Notifications (E-Mail)

[stylish_me]

Try this script. It works muuuch better and has many more functions.

 

[MissingTwins]

Hey, here is a new script which supports Bcc and multiple email addresses based on the original wiki here.

I'm using this script now, sending my new IP address to my friends. I think someone may need this, so I post it here.

Save it as: /jffs/scripts/wan-start
set as being executable: chmod a+rx /jffs/scripts/*
Before leaving it, you might want to test it first.
Just typing this to the terminal and press enter. /jffs/scripts/wan-start
and enjoy!

Update: This script is working on 380.66_4.
Please beware, 380.65 may not support -t.
According to my another router which is running 380.65,
it fails on this script due to unformed mail address
such as YOUR@gmail.com@RT-AC68-FB34.

By the way, the GMAIL APP PASSWORD is NOT your gmail login password, it is generated separately in google account, especially if your have enabled two factors authentication for your account, you may search for GMAIL APP PASSWORD for details.

#!/bin/sh
FROM="YOUR@gmail.com"
AUTH="YOUR@gmail.com"
PASS="YOUR GMAIL APP PASSWORD"
FROMNAME="Home_Router"

TO="YOUR@gmail.com"

BCC="ONE@gmail.com, \
TWO@gmail.com, \
THREE@gmail.com"

echo "Starting script wan-start" | logger -t "wan-start-event" -p user.notice

ntpclient -h pool.ntp.org -s &> /dev/null
sleep 5

echo "after ntpclient" | logger -t "wan-start-event" -p user.notice

echo "Subject: WAN state notification" >/tmp/mail.txt
echo "From: \""$FROMNAME"\"<"$FROM">" >>/tmp/mail.txt
echo "To: "$TO" " >>/tmp/mail.txt
echo "Bcc: "$BCC" " >>/tmp/mail.txt
echo "Date: `date -R`" >>/tmp/mail.txt
echo "" >>/tmp/mail.txt
echo "I just got connected to the internet." >>/tmp/mail.txt
echo "" >>/tmp/mail.txt
echo "My WAN IP is: `nvram get wan0_ipaddr`" >>/tmp/mail.txt
echo "Uptime is: `uptime | cut -d ',' -f1 | sed 's/^.\{12\}//g'`">>/tmp/mail.txt
echo "" >>/tmp/mail.txt
echo "---- " >>/tmp/mail.txt
echo "Your friendly router RT-AC68U." >>/tmp/mail.txt
echo "" >>/tmp/mail.txt

echo "before e-mail" | logger -t "wan-start-event" -p user.notice

cat /tmp/mail.txt | sendmail -H"exec openssl s_client -quiet \
-tls1 -starttls smtp \
-CAfile /jffs/configs/Equifax_Secure_Certificate_Authority.pem \
-connect smtp.gmail.com:587 " \
-t \
-au"$AUTH" -ap"$PASS" -v

rm /tmp/mail.txt

echo "after e-mail" | logger -t "wan-start-event" -p user.notice

Certificate can be download as following.

wget -c -O /jffs/configs/Equifax_Secure_Certificate_Authority.pem http://www.geotrust.com/resources/root_certificates/certificates/Equifax_Secure_Certificate_Authority.pem --no-check-certificate

------------------------------------------------------------------------------
New Update, send notification messages to your riot.im client.

Creat a new /jffs/scripts/wan-start

#!/bin/sh

echo "Starting script wan-start" | logger -t "wan-start" -c "Enter" -p user.notice

cru a ZeroTierDaemon "* * * * * /opt/etc/init.d/S90zerotier-one.sh start"

curl -s -H "Authorization: Basic VVNFUk5BTUU6UEFTU1dPUkQ=" "https://dynupdate.no-ip.com/nic/update?hostname=YOURDOMAN.NO-IP.ORG"\
|tr -d '\n' |(read logs; logger -t "wan-start" -p user.notice -c "no-ip updated $logs";)

#-----------Message to Riot.im-----------------
ACCESS_TOKEN="MDAxO...blahblah..veryLong266CharactorsText"
ROOMID="!QaRABAkxDBNukDoCOY:matrix.org"

echo -n "{\"msgtype\":\"m.text\", \"body\":\"" >/tmp/msg.json
echo -n "I just got connected to the internet.\\n" >>/tmp/msg.json
echo -n "My WAN IP is: `nvram get wan0_ipaddr`\\n" >>/tmp/msg.json
echo -n "Current state is: `uptime`\\n">>/tmp/msg.json
echo -n "---- \\n" >>/tmp/msg.json
echo -n "Your friendly neighborhood." >>/tmp/msg.json
echo -n "\"}" >>/tmp/msg.json


curl --max-time 5 -XPOST -H "Content-Type: application/json" -d @"/tmp/msg.json" "https://matrix.org/_matrix/client/r0/rooms/$ROOMID/send/m.room.message?access_token=$ACCESS_TOKEN"\
|tr -d '\n' |(read logs; logger -t "wan-start" -p user.notice -c "$logs";)

rm /tmp/msg.json

echo "after e-mail" | logger -t "wan-start" -c "Leaving" -p user.notice

STEPS:

1. Goto Riot.im register an account.
2. Open WebUI Settings » Help & About » Advanced » Access Token and there you can get you 266 letters ACCESS_TOKEN.
3. Create an empty private room, then Room Settings» Advanced» Room information» Internal room ID, copy this and replace ROOMID
4. $ chmod a+rx /jffs/scripts/*
5. fire $/jffs/scripts/wan-start check the message in your Riot.im and enjoy!

*This script includes a ZeroTierDaemon and a no-ip DDNS updater, you may want to remove those lines if you don't use them.

a. ZeroTierDaemon can be found here:
https://www.snbforums.com/threads/a...otier-on-asus-ac68u-router.42648/#post-363199

b. base64 can be acquired through this

$echo -n USERNAME:PASSWORD | base64

 

[MissingTwins]

Do you have 2-factor enabled on the google account - that might be a problem...

For the 2-factor enabled Google account, you just need to search for "GMAIL APP PASSWORD".

Generate a new App password for your Gmail and use it as your sendmail login password.

 

[MissingTwins]

Hi all, I've recently just upgraded to Merlins firmware and having troubles getting the script to run with Gmail. I've looked through this thread and tried with the various different certificates people have had luck with but still not joy for me!.

I am getting either of the below errors depending on what certificate I try to use. I've also tried disabling google secure apps. I can see on the google account that the sign ins are actually getting blocked. Does anyone have any recommendations? Banging my head with this now!

verify return:1
250 SMTPUTF8
sendmail: failed

OR

verify error:num=20:unable to get local issuer certificate
250 SMTPUTF8
sendmail: failed

Thanks in advance

First, save your scripts by WinSCP. Save your setting by any necessary means.

Second, you need to reset everything by doing factory reset, and setup everything for scratch. And format the jffs.

Third, restore scripts from your backup, check for /jffs/configs/Equifax_Secure_Certificate_Authority.pem, do you see this file? Does it exist? If it does, delete it and get a new one. (Shouldn't exist if you did format the jffs)

Then everything should be fine, email should work too.

 

[amplatfus]

Hey, here is a new script which supports Bcc and multiple email addresses based on the original wiki.

I'm using this script now, sending my new IP address to my friends. I think someone may need this, so I post it here.

Save it as: /jffs/scripts/wan-start
set as being executable: chmod a+rx /jffs/scripts/*
and enjoy!

#!/bin/sh
FROM="YOUR@gmail.com"
AUTH="YOUR@gmail.com"
PASS="YOUR GMAIL APP PASSWORD"
FROMNAME="Home_Router"

TO="YOUR@gmail.com"

BCC="ONE@gmail.com, \
TWO@gmail.com, \
THREE@gmail.com"

echo "Starting script wan-start" | logger -t "wan-start-event" -p user.notice

ntpclient -h pool.ntp.org -s &> /dev/null
sleep 5

echo "after ntpclient" | logger -t "wan-start-event" -p user.notice

echo "Subject: WAN state notification" >/tmp/mail.txt
echo "From: \""$FROMNAME"\"<"$FROM">" >>/tmp/mail.txt
echo "To: "$TO" " >>/tmp/mail.txt
echo "Bcc: "$BCC" " >>/tmp/mail.txt
echo "Date: `date -R`" >>/tmp/mail.txt
echo "" >>/tmp/mail.txt
echo "I just got connected to the internet." >>/tmp/mail.txt
echo "" >>/tmp/mail.txt
echo "My WAN IP is: `nvram get wan0_ipaddr`" >>/tmp/mail.txt
echo "Uptime is: `uptime | cut -d ',' -f1 | sed 's/^.\{12\}//g'`">>/tmp/mail.txt
echo "" >>/tmp/mail.txt
echo "---- " >>/tmp/mail.txt
echo "Your friendly router RT-AC68U." >>/tmp/mail.txt
echo "" >>/tmp/mail.txt

echo "before e-mail" | logger -t "wan-start-event" -p user.notice

cat /tmp/mail.txt | sendmail -H"exec openssl s_client -quiet \
-tls1 -starttls smtp \
-CAfile /jffs/configs/Equifax_Secure_Certificate_Authority.pem \
-connect smtp.gmail.com:587 " \
-t \
-au"$AUTH" -ap"$PASS" -v

rm /tmp/mail.txt

echo "after e-mail" | logger -t "wan-start-event" -p user.notice

Thank you for share. Please how can be Equifax_Secure_Certificate_Authority.pem certificate downloaed?

All the best,
amplatfus

 

[MissingTwins]

Thank you for share. Please how can be Equifax_Secure_Certificate_Authority.pem certificate downloaed?

All the best,
amplatfus

Hey, I have updated my post, please check it out. How to acquire certificate is at the bottom, same as the original wiki.

 

[Informmonitor]

First, save your scripts by WinSCP. Save your setting by any necessary means.

Second, you need to reset everything by doing factory reset, and setup everything for scratch. And format the jffs.

Third, restore scripts from your backup, check for /jffs/configs/Equifax_Secure_Certificate_Authority.pem, do you see this file? Does it exist? If it does, delete it and get a new one. (Shouldn't exist if you did format the jffs)

Then everything should be fine, email should work too.

Hey I just got round to giving this a go and followed your instructions and used your script with the BCC. It is now working perfectly.

Thanks a lot!!

 

[MissingTwins]

Hey I just got round to giving this a go and followed your instructions and used your script with the BCC. It is now working perfectly.

Thanks a lot!!

I'm glad it worked!

 

[mrDavid]

The wiki suggests that when using Gmail that an intermediate certificate should be used - Equifax_Secure_Certificate_Authority.pem

I wasn't able to get this working with the error
depth=1 C = US, O = Google Trust Services, CN = Google Internet Authority G3
verify error:num=20:unable to get local issuer certificate

There's a better intermediate bundle which seems to contain every Google intermediate cert. You can grab it by running
wget https://pki.google.com/roots.pem

Hope this is useful to someone

RT-AC87U on 384.4_2 (loving 384 - thanks RMerlin!)

 

[vw-kombi]

I am trying to get this to work - followed wiki for gmail. Same as last poster mrDavid, I get this error below, but I dont understand the fix - wget https://pki.google.com/roots.pem. Shoud the wiki be updated if this no longer works for sme reason ?

depth=1 C = US, O = Google Trust Services, CN = Google Internet Authority G3
verify error:num=20:unable to get local issuer certificate

 

[mrDavid]

@vw-kombi to clarify I substituted Equifax_Secure_Certificate_Authority.pem with roots.pem in the wiki example

Here is the script i use, roots.pem has been renamed to google-roots.pem. Otherwise it is just reformatted from the wiki example

user@Snapper:/jffs/scripts# cat wan-start
#!/bin/sh
FROM="mygmailemail"
AUTH="mygmailemail"
PASS="mygmailpassword"
FROMNAME="myfromname"
TO="mydestinationemail"

ntpclient -h au.pool.ntp.org -s &> /dev/null
sleep 5

DATE=`date -R`
IP=`nvram get wan0_ipaddr`
UPTIME=`uptime | cut -d ',' -f1 | sed 's/^.\{12\}//g'`

echo "Subject: WAN Up" > /tmp/mail.txt
echo "From: \""$FROMNAME"\"<"$FROM">" >>/tmp/mail.txt
echo "" >> /tmp/mail.txt
echo "Date: $DATE" >> /tmp/mail.txt
echo "Event: WAN Up" >> /tmp/mail.txt
echo "IP: $IP" >> /tmp/mail.txt
echo "Uptime: $UPTIME" >> /tmp/mail.txt

cat /tmp/mail.txt | \
 sendmail -H"exec openssl s_client \
 -quiet \
 -CAfile /jffs/configs/ssl/certs/google-roots.pem \
 -connect smtp.gmail.com:587 \
 -tls1 \
 -starttls smtp" \
 -f"$FROM" \
 -au"$AUTH" \
 -ap"$PASS" \
 $TO

rm /tmp/mail.txt

 

[vw-kombi]

Thanks mrDavid, so I did this :

Log onto router as admin
mkdir the following dir structure : /jffs/configs/ssl/certs/
cd to /jffs/configs/ssl/certs/
Run this to get a certificate into this folder : wget https://pki.google.com/roots.pem
Rename the roots.pem to google-roots.pem as referenced in the script.

I then removed my script and added your verbatim, only changing the user details, (and a logger message before and after so I know it ran in the syslog), but I got no email.

When I try this sendmail script bit manually, filling in the user stuff, I get this error 'sendmail:Failed' - see below transcript

Thanks for your assistance.

admin@RT-AC68U-AC38:/jffs/scripts# cat /tmp/mail.txt | \
> sendmail -H"exec openssl s_client \
> -quiet \
> -CAfile /jffs/configs/ssl/certs/google-roots.pem \
> -connect smtp.gmail.com:587 \
> -tls1 \
> -starttls smtp" \
> -f"vaisew@gmail.com" \
> -au"vaisew@gmail.com" \
> -ap"thisisimygmailpassword" \
> vaisew@gmail.com
depth=2 OU = GlobalSign Root CA - R2, O = GlobalSign, CN = GlobalSign
verify return:1
depth=1 C = US, O = Google Trust Services, CN = Google Internet Authority G3
verify return:1
depth=0 C = US, ST = California, L = Mountain View, O = Google LLC, CN = smtp.gmail.com
verify return:1
250 SMTPUTF8
sendmail: failed
admin@RT-AC68U-AC38:/jffs/scripts#

 

[mrDavid]

I suspect there is a different issue than SSL here. Sending the command below generates the same SSL output and receive the email successfully

Perhaps it is not piping the email body to sendmail. This command worked for me. The file init-start is just an example text file that has no further relevance

user@Snapper:/jffs/scripts# cat init-start | sendmail -H"exec openssl s_client -quiet -CAfile /jffs/configs/ssl/certs/google-roots.pem -connect smtp.gmail
.com:587 -tls1 -starttls smtp" -f"myfrom" -au"myauth" -ap"mypass" mydest
depth=2 OU = GlobalSign Root CA - R2, O = GlobalSign, CN = GlobalSign
verify return:1
depth=1 C = US, O = Google Trust Services, CN = Google Internet Authority G3
verify return:1
depth=0 C = US, ST = California, L = Mountain View, O = Google LLC, CN = smtp.gmail.com
verify return:1
250 SMTPUTF8

 

[vw-kombi]

ok - I copied your bit to notepad, adding user info, then copied and pasted back to ssh and this is the outcome. Same thing I think.

admin@RT-AC68U-AC38:/jffs/scripts# cat init-start | sendmail -H"exec openssl s_client -quiet -CAfile /jffs/configs/ssl/certs/google-roots.pem -connect smtp.gmail.com:587 -tls1 -starttls smtp" -f"vaisew@gmail.com" -
au"vaisew@gmail.com" -ap"thisismygmailpassword" vaisew@gmail.com
depth=2 OU = GlobalSign Root CA - R2, O = GlobalSign, CN = GlobalSign
verify return:1
depth=1 C = US, O = Google Trust Services, CN = Google Internet Authority G3
verify return:1
depth=0 C = US, ST = California, L = Mountain View, O = Google LLC, CN = smtp.gmail.com
verify return:1
250 SMTPUTF8
sendmail: failed
admin@RT-AC68U-AC38:/jffs/scripts#

 

[mrDavid]

I am able to generate the same error if I use the wrong username or password. Are these definitely correct?
If you are using 2 factor auth make sure to create an app password in gmail

Otherwise I don't think I can help further. I dont think it is ssl related as openssl can verify the chain

 

[vw-kombi]

no worries. Not two factor password no...... Never mind, will use the free smtp option mentioned in the wiki -

 

[vw-kombi]

To @mrDavid, and any others that may run into the same issue I had -

Google has an option 'Allow less secure apps'. It is on the signin and security potion of google account.
If you have this turned off, as I did, then none of the solutions in this forum seemed to work for me.

Note - This is different to the two step authentication thing.

I only got an email fropm google overnight recommending that I turn this on, and I did to see what would be blocked, and now these issue. Also, I notice my NAS has not sent its backup messages either (another sendmail).

This may help others, or may be good to have in the wiki.

 

[sone]

I'm bringing up this old thread because you all seem very knowledgeable about Sendmail but does the stock firmware (3.0.0.4.384_32738) have the ability to add Sendmail? I'm setting up the router for a friend that needs to use AIMesh so they can't use Asuswrt-Merlin.

Thanks kindly.

 

[M@rco]

does the stock firmware (3.0.0.4.384_32738) have the ability to add Sendmail?

No.

 

[sone]

OK thank you