I have exported gmail logs to bigquery.
I have some third party IP addresses in our G Suite SMTP Relay whitelist:
https://support.google.com/a/answer/2956491?hl=en
Since the 3rd party can essentially send mail on behalf of any account in the domain, I would like to audit the IP's and the email address they are sending mail as.
I can't figure out the right fields from the schema to query.
https://support.google.com/a/answer/7230050?hl=en
Anyone done something similar?
Thanks!
Related
During the process of creating a service account to access Gmail API, I found that Domain wide delegation to the service account is required. But, this will allow the service account to access all the mailboxes in the domain. Is it possible to put some restriction on the service account so that it can access only certain mailbox/mailboxes.
I couldn't find any workaround to put some restriction on the service account. I am expecting a way to put some mailbox reading restrictions on the service account.
When you configure domain wide deligation you will need to also configure the user on the domain that the service account will be allowed to impersonate.
Then in your code you will need to supply the email address of that user in the domain.
The service account will then be able to run as that user sending emails from that users account and reading emails from it.
it can only access accounts it has been configured to access
I want to create ticket in our system when somebody sends email to support#mydomain.com. I'm using GmailAPI to read new messages from that gmail account.
Currently I'm using service account and domain wide delegation (DWD) for authentication.
The problem is that with DWD I can access all user accounts from my organization and this is what I want to avoid.
Is it possible configure service account this way, so that it has access to only one user account? Or can I generate and use private key for single user account instead of service account with DWD?
I am trying to configure Gmail API in a way so I can pull the inbox messages as well as respond against them. Basically, I am implementing a CRM and this one of the modules of that CRM. I got an email from Gmail verification support telling me that this needs to undergo a security assessment if your application can send Google suer data from a restricted scope to remote servers. For third-party security assessment, they mentioned that it may cost from $8,000 to $75,000. Is there some other way to tackle this? This is too much!
I know that smtp.gmail.com will no longer support less secure apps in 2021. In order to migrate to using oauth access tokens, I am trying to understand the flow.
I do not want to access users gmail account information, I simply want to send them an email that contains password recovery link for my application. Everything I've been reading talks about getting access_token and displaying consent screen to the user before sending emails. This indicates to me that all these tutorials assume you want to send emails on behalf of the user.
I just want to use a single gmail account to send password recovery emails. How can this be achieved?
I have splunk installed and currently I'm using SMTP server local host with port no-25. I have tried using gmail and its default port number. but I want to send email using Outlook credentials instead of gmail or smtp local host.
Good news is that you can configure the outgoing e-mail server from the UI. You can browse to Settings > Server settings > Email settings.
On the page below you'll find the IMAP/POP/SMTP settings for common e-mail providers including Outlook.com / Microsoft 365. This together with your username/password should get you sending e-mails from Splunk in no time.
https://support.microsoft.com/en-us/office/pop-and-imap-email-settings-for-outlook-8361e398-8af4-4e97-b147-6c6c4ac95353