I would like to disable POP and IMAP for Gmail, but enable it if IMAP connection is from an approved list of IP Addresses. Is this possible? I have looked at the GSuite Admin Page: https://support.google.com/a/answer/105694, but that only allows configuration at a Gmail user basis. What I need is "all users in the domain" have access from IMAP, but the user needs to be on the corporate intranet (with approved IP addresses). Is there a way to enforce this? Thanks!
No there is no such option at this moment. I was just looking into the same thing. I need to limit G Suite access to employees outside a specific IP range. Employees should be able to login from within the building, but not from outside. Same applies to IMAP/POP3 access.
G Suite support suggested to turn off IMAP/POP3 and use SSO third party application or make our own SSO endpoint and control access this way, but no solution if you want to block access to IMAP or POP3 ports.
It looks like G Suite does not have any firewall options for it's users at all.
Related
Google has announced that as of May 30, apps that previously were able to send SMTP mail through a Google mail server (smtp.google.com, along with the client's credentials) would no longer work unless connecting using OAuth2 (even when "allow less secure apps" is on).
Our website currently sends out various emails (welcome to the site, order confirmations, etc) through our Google GSuite mail server using PHPMailer. But it does not connect to the mail server with OAuth or any advanced security login.
I believe Google considers our website's connecting to our gmail server to be an "app" since the connection previously would not work unless we went into our GSuite account and set "Allow less secure apps" (or whatever the specific wording is for allowing less secure apps to connect).
So given all of the above, I assume our site will be affected when Google enforces their directive on May 30.
However, in the admin.google.com section of our account, there is a checkbox that states: "Trust internal domain-owned apps" that is currently set. Further, it also states for this checkbox: "Internal domain-owned apps will be exempt from accessing OAth scopes that are restricted or blocked".
So my question (finally! :) is: given that checkbox is set, do I need to modify the PHPMailer sending of email from our own website to use OAuth2 before May 30? Or does that checkbox allow our site to continue to connect to our gmail server and send emails as before? (both the website's domain name and our google account name are identical).
Google workspace should not be effected by the removal of less secure apps.
If that changes in the future you should consider switching to using a service account and the gmail api instead of using the smtp server. If you configre domain wide deligation on the service account to a user on your google workspace domain you will be able to send emails without any issues.
I have a web application that utilizes several CRM types of emails for notifications, appointment reminders, attachments for digital sales and such. My clients can use my own admin domain email account to send these emails (no-reply email), or they can provide credentials for using their own SMTP server or relay service so that any emails that are replied to are sent to them (vs a no-reply admin email).
However, I'd like to try for a 3rd option where I can create an email mailbox on my a domain like so:
client1#mydomain.com
client2#mydomain.com
...
And then I would apply a forwarding rule on each one to send any replies to their personal email accounts so they wouldn't have to have their own SMTP service.
Now I can do this using providers' interfaces, but I'd rather do it with an API so I'm not having to manually create mailboxes and setting forwarding rules.
Currently I'm using AWS SES for my domain emailing, but I've searched for hours and the "solution" to create mailboxes and create rules to forward are ridiculous.
Are there any other email providers out there that make this easier? I don't need anything fancy except the ability to create a bunch of email mailboxes via API (preferably with a high limit of mailboxes) and the ability to create the forwarding rules via API.
Or can anyone recommend a good email provider that allows for a lot of mailboxes and makes forwarding really easy (and of course cheap).
Like "cringe" GoDaddy Email or something similar??
After a lot of research, this procedure doesn't really make sense these days. There are a lot of relay email providers that make it easy to set up "Senders" so that emails can appear to come from any kind of email account (personal or domain based) for ease of use with applications
My organization has own email id and can be accessed through web-browser. Now I want to setup IMAP in Gmail app in android. This requires specific incoming/outgoing server ip, port, security certificate. However, to my surprise "Mail.ru" app automatically recognizes everything (I just need to provide my email id and pass) and works perfectly (both in the organization network or outside world). These informations are also required to setup email in thunderbird. Is there any way to know this, like tracing packet, or any other way?
N.B: Nadmin don't want to share these info. This page does not help much.
Many email clients support some kind of Autodiscovery, where based on the domain name certain well-known URLs are tried in an attempt to download an XML document containing information about the SMTP and IMAP settings applicable for that domain.
Here is some Microsoft documentation about it:
https://technet.microsoft.com/en-us/library/cc511507.aspx
See also:
https://serverfault.com/questions/172326/how-to-configure-email-autoconfiguration-for-a-domain
How could I use Google Compute Engine (or a similar service, like AWS) to send email on behalf of users via their SMTP server?
I am interested in building an online email client which allows users to enter their SMTP and POP servers and send/receive email, like they would with their desktop clients. GCE blocks all SMTP ports to prevent abuse and recommends using a mail service like SendGrid instead. However, after researching dozens of these services, they all seem to only support transactional email using their own SMTP servers, or possibly a pre-cleared smtp server. I simply want to send email using the user's SMTP server (ex smtp.mail.yahoo.com), just like they would if they were using a desktop client.
I realize I could host my own servers but I am not interested in maintaining the infrastructure. I would like to host everything on a cloud service. Is there any way I can work around Google's restrictions with an existing service?
As I'm sure you are aware, you would have to have the user enter their SMTP server information and account credentials. You would then use that information to connect to their SMTP server.
By default AWS EC2 instances have SMTP traffic on port 25 rate limited. To remove this limitation, you would need to fill out and submit the following form:
https://aws-portal.amazon.com/gp/aws/html-forms-controller/contactus/ec2-email-limit-rdns-request
If you're looking to send mail as a Gmail, Hotmail, or Yahoo user, you'll probably want to call the service's API to have the server send mail on the user's behalf. There are several benefits of this:
You'll need to get authorization from users (usually via an OAuth flow)
in order to access their mail. This means that users shouldn't be
surprised that you're sending mail from their accounts, and they'll
have some control over your access.
The mail will be signed and come from the appropriate IP addresses to
comply with the various spam-control mechanisms set up by those
companies. Without this, it's likely that the mail you send will end
up in the bit-bucket of the recipient.
By using the API, the service should be able to keep a copy of the
sent mail in the user's outgoing mail folder. This will let the user
see and search for the original message sent if they want.
Unfortunately, this may also mean that each mail service you want to send from will need separate integration, and that you may not be able to send as the user's email address from smaller providers.
Note that the App Engine mail API allows you to send mail as the currently logged-in user (when logging in, users have a similar consent screen to the OAuth process mentioned above).
We would like to block a malicious user from sending our employees emails automatically through google admin api.
For example, when we notice that user hacker#malicious.com sends our employees phishing emails, we would like to block it (malicious might be very similar to our domain name).
We can't find any option how to do this on admin-sdk.
However, we know that there are options to do this manually, since when we go to Apps-> Google Apps -> Settings for Gmail -> Advanced Settings on admin.google.com, we see several options to achieve this:
Blocked senders: Block or approve specific senders based on email
address or domain.
Content compliance: Configure advanced content filters based on
words, phrases or patterns.
Routing: Routing begins once you start delivering email to Google's
servers.
Receiving routing: Set delivery routes for inbound messages, and for
messages received from internal addresses.
How can we block inbound emails with admin sdk?
There's no API to manage blocked senders list in the Control Panel. However, you can create filters for your users using the Email Settings API.