Gmail/Imap Supports Compression? - mailkit

I found a link showing
Gmail supports the IMAP COMPRESS Extension (RFC4978), specifically the DEFLATE algorithm (RFC1951) aka zlib/gzip.
Is it worthwhile using IMAP COMPRESS (DEFLATE)?
But when I enabled it says
The IMAP server does not support the COMPRESS extension.
Stack=System.NotSupportedException: The IMAP server does not support the COMPRESS extension.
Link must be wrong?
Update: Based on jstedfast request, we reran the compression after authentication. We see these headers before authentication
IMAP4rev1, Status, Quota, Idle, Namespace, Id, Children, Unselect,
SaslIR, XList, GMailExt1
and these after autentication
IMAP4rev1, Status, Quota, Idle, Namespace, Id, Children, Unselect,
UidPlus, CondStore, ESearch, Enable, ListExtended, ListStatus,
SpecialUse, Move, UTF8Accept, LiteralMinus, AppendLimit, XList,
GMailExt1
And ImapCapabilities.Compress returns false.
We are using a free version of Gmail and not the gSuite. Wonder if that is the difference?

After connecting to GMail's IMAP server, the capabilities are listed as:
CAPABILITY IMAP4rev1 UNSELECT IDLE NAMESPACE QUOTA ID XLIST CHILDREN X-GM-EXT-1 XYZZY SASL-IR AUTH=XOAUTH2 AUTH=PLAIN AUTH=PLAIN-CLIENTTOKEN AUTH=OAUTHBEARER AUTH=XOAUTH
After authenticating, the capabilities are:
CAPABILITY IMAP4rev1 UNSELECT IDLE NAMESPACE QUOTA ID XLIST CHILDREN X-GM-EXT-1 UIDPLUS COMPRESS=DEFLATE ENABLE MOVE CONDSTORE ESEARCH UTF8=ACCEPT LIST-EXTENDED LIST-STATUS LITERAL- SPECIAL-USE APPENDLIMIT=35651584
Make sure that you authenticate first, and then you can try enabling compression.

We found that once we upgraded to the latest release of Mailkit Gmail Compression can be enabled and worked. We were previously using 1.2.2
We have noticed that:
Protocol logging does not show the compressed data.
If you call service.Compress(token) more than once, gmail returns an error
One account was able to use gmail compression AFTER registering for
the Gmail API. One offshore user is still not able to enable Gmail compression. Event after registering for the API.

Related

GitHub page 'Your connection is not private'

I have searched for this and found answers that do not work in my case. I would appreciate some thoughts on this
I have set up a github page at: https://ir-ischool-uos.github.io/mwpd/
Some users reported that when they visit the page, an error about security is displayed, like this on Chrome:
- However, many users say it works ok for them.
I have found some sources say that this only happens if your link contains 'https' instead of 'http', but tested on two computers, one mobile phone and one tablet they both work fine. I also found source that say I should use GitHub page's https support, and I checked my setting this already is ticked.
Is there anything I can do to fix this for every user?
Thanks
This error could happen because of numerous of reasons. For example:
The server certificate (or at least one of the certificates in the chain of trust) is not among the trusted certificates that the browser/system maintains (maybe an outdated list?). Try to update the browser/system.
The date/time on the system is not configured correctly.
The connection is being intercepted (by an attacker?) and the certificate is manipulated, hence the SSL connection handshake process could not complete.
Your connection is not private error appears on websites using the SSL / HTTPs protocol when a browser is unable to validate the SSL certificate issued by the website.
Basically, any website using SSL / HTTPs protocol sends a security certificate information to users browsers upon each visit. Browsers then try to validate the certificate using the public key accompanying the certificate.
If it checks out, then users browser encrypts the data using the private key sent by your website. This encryption secures the data transfer between a user’s browser and your website.
I have checked it accross 3 different connections and they all worked just fine.
I believe the problem could be from the users. They may need to clear their cache, check if their clock is set correctly, their antivirus could be stopping it. And their browsers may be outdated.
What I will advice is just (https://support.github.com/contact). They could check to verify if this is an issue from the server or not.
But from what am looking at, this may be an issue with the user's device.
Also here are a few links you could refer and see if all settings on your own part are rightly set;
[1] https://github.com/docsifyjs/docsify/issues/236
[2] https://help.github.com/en/github/working-with-github-pages/securing-your-github-pages-site-with-https
[3] https://help.github.com/en/github/working-with-github-pages/troubleshooting-custom-domains-and-github-pages#https-errors
I hope this helps. Let me know!
If you are using a school/college wifi, most probably someone has your credentials and he/she is using it at the same time as you so basically when he/she is using the web you'll get this message, you should probably change your password or switch on VPN.
If the WiFi/other network used to access the website in question is a school or public network, some 3rd-party software used by it's administrator might be trying to prevent or override the connection to your website.
That might happen in order to display an error message (e.g. "Website access prohibited"), a captive portal (network login window), or just to watch the data being sent around.
Since you're using HTTPS it was prevented when the certificate check failed, because with HTTPS in place that software has no way of presenting it's own page or eavesdropping, other than creating it's own certificate with your website name in it on the fly. Which, of course, was rejected by the browser, since either the user didn't expect it, or, if it's indeed a school/company network, the PC wasn't properly enrolled for use on the said network.
Either way, there is no problem with your webpage itself. Because Github manages the server for your Pages, chances you could create something causing that problem yourself are pretty much zero.
Sometimes it happens because of the wrong IP/DNS settings. Checking the below places might help resolve the issue:
Make sure you are using a common public DNS server. How to check the DNS server you are using depends on your operating system. Moreover, if you are using a VPN client and it has a DNS configuration, check that setting too.
Check if there is an IP address associated with GitHub in the system's hosts file. In Linux and macOS you may use sudo vi /etc/hosts. If there is one, turn that line into a comment by adding # at the beginning of the line. Save, exit, and check if you see that error again. Do step 3 only if you are still getting the same error.
Go to https://www.ipaddress.com, search for github.io, and add its IP address at the bottom of /etc/hosts file like this example: 140.82.114.4 github.io.
Hope this helps.

Bitrix : About install im.bitrix.info to own server

I bought bitrix self host version then I installed it to my server.
But when checking I see all message interact with Bot Framwork all through to bitrix server: im.bitrix.info, can I setup a application as im.bitrix.info by my self at my own server for controlling.
I need it because many cases I can debug what problem with skype bot or bitrix problem.
Unfortunately, no.
Some organizations may restrict Internet access due to security reasons. In this case Firewall controls the incoming and outgoing network traffic based on predetermined security rules. In order to to be able to work with your Bitrix24 account, please make sure you have the following addresses allowed in your Firewall: *.bitrix24.com, *.bitrix24.net (Bitrix24.Network, authorization)
International domains:
*.bitrix24.de (Germany)
*.bitrix24.es (Spanish speaking countries)
*.bitrix24.com.br (Portuguese speaking countries)
*.bitrix24.cn (China)
*.bitrix24.in (India)
*.bitrix24.eu (Europe)
*.bitrix24.fr (France)
For all of the above mentioned addresses we recommend to allow subnet mask *.bitrix24.*.
Please note that the following addresses should be allowed as well in order to provide simaltaneous work of such services as telephony, bots, open channels, videos: *.bitrix.info, bitrix*.cdnvideo.ru, *.cloudfront.net
https://helpdesk.bitrix24.com/open/6355275/
Bitrix telephony, bots, open channels and videos work through the cloud server.

XMPP whitelists?

We have an enterprise installation of QuickBlox (which implements XMPP), and would like to create mirrored accounts for all of our users on our QuickBlox server install. We also want to sync the networks our system's users have created using relationships (eg, "client and provider") that have been built on our system.
In a nutshell, we want to export whitelists that limit chat "opponents" to only those users with whom each of our users already have relationships. If User1 has an existing relationship in our system with User2 and User3 but not User4 through User40, we want to be able to use the QuickBlox API to enforce that within chat by creating a whitelist through the QuickBlox API.
EDIT: We can't use an "honor system" whitelist. That is, the enforcement must be server-side using a method the client cannot circumvent. There must be a hard, unavoidable block between users for privacy concerns.
Use case:
A QuickBlox (or XMPP) server has User1 through User40, inclusive.
User1's whitelist is comprised of [User2, User3] only.
If User1 attempts to contact User15, we want QuickBlox/XMPP to note that User15 is not on User1's whitelist and block that communication as if User1 had bidirectionally blocked that user.
Privacy lists, aka blacklists
I have found places in QB's docs that refer to the XMPP specification docs, and have found the concept of privacy lists, which seem to operate as blacklists:
https://quickblox.com/developers/Web_XMPP_Chat_Sample#Privacy_lists
https://xmpp.org/extensions/xep-0016.html#protocol-syntax
These only provide two styles of blacklist privacy:
You can choose a type of blocked logic (Privacy List). There are 2
types:
Block in one way. You are blocked, but you can write to
blocked user.
Block in two ways. You are blocked and you also can't
write to blocked user.
Server Whitelist (dialog-level, not user)
I've also found documentation on whitelists for servers, which appear to operate at a dialog/jid, not user, level:
https://xmpp.org/extensions/xep-0133.html#edit-whitelist
An entity added to a whitelist MAY be a JID of any form as specified in RFC 6120... a whitelist may prevent inbound communications, outbound communications, or both...
Rosters -- "presence" detail only?
There are also rosters, which are close to whitelists, but they do not seem in my testing to restrict communication between any two users that might not be on each other's roster.
https://quickblox.com/developers/Web_XMPP_Chat_Sample#Get_the_roster
That is to say, I haven't set up a roster in my testing application, and users are able to create group and 1-on-1 chat dialogs in spite of not having explicitly accepted any roster requests. In the Android docs, I found the following on rosters: "[A roster] is the collection of users a person receives presence updates for." That's not blocking in any way outside of presence alerts, I don't believe.
Question
Is there a suggested way to create a pessimistic whitelist for each user, which only contain those users with whom communication is allowed? Or are we forced to create and maintain "inverse blacklists", where we automate the creation of privacy lists for every new user blocking every other user and then use the API to remove those with which each user should be able to communicate?
If we do have to use "inverse blacklists", is there a way to have a default blacklist apply to every new user that initially blocks communication with every other user already in our QuickBlox system?
(Again, we can't use "honor system" lists. If the client must request a whitelist to be active before it can be used, can freely discover and then change active whitelists, or if the client can decline to use a list, that's not secure enough.)
XMPP Clients
XMPP clients will need a way to ask another clients if they support receiving pushes via a relay. Since pushes can be sent from anywhere, clients will also be able to send pushes directly to other clients through the relay as long as they have their friend’s whitelist token. They will also need to respond to XMPP server inquiries for whitelist tokens to allow pushes to be sent by the server if a message is sent by a client not supporting direct push.
XMPP Servers
XMPP servers can ask their connected clients if they support push relays and, if so, forward messages they receive to the push relay server when the client is offline. This will require the XMPP server to obtain a whitelist token from the user as well.
Help:see this link
If we are talking about XMPP protocol - there is an ability to block any communications from/to (see example 48)
So, by default, you can set it for each user for example.
Then, if we need to allow to communicate with someone specific,
then you can add this user to your privacy list with action=allow and order greater than 'full block'. Here is actually a good example of whitelist implementation via Privacy Lists, see example 8:
and (3) 'special', which allows communications only with three
specific entities.

How can I avoid google mail server asking me to log in via browser?

I am trying to send emails from Django using an email configured by Google Apps, my configuration at the settings.py file looks something like this:
EMAIL_HOST = 'smtp.gmail.com'
EMAIL_HOST_USER = 'contact#mydomain.com'
EMAIL_HOST_PASSWORD = 'password'
EMAIL_PORT = 587
EMAIL_USE_TLS = True
When I try to send an email using:
from django.core.mail import send_mail
send_mail("Happy new year", "We wish you the best for 3001",
"contact#mydomain.com", ["someuser#gmail.com"])
I get the following error:
SMTPAuthenticationError:
(535, '5.7.1 Please log in with your web browser and then try again.
Learn more at
5.7.1 https://support.google.com/mail/bin/answer.py?answer=78754 k2sm758604obl.14')
Since I'm working on a remote server with no graphical user interface, I cannot even try to login from the browser.
Just go to
https://accounts.google.com/DisplayUnlockCaptcha
and click "continue". This is going to allow access from other servers.
I've been messing with this for a couple of hours within a cucumber/capybara/selenium test - discovered something stupid which will fix this error for good, guaranteed
The all too familiar error:
Please log in via your web browser: https://support.google.com/mail/accounts/answer/78754 (Failure) (Net::IMAP::NoResponseError)
As it turns out, there are TWO "Allow Less Secure Apps" toggles which need to be changed to allow logins from unknown devices/IMAP.
One here: https://myaccount.google.com/security?pli=1#connectedapps (bottom of the page)
And one here: https://www.google.com/settings/security/lesssecureapps
BOTH OF THESE GODFORSAKEN TOGGLES need to be changed to get rid of this error message.
edit: from user Milothicus (https://stackoverflow.com/users/3538026/milothicus): in myaccount.google.com, under 'Sign-in & Security', select 'Connected apps & sites'. this also has an option to 'Allow less secure apps'. after turning this one on, my server could now send me an automated email.
When I tried to access my account I was sent this email consisting of this link.
https://www.google.com/settings/security/lesssecureapps
You can turn-on then possibly turn-off after you've done testing.
I got the following response from Google Apps support:
You need to turn on your Outbound relay. To do this:
Log into your account at google.com/a/yourdomain.com
Click the Settings tab and then select Email in the left column.
In the Outbound relay section, select Allow users to send mail through an external SMTP when configuring a "from" address hosted
outside your domain.
Click Save changes.
They also provided a help link: http://support.google.com/a/bin/answer.py?hl=en&answer=176054
After turning on Outbound relay and using the proxy to login to the webmail one more time (thanks to #DaniloBargen and #joshcartme) the issue was resolved. I've read the link explaining what the Outbound relay is and I'm not really sure why would I need it (I don't believe I'm using an external SMTP server).
Since I'm not really sure this is what solved the issue I won't mark the response as accepted until I get some confirmation.
Set up an ssh tunnel to the server in question so that you could, from your home computer, log in to the gmail web client using the server's IP. You probably need to tunnel port 80 and port 443, maybe just 443. After logging in through the web client the problem should go away according to knowledge base article listed in the SMTPAuthenticationError.
Here's an example of how to set up the tunnel:
http://www.noah.org/wiki/SSH_tunnel#simple_port_forwarding_.28SSH_tunneling.29
Option #1 (this worked for me):
After getting the error Please log in with your web browser and then try again. Learn more etc. when trying to send email from my web application, I logged in to the email via browser from my local computer.
After I logged in, there was a yellow notification bar on top which asking me if I want to allow external application access my mail. I confirmed this and Google asked me to log in to the account from the application within the next 10 mins. This will white-list the application.
Option #2:
If Option #1doesn't work for you, try this: http://www.rocketideas.com/2012/05/gmail-error-password-not-accepted-from-server-solved/
etusm provided two locations to turn on less secure apps:
One here: https://myaccount.google.com/security?pli=1#connectedapps
(bottom of the page)
And one here: https://www.google.com/settings/security/lesssecureapps
both were turned on, but my headless server still couldn't send me an email. based on JohnPang's google+ recommendation, i found a third location where i had to allow access to less secure apps:
in myaccount.google.com, under 'Sign-in & Security', select 'Connected apps & sites'. this also has an option to 'Allow less secure apps'. after turning this one on, my server could now send me an automated email.
I found the solution at: https://support.google.com/accounts/answer/185833?hl=en and finally https://security.google.com/settings/security/apppasswords
If you are testing your project on a local machine, you should go to the latter link, and enable "Access for less secure apps".
Do you have two factor authentication enabled for the apps account ? Then you might need to use an application specific password for that application.
All of the above doesn't help in my case (weird). But this link might help you:
https://security.google.com/settings/security/activity
You can access it via Google Plus
Open Google+
Select "Security" from the top
Under "Recent activity" click "View all events"
You will see a list of "Unusual Activity"
It shows "Application / device sign-in attempt (prevented) Singapore" as I'm using AWS from Singapore
Click on "Change" > "Yes, that was me!"
Retry again. Done!
As of now (look at my post date) there is only one "Allow less secure apps" toggle in the Gmail account admin UI:
https://myaccount.google.com/u/0/security#connectedapps
It'll work from your local computer (Mac or PC) after that.
To allow access from Amazon EC2 (and I suspect other Cloud-located hosts), there is yet another flag to set in Google's never ending battle with spammers:
https://accounts.google.com/b/0/DisplayUnlockCaptcha
Recently, I have found that this issue can be resolved by confirming that the activity has originated from a request I initiated, by visiting Google Account
I had to confirm, under Security Events, that the suspicious activity was in-fact me, even though the originating server from where the request came from was cloud hosted, and therefore over 1000 km away. After clicking this step, and setting less secure apps, I was able to use getmail to retrieve my mail, over ssl using either imap or pop.
Just want to highlight Danilo Bargen's comment:
An easier way to connect to the other network using tunnels is to use a dynamic tunnel (ssh -D 6789 remotehost) and then to set localhost:6789 as SOCKS5-Proxy in Firefox. Then you are basically in the remote network with your browser and localhost is the remote host
Also I want to add that SOCKS Proxy method also works with Chrome. As a result you can log in with your local web browser as if you are on a server.
change your settings at https://www.google.com/settings/security/lesssecureapps so that your account is no longer protected by modern security standards.
This is occuring due to some apps are marked as less secure apps by google. So to use those apps, you need to give access for those apps. to do that follow http://www.codematrics.com/your-imap-server-wants-to-alert-you-to-the-following-please-login-via-your-web-browser-gmail/
Hope this will solve your issue.
In my case, when i tried to login to the google account via web, it asked me for a captcha. I entered the captcha and then the automation worked.

XMPP: how to request server for presence status of a user's contacts?

We have a site and we developed a chat system for it using strophe.js library and ejabberd XMPP server. We use session attachment that was initiated with PHP (using an in-house library). What we do is get the RID and SID from the PHP script, then use strophe's session attachment. The said RID and SID is stored on a cookie and the RID value on the cookie is updated every update of the RID on strophe.js.
This works fine, after logging in we receive the presence status of each of our contacts. The problem with this is, when you go to another page on the site, and attach using the said RID (we use the incremented value produced by strophe) and SID, the server wouldn't send presence information of your contacts anymore as opposed to when you logged in. This caused our contacts area to appear all invisible even though they are online. They would only appear online if you (or your contact) log out on the chat, then log in again (since you will receive a presence update from the XMPP server).
I have written a workaround where the presence status of your contacts is saved on a cookie (all online contacts will have their JIDs saved on the cookie) when a presence is received from the server. This is checked every page load, if the cookie is set, it will be read, and all JIDs on the cookie will be marked as online. This is working fine but there might be some better ways to solve this, using XMPP's default behaviors.
XMPP servers send presence probes to all your contacts on your behalf when you send your own initial presence to the server. From then on, you will only receive presence status changes from your contacts.
If you lose the presence state of your contacts, you will need to send your own presence probes to re-establish that state. However, this is probably not something you want to do a lot, and passing around the presence state is probably preferred in most cases.
You could try passing the state via XMPP. For example, you could use Private XML Storage (XEP-0049), Pubsub (XEP-0060), or PEP (XEP-0163).
Another option instead of cookies for passing it client side is to use an HTML5 SharedWorker object to hold the state.
I shudder to think of the scale properties associated with storing all of the presence you just received from the server back to the server in private storage. Private storage almost always is backed to long-term storage rather than stored in memory, so you're going to grind your server's disk to dust.
If you want to store more state in the browser, and insulate yourself from browser version, and you're already using jQuery, then jStore is pretty sweet.