sendmail script

[awiatr]

I am trying to send an email in a script running on an Asus RT-AX88U running Asuswrt-Merlin 386.3_2:

#!/bin/sh
FROM="andrewwiatr@gmail.com"
AUTH="andrewwiatr@gmail.com"
PASS="***"
FROMNAME="Asus"
TO="andrewwiatr@gmail.com"
ntpclient -h pool.ntp.org -s &> /dev/null
sleep 5
echo "Subject: WAN state notification" >/tmp/mail.txt
echo "From: \"$FROMNAME\"<$FROM>" >>/tmp/mail.txt
echo "Date: $(date -R)" >>/tmp/mail.txt
echo "" >>/tmp/mail.txt
echo "I just got connected to the internet." >>/tmp/mail.txt
echo "" >>/tmp/mail.txt
echo "My WAN IP is: $(nvram get wan0_ipaddr)" >>/tmp/mail.txt
echo "Uptime is: $(uptime | cut -d ',' -f1 | sed 's/^.\{12\}//g')" >>/tmp/mail.txt
echo "" >>/tmp/mail.txt
echo "---- " >>/tmp/mail.txt
echo "Your friendly router." >>/tmp/mail.txt
echo "" >>/tmp/mail.txt
cat /tmp/mail.txt | sendmail -H"exec openssl s_client -quiet \
-CAfile /jffs/configs/google_root.pem \
-connect smtp.gmail.com:587 -tls1 -starttls smtp" \
-f"$FROM" \
-au"$AUTH" -ap"$PASS" $TO
rm /tmp/mail.txt

/jffs/configs/google_root.pem was obtained by running:

wget https://pki.google.com/roots.pem

The output from the script is:

depth=2 C = US, O = Google Trust Services LLC, CN = GTS Root R1
verify return:1
depth=1 C = US, O = Google Trust Services LLC, CN = GTS CA 1C3
verify return:1
depth=0 CN = smtp.gmail.com
verify return:1
250 SMTPUTF8
sendmail: failed

Any help will be gratefully received.

 

[ColinTaylor]

The ntpclient statement doesn't do anything because that was removed from Merlin's firmware years ago.

Shouldn't be a problem removing it provided your router's date and time are set correctly.

 

[Torson]

Edit the downloaded https://pki.google.com/roots.pem file and only keep the first relevant section in the format:

-----BEGIN CERTIFICATE-----
<snip>
-----END CERTIFICATE-----

For some reason (timing most probable) my second line of the script is

sleep 5

...and it works.

 

[awiatr]

Thanks.

I have removed the ntpclient statement.

There was already a sleep 5 statement at the start of the script.

I removed all but the first certificate from /jffs/configs/google_root.pem and I got an additional error, the second line below:

depth=2 C = US, O = Google Trust Services LLC, CN = GTS Root R1
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=1 C = US, O = Google Trust Services LLC, CN = GTS CA 1C3
verify return:1
depth=0 CN = smtp.gmail.com
verify return:1
250 SMTPUTF8

 

[octopus]

Have you put certifikate in this directory,
/jffs/configs/google_root.pem
With file name, google_root.pem

 

[awiatr]

I tried running telnet which looks ok:

telnet smtp.gmail.com 587
220 smtp.gmail.com ESMTP y21sm11153932wmc.11 - gsmtp

Have you put certifikate in this directory,
/jffs/configs/google_root.pem
With file name, google_root.pem

Have you put certifikate in this directory,
/jffs/configs/google_root.pem
With file name, google_root.pem

Yes, /jffs/configs/google_root.pem was obtained by running:

wget https://pki.google.com/roots.pem

 

[Torson]

I removed all but the first certificate from /jffs/configs/google_root.pem and I got an additional error, the second line below:

depth=2 C = US, O = Google Trust Services LLC, CN = GTS Root R1
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=1 C = US, O = Google Trust Services LLC, CN = GTS CA 1C3
verify return:1
depth=0 CN = smtp.gmail.com
verify return:1
250 SMTPUTF8

Did you try to set "Less Secure Apps" access on your gmail account? Also try using the Google Reset procedure.

 

[Jeffrey Young]

Did you try to set "Less Secure Apps" access on your gmail account? Also try using the Google Reset procedure.

When I set up with a Google account, I had to use the application password feature of gmail, otherwise you have to set google to "less secure apps" as suggested.

 

[Maverickcdn]

cat /tmp/mail.txt | sendmail -H"exec openssl s_client -quiet \
-CAfile /jffs/configs/google_root.pem \
-connect smtp.gmail.com:587 -tls1 -starttls smtp" \
-f"$FROM" \
-au"$AUTH" -ap"$PASS" $TO

I dont think tls1 is supported by Gmail anymore.

Also you don't need to download or specify the certifcate
Less secure app access MUST be enabled in Gmail. If you use 2factorauthentication on Google you MUST set a specific app password

Try this instead

cat /tmp/mail.txt | /usr/sbin/sendmail  \
    -H "exec openssl s_client -quiet \
    -starttls smtp \
    -connect smtp.gmail.com:587  \
    -no_ssl3 -no_tls1" \
    -f "$FROM" -au"$AUTH" -ap"$PASS" "$TO" -v

 

[RMerlin]

You need to use OAUTH2 authentication these days to use GMail as an SMTP relay. This could possibly be done by using curl.

 

[dev_null]

If you're using Diversion, you could try connecting to it's email function, which I described here: https://www.snbforums.com/goto/post?id=661889

Credit to @elorimer for pointing this option out.

 

[awiatr]

Did you try to set "Less Secure Apps" access on your gmail account? Also try using the Google Reset procedure.

I just tried it and it worked, thank you.

 

[awiatr]

If you're using Diversion, you could try connecting to it's email function, which I described here: https://www.snbforums.com/goto/post?id=661889

Credit to @elorimer for pointing this option out.

The link to the source of div-email.sh doesn't appear to work.

 

[awiatr]

I dont think tls1 is supported by Gmail anymore.

Also you don't need to download or specify the certifcate
Less secure app access MUST be enabled in Gmail. If you use 2factorauthentication on Google you MUST set a specific app password

Try this instead

cat /tmp/mail.txt | /usr/sbin/sendmail  \
    -H "exec openssl s_client -quiet \
    -starttls smtp \
    -connect smtp.gmail.com:587  \
    -no_ssl3 -no_tls1" \
    -f "$FROM" -au"$AUTH" -ap"$PASS" "$TO" -v

Thanks, your script worked. Good to know how to avoid using the certificate.

 

[dev_null]

The link to the source of div-email.sh doesn't appear to work.

Apologies, the script is located in this folder, but it appears you're sorted.

 

[awiatr]

Apologies, the script is located in this folder, but it appears you're sorted.

Thanks, emailing happily now.

 

[noric]

You need to use OAUTH2 authentication these days to use GMail as an SMTP relay. This could possibly be done by using curl.

Does anyone know any successful shell/bash implementation of OAUTH2 authentication?
Google is phasing out "less secure apps" on May 30th. Only alternative is turning on 2-factor authentication OR managing an OAUTH2 script.

 

[Jeffrey Young]

I have not tried modifying my smail script, but I think this link may be of use; Not sure when I will get time to try it, but I will post when I get a chance to try it out;

Looking for a CLI e-mail sender that supports OAUTH 2.0

I want to be able to send gmail messages from a raspberry pi, ideally from a single line of a shell script - I know I can use a mail server other than gmail that supports less secure login options,...

softwarerecs.stackexchange.com

 

[Jeffrey Young]

Does anyone know any successful shell/bash implementation of OAUTH2 authentication?
Google is phasing out "less secure apps" on May 30th. Only alternative is turning on 2-factor authentication OR managing an OAUTH2 script.

I have not had a chance to play with this yet (other programming priorities), but I did find this article

mutt integration with Gmail using OAuth

As I mentioned before, I am a heavy terminal user, including viewing and replying emails with it. Mutt is my email client. Once you have setup your 2 factor authentication with Google, you won&#821…

luxing.im

Both Python and MUTT are available on entware (at least for my AC86U). Probably won't be until fall before I can play. But it looks promising.

 

[elorimer]

Why would we not continue with curl and an app password?

Also, it looks like OOB OAuth is going away too.