email Notifications, att.net, SSL and port 465

  • I am an experienced newbie at Linux stuff. Meaning, I can get around, have an idea of what can be done, not always sure how to do it. I choose to try OMV as a home file server since my Promise Tech box is limited to RAID0/RAID1 and to two 1TB drives. The Promise box has been problem free for over ten years except for the limitations and a hard drive failure.


    Currently using a 16GB CF card/CFcard-to-IDE adapter as my boot drive and three 2TB hard drives in RAID5 running in/on an old Shuttle FS56 Pentium 4 box for testing. The main reasons for OMV is the web interface, using >1TB drives, more RAID options and email notifications. I really want the email notifications to work.


    Got everything except the email notifications. My email is with ATT (on Yahoo account servers), which uses port 465 with SSL. I learned that port 465 is depreciated in postfix and doesn't work. From searching around, it seems several providers are still using 465. Port 587 is the 'right' way to connect according to what I have read. So let me call Yahoo and get them to upgrade their system. . . yeah, right!


    I know there is a solution. I know I am not the only one on the planet with this problem. I know someone had to have solved it and explains how to do it on OMV! . . . Apparently, that last one is not true, or at least has not been posted where I have looked. So after reading several ways people had solved the problem for other situations not including OMV, plus some trial and errors, I got a working setup.


    So, for all the other newbies, I post what I did in order to send OMV email notifications to att using port 465.


    This was done on OPENMEDIAVAULT 1.7


    Nutshell version:


    Installed stunnel. Created a self-signed pem certificate, because stunnel will not work without a cert. Created/edited stunnel.conf to run in client mode, listen on a localhost port, and connect to att.net. Enabled auto startup for stunnel. Setup OMV Notification email settings.

    The long version:


    Enabled SSH services in OMV to allow SSHing into OMV and setup stunnel. Log into the web interface; under Services >> SSH; enable and save.


    I am running Windows, so used Putty.exe to SSH to the OMV box. Logged in using root and the password set during installation.


    At the cli (command line input):


    Updated the packages:


    apt-get update


    Next, installed stunnel:


    apt-get install stunnel


    Create a self-signed certificate: stunnel wants at least a cert file. The key file is optional. The instructions here create a single file with both cert and key in a single pem file. There are a number of places on the Internet that talk about self-signed certificates, search for more information.


    Make a folder to create pem file in and change to it:


    mkdir /etc/ssl/test
    cd /etc/ssl/test


    Create certificate that will not expire for ten years, this is the '-days' option. Two files will be created:


    openssl req -x509 -sha256 -newkey rsa:2048 -keyout key.pem -out cert.pem -days 3650 -nodes


    Two files should have been created; cert.pem and key.pem. I choose to combine the files into one file called OMV_self-signed.pem. First, copied the cert.pem to OMV_self-signed.pem, then concatenated the key.pem file to OMV_self-signed.pem:


    cp cert.pem OMV_self-signed.pem
    cat key.pem >> OMV_self-signed.pem


    Copied the OMV_self-signed.pem to the directory with the other cert files:


    cp OMV_self-signed.pem /etc/ssl/certs


    Next, configure stunnel. When I first did this, the stunnel.conf file did not exist. Used nano text editor to create and edit file.


    nano /etc/stunnel/stunnel.conf


    In nano, enter the following information then same it:



    After saving the conf file, stunnel needs to be set to start automatically. Two files were edited, not sure if both or just one is needed:


    nano /etc/default/stunnel4


    Find the line ENABLE=0 and change the 0 (zero) to 1 (one)


    ENABLE=1


    Save and exit nano. Then edit the second file:


    nano /etc/init.d/stunnel4


    Find the line ENABLE=0 and change the 0 (zero) to 1 (one)


    ENABLE=1


    Save and exit nano.


    Log into OMV web interface and goto System >> Notification. Enable the service.


    In the SMTP settings area: Set the SMTP server to localhost and the SMTP port to 11125. Check or uncheck 'Use SSL/TLS' ; both ways worked. Set Sender email as desired but it may need to be a same as the account your authenticating with. Check Authentication required and enter Username and Password. In Recipient area: enter email recipients. Save settings!


    Now test the settings: click 'Send a test email' in top menu.


    Check your email and or check the Syslog (Diagnostics >> System Logs). You should see something like this:


    stunnel: LOG5[2310:3073907568]: Service [att-smtp-tls-wrapper] accepted connection from 127.0.0.1:41658


    stunnel: LOG5[2310:3073907568]: connect_blocking: connected 67.195.15.5:465


    stunnel: LOG5[2310:3073907568]: Service [att-smtp-tls-wrapper] connected remote server from 172.16.0.198:58547


    postfix/smtp[22181]: 31ED761D11: replace: header Subject: Test message from OMV_servername: Subject: Test message from OMV_servername [OMV_servername.home.local]


    postfix/smtp[22181]: 31ED761D11: to=<recipient@att.net>, relay=localhost[127.0.0.1]:11125, delay=8, delays=0.07/0.01/6/2, dsn=2.0.0, status=sent (250 OK , completed)



    The last entry means it worked. If is says connection refused then it failed.



    So, what does all that stunnel.conf stuff mean, anyway?


    cert = and key = are the path and files that contain the certification files, In this case they are the same file.

    client = yes
    puts stunnel in client mode, meaning it is not acting as a server.


    The following may not be required but when I got stunnel working, I left it alone. This stuff, as I understand, runs stunnel in chain root environment which I don't understand except that it is a way to run the process more securely.


    chroot = /var/lib/stunnel4/
    setuid = stunnel4
    setgid = stunnel4
    pid = /stunnel4.pid


    The following are performance options for slow connections and my not be needed. The 'l:' is local and 'r:' is remote:


    socket = l:TCP_NODELAY=1
    socket = r:TCP_NODELAY=1


    Now for the actual connection:


    [att-smtp-tls-wrapper]
    accept = 127.0.0.1:11125
    connect = outbound.att.net:smtps


    The [att-smtp-tls-wrapper] is the service definition name and the name must be unique from any other service name in stunnel.conf. More on that later.


    The accept = is the IP address and port to listen on for connections. It is set to listen on the local host on port 11125 for incoming
    connections. The connect = is the machine to connect to and the port number to use. Port 465 is defined as smtps in the /etc/services file. One could simply have typed 465 instead.


    If another smtp needs to be defined the the service name and port number needs to be changed. OMV doesn't appear to allow use of multiple smtp to be setup. But several could be setup in stunnel for other uses. Adding a Yahoo smtp could be done by adding the following to the end of the stunnel.conf file:


    [yahoo-smtp-tls-wrapper]
    accept = 127.0.0.1:11130
    connect = smtp.mail.yahoo.com:smtps


    To use the Yahoo smtp; in OMV Notifications, change the SMTP port to 11130 and the authentication settings as needed. I have not acually tried this but see no reason why it should not work.


    Hopes this helps someone.

Jetzt mitmachen!

Sie haben noch kein Benutzerkonto auf unserer Seite? Registrieren Sie sich kostenlos und nehmen Sie an unserer Community teil!