Send email notifications encrypted with gpg

1st Official Post

    I want OMV email notifications to be encrypted with a gpg public key before sending.


    On other (non OMV) servers I have used this method:

    https://dev.to/philippmayrth/e…-cron-emails-with-gpg-15j


    This involves modifying crontab files to pipe the command output into gpg


    But when I look at the crontab files in OMV, there is a warning.

    # WARNING: Do not edit this file, your changes will get lost.


    I looked at config.xml and didn't see anything obvious.


    Is there an "approved" way to do this,

    Thanks.

  • Agricola

    Approved the thread.

    I gave up on the idea of OMV sending encrypted mail to my gmail account.


    Instead, I created a very basic Docker image with Postfix and Dovecot.

    Its job is to receive cron email from all my local hosts, including OMV.

    No internet access, no sending, no relaying, strictly receive only on my local Lan.

    So I set OMV notifications to localhost.


    I use Thunderbird to read the mail, any IMAP email client should work.


    This gets the job done.

    Kind of a shame to run another instance of Postfix, when it's already running by default.

    I have no idea how to integrate this functionality into the core OMV.

    For me, it was easier to find a Docker image on Github that had Postfix and Dovecot, and tweak it to my needs.

    Actually, I abandoned the idea of encrypted cron emails.


    However, it's fairly simple to implement.

    Copy your gpg public key to your home directory on OMV

    modify /etc/cron.d/openmediavault-userdefined - something like this:

    Code
    GPG_CMD = "ifne /usr/bin/gpg --batch --armor --trust-model always --no-default-keyring --keyring /home/YOURPUBLICKEY.asc.gpg --recipient you@example.de --encrypt"

@daily root /var/lib/openmediavault/cron.d/userdefined-blah-blah 2>&1 | $GPG_CMD | mail -E -s "Cron - Scheduled system backup." -a "From: Cron Daemon <root>" root >/dev/null 2>&1

    Of course there's a big problem with this:

    # WARNING: Do not edit this file, your changes will get lost.


    So it would be nice if you could put your own stuff in the crontab without it getting overwritten.


    But I took another approach:

    Rather than trying to get OMV to send encrypted mail to my gmail account,

    send it a mail server that I have control over. And don't worry about encryption


    So I grabbed a postfix/dovecot Docker image off Github and modified to my needs.

    I stripped out anything that involves relaying mail over the internet. This is local only.


    So now, I just configure OMV to send cron mail to the Docker container.

    To read the mail, Thunderbird.

    Yes Thunderbird complains about a self-signed certificate. I just "add exception" and it works fine.


    I also have several other Linux boxes here at home that send cron mail to the Container.

    So now, I don't worry about encrypting cron mail anymore.


    For my needs this is exactly what I want.

    But, it's kind of specialized, not sure many people would want this.


    Sure it would be nice if OMV did this. But it's easy enough to do with Docker.

    You guys have your hands full with far more important stuff.


    If anyone is interested, I'll gladly send them my Dockerfile and stuff.

    Warning, this is the 3rd Docker image I've ever built, and the first one was "hello world".

    One method to encrypt your outgoing e-mails is to use https://github.com/infertux/zeyple. The procedure is also described in the English Linux Magazine and the German Linux-Magazin.


    For the script to run you need to install also the python-is-python3 package. Otherwise, Python will not be found by the script. So the corresponding command during installation should read

    Code
    apt-get install gnupg python3-gpg python-is-python3 sudo

    As a side note, gnupg and sudo were already installed on my machine.


    Deviating from the process described in the above docs I wanted to add a locally stored public key. This works by copying the public key (.asc file) onto the server to a location where the zeyple user has read access, and add it as follows (adjust paths and filenames accordingly):

    Code
    sudo -u zeyple gpg --homedir /etc/zeyple/keys --import /etc/zeyple/public-key.asc


    Also, OMV auto-generates the Postfix config files (there is a corresponding header in them), so the standard installation process will not survive a re-creation of /etc/postfix/master.cf and /etc/postfix/main.cf. Instead, you need to add a config file to /srv/salt/omv/deploy/postfix/, e.g. 50zeyple.sls with the following contents:

    (copied from https://github.com/infertux/zeyple/blob/master/INSTALL.md).


    Then re-create the Postfix configuration files and re-start Postfix:

    Code
    omv-salt deploy run postfix


    I noted that zeyple's config file location announced in the linux magazine articles does not correspond to the location expected by the script (and given in the script's installation procedure). So depending on where you store zeyple's configuration file you may also need to modify the Python script itself. To do so, in function load_configuration() change line os.path.join('/etc/', filename), accordingly, e.g. to os.path.join('/etc/zeyple/', filename),.


    For me that was all it needed. A subsequently sent test message (on the web interface at System / Notification / Settings) was encrypted.

Participate now!

Don’t have an account yet? Register yourself now and be a part of our community!

Register Yourself Login