That's pretty much consistent across the board these days - and even then, one should have a valid from header, or it may get snatched by spam filters if nothing else.
Well I'll be darned !!! you were partly right you guru ! , I was using:But is the From: field also using an address @videotron.ca? This is a new requirement (and I suspect the address must also exist on their servers).
Here's my full SASL config for postfix
Code:# See /usr/share/postfix/main.cf.dist for a commented, more complete version # TLS parameters smtp_use_tls = yes smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt myhostname = testbox relayhost = [smtp.gmail.com]:587 # SASL Parameters smtp_sasl_auth_enable = yes smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd smtp_sasl_security_options =
Again, we're using Gmail, so note that the username/pass aren't in main.cf, they'll be in another file…
add the following lineCode:sudo nano /etc/postfix/sasl_passwd
Code:[smtp.gmail.com]:587 gmailuser@gmail.com:gmailpassword
gmailuser/gmailpassword is the userid/pass for the gmail account that we're using
Now we fix perms and update the postfix config to use the sasl_passwd file
Code:sudo chmod 400 /etc/postfix/sasl_passwd sudo postmap /etc/postfix/sasl_passwd
And we then reload postfix
Code:sudo service postfix reload
To test - the following should generate an email from your server to your gmail inbox - yes, this <line> is deliberately <broken> for a <reason> - if you don't remove the <brackets> - you'll get an error
Code:echo "Test mail from postfix" | mail -s "Test Postfix" <gmailuser>@gmail.com
So having this info, someone should be able to create a script around this for AsusWRT...
Thanks for this answer, but I'm using sendmail in my bering-uclibc firewall (http://leaf.sourceforge.net/bering-uclibc/), there is no postfix package available in this distro.
jrb.
for your info, this is the email I get ....Vidéotron no longer allows relaying emails from domain that aren't @videotron.ca. The change was progressively deployed over the past couple of months.
Note that GMail also offers app-specific passwords. You could use that capacity to generate a password dedicated to your outgoing notifications. I don't know if they still require you to globally enable access from less-secure applications, or if it's a selective bypass.
which brings me to ask you how you knew about this new requirement or changes that were progressively deploying over the past couple of months... if you feel like telling me of course !
Just saw that Entware does have a postfix package that support musl... should be able to run musl and uclibc together perhaps...
https://github.com/Entware/openwrt-packages/tree/master/mail/postfix
Postfix wouldn't really help, as he'd need to configure a Smart Host, which would bring back his original issue. Outbound port 25 is blocked for any SMTP other than the ISP's own.
So Port 25 is blocked, Port 587 probably isn't, otherwise Gmail wouldn't work on SmartPhones
Which would STILL require a smart host
That's the power of a smarthost on the local machine - just bounce the output from scripts (bash, php, perl, python, etc...) to localhost sendmail, and postfix configured as a smarthost MTA sends it to the gmail server, which is authenticated via SASL, so they accept it.
I work in IT, it started affecting some of my customers over these past few months. Some of them had their POP3 work address configured with Vidéotron's SMTP for outgoing mail.
Ok I'll admit that, but why did Videotron suddenly made those changes, would you know what their motives, reasons are, or guess what this is all about ?
On more than one occasion, Videotron got their SMTP blacklisted due to spam relaying. Preventing sending mail with a reply address outside of the videotron.ca clamps down on that spam, as spammers would typically use an external domain.
On more than one occasion, Videotron got their SMTP blacklisted due to spam relaying. Preventing sending mail with a reply address outside of the videotron.ca clamps down on that spam, as spammers would typically use an external domain.
And in general, I've never been impressed by Videotron's sysadmins. Quite a few dubious decisions on their part over the years. I remember once having to deal with the fact that their caching nameservers flat out ignored TTL values. Migrating a customer's server to a different IP was a PITA, as Videotron's DNS kept resolving to the old IP for well over a day, despite the domain TTL being only a few hours. Hopefully they've fixed that since (it was 12-14 years ago).
Also the fact that their SMTP will give up on temporary delivery failure after only one day, while the majority of servers out there will try for at least 5 days. That means a weekend outage for someone's mail server that would only be resolved on Monday morning will result in lost mail.
The fact that you need to use a different mail server to use TLS in 2016 is also a bit mind boggling.
I suppose it's part for the course when it comes to ISPs. Many of them are managed by sysadmins who ignore best practices or RFCs, and do just what they feel like is "best", without thinking any further than their personal, corporate bottom line. </mini rant>
firewall# sendmail -v -H"exec openssl s_client -quiet -CAfile Certificats.pem -tls1 -connect smtp.videotron.ca:465 -p
ause" </tmp/mail.txt -froot@firewall -auxxxxxxx -apyyyyyyy
blablabla@gmail.com
sendmail: send:'NOOP'
depth=2 C = US, O = "VeriSign, Inc.", OU = VeriSign Trust Network, OU = "(c) 2006 VeriSign, Inc. - For authorized use only", CN = VeriSign Class 3 Public Primary Certification Authority - G5
verify return:1
depth=1 C = US, O = Symantec Corporation, OU = Symantec Trust Network, CN = Symantec Class 3 Secure Server CA - G4
verify return:1
depth=0 C = CA, ST = Quebec, L = Montreal, O = Videotron s.e.n.c., OU = Ingenierie, CN = smtp.videotron.ca
verify return:1
read:errno=0
sendmail: NOOP failed
firewall# sendmail -v -H"exec openssl s_client -quiet -CAfile Certificats.pem -t
ls1 -connect smtp.videotron.ca:465 -pause" </tmp/mail.txt -froot@firewall -auxxxxxxxxx -apyyyyyyyy blablabla@gmail.com
sendmail: send:'NOOP'
depth=2 C = US, O = "VeriSign, Inc.", OU = VeriSign Trust Network, OU = "(c) 2006 VeriSign, Inc. - For authorized use only", CN = VeriSign Class 3 Public Primary Certification Authority - G5
verify return:1
depth=1 C = US, O = Symantec Corporation, OU = Symantec Trust Network, CN = Symantec Class 3 Secure Server CA - G4
verify return:1
depth=0 C = CA, ST = Quebec, L = Montreal, O = Videotron s.e.n.c., OU = Ingenierie, CN = smtp.videotron.ca
verify return:1
sendmail: recv:'220 smtp.videotron.ca Videotron ESMTP server ready'
sendmail: recv:'250 2.0.0 OK'
sendmail: send:'EHLO firewall'
sendmail: recv:'250-smtp.videotron.ca hello [11.22.33.44], pleased to meet you'
sendmail: recv:'250-HELP'
sendmail: recv:'250-AUTH LOGIN PLAIN'
sendmail: recv:'250-SIZE 35840000'
sendmail: recv:'250-ENHANCEDSTATUSCODES'
sendmail: recv:'250-8BITMIME'
sendmail: recv:'250 OK'
sendmail: send:'AUTH LOGIN'
sendmail: recv:'334 VXNlcm5hbWU6'
sendmail: send:''
sendmail: recv:'334 UGFzc3dvcmQ6'
sendmail: send:''
sendmail: recv:'235 2.7.0 ... authentication succeeded'
sendmail: send:'MAIL FROM:<root@firewall>'
sendmail: recv:'250 2.1.0 <root@firewall> sender ok'
sendmail: send:'RCPT TO:<blablabla@gmail.com>'
sendmail: recv:'250 2.1.5 EMZ1booskWjC4EMZ4bADps <blablabla@gmail.com> recipient ok'
sendmail: send:'DATA'
sendmail: recv:'354 OK'
sendmail: send:'Subject: WAN state notification'
sendmail: send:'From: Firewall blablabla@videotron.ca'
sendmail: send:'Date: Sat, 18 Jun 2016 15:25:33 -0400'
sendmail: send:'To: blablabla@gmail.com'
sendmail: send:''
sendmail: send:'I just got connected to the internet.'
sendmail: send:''
sendmail: send:'My WAN IP is: '
sendmail: send:''
sendmail: send:'---- '
sendmail: send:'Your friendly router.'
sendmail: send:''
sendmail: send:'.'
sendmail: recv:'250 2.0.0 EMZ1booskWjC4EMZ4bADps Message accepted for delivery'
sendmail: send:'QUIT'
sendmail: recv:'221 2.0.0 smtp.videotron.ca Videotron closing connection'
Looking at busybox sendmail source code I found this:<minipraise> I finally received an email from Videotron admitting they were blacklisted, and telling me they now use smtp.videotron.ca using ssl on port 465 and with auth. </minipraise>
Inspired by your smtp.gmail.com example I tried this:
********************************************************
firewall# sendmail -v -H"exec openssl s_client -quiet -CAfile Certificats.pem -tls1 -connect smtp.videotron.ca:465 -p
ause" </tmp/mail.txt -froot@firewall -auxxxxxxx -apyyyyyyy
blablabla@gmail.com
sendmail: send:'NOOP'
depth=2 C = US, O = "VeriSign, Inc.", OU = VeriSign Trust Network, OU = "(c) 2006 VeriSign, Inc. - For authorized use only", CN = VeriSign Class 3 Public Primary Certification Authority - G5
verify return:1
depth=1 C = US, O = Symantec Corporation, OU = Symantec Trust Network, CN = Symantec Class 3 Secure Server CA - G4
verify return:1
depth=0 C = CA, ST = Quebec, L = Montreal, O = Videotron s.e.n.c., OU = Ingenierie, CN = smtp.videotron.ca
verify return:1
read:errno=0
sendmail: NOOP failed
*********************************************************
but once in about every 5 tries with the same command, it works and I get the email to gmail...
*****************************
firewall# sendmail -v -H"exec openssl s_client -quiet -CAfile Certificats.pem -t
ls1 -connect smtp.videotron.ca:465 -pause" </tmp/mail.txt -froot@firewall -auxxxxxxxxx -apyyyyyyyy blablabla@gmail.com
sendmail: send:'NOOP'
depth=2 C = US, O = "VeriSign, Inc.", OU = VeriSign Trust Network, OU = "(c) 2006 VeriSign, Inc. - For authorized use only", CN = VeriSign Class 3 Public Primary Certification Authority - G5
verify return:1
depth=1 C = US, O = Symantec Corporation, OU = Symantec Trust Network, CN = Symantec Class 3 Secure Server CA - G4
verify return:1
depth=0 C = CA, ST = Quebec, L = Montreal, O = Videotron s.e.n.c., OU = Ingenierie, CN = smtp.videotron.ca
verify return:1
sendmail: recv:'220 smtp.videotron.ca Videotron ESMTP server ready'
sendmail: recv:'250 2.0.0 OK'
sendmail: send:'EHLO firewall'
sendmail: recv:'250-smtp.videotron.ca hello [11.22.33.44], pleased to meet you'
sendmail: recv:'250-HELP'
sendmail: recv:'250-AUTH LOGIN PLAIN'
sendmail: recv:'250-SIZE 35840000'
sendmail: recv:'250-ENHANCEDSTATUSCODES'
sendmail: recv:'250-8BITMIME'
sendmail: recv:'250 OK'
sendmail: send:'AUTH LOGIN'
sendmail: recv:'334 VXNlcm5hbWU6'
sendmail: send:''
sendmail: recv:'334 UGFzc3dvcmQ6'
sendmail: send:''
sendmail: recv:'235 2.7.0 ... authentication succeeded'
sendmail: send:'MAIL FROM:<root@firewall>'
sendmail: recv:'250 2.1.0 <root@firewall> sender ok'
sendmail: send:'RCPT TO:<blablabla@gmail.com>'
sendmail: recv:'250 2.1.5 EMZ1booskWjC4EMZ4bADps <blablabla@gmail.com> recipient ok'
sendmail: send:'DATA'
sendmail: recv:'354 OK'
sendmail: send:'Subject: WAN state notification'
sendmail: send:'From: Firewall blablabla@videotron.ca'
sendmail: send:'Date: Sat, 18 Jun 2016 15:25:33 -0400'
sendmail: send:'To: blablabla@gmail.com'
sendmail: send:''
sendmail: send:'I just got connected to the internet.'
sendmail: send:''
sendmail: send:'My WAN IP is: '
sendmail: send:''
sendmail: send:'---- '
sendmail: send:'Your friendly router.'
sendmail: send:''
sendmail: send:'.'
sendmail: recv:'250 2.0.0 EMZ1booskWjC4EMZ4bADps Message accepted for delivery'
sendmail: send:'QUIT'
sendmail: recv:'221 2.0.0 smtp.videotron.ca Videotron closing connection'
***************************
It partly works, there are these two lines:
...
read:errno=0
sendmail: NOOP failed
at the end of the failed dialog... Openssh gives this read:errno=0 which might cause sendmail to become confused... I'm at a loss here. This is why I used the </minipraise> earlier !
My Certificats.pem were exported from my mac, it is a large file about 195 certificats.... I guess it shows I'm new to this ...
...
// connection helper ordered? ->
if (opts & OPT_H) {
const char *args[] = { "sh", "-c", opt_connect, NULL };
// plug it in
launch_helper(args);
// Now:
// our stdout will go to helper's stdin,
// helper's stdout will be available on our stdin.
// Wait for initial server message.
// If helper (such as openssl) invokes STARTTLS, the initial 220
// is swallowed by helper (and not repeated after TLS is initiated).
// We will send NOOP cmd to server and check the response.
// We should get 220+250 on plain connection, 250 on STARTTLSed session.
//
// The problem here is some servers delay initial 220 message,
// and consider client to be a spammer if it starts sending cmds
// before 220 reached it. The code below is unsafe in this regard:
// in non-STARTTLSed case, we potentially send NOOP before 220
// is sent by server.
// Ideas? (--delay SECS opt? --assume-starttls-helper opt?)
code = smtp_check("NOOP", -1);
if (code == 220)
// we got 220 - this is not STARTTLSed connection,
// eat 250 response to our NOOP
smtp_check(NULL, 250);
else
if (code != 250)
Thread starter | Title | Forum | Replies | Date |
---|---|---|---|---|
L | Feature suggest: web notifications | Asuswrt-Merlin | 1 | |
Notifications when device goes online/offline | Asuswrt-Merlin | 0 | ||
Google mail vpn blocking | Asuswrt-Merlin | 7 |
Welcome To SNBForums
SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.
If you'd like to post a question, simply register and have at it!
While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!