Setting up event forwarding to a Gmail SMTP service

You can setup Lenovo XClarity Administrator to forward monitored events to a web-based email service, such as Gmail.

Use the following configuration examples to help you set up your event forwarder to use the Gmail SMTP service.

Note: Gmail recommends using the OAUTH2 authentication method for the most secure communication. If you choose to use regular authentication, you will receive an email indicating that an application tried to use your account without using the latest security standards. The email includes instructions for configuring your email account to accept these types of applications.

For information about configuring a Gmail SMTP server, see https://support.google.com/a/answer/176600?hl=en.

Regular authentication using SSL on port 465

This example communicates with the Gmail SMTP server using the SSL protocol over port 465, and authenticates using a valid Gmail user account and password.

Parameter Value
Host smtp.gmail.com
Port 465
SSL Select
STARTTLS Clear
Authentication Regular
User Valid Gmail email address
Password Gmail authentication password
From Address (optional)

Regular authentication using TLS on port 587

This example communicates with the Gmail SMTP server using the TLS protocol over port 587, and authenticates using a valid Gmail user account and password.

Parameter Value
Host smtp.gmail.com
Port 587
SSL Clear
STARTTLS Select
Authentication Regular
User Valid Gmail email address
Password Gmail authentication password
From Address (optional)

OAUTH2 authentication using TLS on port 587

This example communicates with the Gmail SMTP server using the TLS protocol over port 587, and authenticates using a valid Gmail user account and security token.

Use the following example procedure to obtain the security token.

  1. Create a project in the Google Developers Console, and retrieve the client ID and client secret. For more information, see the Google Sign-In for Websites webpage website.

    1. From a web browser, open the Google APIs webpage.

    2. Click Select a project > Create a project from the menu on that webpage. The New Project dialog is displayed.

    3. Type a name, select Yes to agree to the license agreement, and click Create.

    4. On the Overview tab, use the search field to search for "gmail."

    5. Click GMAIL API in the search results.

    6. Click on Enable.

    7. Click the Credentials tab

    8. Click OAuth consent screen.

    9. Type a name in the Product name shown to users field, and click Save.

    10. Click Create credentials > OAuth client ID.

    11. Select Other, and enter a name.

    12. Click Create. The OAuth client dialog is displayed with your client ID and client secret.

    13. Record the client ID and client secret for later use.

    14. Click OK to close the dialog.

  2. Use the oauth2.py Python script to generate and authorize a security token by entering the client ID and client secret that was generated when you created the project.

    Note: Python 2.7 is required to complete this step. You can download and install Python 2.7 from the Python website).
    1. From a web browser, open the gmail-oauth2-tools webpage.

    2. Click Raw, and then save the content as a file name oauth2.py on your local system.

    3. Run the following command a terminal (Linux) or a command line (Windows):

      py oauth2.py --user=<your_email> --client_id=<client_id> 
         --client_secret=<client_secret> --generate_oauth2_token

      For example

      py oauth2.py --user=jon@gmail.com 
         --client_id=884243132302-458elfqjiebpuvdmvdackp6elip8kl63.apps.googleusercontent.com 
         --client_secret=3tnyXgEiBIbT2m00zqnlTszk --generate_oauth2_token
      

      This command returns a URL that you must use to authorize the token and retrieve a verification code from the Google website, for example:

      To authorize token, visit this url and follow the directions:
      
      https://accounts.google.com/o/oauth2/auth?client_id=884243132302
      -458elfqjiebpuvdmvdackp6elip8kl63.apps.googleusercontent.com&redirect_uri=
      urn%3Aietf%3Awg%3Aoauth%3A2.0%3Aoob&response_type=code&scope=https%3A%2F%2Fmail.
      google.com%2F
      
      Enter verification code:
      
    4. From a web browser, open the URL that was returned in the previous step.

    5. Click Allow to agree to this service. A verification code to returned.

    6. Enter the verification code in the oauth2.py command.

      The command returns the security token and refreshes token, for example:

      Refresh Token: 1/K8lPGx6UQQajj7tQGYKq8mVG8lVvGIVzHqzxFIMeYEQMEudVrK5jSpoR30zcRFq6
      Access Token: ya29.CjHXAsyoH9GuCZutgIOxm1SGSqKrUkjIoH14SGMnljZ6rwp3gZmK7SrGDPCQx_KN-34f
      Access Token Expiration Seconds: 3600
      
      Important: The security token expires after a period of time. You can use the oauth2.py Python script and the refresh token to generate a new security token. It is your responsibility to generate the new security token and update the event forwarder in Lenovo XClarity Administrator with the new token.
  3. From the Lenovo XClarity Administrator web interface, set up event forwarder for email using the following attributes:

    Parameter Value
    Host smtp.gmail.com
    Port 587
    SSL Clear
    STARTTLS Select
    Authentication OAUTH2
    User Valid Gmail email address
    Token Security token
    From Address (optional)