email Notifications, att.net, SSL and port 465

    • OMV 1.0

    This site uses cookies. By continuing to browse this site, you are agreeing to our Cookie Policy.

    • email Notifications, att.net, SSL and port 465

      I am an experienced newbie at Linux stuff. Meaning, I can get around, have an idea of what can be done, not always sure how to do it. I choose to try OMV as a home file server since my Promise Tech box is limited to RAID0/RAID1 and to two 1TB drives. The Promise box has been problem free for over ten years except for the limitations and a hard drive failure.

      Currently using a 16GB CF card/CFcard-to-IDE adapter as my boot drive and three 2TB hard drives in RAID5 running in/on an old Shuttle FS56 Pentium 4 box for testing. The main reasons for OMV is the web interface, using >1TB drives, more RAID options and email notifications. I really want the email notifications to work.

      Got everything except the email notifications. My email is with ATT (on Yahoo account servers), which uses port 465 with SSL. I learned that port 465 is depreciated in postfix and doesn't work. From searching around, it seems several providers are still using 465. Port 587 is the 'right' way to connect according to what I have read. So let me call Yahoo and get them to upgrade their system. . . yeah, right!

      I know there is a solution. I know I am not the only one on the planet with this problem. I know someone had to have solved it and explains how to do it on OMV! . . . Apparently, that last one is not true, or at least has not been posted where I have looked. So after reading several ways people had solved the problem for other situations not including OMV, plus some trial and errors, I got a working setup.

      So, for all the other newbies, I post what I did in order to send OMV email notifications to att using port 465.

      This was done on OPENMEDIAVAULT 1.7

      Nutshell version:

      Installed stunnel. Created a self-signed pem certificate, because stunnel will not work without a cert. Created/edited stunnel.conf to run in client mode, listen on a localhost port, and connect to att.net. Enabled auto startup for stunnel. Setup OMV Notification email settings.

      The long version:

      Enabled SSH services in OMV to allow SSHing into OMV and setup stunnel. Log into the web interface; under Services >> SSH; enable and save.

      I am running Windows, so used Putty.exe to SSH to the OMV box. Logged in using root and the password set during installation.

      At the cli (command line input):

      Updated the packages:

      apt-get update

      Next, installed stunnel:

      apt-get install stunnel

      Create a self-signed certificate: stunnel wants at least a cert file. The key file is optional. The instructions here create a single file with both cert and key in a single pem file. There are a number of places on the Internet that talk about self-signed certificates, search for more information.

      Make a folder to create pem file in and change to it:

      mkdir /etc/ssl/test
      cd /etc/ssl/test

      Create certificate that will not expire for ten years, this is the '-days' option. Two files will be created:

      openssl req -x509 -sha256 -newkey rsa:2048 -keyout key.pem -out cert.pem -days 3650 -nodes

      Two files should have been created; cert.pem and key.pem. I choose to combine the files into one file called OMV_self-signed.pem. First, copied the cert.pem to OMV_self-signed.pem, then concatenated the key.pem file to OMV_self-signed.pem:

      cp cert.pem OMV_self-signed.pem
      cat key.pem >> OMV_self-signed.pem

      Copied the OMV_self-signed.pem to the directory with the other cert files:

      cp OMV_self-signed.pem /etc/ssl/certs

      Next, configure stunnel. When I first did this, the stunnel.conf file did not exist. Used nano text editor to create and edit file.

      nano /etc/stunnel/stunnel.conf

      In nano, enter the following information then same it:

      Source Code

      1. ; Path to certificate and key files - the key is optional in client mode
      2. cert = /etc/ssl/certs/OMV_self-signed.pem
      3. ;key = /etc/ssl/certs/OMV_self-signed.pem
      4. ; Set client mode
      5. client = yes
      6. chroot = /var/lib/stunnel4/
      7. setuid = stunnel4
      8. setgid = stunnel4
      9. pid = /stunnel4.pid
      10. socket = l:TCP_NODELAY=1
      11. socket = r:TCP_NODELAY=1
      12. [att-smtp-tls-wrapper]
      13. accept = 127.0.0.1:11125
      14. connect = outbound.att.net:smtps
      Display All


      After saving the conf file, stunnel needs to be set to start automatically. Two files were edited, not sure if both or just one is needed:

      nano /etc/default/stunnel4

      Find the line ENABLE=0 and change the 0 (zero) to 1 (one)

      ENABLE=1

      Save and exit nano. Then edit the second file:

      nano /etc/init.d/stunnel4

      Find the line ENABLE=0 and change the 0 (zero) to 1 (one)

      ENABLE=1

      Save and exit nano.

      Log into OMV web interface and goto System >> Notification. Enable the service.

      In the SMTP settings area: Set the SMTP server to localhost and the SMTP port to 11125. Check or uncheck 'Use SSL/TLS' ; both ways worked. Set Sender email as desired but it may need to be a same as the account your authenticating with. Check Authentication required and enter Username and Password. In Recipient area: enter email recipients. Save settings!

      Now test the settings: click 'Send a test email' in top menu.

      Check your email and or check the Syslog (Diagnostics >> System Logs). You should see something like this:

      stunnel: LOG5[2310:3073907568]: Service [att-smtp-tls-wrapper] accepted connection from 127.0.0.1:41658

      stunnel: LOG5[2310:3073907568]: connect_blocking: connected 67.195.15.5:465

      stunnel: LOG5[2310:3073907568]: Service [att-smtp-tls-wrapper] connected remote server from 172.16.0.198:58547

      postfix/smtp[22181]: 31ED761D11: replace: header Subject: Test message from OMV_servername: Subject: Test message from OMV_servername [OMV_servername.home.local]

      postfix/smtp[22181]: 31ED761D11: to=<recipient@att.net>, relay=localhost[127.0.0.1]:11125, delay=8, delays=0.07/0.01/6/2, dsn=2.0.0, status=sent (250 OK , completed)


      The last entry means it worked. If is says connection refused then it failed.


      So, what does all that stunnel.conf stuff mean, anyway?

      cert = and key = are the path and files that contain the certification files, In this case they are the same file.

      client = yes
      puts stunnel in client mode, meaning it is not acting as a server.

      The following may not be required but when I got stunnel working, I left it alone. This stuff, as I understand, runs stunnel in chain root environment which I don't understand except that it is a way to run the process more securely.

      chroot = /var/lib/stunnel4/
      setuid = stunnel4
      setgid = stunnel4
      pid = /stunnel4.pid

      The following are performance options for slow connections and my not be needed. The 'l:' is local and 'r:' is remote:

      socket = l:TCP_NODELAY=1
      socket = r:TCP_NODELAY=1

      Now for the actual connection:

      [att-smtp-tls-wrapper]
      accept = 127.0.0.1:11125
      connect = outbound.att.net:smtps

      The [att-smtp-tls-wrapper] is the service definition name and the name must be unique from any other service name in stunnel.conf. More on that later.

      The accept = is the IP address and port to listen on for connections. It is set to listen on the local host on port 11125 for incoming
      connections. The connect = is the machine to connect to and the port number to use. Port 465 is defined as smtps in the /etc/services file. One could simply have typed 465 instead.

      If another smtp needs to be defined the the service name and port number needs to be changed. OMV doesn't appear to allow use of multiple smtp to be setup. But several could be setup in stunnel for other uses. Adding a Yahoo smtp could be done by adding the following to the end of the stunnel.conf file:

      [yahoo-smtp-tls-wrapper]
      accept = 127.0.0.1:11130
      connect = smtp.mail.yahoo.com:smtps

      To use the Yahoo smtp; in OMV Notifications, change the SMTP port to 11130 and the authentication settings as needed. I have not acually tried this but see no reason why it should not work.

      Hopes this helps someone.