1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Dismiss Notice

Welcome To SNBForums

SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.

If you'd like to post a question, simply register and have at it!

While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!

Notifications (E-Mail)

Discussion in 'Asuswrt-Merlin' started by Minglarn, Oct 8, 2012.

  1. stylish_me

    stylish_me Regular Contributor

    Joined:
    Jan 4, 2014
    Messages:
    168
    Location:
    Moscow, Russia
    Try this script. It works muuuch better and has many more functions.
     
  2. MissingTwins

    MissingTwins Occasional Visitor

    Joined:
    May 22, 2017
    Messages:
    38
    Hey, here is a new script which supports Bcc and multiple email addresses based on the original wiki here.

    I'm using this script now, sending my new IP address to my friends. I think someone may need this, so I post it here.

    Save it as: /jffs/scripts/wan-start
    set as being executable: chmod a+rx /jffs/scripts/*
    Before leaving it, you might want to test it first.
    Just typing this to the terminal and press enter. /jffs/scripts/wan-start
    and enjoy!

    Update: This script is working on 380.66_4.
    Please beware, 380.65 may not support -t.
    According to my another router which is running 380.65,
    it fails on this script due to unformed mail address
    such as [email protected]@RT-AC68-FB34.

    By the way, the GMAIL APP PASSWORD is NOT your gmail login password, it is generated separately in google account, especially if your have enabled two factors authentication for your account, you may search for GMAIL APP PASSWORD for details.

    Code:
    #!/bin/sh
    FROM="[email protected]"
    AUTH="[email protected]"
    PASS="YOUR GMAIL APP PASSWORD"
    FROMNAME="Home_Router"
    
    TO="[email protected]"
    
    BCC="[email protected], \
    [email protected], \
    [email protected]"
    
    echo "Starting script wan-start" | logger -t "wan-start-event" -p user.notice
    
    ntpclient -h pool.ntp.org -s &> /dev/null
    sleep 5
    
    echo "after ntpclient" | logger -t "wan-start-event" -p user.notice
    
    echo "Subject: WAN state notification" >/tmp/mail.txt
    echo "From: \""$FROMNAME"\"<"$FROM">" >>/tmp/mail.txt
    echo "To: "$TO" " >>/tmp/mail.txt
    echo "Bcc: "$BCC" " >>/tmp/mail.txt
    echo "Date: `date -R`" >>/tmp/mail.txt
    echo "" >>/tmp/mail.txt
    echo "I just got connected to the internet." >>/tmp/mail.txt
    echo "" >>/tmp/mail.txt
    echo "My WAN IP is: `nvram get wan0_ipaddr`" >>/tmp/mail.txt
    echo "Uptime is: `uptime | cut -d ',' -f1 | sed 's/^.\{12\}//g'`">>/tmp/mail.txt
    echo "" >>/tmp/mail.txt
    echo "---- " >>/tmp/mail.txt
    echo "Your friendly router RT-AC68U." >>/tmp/mail.txt
    echo "" >>/tmp/mail.txt
    
    echo "before e-mail" | logger -t "wan-start-event" -p user.notice
    
    cat /tmp/mail.txt | sendmail -H"exec openssl s_client -quiet \
    -tls1 -starttls smtp \
    -CAfile /jffs/configs/Equifax_Secure_Certificate_Authority.pem \
    -connect smtp.gmail.com:587 " \
    -t \
    -au"$AUTH" -ap"$PASS" -v
    
    rm /tmp/mail.txt
    
    echo "after e-mail" | logger -t "wan-start-event" -p user.notice
    
    
    Certificate can be download as following.
    Code:
    wget -c -O /jffs/configs/Equifax_Secure_Certificate_Authority.pem http://www.geotrust.com/resources/root_certificates/certificates/Equifax_Secure_Certificate_Authority.pem --no-check-certificate
    
    ------------------------------------------------------------------------------
    New Update, send notification messages to your riot.im client.

    Creat a new /jffs/scripts/wan-start

    Code:
    #!/bin/sh
    
    echo "Starting script wan-start" | logger -t "wan-start" -c "Enter" -p user.notice
    
    cru a ZeroTierDaemon "* * * * * /opt/etc/init.d/S90zerotier-one.sh start"
    
    curl -s -H "Authorization: Basic VVNFUk5BTUU6UEFTU1dPUkQ=" "https://dynupdate.no-ip.com/nic/update?hostname=YOURDOMAN.NO-IP.ORG"\
    |tr -d '\n' |(read logs; logger -t "wan-start" -p user.notice -c "no-ip updated $logs";)
    
    #-----------Message to Riot.im-----------------
    ACCESS_TOKEN="MDAxO...blahblah..veryLong266CharactorsText"
    ROOMID="!QaRABAkxDBNukDoCOY:matrix.org"
    
    echo -n "{\"msgtype\":\"m.text\", \"body\":\"" >/tmp/msg.json
    echo -n "I just got connected to the internet.\\n" >>/tmp/msg.json
    echo -n "My WAN IP is: `nvram get wan0_ipaddr`\\n" >>/tmp/msg.json
    echo -n "Current state is: `uptime`\\n">>/tmp/msg.json
    echo -n "---- \\n" >>/tmp/msg.json
    echo -n "Your friendly neighborhood." >>/tmp/msg.json
    echo -n "\"}" >>/tmp/msg.json
    
    
    curl --max-time 5 -XPOST -H "Content-Type: application/json" -d @"/tmp/msg.json" "https://matrix.org/_matrix/client/r0/rooms/$ROOMID/send/m.room.message?access_token=$ACCESS_TOKEN"\
    |tr -d '\n' |(read logs; logger -t "wan-start" -p user.notice -c "$logs";)
    
    rm /tmp/msg.json
    
    echo "after e-mail" | logger -t "wan-start" -c "Leaving" -p user.notice
    
    
    
    STEPS:

    1. Goto Riot.im register an account.
    2. Open WebUI Settings » Help & About » Advanced » Access Token and there you can get you 266 letters ACCESS_TOKEN.
    3. Create an empty private room, then Room Settings» Advanced» Room information» Internal room ID, copy this and replace ROOMID
    4. $ chmod a+rx /jffs/scripts/*
    5. fire $/jffs/scripts/wan-start check the message in your Riot.im and enjoy!

    *This script includes a ZeroTierDaemon and a no-ip DDNS updater, you may want to remove those lines if you don't use them.

    a. ZeroTierDaemon can be found here:
    https://www.snbforums.com/threads/a...otier-on-asus-ac68u-router.42648/#post-363199

    b. base64 can be acquired through this
    Code:
    $echo -n USERNAME:PASSWORD | base64
     
    Last edited: Mar 16, 2019
    Informmonitor and amplatfus like this.
  3. MissingTwins

    MissingTwins Occasional Visitor

    Joined:
    May 22, 2017
    Messages:
    38
    For the 2-factor enabled Google account, you just need to search for "GMAIL APP PASSWORD".

    Generate a new App password for your Gmail and use it as your sendmail login password.
     
  4. MissingTwins

    MissingTwins Occasional Visitor

    Joined:
    May 22, 2017
    Messages:
    38
    First, save your scripts by WinSCP. Save your setting by any necessary means.

    Second, you need to reset everything by doing factory reset, and setup everything for scratch. And format the jffs.

    Third, restore scripts from your backup, check for /jffs/configs/Equifax_Secure_Certificate_Authority.pem, do you see this file? Does it exist? If it does, delete it and get a new one. (Shouldn't exist if you did format the jffs)

    Then everything should be fine, email should work too.
     
    Informmonitor likes this.
  5. amplatfus

    amplatfus Senior Member

    Joined:
    Nov 25, 2016
    Messages:
    205
    Location:
    RO
    Thank you for share. Please how can be Equifax_Secure_Certificate_Authority.pem certificate downloaed?

    All the best,
    amplatfus
     
  6. MissingTwins

    MissingTwins Occasional Visitor

    Joined:
    May 22, 2017
    Messages:
    38
    Hey, I have updated my post, please check it out. How to acquire certificate is at the bottom, same as the original wiki.
     
    amplatfus likes this.
  7. Informmonitor

    Informmonitor New Around Here

    Joined:
    Jun 16, 2017
    Messages:
    3
    Hey I just got round to giving this a go and followed your instructions and used your script with the BCC. It is now working perfectly.

    Thanks a lot!!
     
  8. MissingTwins

    MissingTwins Occasional Visitor

    Joined:
    May 22, 2017
    Messages:
    38
    I'm glad it worked!
     
  9. mrDavid

    mrDavid New Around Here

    Joined:
    Aug 28, 2015
    Messages:
    8
    The wiki suggests that when using Gmail that an intermediate certificate should be used - Equifax_Secure_Certificate_Authority.pem

    I wasn't able to get this working with the error
    depth=1 C = US, O = Google Trust Services, CN = Google Internet Authority G3
    verify error:num=20:unable to get local issuer certificate


    There's a better intermediate bundle which seems to contain every Google intermediate cert. You can grab it by running
    wget https://pki.google.com/roots.pem

    Hope this is useful to someone

    RT-AC87U on 384.4_2 (loving 384 - thanks RMerlin!)
     
  10. vw-kombi

    vw-kombi Regular Contributor

    Joined:
    Apr 13, 2018
    Messages:
    85
    I am trying to get this to work - followed wiki for gmail. Same as last poster mrDavid, I get this error below, but I dont understand the fix - wget https://pki.google.com/roots.pem. Shoud the wiki be updated if this no longer works for sme reason ?

    depth=1 C = US, O = Google Trust Services, CN = Google Internet Authority G3
    verify error:num=20:unable to get local issuer certificate
     
  11. mrDavid

    mrDavid New Around Here

    Joined:
    Aug 28, 2015
    Messages:
    8
    @vw-kombi to clarify I substituted Equifax_Secure_Certificate_Authority.pem with roots.pem in the wiki example

    Here is the script i use, roots.pem has been renamed to google-roots.pem. Otherwise it is just reformatted from the wiki example

    Code:
    [email protected]:/jffs/scripts# cat wan-start
    #!/bin/sh
    FROM="mygmailemail"
    AUTH="mygmailemail"
    PASS="mygmailpassword"
    FROMNAME="myfromname"
    TO="mydestinationemail"
    
    ntpclient -h au.pool.ntp.org -s &> /dev/null
    sleep 5
    
    DATE=`date -R`
    IP=`nvram get wan0_ipaddr`
    UPTIME=`uptime | cut -d ',' -f1 | sed 's/^.\{12\}//g'`
    
    echo "Subject: WAN Up" > /tmp/mail.txt
    echo "From: \""$FROMNAME"\"<"$FROM">" >>/tmp/mail.txt
    echo "" >> /tmp/mail.txt
    echo "Date: $DATE" >> /tmp/mail.txt
    echo "Event: WAN Up" >> /tmp/mail.txt
    echo "IP: $IP" >> /tmp/mail.txt
    echo "Uptime: $UPTIME" >> /tmp/mail.txt
    
    cat /tmp/mail.txt | \
     sendmail -H"exec openssl s_client \
     -quiet \
     -CAfile /jffs/configs/ssl/certs/google-roots.pem \
     -connect smtp.gmail.com:587 \
     -tls1 \
     -starttls smtp" \
     -f"$FROM" \
     -au"$AUTH" \
     -ap"$PASS" \
     $TO
    
    rm /tmp/mail.txt
     
  12. vw-kombi

    vw-kombi Regular Contributor

    Joined:
    Apr 13, 2018
    Messages:
    85
    Thanks mrDavid, so I did this :

    Log onto router as admin
    mkdir the following dir structure : /jffs/configs/ssl/certs/
    cd to /jffs/configs/ssl/certs/
    Run this to get a certificate into this folder : wget https://pki.google.com/roots.pem
    Rename the roots.pem to google-roots.pem as referenced in the script.

    I then removed my script and added your verbatim, only changing the user details, (and a logger message before and after so I know it ran in the syslog), but I got no email.

    When I try this sendmail script bit manually, filling in the user stuff, I get this error 'sendmail:Failed' - see below transcript

    Thanks for your assistance.

    [email protected]:/jffs/scripts# cat /tmp/mail.txt | \
    > sendmail -H"exec openssl s_client \
    > -quiet \
    > -CAfile /jffs/configs/ssl/certs/google-roots.pem \
    > -connect smtp.gmail.com:587 \
    > -tls1 \
    > -starttls smtp" \
    > -f"[email protected]" \
    > -au"[email protected]" \
    > -ap"thisisimygmailpassword" \
    > [email protected]
    depth=2 OU = GlobalSign Root CA - R2, O = GlobalSign, CN = GlobalSign
    verify return:1
    depth=1 C = US, O = Google Trust Services, CN = Google Internet Authority G3
    verify return:1
    depth=0 C = US, ST = California, L = Mountain View, O = Google LLC, CN = smtp.gmail.com
    verify return:1
    250 SMTPUTF8
    sendmail: failed
    [email protected]:/jffs/scripts#
     
    Last edited: Jun 1, 2018
  13. mrDavid

    mrDavid New Around Here

    Joined:
    Aug 28, 2015
    Messages:
    8
    I suspect there is a different issue than SSL here. Sending the command below generates the same SSL output and receive the email successfully

    Perhaps it is not piping the email body to sendmail. This command worked for me. The file init-start is just an example text file that has no further relevance

    Code:
    [email protected]:/jffs/scripts# cat init-start | sendmail -H"exec openssl s_client -quiet -CAfile /jffs/configs/ssl/certs/google-roots.pem -connect smtp.gmail
    .com:587 -tls1 -starttls smtp" -f"myfrom" -au"myauth" -ap"mypass" mydest
    depth=2 OU = GlobalSign Root CA - R2, O = GlobalSign, CN = GlobalSign
    verify return:1
    depth=1 C = US, O = Google Trust Services, CN = Google Internet Authority G3
    verify return:1
    depth=0 C = US, ST = California, L = Mountain View, O = Google LLC, CN = smtp.gmail.com
    verify return:1
    250 SMTPUTF8
    
     
  14. vw-kombi

    vw-kombi Regular Contributor

    Joined:
    Apr 13, 2018
    Messages:
    85
    ok - I copied your bit to notepad, adding user info, then copied and pasted back to ssh and this is the outcome. Same thing I think.

    [email protected]:/jffs/scripts# cat init-start | sendmail -H"exec openssl s_client -quiet -CAfile /jffs/configs/ssl/certs/google-roots.pem -connect smtp.gmail.com:587 -tls1 -starttls smtp" -f"[email protected]" -
    au"[email protected]" -ap"thisismygmailpassword" [email protected]
    depth=2 OU = GlobalSign Root CA - R2, O = GlobalSign, CN = GlobalSign
    verify return:1
    depth=1 C = US, O = Google Trust Services, CN = Google Internet Authority G3
    verify return:1
    depth=0 C = US, ST = California, L = Mountain View, O = Google LLC, CN = smtp.gmail.com
    verify return:1
    250 SMTPUTF8
    sendmail: failed
    [email protected]:/jffs/scripts#
     
  15. mrDavid

    mrDavid New Around Here

    Joined:
    Aug 28, 2015
    Messages:
    8
    I am able to generate the same error if I use the wrong username or password. Are these definitely correct?
    If you are using 2 factor auth make sure to create an app password in gmail

    Otherwise I don't think I can help further. I dont think it is ssl related as openssl can verify the chain
     
  16. vw-kombi

    vw-kombi Regular Contributor

    Joined:
    Apr 13, 2018
    Messages:
    85
    no worries. Not two factor password no...... Never mind, will use the free smtp option mentioned in the wiki -
     
  17. vw-kombi

    vw-kombi Regular Contributor

    Joined:
    Apr 13, 2018
    Messages:
    85
    To @mrDavid, and any others that may run into the same issue I had -

    Google has an option 'Allow less secure apps'. It is on the signin and security potion of google account.
    If you have this turned off, as I did, then none of the solutions in this forum seemed to work for me.

    Note - This is different to the two step authentication thing.

    I only got an email fropm google overnight recommending that I turn this on, and I did to see what would be blocked, and now these issue. Also, I notice my NAS has not sent its backup messages either (another sendmail).

    This may help others, or may be good to have in the wiki.
     
  18. sone

    sone Occasional Visitor

    Joined:
    Sep 14, 2018
    Messages:
    28
    I'm bringing up this old thread because you all seem very knowledgeable about Sendmail but does the stock firmware (3.0.0.4.384_32738) have the ability to add Sendmail? I'm setting up the router for a friend that needs to use AIMesh so they can't use Asuswrt-Merlin.

    Thanks kindly.
     
  19. No.
     
  20. sone

    sone Occasional Visitor

    Joined:
    Sep 14, 2018
    Messages:
    28
    OK thank you