Guide for setting custom email notifications through turris.cz

Hi all,

This is a guide I wrote after spending some time trying to get custom emails sent through the notify.turris.cz email server.

Configuring the mail server
The mail-user agent (MUA) and SMTP software called msmtp is already installed on the Turris Omnia and used by the “notifier” script to issue email notifications when the router receives updates. It is compatible with sendmail, and in fact replaces it on the Turris Omnia:

$ ls -al /usr/sbin/sendmail
lrwxrwxrwx 1 root root 12 Oct 20 1969 /usr/sbin/sendmail → …/bin/msmtp

The script /usr/bin/notifier contains the information needed to configure msmtp and generates a file that look like this (depending on your configuration parameters in the Foris interface):

account notifier
from turris@notify.turris.cz
host smtp.turris.cz
port 465
tls on
tls_certcheck off
tls_starttls off
auth on
user XXXXXXXXXXX
password XXXXXXXXXXX
timeout 5
account default: notifier

The username and password (shown/hidden as XXXXXX above) are router-dependent. The username must be replaced by the result of the command:

$ atsha204cmd serial-number

The password must be replaced by the result of the command:

$ echo “efefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefef”
| atsha204cmd challenge-response
| awk ‘{print tolower($0)}’

Edit the msmtp config file at /etc/msmtprc to add a default account. I kept the “account default” and “syslog LOG_MAIL” directives from the default configuration file and replaced the rest by the content given farther above. An extra neat step is to avoid storing the password in clear in the file and replace the password line by:

passwordeval “echo ‘efefefefefefefefefefefefefefefefefefefefefefefefefefefefefefefef’ | atsha204cmd challenge-response | awk ‘{print tolower($0)}’”

You can send a test email using the command:

echo “Hello world!” | msmtp --debug my.email@domain.com

Redirecting root emails
Now that we can send emails, let’s make sure that every email that is sent to the root user (e.g. mdadm) is forwarded to our email box.
Create a file called /etc/aliases with this content:

root: my.email@domain.com
You can add several comma-separated email addresses.

Add the following line to your /etc/msmtprc config file:

aliases /etc/aliases

Send a test email to root (you should receive it on the email address specified above):

echo “Hello world!” | msmtp --debug root

Enjoy!

3 Likes

Create a user and put this tutorial on the community-documentation.

https://www.turris.cz/doc/en/start

Or else your tutorial will drown in the sea of topics.

2 Likes

Or setup your “own” mail server of your provider or gmail or whatever, as for my example it is faster due to greylisting to send from my “own” mail server.

documentation of msmtp can be found here e.g. https://wiki.archlinux.org/index.php/Msmtp

tls_certcheck off

This is generally a bad idea, because you would want the certificates to be checked (otherwise you’d never know if someone forged them and they are acting as man in the middle).

Sure, you can setup your own, etc, which adds complications, and I don’t want to not receive important emails because I screwed something up. The goal of this writeup was to use the turris.cz servers, which reliably sends emails to thousands of persons. I have clarified this in the title.

It may be true, einar, but that is how the “notifier” script uses msmtp. I haven’t tried to turned this tls_certcheck option on, but feel free to report here (and to the Turris developers) if you have a better working alternative.

Good point. I’ll file an issue.

This guide is now on the community wiki. :grin:

1 Like