How to send a mail with TiTiTo by google mail?

Started by Volker Dirr, July 22, 2020, 10:23:42 AM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Volker Dirr

Google mail has smtp support disabled by default.
If you want to sent a mail, then you need to enable smtp in your google settings. You need to allow external software.
I found a small video that show you how to do it: You only need to do the first IMAP stuff. IMAP is only for reading e-mails.
https://www.youtube.com/watch?v=D-NYmDWiFjU

You can also use port 587 with TLSSTART
(i saw that 2 sentences in the test mail are missing, i will fix that with the next TiTiTo release. But that doesn't matter much. It is working fine with google mail.)

Benahmed Abdelkrim

thanks for this video.
I activated the Gmail smtp, and then I tried to send an email, but Unfortunately without success. Screenshot attached below. I couldn't find the problem  :(
B.A/krim

Volker Dirr

#2
Please double check the google settings. Sometimes google doesn't save the settings.
Check if you done like in the video. You don't need to enable IMAP, but the second checkbox.

I tried with port 465 and SSL
and also port 587 and STARTTLS

"User" must be the full e-mail (not only the name)

You might also get a "security warning" e-mail at your account. I am not sure if it is needed to approve that mail, but i done it.

Benahmed Abdelkrim

Thanks. I will follow your instructions above and I hope to succeed in sending an email..
B.A/krim

Benahmed Abdelkrim

Sent succesfully. I applied all the steps but forgot to enter the password. I'm sorry.
But don't you see that entering the e-mail password in another program is a threat to security?
thanks for your help  :)
B.A/krim

Benahmed Abdelkrim

But Unfortunately, the arabic writing is still left to right...
this Qt bug still uncorrected :(
B.A/krim

Volker Dirr

I tired also myself some more.
The guy in the video is wrong. IMAP is not needed. You can disable it. (Since IMAP is only for reading mails).

I can't avoid asking for the password. In fact i might steal it and sent it to me, but that is illegal of course.
But it is similar to all other tools. If you enter your google password in the webbrwoser like chrom, firefox, edge, opera, ...
or if you enter the password in an e-mail client like outlook, thunderbird, kmail, ...
You always need to trust that programs and the your operating system.
So if you open a webbrower in windows and enter your google account, then microsoft windows and also your webbrowser might steel your password. So you need to trust them.

That is why i wrote that the password is saved unencrypted, since as soon as you know where it is saved, other guys might steel it.
If you keep the password blank, then i (TiTiTo) won't save it. That is more secure, but you always need to enter it as soon as it is needed.
But in fact even that is not 100% safe, since a keylogger can steal it, microsoft windows can steal it, ...


Higher security is often combined with less comfort.

If you are paranoid, then you might check your network traffic and check if someone sent something without your permission. A good tool for that is wireshark (see https://www.wireshark.org/ ).



You mean in the e-mail it is left to right? I will check it, since that is in fact not Qt bug. I fear it is bug of the software your are using to view the e-mail.

Volker Dirr

ahh... now i see what you mean. I forgot to ask for password if you keep it blank. i will fix that.

Volker Dirr

hmm... this time it is sadly not Qt bug. It is bug of the e-mail-client software :-(
I sent valid html. If i open the html file with a webbrowser, then the Arabic mails are correct from right to left, but if i sent that to an e-mail-client (even if it is running in the same webbrwoser), then it istn't right to left :-(
i also tried to use the new html 5 head (instead of the xhtml 4 head). But even with that the same: in a webbwoser it is fine. As soon as i sent it to the web client, it ignores the right to left.
Sadly i don't know how to fix it and why it is ignored. It is valid html. I checked with validators.

Benahmed Abdelkrim

Thanks for the clear explanations.  Yes, you are right , we have to put our trust in these programs, otherwise we will lose the comfort that provide.  It is a question that may come to anyone's mind and I wanted to ask it.
B.A/krim

Benahmed Abdelkrim

Quote from: Volker Dirr on July 22, 2020, 01:51:56 PM
hmm... this time it is sadly not Qt bug. It is bug of the e-mail-client software :-(
I sent valid html. If i open the html file with a webbrowser, then the Arabic mails are correct from right to left, but if i sent that to an e-mail-client (even if it is running in the same webbrwoser), then it istn't right to left :-(
i also tried to use the new html 5 head (instead of the xhtml 4 head). But even with that the same: in a webbwoser it is fine. As soon as i sent it to the web client, it ignores the right to left.
Sadly i don't know how to fix it and why it is ignored. It is valid html. I checked with validators.
yes indeed it is a bug of the Gmail application.  i used chrome the timetables are displayed in the correct direction from right to left. See the attached screenshot
B.A/krim

Volker Dirr

Interesting. That is the correct view.
It looks like Gmail doesn't inherit the right to left direction to "lower level elements" (even it should inherit that with html and css).
I tried to force that (since there is a special command to force inherit RTL direction, but it doesn't work.
I saw i can do it also in Gmail RTL if a add that direction to each single element. But that is a titanic and "dangerous" work, it should work with inherit.
hmm... I will try some more and maybe write a bug report to Gmail.

About the second thing: I might encrypt the password, but the bad thing is that you need to enter a password to encrypt, so it doesn't help.
A trick might be using a "default" password, but in that case everybody will be able to get the password just by try and error.
A second trick might be using a password what is individual generated by your computer (for example your hardware or windows key).
By that you can't decrypt the password such easy on an other computer. But it will be still easy if someone have access to your computer.
hmm... I will think about the second variant. Maybe i will use that. So it will be slightly more secure.

I will also fix the bug that he ask for password if you didn't stored it. But please wait a bit, since i want to do some more fixes and it always need to much time to compile also for Windows and MacOS (since i am developing with Linux).

Liviu Lalescu

In KMail, which I used long time ago, they said they can store the password in a scrambled form, but it can be found by a clever person.

In ClawsMail, which I am using now, the option is only to save password for the current session (until I exit the mail client). Password is not stored on the hard disk.

In Firefox you can save the passwords and see them in clear text in the program.

I prefer ClawsMail's approach.

Volker Dirr

#13
Yes, i think i will also use a scrambled form. I will use a "key" that is stored in the settings - of course everyone can read that - and add a second key (based on the hardware or OS, so you can't find that in the settings), do a cryptic hash on that and use that string to scramble. So even if you know the encrypted password and the key and the way how i scramble, you will be "only" easily able do decrypt if you use the same hardware and OS.
Advantage: a bit more save
Disadvantages: if you have a new OS or hardware, then it won't read the password anymore correct. But in fact that isn't critical, since you just need to enter the password once again and it will work again. The other small disadvantage is how to read hardware information. I want to use Qt for that (since it is easy), but Qt can't read much hardware and OS information. So if i read to "less" hardware information, then nearly all other computers might have the same values. If I read to much information, then you might always enter the password once again as soon as the OS done an update.

Of course i will also keep to always ask for password and not store it at all if you keep it empty. (I am not sure if i should store it in memory for the whole session. I will think about that. Currently i don't save it in memory for the whole session.)

Volker Dirr

Done. I can save the password encrypted now.
Now for example a password with 8 letters looks like this:
152_65510_16_221_125_65519_65462_65515
And there are 8 times the same letter :-) (since i used a cryptic hash to scramble. based on a key and computer OS information. So you can't decrypt if you don't have that also the same key and OS information.)
So kids can't read it anymore. But of course skilled guys might read the key and disassemble my code; so that guys "only" also need to know your OS information if they want to decrypted the saved password.

I can also keep the password for the session in memory only, without saving it on disk. It is not difficult to care about that. But i won't encrypt it in memory. If you also want it encrypted in memory, then i suggest to buy a computer that can encrypt memory by hardware.

I will do the same stuff for proxy and ftp password tomorrow.

Do you think i need to do the same for the user name?