (called googlemail them) from when the first invites went
out early 2004 for the beta tests.

There are about 72,000 emails in there, taking up 8.9GB of the free 15GB
allowance.

--
Jim Crowther

[John Hall]

In message <5em0e0g4...@nospam.at.my.choice.of.UID.invalid>, Jim
Crowther <Don't_bo...@blackhole.do-not-spam.me.uk> writes

>It deletes the spam after 30 days (my setting), but keeps the other
>emails seemingly for ever. The oldest one in my gmail account is from
>March 2008 - about the time I set up this system, though I had been
>using gmail (called googlemail them) from when the first invites went
>out early 2004 for the beta tests.

Emails that you've downloaded from your inbox using POP3 are moved to
the bin folder, and I think as with the spam folder are deleted from
there after 30 days. That's very useful, as a local concert venue sends
me emails with mangled headers that upset TP, and that means that if
there's an attachment with a ticket to be printed off it's very hard to
do. But having arranged for emails from that source to come via Gmail, I
can just go to the bin folder and access and print off the ticket from
there.

[bert]

In article <wuVRamAlNOJiFw+b@jhall_nospamxx.co.uk>, John Hall
<john_...@jhall.co.uk> writes

>In message <5em0e0g4...@nospam.at.my.choice.of.UID.invalid>, Jim
>Crowther <Don't_bo...@blackhole.do-not-spam.me.uk> writes
>>It deletes the spam after 30 days (my setting), but keeps the other
>>emails seemingly for ever. The oldest one in my gmail account is from
>>March 2008 - about the time I set up this system, though I had been
>>using gmail (called googlemail them) from when the first invites went
>>out early 2004 for the beta tests.
>
>Emails that you've downloaded from your inbox using POP3 are moved to
>the bin folder, and I think as with the spam folder are deleted from
>there after 30 days. That's very useful, as a local concert venue sends
>me emails with mangled headers that upset TP, and that means that if
>there's an attachment with a ticket to be printed off it's very hard to
>do. But having arranged for emails from that source to come via Gmail,
>I can just go to the bin folder and access and print off the ticket
>from there.

There is an option in gmail to not delete emails when collected by pop3
client
--
bert

[bert]

In article <y3dd0tEY6nIiFwHj@jhall_nospamxx.co.uk>, John Hall

I've had that problem and our landline/handset will support sms text
messages in and out. It's a little known facility which I had to explain
to Plusnet support when it suddenly stopped working.
--
bert