Email OAUTH

[ludini]

Hola!

Como supongo que la mayoria de usuarios, yo utilizo un smtp para enviar los correos a través de dolibarr, concretamente el de google.

Funciona bien, con usuario y contraseña, desde hace muchos años. Y me viene muy bien, porque a diferencia de usar sendmail, no tengo problemas de que los correos se vayan al spam y los correos enviados se registran en su carpeta "sent", ahora mismo es todo perfecto y tal y como quiero.

Pero google me ha escrito una cartita y me ha dicho que tengo hasta el 14 de marzo para migrar a OAUTH como sistema de autentificación.

He visto que dolibarr tiene un modulo OAUTH, pero parece mas para autentificar usuarios ante el sistema usando la API de google que para enviar correos.

Mi pregunta:

Alguien sabe como demonios configurar Dolibarr para que siga funcionando como lo hace hasta ahora? Algún modulo o configuración secreta?


Alguna idea?

Actualmente estoy usando Dolibarr 19.0.2 sobre Ubuntu 18


La carta de google, por si alguien tiene curiosidad:

Dear administrator,

We’re writing to remind you that as we previously shared in this blog post and in an email sent in mid-January 2024, we’ll be turning off access to less secure apps (LSA) — non-Google apps that can access Google Workspace accounts with only a username and password (basic authentication).

What you need to know
Access through basic authentication makes accounts more vulnerable to hijacking attempts. Moving forward, only apps that support a more modern and secure access method called OAuth will be able to access Google Workspace accounts.

Access to LSAs will be turned off in two stages:

Began June 15, 2024 - The LSA settings will be removed from the Admin console and can no longer be changed. Enabled users can connect after that time, but disabled users will no longer be able to access LSAs. This includes all third-party apps that require password-only access to Gmail, Google Calendar, Contacts via protocols such as CalDAV, CardDAV, IMAP, SMTP, and POP.
The IMAP enable/disable settings will be removed from users’ Gmail settings.
If you’ve been using LSAs prior to this date, you can continue using them until March 14, 2025.
Beginning March 14, 2025 - Access to LSAs will be turned off for all Google Workspace accounts. CalDAV, CardDAV, IMAP, and POP will no longer work when signing in with just a password — you will need to login with a more secure type of access called OAuth.
What you need to do
In order for your end users to continue using these types of apps with their Google Workspace accounts, they must switch to a more secure type of access called OAuth (a list of affected users is attached). This authentication method allows apps to access accounts with a digital key instead of requiring a user to reveal their username and password.

We recommend that you share the user instructions (in this PDF file) with individuals in your organization to help them make the necessary changes. Alternatively, if your organization is using custom tools, you can ask the developer of the tool to update it to use OAuth. Developer instructions are also in this PDF file.

MDM configuration
If your organization uses a mobile device management (MDM) provider to configure IMAP, CalDAV CardDAV, or POP profiles, these services will be phased out according to the timeline below:

Began June 15, 2025 - MDM push of password based IMAP, CalDAV, CardDAV, and POP will no longer work for customers who try to connect for the first time. If you use Google MDM, you will not be able to turn on "Custom Push Configuration" settings for CalDAV and CardDAV.
Beginning March 14, 2025 - MDM push of password based IMAP, CalDAV, CardDAV, and POP will no longer work for existing users. Admins will need to push a Google Account using their MDM provider, which will re-add their Google accounts to iOS devices using OAuth. If you use Google MDM, “Custom push configuration-CalDAV” and “Custom push configuration-CardDAV” (more details about the settings here) will stop being effective.
Other less secure apps

For any other LSA, ask the developer of the app you are using to start supporting OAuth.
Scanners and other devices

For scanners or other devices using simple mail transfer protocol (SMTP) or LSAs to send emails, configure to use OAuth, use an alternative method, or configure an App Password for use with the device. If you replace your device, look for one that sends email using OAuth.

We’re here to help
If you have additional questions or need assistance, please contact Google Workspace support. When you call or submit your support case, reference issue number 319688531.

Thanks for choosing Google Workspace.

—The Google Workspace Team