1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Dismiss Notice

Welcome To SNBForums

SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.

If you'd like to post a question, simply register and have at it!

While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!

Notifications (E-Mail)

Discussion in 'Asuswrt-Merlin' started by Minglarn, Oct 8, 2012.

  1. sfx2000

    sfx2000 Part of the Furniture

    Joined:
    Aug 11, 2011
    Messages:
    14,331
    Location:
    San Diego, CA
    I know I could probably dig around RMerlin's github, but probably faster/easier to ask what version of BusyBox is included here?
     
  2. RMerlin

    RMerlin Super Moderator

    Joined:
    Apr 14, 2012
    Messages:
    32,486
    Location:
    Canada
    1.20.1.
     
  3. john9527

    john9527 Part of the Furniture

    Joined:
    Mar 28, 2014
    Messages:
    6,155
    Location:
    United States
    Are you sure? On my fork....
    Code:
    [email protected]:/tmp/home/root# busybox
    BusyBox v1.20.2 (2016-06-21 07:24:57 MST) multi-call binary.
    Copyright (C) 1998-2011 Erik Andersen, Rob Landley, Denys Vlasenko
    and others. Licensed under GPLv2.
    See source distribution for full notice.
    
     
  4. RMerlin

    RMerlin Super Moderator

    Joined:
    Apr 14, 2012
    Messages:
    32,486
    Location:
    Canada
    Could be .2, I was going from memory.
     
  5. Jean-Roch Blais

    Jean-Roch Blais Occasional Visitor

    Joined:
    Jun 16, 2016
    Messages:
    16
    I'm using v1.22.1
     
  6. Jean-Roch Blais

    Jean-Roch Blais Occasional Visitor

    Joined:
    Jun 16, 2016
    Messages:
    16
    on my ASUSWRT-Merlin RT-AC66U_3.0.0.4, busybox is v1.20.2
     
  7. sfx2000

    sfx2000 Part of the Furniture

    Joined:
    Aug 11, 2011
    Messages:
    14,331
    Location:
    San Diego, CA
    Thx - there's a couple of perhaps "undocumented" switches with the sendmail app inside busybox - see -d...
     
  8. Jean-Roch Blais

    Jean-Roch Blais Occasional Visitor

    Joined:
    Jun 16, 2016
    Messages:
    16
    Ok I "humbly and politely" asked on busybox's mailing list about sendmail strange behavior, but didn't get any answer...yet ! Correction I have an answer now (july 16 2016), which is to try
    adding sleep(3) before code = smtp_check("NOOP", -1) line, in sendmail source code. Thanks to BusyBox sendmail's maintainer M. Vlasenko !

    I agree it's a minor bug, it just makes using ssl with the videotron smpt server unreliable o_O !!!

    For other amateurs like me who might face similar problems with their ISP's smtp server, check if they offer port 587, that requires authentification but no ssl. So to get busybox's sendmail to send me notifications from my firewall, I'm now using relais.videotron.ca:587 and it works quite well sending emails to other domains.

    Here is my script that qets executed every day, and sends email whenever the ip changes or every week in any cases, I came up with this when dyndns went slickly greedy... oups... I meant commercial...

    Code:
    firewall# cat mailIP
    #!/bin/sh
    #
    # transmet l'adresse ip quand il change...
    #
    #
    IPNOW=$(ip addr | grep 255.255. | sed -n 's/^ *inet *\([.0-9]*\).*/\1/p')
    if grep -q $IPNOW /tmp/MyIP.log
    then
    echo "No change"
    else
    echo $IPNOW > /tmp/MyIP.log
    echo "Subject: l'adresse IP aujourd'hui: $IPNOW !!! " > /tmp/MyIP1.log
    echo "From: [email protected]" >> /tmp/MyIP1.log
    echo "Date:  `date -R`" >> /tmp/MyIP1.log
    echo "" >> /tmp/MyIP1.log
    echo "Salut mon petit JR..." >> /tmp/MyIP1.log
    echo "" >> /tmp/MyIP1.log
    echo "nouvel IP:  $IPNOW" >> /tmp/MyIP1.log
    echo "Uptime est: `uptime | cut -d ',' -f1 | sed 's/^.\{12\}//g'`" >> /tmp/MyIP1.log
    echo "" >> /tmp/MyIP1.log
    echo "---- " >> /tmp/MyIP1.log
    echo "de la part de ton gentil Routeur !!!" >> /tmp/MyIP1.log
    echo "" >> /tmp/MyIP1.log
    echo "" >> /tmp/MyIP1.log
    sendmail -S relais.videotron.ca:587 </tmp/MyIP1.log [email protected] -auxxxxxxxx -apyyyyyyyy [email protected]
    fi
      firewall#
    Note: you might have to change the "...| grep 255.255. | ..." to suit your specific router... or simply use `nvram get wan0_ipaddr`if on ASUS.

    Thanks everyone !
    jrb
     
    Last edited: Jul 17, 2016
    sfx2000 likes this.
  9. steelskinz

    steelskinz Regular Contributor

    Joined:
    Mar 9, 2015
    Messages:
    143
    Location:
    France
    Will the above script works for gmail ? Thanks

    I tried the old script with GeoTrust_Primary_CA.pem but got

    verify error:num=20:unable to get local issuer certificate

    edit: nevermind, it's working even with that error :)
     
    Last edited: Jul 23, 2016
  10. steelskinz

    steelskinz Regular Contributor

    Joined:
    Mar 9, 2015
    Messages:
    143
    Location:
    France
    Worked from command line but now won't.. :(
     
  11. Jean-Roch Blais

    Jean-Roch Blais Occasional Visitor

    Joined:
    Jun 16, 2016
    Messages:
    16
    Ok I received this mail from M. Vlasenko for a workaround that will correct sendmail when using the -H option with touchy SMTP servers ...

    commit b9f56e82da9a0821011e1e0924acd1d781643070
    Author: Denys Vlasenko <[email protected]>
    Date: Wed Sep 7 13:16:33 2016 +0200

    sendmail: make it possible to pause after connection helper is started

    If a non-starttls helper is in use, initial 220 response is processed by us,
    not by helper.
    Some servers consider us to be a spammer if we don't wait for it.

    It is not in protocol, but it is a real-life problem.

    The workaround in this patch is a magic envvar, $SMTP_ANTISPAM_DELAY:

    ...
    -H 'PROG ARGS' Run connection helper. Examples:
    openssl s_client -quiet -tls1 -starttls smtp
    -connect smtp.gmail.com:25
    openssl s_client -quiet -tls1 -connect smtp.gmail.com:465
    $SMTP_ANTISPAM_DELAY: seconds to wait
    after helper connect
    ...

    By using it, people can tweak sendmail behavior even if sendmail invocation
    is buried in some scripts.
     
    Last edited: Sep 8, 2016
  12. lahma

    lahma New Around Here

    Joined:
    Jan 10, 2014
    Messages:
    3
    For anyone still trying to send email through Gmail, after MUCH trial and error, this is what eventually worked for me on my Asus RT-AC68U running Merlin:

    Download the trusted certificate:
    Code:
    wget -c -O /jffs/configs/Equifax_Secure_Certificate_Authority.pem http://www.geotrust.com/resources/root_certificates/certificates/Equifax_Secure_Certificate_Authority.pem --no-check-certificate
    And then use the following script as a guide for creating your own:
    Code:
    #!/bin/sh
    
    # The following cmd must be run one time in SSH prior to running this script:
    #     wget -c -O /jffs/configs/Equifax_Secure_Certificate_Authority.pem http://www.geotrust.com/resources/root_certificates/certificates/Equifax_Secure_Certificate_Authority.pem --no-check-certificate
    
    # For this example to work, the following variables must be modified:
    #     FROM, AUTH, PASS, FROMNAME, TO
    
    # Additionally, you MAY need to "Turn on" the sender Gmail account's
    # "Access for less secure apps" setting. I turned it on and have not tried
    # turning it back off (does not matter to me since I am using a throwaway
    # Gmail account used only for this purpose). After logging into your Gmail
    # account, this setting can be found at the following URL:
    #     https://www.google.com/settings/security/lesssecureapps
    
    # To execute this script, make sure you have given it executable permissions,
    # and then either execute it directly from SSH:
    #     cd /path/you/saved/script/to
    #     ./nameOfScript.sh
    # Or, save the script as one of your jffs startup scripts, such as:
    #     /jffs/scripts/wan-start
    
    # If you run the script from SSH, your output should look something like
    # the following (if the email was sent successfully):
    #     [email protected]:/tmp/mnt/USB01/scripts# ./SendEmailTest.sh
    #     depth=3 C = US, O = Equifax, OU = Equifax Secure Certificate Authority
    #     verify return:1
    #     depth=2 C = US, O = GeoTrust Inc., CN = GeoTrust Global CA
    #     verify return:1
    #     depth=1 C = US, O = Google Inc, CN = Google Internet Authority G2
    #     verify return:1
    #     depth=0 C = US, ST = California, L = Mountain View, O = Google Inc, CN = smtp.gmail.com
    #     verify return:1
    #     250 SMTPUTF8
    
    FROM="[email protected]"
    AUTH="[email protected]"
    PASS="YourPassword"
    FROMNAME="John Doe"
    TO="[email protected]"
    
    ntpclient -h pool.ntp.org -s &> /dev/null
    sleep 5
    
    echo "Subject: WAN Connection" >/tmp/mail.txt
    echo "From: \\"$FROMNAME\\"<$FROM>" >>/tmp/mail.txt
    echo "Date: `date -R`" >>/tmp/mail.txt
    echo "" >>/tmp/mail.txt
    echo "My WAN IP is: `nvram get wan0_ipaddr`" >>/tmp/mail.txt
    echo "Uptime is: `uptime | cut -d ',' -f1 | sed 's/^.\{12\}//g'`" >>/tmp/mail.txt
    echo "" >>/tmp/mail.txt
    
    cat /tmp/mail.txt | sendmail -H"exec openssl s_client -quiet \
    -CAfile /jffs/configs/Equifax_Secure_Certificate_Authority.pem \
    -tls1 -starttls smtp -connect smtp.gmail.com:587" \
    -f"$FROM" \
    -au"$AUTH" -ap"$PASS" $TO \
    
    rm /tmp/mail.txt
    
    
     
    steelskinz likes this.
  13. steelskinz

    steelskinz Regular Contributor

    Joined:
    Mar 9, 2015
    Messages:
    143
    Location:
    France
    Thanks. I hadn't test it as it is currently working for me.

    I don't know why but i had the script before i installed ab solution. When on AB i enable mail it makes my WAN notification script works again.. :) maybe the certificate..
     
  14. thelonelycoder

    thelonelycoder Part of the Furniture

    Joined:
    Jan 23, 2014
    Messages:
    6,478
    Location:
    Switzerland
    I'm not sure it's the certificate. In my part of the script I explicitly include the cert. But maybe some caching miracle helps it. Anyway, good to hear AB does some good.
     
    steelskinz likes this.
  15. smcgrath12

    smcgrath12 Occasional Visitor

    Joined:
    Feb 20, 2016
    Messages:
    31
    Location:
    Texas, USA
    I stumbled on this thread while researching DDNS updates via scripting in Merlin. I had the same error message about certificates when using the script to send email via my GMail account. I tried the wget command to get the pem file, but the error persisted.

    Anyways, if someone wants to fix this error (only talking about GMail with a valid email on GMail) and has a windows computer, I did the following and it fixed the error. I am sure you can minimize steps or can get the certs using OpenSSL on the router itself, but here is what I did:

    1. Putty into your router.

    2. Run "openssl s_client -connect smtp.gmail.com:587 -starttls smtp".

    3. Now, copy the certificate from the output of Step 2
    (All text within "----- BEGIN CERTIFICATE -----" & "----- END CERTIFICATE -----", including the Begin/End lines).

    4. Save this blob of text to a file, something like "GMail.crt" on your computer (Not router).

    5. Now, right-click this ".crt" file and select "Open" (NOT "Install Certificate").
    This will open the certificate in MMC view.

    6. Go the tab that says "Certification Path". This path lists the full certificate chain.
    You will see the full chain from top level to bottom level. Something like:

    GeoTrust Global CA --> Google Internet Authority G2 --> smtp.gmail.com

    7. Select the Root CA (in the chain above, it is "GeoTrust Global CA").
    Once you select this certificate, the button for "View Certificate" will be enabled.
    Click on this button.

    8. Another MMC window for just this certificate will pop up.

    9. Next, in this new popup window, click on "Details".
    Once, you click on "Details", you will see the button for "Copy To File" enabled.
    Click on this button.

    10. A new "Certificate Export Wizard" will start.
    Export the certificate as "Base-64 encoded X.509 (.CER)".
    Give a name like "GMail_Root_CA.cer" to this file and save this file to your computer.

    11. Next, change the file extension of this ".cer" file to ".pem"

    12. At this point, you should have a "GMail_Root_CA.pem" file sitting on your computer.

    13. Transfer this .pem file to /jffs/configs folder and make sure you reference this file in your mail script.
     
    Jean-Roch Blais likes this.
  16. Jean-Roch Blais

    Jean-Roch Blais Occasional Visitor

    Joined:
    Jun 16, 2016
    Messages:
    16
    .......
    Well thanks ! I followed your recipe words for words, and wham ! it works fine ... I'm using this stanza:

     
  17. sfx2000

    sfx2000 Part of the Furniture

    Joined:
    Aug 11, 2011
    Messages:
    14,331
    Location:
    San Diego, CA
    Ran into this the other day - debian has a little sendmail agent - perfect for something like this, and it supports secure SMTP...

    sSMTP

    It's not a full blown MTA like Sendmail/Postfix/QMail, but might be perfect here...

    https://packages.debian.org/sid/ssmtp

    Might take a bit of work to integrate - but it looks perfect for burping off notifications and logs, etc...
     
  18. Jean-Roch Blais

    Jean-Roch Blais Occasional Visitor

    Joined:
    Jun 16, 2016
    Messages:
    16
    Hello, would it be a good choise for an embedded system though ?
     
  19. sfx2000

    sfx2000 Part of the Furniture

    Joined:
    Aug 11, 2011
    Messages:
    14,331
    Location:
    San Diego, CA
    It's the primary purpose - that way someone doesn't have to install postfix/sendmail or other SMTP MTA...

    ssmtp acts like an MTA, but it's primary purpose is to send outgoing items (like notifications)
     
  20. RMerlin

    RMerlin Super Moderator

    Joined:
    Apr 14, 2012
    Messages:
    32,486
    Location:
    Canada
    Both Curl and Busybox's sendmail applet can do this already, and are part of the firmware. Quick example using Curl and a mail stored in /tmp/mail.txt:

    Code:
    curl --url smtps://$SMTP:$PORT \
      --mail-from "$FROM_ADDRESS" --mail-rcpt "$TO_ADDRESS" \
      --upload-file /tmp/mail.txt \
      --ssl-reqd \
      --user "$USERNAME:$PASSWORD" --insecure \
      -v