Since the late 1980s when I set up our department Research Computing Facility, my department has managed its own email servers. We now have extremely competent staff (not me!) who do great work dealing with spam, phishing, etc., and I get much less spam on my math department account than I do on, say, my account in the CS department, which uses a commercial spam blocking service. But recently the pressure from University IT to let them run all mail has increased to the point where we're basically being forced to shut down our own mail servers and use theirs, effective around the end of this month. I do need to continue to access my university email, both for reading and sending through the university's servers.
The university has decided not to allow any access to mail except through Outlook and GMail, where authentication goes through the campus 2FA process, etc. The university IT people would much prefer that all faculty and administrators use Outlook (they've generally tried to outsource as much to Microsoft as they can, especially things with any security implications--this gives you an idea where they're coming from), but there's an option for GMail which almost all of our faculty have chosen. But at least the GMail version requires support for OAUTH2. According to the university IT people, the only options for accessing our university mail on GMail without using Windows or Mac OSs will be the web interface and the Android and IOS GMail apps. They do admit that Thunderbird works, but they say it's "unsupported and may not continue to work".
At present, I forward my university email to a department-supported machine in my office running Fedora, where I run dovecot. I access mail from various devices with IMAP, mostly using claws-mail on the Linux boxes (where I mostly run Fedora with KDE) and FairEmail on Android. It looks like they're going to make it harder (and probably officially forbidden) to forward mail routinely. I also use claws-mail to read my personal GMail account (which I don't use much, but need for some purposes), with an app password on some machines and OAUTH2 on my main desktop. But using OAUTH2 currently requires setting up claws-mail as a personal development project (in what Google calls the "testing" phase; the claws-mail code is not "approved" by Google for "production") and regenerating the authentication token once a week. I'd be happy to continue doing that and using claws-mail, but it seems that my university account is locked out of both app passwords and setting up a project. As far as I can tell, I won't be able to continue to use claws-mail for my university email, at least without forwarding it in explicit violation of policy.
I have made sure that Thunderbird can connect to my university account, despite the dire warnings from the university IT people. (And FairEmail also seems to work fine for this on Android.) But the last time I tried Thunderbird, admittedly a fair while ago, I wasn't very happy with it--heavyweight, oriented toward HTML mail, opened too many links, etc. In the distant past, I mostly used email within Emacs (rmail and then vm) and I once looked at Evolution but again wasn't happy with how big it was and how much it seemed to pull in. I generally have been pretty unhappy with the web interfaces to email that I've tried, though I haven't spent much time in the latest incarnation of GMail on the web.
So I'm looking for other suggestions about what might work, including more up-to-date views of Thunderbird, Evolution, etc. Thanks for any other ideas or comments.
George
On Mon, 20 Jun 2022 14:50:36 -0400 George Avrunin wrote:
So I'm looking for other suggestions about what might work
I've always used fetchmail to download all mail from all my accounts and stuff it in a local IMAP server for me to read with whatever client I like (currently using claws-mail and dovecot as the server). That gets me as isolated from silly requirements of "helpful" IT departments as possible.
Unfortunately, I've been waiting years for fetchmail to officially support oauth2 (coming soon :-) so I can get google to stop complaining about my "insecure" use of IMAP in my gmail account. Maybe it is possible to build a beta version of fetchmail 7 that talks oauth2?
Pointers to possible fetchmail solution here:
On Mon, 20 Jun 2022 15:17:40 -0400, Tom Horsley wrote:
I've always used fetchmail to download all mail from all my accounts and stuff it in a local IMAP server for me to read with whatever client I like (currently using claws-mail and dovecot as the server). That gets me as isolated from silly requirements of "helpful" IT departments as possible.
Unfortunately, I've been waiting years for fetchmail to officially support oauth2 (coming soon :-) so I can get google to stop complaining about my "insecure" use of IMAP in my gmail account. Maybe it is possible to build a beta version of fetchmail 7 that talks oauth2?
Pointers to possible fetchmail solution here:
Thanks. Aside from having to build a beta, I think that would probably violate the (expected) policy against moving the mail to another server. As I understand it, this is mostly based on concerns about student personal information (covered by the FERPA law, etc.), and I'm probably only going to teach one more course this fall before being more fully retired. So maybe I could get away with it briefly, or at worst wait it out until December with Thunderbird or something and then use fetchmail this way. ;-) This kind of approach is certainly very tempting if it can be made to work.
George
On 6/20/22 13:50, George Avrunin wrote:
Since the late 1980s when I set up our department Research Computing Facility, my department has managed its own email servers. We now have extremely competent staff (not me!) who do great work dealing with spam, phishing, etc., and I get much less spam on my math department account than I do on, say, my account in the CS department, which uses a commercial spam blocking service. But recently the pressure from University IT to let them run all mail has increased to the point where we're basically being forced to shut down our own mail servers and use theirs, effective around the end of this month. I do need to continue to access my university email, both for reading and sending through the university's servers.
The university has decided not to allow any access to mail except through Outlook and GMail, where authentication goes through the campus 2FA process, etc. The university IT people would much prefer that all faculty and administrators use Outlook (they've generally tried to outsource as much to Microsoft as they can, especially things with any security implications--this gives you an idea where they're coming from), but there's an option for GMail which almost all of our faculty have chosen. But at least the GMail version requires support for OAUTH2. According to the university IT people, the only options for accessing our university mail on GMail without using Windows or Mac OSs will be the web interface and the Android and IOS GMail apps. They do admit that Thunderbird works, but they say it's "unsupported and may not continue to work".
In june gmail turn off the legacy password access via pop3 in my account,
but I found turning on 2-step verification in the security section of my gmail account, enabled the app password option, a 16 character password to use instead of the legacy password in my getmail's pop3 download
thunderbird seems to know how to setup it oauth2 to sending mails via gmail
regards,
Gabriel
On Mon, 20 Jun 2022 14:47:44 -0500, Gabriel Ramirez wrote:
In june gmail turn off the legacy password access via pop3 in my account,
but I found turning on 2-step verification in the security section of my gmail account, enabled the app password option, a 16 character password to use instead of the legacy password in my getmail's pop3 download
thunderbird seems to know how to setup it oauth2 to sending mails via gmail
regards,
Gabriel
Thanks. Unfortunately, my university GMail account is part of GSuites, or whatever they're calling it now, and even though I can create an app password, it won't work for logging in to read mail. This seems to be a campus-wide setting that the university IT people have made. They are requiring OAUTH2, which uses the campus authentication system, so I won't be able to get claws-mail to work with my university account even with 2-step verification and an app password.
As I mentioned, I can make thunderbird work, but the last time I used it, I didn't like it very much. So I was wondering what people think about it now or what other suggestions people have.
George
On 6/20/22 12:50, George Avrunin wrote:
But the last time I tried Thunderbird, admittedly a fair while ago, I wasn't very happy with it--heavyweight, oriented toward HTML mail, opened too many links, etc.
I've been using Thunderbird for at least a decade and like it. As far as opening links goes, go to Tools, Preferences, Privacy, and uncheck Allow remote content in messages. Once you've done that, You'll get a little banner at the top of any message that wants to open links letting you know it's been blocked and giving you the option to load it, or even make a permanent exception for the sender.
On Mon, 2022-06-20 at 16:07 -0400, George Avrunin wrote:
In june gmail turn off the legacy password access via pop3 in my account,
but I found turning on 2-step verification in the security section of my gmail account, enabled the app password option, a 16 character password to use instead of the legacy password in my getmail's pop3 download
thunderbird seems to know how to setup it oauth2 to sending mails via gmail
regards,
Gabriel
Thanks. Unfortunately, my university GMail account is part of GSuites, or whatever they're calling it now, and even though I can create an app password, it won't work for logging in to read mail. This seems to be a campus-wide setting that the university IT people have made. They are requiring OAUTH2, which uses the campus authentication system, so I won't be able to get claws-mail to work with my university account even with 2-step verification and an app password.
I have a Google Workplace, formerly G Suite, account run by my former university (I'm now retired) and access it via Evolution, which does fully support OAUTH2.
poc
Hi George,
Since the late 1980s when I set up our department Research Computing Facility, my department has managed its own email servers. We now have extremely competent staff (not me!) who do great work dealing with spam, phishing, etc., and I get much less spam on my math department account than I do on, say, my account in the CS department, which uses a commercial spam blocking service. But recently the pressure from University IT to let them run all mail has increased to the point where we're basically being forced to shut down our own mail servers and use theirs, effective around the end of this month.
The rebel in me prompts me to ask: Empire building by the IT department? How do you think they'd feel about lots of complaint reports about increased spam and horrid software? Surely enough official complaints would require them to adequately respond?
I remember seeing the student and email interface when my sister was studying to be a teacher. Jeez it was awful, worse than any webmail service I'd ever seen, terrible to use and so removed from what email can do. Not to mention that "working" was a sporadic condition, and being forced to do all your work submissions through it just makes a lot of grief for students.
One of the driving forces for these in-house email management is often touted as being security, keeping data inside safe. But *actual* good security never seems to be a part of these in-house solutions.
I've used Evolution directly with gmail for a few years, now. Gmail's double-confirmation that it's you works through Evolution (a little browser window pops up, inside Evolution, when its needed). Though that's with Gmail on the WWW, I've never tested it with an in-house Gmail suite.
I use fetchmail for everything else, into my own Dovecot mail server (and Evolution to access that). I've never figured out how to get Gmail through fetchmail, but then I don't really use Gmail myself, so I've let it slide. I send and read mail using other accounts, Gmail is used for those Android apps that require registration.
I don't care for Gmail's web interface, either. "Chaotic disaster," would be my description. It was an awful lot of faffing about through settings splattered all over the place, going round in circles, to find and switch off bad features. I'd rather have a minimally featured service than one full of stupid things.
Looking through your thread, I think you're going to be hamstrung by policy decisions, that they want mail *kept* on their server, even more so than technical "how do I?" issues. But on such policies: What about teachers taking laptops home, and their laptop caching mail on an easily stolen device? Likewise with phones and tablet. Or accessing mail on their easily hackable Windows desktop? Surely dragging mail into your lab's server, or one on your own computer, is exactly the same thing as your email client storing mail locally? These policies always seem like kneejerk reactions to me, when you realise how flawed their blinkered approach is in reality.
On Tue, 2022-06-21 at 12:34 +0930, Tim via users wrote:
Hi George,
Since the late 1980s when I set up our department Research Computing Facility, my department has managed its own email servers. We now have extremely competent staff (not me!) who do great work dealing with spam, phishing, etc., and I get much less spam on my math department account than I do on, say, my account in the CS department, which uses a commercial spam blocking service. But recently the pressure from University IT to let them run all mail has increased to the point where we're basically being forced to shut down our own mail servers and use theirs, effective around the end of this month.
The rebel in me prompts me to ask: Empire building by the IT department? How do you think they'd feel about lots of complaint reports about increased spam and horrid software? Surely enough official complaints would require them to adequately respond?
My last job before retiring was running our university network service, which included the corporate email. After several years of tightening budgets and losing support staff (for context, this was in Venezuela) I managed to persuade the university to abandon our central mail server and adopt Google as our provider.
Best decision I ever made. The system now works, has great spam control, and virtually no direct support cost aside from our own help desk. Best of all, as a university we got it all for nothing. [Comments on Google's world domination will be disregarded - I've heard them all]. When Microsoft heard we were about to do this, they rushed in with a counter offer. Luckily we kept our heads and have not regretted it.
Believe me, the whole bit about "keeping control of our data" is entirely familiar to me. My counter is that you can't control your data if you don't have 24-hour professional support and hardened security. In an academic environment, this is virtually impossible and definitely expensive.
Some departments continue to run their own mail servers. We didn't forbid that. We just told them they were on their own. We also didn't attempt to standardise on mail clients, though we offered help desk support for the usual suspects.
poc
On Tue, 2022-06-21 at 10:49 +0100, Patrick O'Callaghan wrote:
After several years of tightening budgets and losing support staff (for context, this was in Venezuela) I managed to persuade the university to abandon our central mail server and adopt Google as our provider.
Best decision I ever made. The system now works, has great spam control, and virtually no direct support cost aside from our own help desk. Best of all, as a university we got it all for nothing. [Comments on Google's world domination will be disregarded - I've heard them all]. When Microsoft heard we were about to do this, they rushed in with a counter offer. Luckily we kept our heads and have not regretted it.
I can think of few things worse than depending on Microsoft, they've never grasped the idea of good software. About my only concern, these days, about Gmail is that it's a horrible interface. But you can bypass that by using a real email client.
One of the things about scholastic mail is that most students already have an email address, and making them have another (yours) is a pain to them. And, when they leave, they have to abandon it, and may not want to. So that's another argument to favour external mail.
Of course, Microsoft being an expensive never-ending cost versus Gmail being a free thing looks good to the bean counters. But existing IT staff won't want to lose one of their cash cows.
You could go entirely the other way. Become a commercial email provider that people in the outside world pay for, using that to fund your internal IT needs.
On Mon, 20 Jun 2022 22:51:48 +0100, Patrick O'Callaghan wrote:
I have a Google Workplace, formerly G Suite, account run by my former university (I'm now retired) and access it via Evolution, which does fully support OAUTH2.
poc
That's good to know, thanks.
George