Differences

This shows you the differences between two versions of the page.

--- user:sachy:lakatux [2022/07/21 21:25] – sachy
+++ user:sachy:lakatux [2023/09/10 09:16] (current) – novy patch sachy
@@ Line 3: / Line 3: @@
 Ani balik neodstranis, protoze je to v zavislostech...!
-==== Vira duveru prenasi ====
+===== Vira duveru prenasi =====
 <code>
@@ Line 10: / Line 10: @@
 </code>
-==== Fixovani hipstrovin ====
+===== Fixovani hipstrovin =====
 Edit "/etc/default/grub"
@@ Line 24: / Line 24: @@
-==== clubmate ====
+===== clubmate =====
 <code>
@@ Line 37: / Line 37: @@
 </code>
-==== Nebezpecny SW pod jinym uzivatelem ====
+===== Nebezpecny SW pod jinym uzivatelem =====
 Odriznuti prohlizece nebo jineho nebezpecneho SW od dat bezneho uzivatele (sachy) tim, ze se bude spoustet pod vlastnim neprivilegovanym uzivatelem (ffuser). Obdobne pro jiny crapware...
@@ Line 64: / Line 64: @@
 </code>
-==== Finch a jeho zavislosti ====
+===== Finch a jeho zavislosti =====
 Finch je TUI irc/jabber/... komunikator nad libpurple0 (oboji soucast pidginu, ale pouzitelne samostatne). V debian-like distrech terminalovy klient zavisi na fontech a dalsich GUI nesmyslech.
@@ Line 117: / Line 117: @@
 Profit!
-==== mutt ====
+===== mutt =====
 === Zvyraznovac dulezitych headeru v muttu ===
@@ Line 209: / Line 209: @@
 <code diff mutt_save_file_perm.patch>
---- PATCHES~    Mon Jul 27 21:36:10 CEST 2020
+diff -Naru /s/mutt-2.2.12/globals.h ./globals.h
-+++ PATCHES     Mon Jul 27 21:36:10 CEST 2020
+--- /s/mutt-2.2.12/globals.h	2023-09-01 08:32:23.000000000 +0200
-@@ -1,0 +1 @@
++++ ./globals.h	2023-09-10 10:13:54.320014522 +0200
-+patch.1.14.6.ms.sfp.1
+@@ -250,6 +250,8 @@
-diff /s/mutt-1.14.6/globals.h ./globals.h
+ WHERE short ScoreThresholdRead;
-a235
+ WHERE short ScoreThresholdFlag;
-> WHERE short SaveFilePerm;
-diff /s/mutt-1.14.6/init.h ./init.h
++WHERE short SaveFilePerm;
-a3139,3143
++
->   { "save_file_perm", DT_NUM, R_NONE, {.p=&SaveFilePerm}, {.l=0600} },
+ #ifdef USE_SIDEBAR
->   /*
+ WHERE short SidebarWidth;
->   ** This variable controls the permissions of saved attachments.
+ WHERE LIST *SidebarWhitelist;
->   ** Use standard POSIX permissions in octal notation, i.e. 0644.
+diff -Naru /s/mutt-2.2.12/init.h ./init.h
->   */
+--- /s/mutt-2.2.12/init.h	2023-09-01 08:32:23.000000000 +0200
-diff /s/mutt-1.14.6/main.c ./main.c
++++ ./init.h	2023-09-10 10:18:22.900015368 +0200
-c669,672
+@@ -3460,6 +3460,11 @@
-<   umask (077);
+   ** \fBNote:\fP This only applies to mbox and MMDF folders, Mutt does not
----
+   ** delete MH and Maildir directories.
->   if(SaveFilePerm==600)
+   */
->     umask (077);
++  { "save_file_perm", DT_NUM, R_NONE, {.p=&SaveFilePerm}, {.l=0600} },
->   else
++  /*
->     umask (000);
++  ** This variable controls the permissions of saved attachments.
-diff /s/mutt-1.14.6/muttlib.c ./muttlib.c
++  ** Use standard POSIX permissions in octal notation, i.e. 0644.
-a2499,2514
++  */
->   /* Convert file permission from decadic to octal */
+   { "save_history",     DT_NUM,  R_NONE, {.p=&SaveHist}, {.l=0} },
->   unsigned short own=0;
+   /*
->   unsigned short grp=0;
+   ** .pp
->   unsigned short oth=0;
+diff -Naru /s/mutt-2.2.12/main.c ./main.c
->   unsigned short SFPoct=0;
+--- /s/mutt-2.2.12/main.c	2023-09-01 08:32:23.000000000 +0200
->   own=SaveFilePerm/100;
++++ ./main.c	2023-09-10 10:15:20.128014792 +0200
->   grp=(SaveFilePerm-own*100)/10;
+@@ -690,7 +690,10 @@
->   oth=SaveFilePerm-(own*100)-(grp*10);
+   mutt_error = mutt_nocurses_error;
->   if(own>7||grp>7||oth>7)
+   mutt_message = mutt_nocurses_error;
->   {
+   SRAND (time (NULL));
->     SFPoct=0600;
+-  umask (077);
->     dprint(1,(debugfile,"safe_open: Value %d is not valid octal permission mask.\n",SaveFilePerm));
++  if(SaveFilePerm==600)
->   }
++    umask (077);
->   else
++  else
->     SFPoct=own<<6|grp<<3|oth;
++    umask (000);
->
-c2526
+   memset (Options, 0, sizeof (Options));
-<     if ((fd = open (mutt_b2s (safe_file), flags, 0600)) < 0)
+   memset (QuadOptions, 0, sizeof (QuadOptions));
----
+diff -Naru /s/mutt-2.2.12/muttlib.c ./muttlib.c
->     if ((fd = open (mutt_b2s (safe_file), flags, SFPoct)) < 0)
+--- /s/mutt-2.2.12/muttlib.c	2023-08-18 05:03:18.000000000 +0200
-c2541
++++ ./muttlib.c	2023-09-10 10:36:18.872018760 +0200
-<   if ((fd = open (path, flags & ~O_EXCL, 0600)) < 0)
+@@ -2562,6 +2562,22 @@
----
+   BUFFER *safe_file = NULL;
->   if ((fd = open (path, flags & ~O_EXCL, SFPoct)) < 0)
+   BUFFER *safe_dir = NULL;
++  /* Convert file permission from decadic to octal */
++  unsigned short own=0;
++  unsigned short grp=0;
++  unsigned short oth=0;
++  unsigned short SFPoct=0;
++  own=SaveFilePerm/100;
++  grp=(SaveFilePerm-own*100)/10;
++  oth=SaveFilePerm-(own*100)-(grp*10);
++  if(own>7||grp>7||oth>7)
++  {
++    SFPoct=0600;
++    dprint(1,(debugfile,"safe_open: Value %d is not valid octal permission mask.\n",SaveFilePerm));
++  }
++  else
++    SFPoct=own<<6|grp<<3|oth;
++
+   if (flags & O_EXCL)
+   {
+     safe_file = mutt_buffer_pool_get ();
+@@ -2573,7 +2589,7 @@
+       goto cleanup;
+     }
+-    if ((fd = open (mutt_b2s (safe_file), flags, 0600)) < 0)
++    if ((fd = open (mutt_b2s (safe_file), flags, SFPoct)) < 0)
+     {
+       rmdir (mutt_b2s (safe_dir));
+       goto cleanup;
+@@ -2588,7 +2604,7 @@
+     }
+   }
+-  if ((fd = open (path, flags & ~O_EXCL, 0600)) < 0)
++  if ((fd = open (path, flags & ~O_EXCL, SFPoct)) < 0)
+     goto cleanup;
+   /* make sure the file is not symlink */
 </code>
@@ Line 283: / Line 321: @@
 </code>
-==== URL MitM ====
+=== Export message as .eml ===
+Sometimes third party requires an .eml message to be send as a "proof" of communication. So be it...
+Make sure to have '|' bound to default behavior in index and pager contexts. Also pick some invocation key, for example 's'. The macro will invoke external script called file_email.sh
+<code muttrc muttrc>
+macro index,pager s "| ~/.mutt/file_email.sh /tmp<enter>"
+set pipe_decode=yes
+</code>
+And now the script to store the email to the /tmp
+<code bash file_email.sh>
+#!/bin/bash
+# Save piped email to "$1/YYMMDD_SUBJECT.eml"
+# Make sure commands 's' and '|' have default meaning and are NOT unbinded
+# Don't overwrite existing file
+set -o noclobber
+message=$(cat)
+maildate=$(<<<"$message" grep -oPm 1 '^Date: ?\K.*')
+fdate=$(date -d "$maildate" "+%y%m%d")
+subject=$(<<<"$message" grep -oPm 1 '^Subject: ?\K.*' | sed 's,/,∕,g')
+if [[ "$fdate" == '' ]]; then
+  echo "Error: no date parsed"
+  exit 1
+elif [[ "$subject" == '' ]]; then
+  echo "Warning: no subject found"
+fi
+echo "${message}" > "$1/$fdate""_""$subject.eml" && echo "Email saved to $1/$fdate""_""$subject.eml"
+exit
+</code>
+===== URL MitM =====
 Nektera dialogova okna maji klikaci odkaz u ktereho nejde zjistit cilova adresa, nebo se crapware snazi otevrit nejaky web sam od sebe. Resenim je nahradit vychozi browser dialogovym oknem, ktery onen odkaz zobrazi.
@@ Line 314: / Line 389: @@
 </code>
-==== Zniceni .xsession-errors ====
+===== Zniceni .xsession-errors =====
 V HOME se tvori zbytecny, obrovsky log .xsession-errors a .xsession-errors.old. Presmerovani do /dev/null nepomaha, Xka si ho zase nahradi za bezny soubor.
@@ Line 324: / Line 399: @@
 </code>
-==== Snizovani zbytecneho IO ====
+===== Snizovani zbytecneho IO =====
 v /etc/fstab se da pripojovat filesystem s volbami "noatime,nodiratime", coz zakaze aktualizace casu pristupu k souboru/adresari (IMHO uplne zbytecny timestamp).
@@ Line 348: / Line 423: @@
 </code>
-==== Nenazrane pulseaudio ====
+===== Nenazrane pulseaudio =====
 Pulseaudio si v /dev/shm dela 64MiB binarni bloby (pulseaudio-shm-*) a NEMAZE je po sobe, cimz efektivne zere "cached" (protoze tmpfs) RAM.
@@ Line 360: / Line 435: @@
 </code>
-==== Nefunkcni suspend (uspani do RAM) ====
+===== Nefunkcni suspend (uspani do RAM) =====
 Devuan (MATE 1.8) se neumi uspat do RAM i s nainstalovanym acpi a pm-utils. Je potreba vyresit uspani a zaroven zamkuti obrazovky (pm-suspend jen uspi, ale nezamkne).
@@ Line 378: / Line 453: @@
 action=/etc/acpi/lid.sh</code>
-==== Zakazani diskretni nvidie ====
+===== Zakazani diskretni nvidie =====
 Kdyz diskretni grafika jenom zere baterku a nani potreba, tak se da defaultne vypnout:
@@ Line 394: / Line 469: @@
 </code>
-==== Firefox searchplugin ====
+===== Firefox searchplugin =====
 Vyhledavac [[https://duckduckgo.com|DDG]] umi vysledky poskytovat bez JS v cistem HTML, pripadne vyhledavat primo obrazky. Umi taky parametricky vypnout "filtrovani nevhodneho obsahu" (GET parametr "kp=-2"). Udelal jsem adekvatni searchpluginy do firefoxu:
@@ Line 430: / Line 505: @@
 Ulozit do .mozilla/firefox/PROFIL/searchplugins/NAZEV_VYHLEDAVACE.xml
-==== Disable USB automount ===
+===== Disable USB automount ===
 echo 'ACTION=="add",KERNEL=="sd*",RUN=="/bin/true"' >> /etc/udev/rules.d/noautomount.rules
-==== Debian/Devuan cekaji pri bootu 90 s na sit ====
+===== Debian/Devuan cekaji pri bootu 90 s na sit =====
 Nejaky idiot implementoval default, ze kdyz pri bootu neni link na eth, tak se musi pockat 90s a on se mozna zazracne objevi.
@@ Line 439: / Line 514: @@
 Reseni je snadne: na zacatek /etc/init.d/networking nacpat "exit 0"
-==== Rychlejsi internety ====
+===== Rychlejsi internety =====
 [[https://www.root.cz/clanky/rizeni-toku-algoritmem-bbr-buldozer-nebere-ohledy-na-ostatni-spojeni/]]
@@ Line 448: / Line 523: @@
 </code>
-==== .nanorc ====
+===== .nanorc =====
 <code>
@@ Line 459: / Line 534: @@
 </code>
-==== URL v xattr ====
+===== URL v xattr =====
 Nejaky debil vymyslel a defaultne zapnul ukladani URL stahovaneho souboru do xattr. Informace samotná je uložena jako vlastnost user.xdg.origin.url, případně user.xdg.referrer.url
@@ Line 467: / Line 542: @@
 [[https://www.root.cz/clanky/atributy-souboru-mohou-obsahovat-url-ze-ktere-byl-soubor-stazen/]]
-==== Leading zeros v bc ====
+===== Leading zeros v bc =====
 "bc" zahazuje 0 na zacatku desetinnych cisel, protoze americani maji vseobecne s cislama problem (a neexistuje ani zadny prepinac ktery by to zapnul)
 <code>echo "5*0.1" | bc
@@ Line 476: / Line 551: @@
 <code>alias bc="bc | sed -e 's/^\./0./g' -e 's/^-\./-0./g'"</code>
-==== /tmp a tmpfs ====
+===== /tmp a tmpfs =====
 Software, which was written with the Abacus in mind, expects that the typical processed data wont fit into available RAM. The /tmp directory is the offloading space for such purpose - save the interproduct there and return to it afterwards. But now we have so much RAM, that there are some rumors spreading about the possibility to run TWO electron applications at once!
@@ Line 487: / Line 562: @@
-==== TODO ====
+===== Strange behavior of touchpad and broken scrolling =====
-===== Upgrade Ascii -> Beowulf =====
-==== Strange behavior of touchpad and broken scrolling ====
 X11 migrated from evdev to libinput. Lets go back to the working method...
@@ Line 500: / Line 571: @@
 </code>
-==== Release.pgp unsupported binary format ====
+===== Release.pgp unsupported binary format =====
 When apt-get update says ^^, it means that just some junk is left in /var/lib/apt/lists ...
@@ Line 508: / Line 579: @@
 </code>
-==== ALSA ====
+===== ALSA =====
 Well, audio output gets fucked up completely, since "alsa" command is not provided anymore by any package...
@@ Line 526: / Line 597: @@
 Restart again... a v "alsamixer" nastav co je potreba. Restart again and it works (or GOTO 1)
-==== Boot do tty ====
+===== Boot do tty =====
 Suddenly boots to tty and startx says:
@@ Line 535: / Line 606: @@
 </code>
-==== IEEEtran.bst ====
+===== IEEEtran.bst =====
 Enhancement of popular LaTeX/bibtex style with DOI reference. Just apply {{:user:sachy:ieeetran.bst.diff|the diff}} to the original [[https://www.ieee.org/conferences/publishing/templates.html|IEEEtran.bst]] file...
@@ Line 559: / Line 630: @@
 </code>
-==== Pychess ====
+===== Pychess =====
 The new version of pychess (1.0.0) is just crippled compared to the previous versions. Not only calls home on each and every start (lookup on github for new version), but the widget at the end of the game hides the back/forth controls unless the game window is insanely huge. So apply following patches:
@@ Line 658: / Line 729: @@
 </code>
-==== Disable hostname change by DHCP  ====
+===== Disable hostname change by DHCP  =====
 Someone got a briliant idea of changing system's hostname via DHCP lease reply *by default*. Disable this idiotism by removing "host-name" from the requrest and/or by enforcing your hostname with the "supersede" option.
@@ Line 669: / Line 740: @@
 </code>
-==== redshift ====
+===== redshift =====
 Recent versions of package redshift comes with crazy dependencies, so lets build it from source without ballast...
@@ Line 693: / Line 764: @@
 </code>
-==== exfat on CentOS 5 ====
+===== exfat on CentOS 5 =====
 So you have prehistoric enterprise/medical workstation but the users come with poshy exfat USB drives...
@@ Line 788: / Line 859: @@
 No errors? Congratz.
-==== youtube-dl ====
+===== youtube-dl =====
 If your youtube-dl says:
@@ Line 802: / Line 873: @@
 </code>
-==== df: Operation not permitted ====
+===== df: Operation not permitted =====
 Someone in GOME decided that it is a great idea to break essential tools like 'df' by introducing ehm "feature" called portal.
@@ Line 812: / Line 883: @@
 </code>
-==== Speed-up hibernation ====
+===== Speed-up hibernation =====
 When hibernating the system (storing the state on disk), all RAM content is dumped into the swap area. This includes also caches and other rubbish which can be safely dropped.
 By default, the pm-utils try to fit the state under 2/5 of the RAM size when hibernating to shorten the store/reload time. This is however not a hard-limit, if the content cant fit, then more data is stored. To change the limit, one can edit /sys/power/image_size to desired soft-limit in bytes. In particular, 0 means that the system will hibernate with the smallest amount of data and all caches will be dropped.
-==== Custom LiveCD ====
+===== Custom LiveCD =====
 When you want to have an immutable virtual machine, booting directly the LiveCD of preffered distro is the easiest option. But sometimes one might want to edit some parts of the base ISO.
@@ Line 831: / Line 902: @@
 # cd inside the extracted ISO content and create the isofile somewhere else
 mkisofs -J -l -R -v -o ../livecd_new.iso ./
+</code>
+Sometimes the former ISO does not boot in a crippled environment. So xorriso to create hybrid EFI/MBR image...
+<code bash>
+apt-get install xorriso isolinux syslinux
+xorriso -as mkisofs -isohybrid-mbr /usr/lib/ISOLINUX/isohdpfx.bin -c isolinux/boot.cat -b isolinux/isolinux.bin -no-emul-boot -boot-load-size 4 -boot-info-table -eltorito-alt-boot -e boot/grub/efi.img -no-emul-boot -isohybrid-gpt-basdat -o OUTPUT.iso INPUT_DIR
 </code>
 Virtualbox got a feature called "virtual iso" (VISO), so you can point to the directory with the changed iso files without repackaging into real ISO. Good for debugging.
-==== Dokuwiki sidebar everywhere ====
+===== Dokuwiki sidebar everywhere =====
 For some reason, default dokuwiki shows the sidebar only while reading the pages. In edit/admin mode, the sidebar is not shown.
@@ Line 844: / Line 922: @@
 </code>
-==== Collabora Office ====
+===== Collabora Office =====
 === Disable welcome screen ===
 The "Kolaborant" shows unwanted Welcome Screen everytime new browser is detected. There is no configuration option to disable it, so one have to hide it by editing the CSS.
-Edit "/usr/share/coolwsd/browser/dist/bundle.css", find rules for class "iframe-welcome-wrap" and add there a single rule "display:none!important;"
+Edit "/usr/share/coolwsd/browser/dist/bundle.css", find rules for class "iframe-welcome-wrap" and add there a single rule "display:none!important;" Be warned that the CSS is a oneliner.
 <code css>
@@ Line 884: / Line 962: @@
 Maybe you will need to lease the permissions a little so not only apache, but also coolwsd can read it
 <code bash>
-chmod 755 /etc/letsencrypt/live
+chmod 750 /etc/letsencrypt/live
-chmod 755 /etc/letsencrypt/archive
+chmod 750 /etc/letsencrypt/archive
 service coolwsd restart
 </code>
+=== Document cannot be saved ... contact storage server administrator ===
+Owncloud stores internal locks of files in the database, but have hard time to remove the locks when not needed anymore. As the lock table grows, operations take longer and one day may not arrive before deadline, rendering the file "locked", ie. read-only even when from the users perspective all priviledges are OK.
+The solution is to flush the oc_file_locks table. Be prepared for millions of invalid entries there.
+<code>
+DELETE FROM oc_file_locks WHERE 1;
+</code>
+<note>Do this in maintenance mode to avoid removing valid locks.</note>
+===== ffmpeg capture pulseaudio =====
+<code bash>
+pactl list short sources
+ffmpeg -f pulse -i alsa_output.pci-0000_00_1b.0.analog-stereo.monitor -ac 2 output.flac
+</code>
+===== MIDI keyboard over USB =====
+To actually listern to MIDI instrument, you need to get a database of sounds and software to bind MIDI events to sounds, and mix multiple sounds together. Such software is called synthetizer.
+<code bash>
+apt-get install qsynth fluid-soundfont-gm
+nohup qsynth -a alsa & # run synther
+aconnect -i # get the "client" number of the input device (probably the highest one)
+aconnect -o # get the "FLUID" client number, probably 128
+aconnect <input> <output> # combine input with output
+</code>
+Additional settings may be needed depending on the MIDI device and software used.
+===== JSON in mc =====
+The view function of mc can be enhanced to show JSON files nicely. Just create mcjson.py:
+<code python mcjson.py>
+#!/usr/bin/python3
+import json
+import sys
+gj=json.load(open(sys.argv[1]))
+print(json.dumps(gj,indent=2))
+</code>
+And in mc itself just assign the View function to the proper JSON file:
+<code sh .config/mc/mc.ext>
+# json
+regex/\.[jJ][sS][oO][nN]$
+  Open=(pluma %f >/dev/null 2>&1)
+  View=%view{ascii} prettyjson.py %f 2>&1
+</code>
+===== mutt vs Oauth2 =====
+Oauth2 protocol is more and more popular auth mechanism, so mutt - as the least wrong mail client - have support too. Yet the support is a bit tricky...
+First, download [[https://gitlab.com/muttmua/mutt/-/blob/master/contrib/mutt_oauth2.py|mutt_oauth2.py]] to the .mutt/ and read [[https://gitlab.com/muttmua/mutt/-/blob/master/contrib/mutt_oauth2.py.README|official README]].
+Then generate new PGP key for encryption of the Oauth secrets. "gpg --gen-key". Set the name/email to something mutty, like "mutt@mutt.mutt" to clearly distinguish it and never use in daily life. Also --edit-key to set neverending validity (default one year).
+Edit the downloaded mutt_oauth2.py and change the following:
+<code python>
+ENCRYPTION_PIPE = ['gpg', '--encrypt', '--recipient', 'mutt@mutt.mutt'] # the name of the gpgkey in last param
+...
+'client_id': '9e5f94bc-e8a4-4e73-b8be-63364c29d753', # generic client_id for Thunderbird. Valid (almost?) everywhere
+</code>
+If you want to use your own client_id, search faculty/company/google/MS support for help how to create one.
+Make first contact:
+<code bash>
+./mutt_oauth2.py LOGIN_NAME@DOMAIN.tokens --verbose --authorize # Just a file keeping the secrets...
+</code>
+Follow the instructions, I recommend to pick "authcode" when asked. Copy generated URL (whole!!!) to the browser (with JS), accept all permissions for Thunderbird (remember the fake client-id we used?) and blank page will appear. DO NOT PANIC!
+Copy the whole URL to text editor and copy out the content of code= parameter back to the mutt_oauth2 prompt. Its long, invalid, base64 stuff ending prior "&session_state=". Example:
+<code>
+.AQIABsRF82hSsEOxn1hi-mgz-LyUX56k6HNOuL5j-LOTOFGARBAGE-REALLYLOTOFGARBAGE-EVENMOREGARBAGE-vUFlgHtUs6n5bmmRQgQ7AMH8zojnZWycMA
+</code>
+Be sure not to copy newlines from vim/nano. Its one string, no newlines. NO NEWLINES!
+If done correctly, the script will respond:
+<code>
+Exchanging the authorization code for an access token
+NOTICE: Obtained new access token, expires 2023-03-23T12:30:00.00000.
+Access Token: lot-of-garbage
+</code>
+Now is time to test the Oauth2 SMTP/IMAP connection:
+<code>
+$ /mutt_oauth2.py LOGIN_NAME@DOMAIN.tokens --verbose --test # the token file
+Access Token: garbage...
+IMAP authentication succeeded
+POP authentication succeeded
+SMTP authentication succeeded
+</code>
+Good, the last thing is to edit the .mutt/muttrc (use your provider instead of Utlouk)
+<code muttrc>
+set imap_user="userid@myschool.edu"
+set folder="imap://outlook.office365.com/"
+set smtp_url="smtp://${imap_user}@smtp.office365.com:587/"
+set imap_authenticators="oauthbearer:xoauth2"
+set imap_oauth_refresh_command="/home/USER/.mutt/mutt_oauth2.py /home/USER/.mutt/LOGIN_NAME@DOMAIN.tokens"
+set smtp_authenticators=${imap_authenticators}
+set smtp_oauth_refresh_command=${imap_oauth_refresh_command}
+</code>
+If you have setup for more mailboxes, dont forget to clean the setting for all the others:
+<code muttrc>
+# reset Oauth2 to normal
+set imap_authenticators="gssapi:digest:cram-md5:sasl-ir:login"
+set imap_oauth_refresh_command=""
+set smtp_authenticators=${imap_authenticators}
+set smtp_oauth_refresh_command=""
+</code>