DSM-G600, DNS-3xx and NSA-220 Hack Forum

driemar · 2009-02-15 04:41:04

This long song is for those 2% of the users who don't really know what they're doing, like me. I have seen
a lot of threads asking about how to send emails from the 323 using a gmail account. This is what worked for me,
after many long nights of frustration. Of course, it borrows from all over the place. It pretty basic stuff but
I think there are a few of us out there who just wern't quite getting it right despite all the good threads and
web site suggestions.I hope it helps. Sorry about the length.

I did the full install of the ffp so things like mailx, esmtp are installed. My root account is running the
bash shell but I don't believe that makes a difference. I am running ffp off a usb flash stick, but again, the
notes below are applicable wether or not ffp is being run from a flash stick or hard drive, I think!

I had a lot of trouble getting my DNS-323 to send emails, but I finally got it to work. It is probably not
the most efficient setup and I don't claim to understand how all the pieces work together but I am able to
send e-mails (via other's scripts or command line commands) from my DNS-323 by using my gmail account. Of course, lots
of others can do this as well, but I was not able to find a "comprehensive" set of basic instruction that filled
in the missing holes for me. There are lots of links to other web pages and threads but I was always left little
questions. So here's what I did that now allows me to send emails using my gmail account:

One caveate: I am only able to send emails as the "root" user, but when I log in using a different account, I am
still having some permission problems...errors, that is.

*********

Using the nano editor, I created the "esmtprc" configuration file for esmtp. So,

> nano /ffp/etc/esmtprc

The following lines were typed into that file look like this:

identity drie222@gmail.com
hostname smtp.gmail.com:587
username "drie222@gmail.com"
password "123456789"
starttls required

Of course <cntl> plus <o> together, followed by <enter> saves this new file. I used the nano editor, but vi it or whatever.
Well, the passwords not actually "123456789". But, the quotes goes where they appear. I think it is possible
to use an "=" sign after "hostname", "username", "password" and "starttls" (e.g., password="123456789").

Currently, this file has permissions 0777 (i.e., -rwxrwxrwx) while the ownership and group (?) is root:root. In other words:

> ls -l /ffp/etc/esmtprc

currently returns

-rwxrwxrwx 1 root root 239 Feb 14 00:02 /ffp/etc/esmtprc

My thinking was that another DNS-323 local logon user may want to add another "entry" (i.e., email account) to this file, so
0777 was not inappropriate. I don't know, maybe this is too permissive. Of course, my gmail email account is "drie222@gmail.com"
and my password is: 123456789.

Then, I created a folder on the hard drive, namely "/mnt/HD_a2/.authenticate", and assigned liberal permissions
to it with the following commands (done as root user logged on to the DNS-323):

mkdir /mnt/HD_a2/.authenticate
chmod -Rc 0777 /mnt/HD_a2/.authenticate

This hidden (?) folder is on the hard drive and of course survives reboots. This is the permanent
location that I use to hold the "ca.pem" file for the gmail mail server. To download this file to this
folding folder, I used the following commands :

> cd /mnt/HD_a2/.authenticate
> wget https://www.verisign.com/support/thawte-roots.zip --no-check-certificate
> unzip -p thawte-roots.zip 'Thawte Server Roots/ThawtePremiumServer_b64.txt' > /mnt/HD_a2/.authenticate/ca.pem
> chmod 0777 /mnt/HD_a2/.authenticate/ca.pem

I had to use the "--no-check-certificate" option on the wget command as instructed when the command is issued
without it.

This makes this ca.pem file available (after reboots) to be copied over to the necessary location (see later). This
folder on the hard drive is just a holding folder--the file does change and doesn't need to be re-downloaded after
each 323 reboot. From here it needs to be transfer to the spot where it is actually needed. To do this transfer
each time the DNS-323 is rebooted, I have written a few commands into a script which executes
when the DNS-323 is restarted.

Note: In the /etc/passwd file (> nano /etc/passwd), the home directory of root is /home/root. I think that is the
default behavior, but if your passwd file specifies something different, it could make a difference.

I put the following commands into a simple script file named "authenticate_gmail.sh" in the /ffp/start directory.
Again, I used the nano editor to put the following commands in this file--add whatever checks or conditional
statements you like, but these are the important statements in this program:

mkdir -p /home/root/.authenticate
chmod 0700 /home/root/.authenticate
cd /home/root/.authenticate
cp /mnt/HD_a2/.authenticate/ca.pem /home/root/.authenticate
chmod 0600 /home/root/.authenticate

These lines copy the "ca.pem" certificate to the proper spot each time the system is restarted. The
"ca.pem" must have permissions 0600 while it holding folder has permissions 0700.

The mail client (?) that I use is mailx. It is the one that fonz used in his "ffp-mirror.sh-sample" script so I
assumed that was the way to go. I believe it uses "esmtp" as its mail transfer agent, thus the reason why
the "esmtprc" file was created earlier. Here are the two commands that I have had success with in the last day:

> cat /bs/some_file.txt | mailx -s "the email subject line" -r drie2222@gmail.com ********************

This command put the contents of the "/bs/some_file.txt" file into the body of the email. The subject of the
email is the phrase "the email subject line". I am not sure what the string after the -r does because no matter
I put here (for example, "driemar222@gmail.com" or "somestring@bacon.org") it doesn't affect how the email appears
in my gmail "Sent Mail" folder. As well, on the destination server, the from address is correctly shown as
my gmail account. The last email address, "********************" is the destination address

I have also used this command:

> mailx -s "a new subject" -a /bs/some_file.txt -r baconbits@gthing.com ********************

which then sends /bs/some_file.txt as an attachment. It allows you to enter text in the body of the email. When
finished entering text just hit enter to go to a new line, then the <cntl> and <d> keys at the same time. That
ends and sends the email with its attachement.

Also, leaving off the -r parameter and its arguement still works just fine. So now, I am leaving it off.

I would be interested in knowing how to permit a second local user to send mail. I am trying to give that user
the ca.pem file with appropriate permissions to various files but alas all I am getting back is a
permission error...

jotka · 2009-03-09 20:56:26

Hello
Unfortunatelly, i have the following error...

EOT
root@nas:~# StartTLS extension not supported by MTA
0 (null)
recipient@gmail.com: 0 (null)

qryptiq · 2009-03-13 16:47:44

thanks driemar,

i'll be sure to give this an attempt as i have a gmail account i would like to use.

driemar · 2009-03-15 04:21:11

jotka wrote:
Hello
Unfortunatelly, i have the following error...

EOT
root@nas:~# StartTLS extension not supported by MTA
0 (null)
recipient@gmail.com: 0 (null)

I just changed the permissions on the ca.pem file in .authenticate directory under my root's home directory (i.e., /home/root/.authenticate...on my machine). When I subsequently issued the "mailx" command I got the following error:

EOT
[D_Store:~/ .authenticate]
(root)>StartTLS extension not supported by MTA
0 (null)
driemar@####.com: 0 (null)

Of course, my prompt is set differently, but otherwise the errors seem the same.

So, it could be that your permissions are not correctly set on this file or the folder (.authenticate) that contains this file. I would check that first.

fandcm · 2009-03-21 13:27:15

Anyone has tried to send email with PHP mail() and esmtp? From command line in SSH, sendmail command worked fine, but not mail() in PHP script.

Any advice?

Jong
DNS-323

bfg100k · 2009-05-04 20:11:21

For this, you will need to enable imap support in PHP which unfortunately is not available in the current fonz php package. I'm looking at compiling my own version with imap support but things are moving slowly as i'm a virgin when it comes linux development. Anyhow, if i'm successful, i will post here again.

fandcm wrote:
Anyone has tried to send email with PHP mail() and esmtp? From command line in SSH, sendmail command worked fine, but not mail() in PHP script.

Any advice?

Jong
DNS-323

fonz · 2009-05-05 10:40:00

bfg100k wrote:
I'm looking at compiling my own version with imap support but things are moving slowly as i'm a virgin when it comes linux development.

Uli has some info on how to use my subversion repository to change and recompile packages. Might be useful.
http://nas-tweaks.net/CH3SNAS:Tutorials … g_software

Special note for php: There's no non-web-download for php, so you need to download the php source tarball manually, and put it in the distfiles directory.

valdorama · 2009-05-13 19:29:40

jotka wrote:
Hello
Unfortunatelly, i have the following error...

EOT
root@nas:~# StartTLS extension not supported by MTA
0 (null)
recipient@gmail.com: 0 (null)

I've been having the same problem and have tried various things to get it working. Finally it's working so I thought I'd register and reply to help out anyone else that's having the same problem.

The problem was that the ca.pem file was 0 empty. I navigated to the downloaded thawte-roots.zip in Windows Explorer and viewed the contents, and noticed that the file referenced by this line in the original poster's code:

'Thawte Server Roots/ThawtePremiumServer_b64.txt'

did NOT exist in the zip file. hence the empty ca.pem file when unzipping the non-existent file into it. in the zip file that i had, the closest matching file was named:

'Thawte Server Roots/ThawtePremiumServerCA_b64.txt'

NOTE the extra 'CA'

so i did:

unzip -p thawte-roots.zip 'Thawte Server Roots/ThawtePremiumServerCA_b64.txt' > /mnt/HD_a2/.authenticate/ca.pem

and that resulted in a ca.pem file that wasn't empty. then tried the mailx command - it didn't give me any errors and couple minutes later an email arrived in my gmail account. so i'd try this out...hope it helps.

iazmin · 2009-05-17 06:15:02

I managed to install but fail to send with the following error message:

Code:

 Local delivery not possible without a MDA

nickdns · 2009-06-12 02:57:12

The local delivery issue is because procmail is not in the default path..
Add the following line to your ffp/etc/esmtprc:

mda "/ffp/bin/procmail -d %T"

nickdns · 2009-06-12 03:18:27

And If you get "Invalid peer certificate (error 20)"
do:

cd ~
pwd

=> this should point to /home/root

if it does point to / then your .authenticate directory should be moved to /

Also, make sure that .authenticate is chmod 0600

Kai · 2009-06-14 15:22:46

Since I haven't had any success in figuring out the right Thawte certificates from their zip I looked arround and finaly pasted this

-----BEGIN CERTIFICATE-----
MIIDJzCCApCgAwIBAgIBATANBgkqhkiG9w0BAQQFADCBzjELMAkGA1UEBhMCWkEx
FTATBgNVBAgTDFdlc3Rlcm4gQ2FwZTESMBAGA1UEBxMJQ2FwZSBUb3duMR0wGwYD
VQQKExRUaGF3dGUgQ29uc3VsdGluZyBjYzEoMCYGA1UECxMfQ2VydGlmaWNhdGlv
biBTZXJ2aWNlcyBEaXZpc2lvbjEhMB8GA1UEAxMYVGhhd3RlIFByZW1pdW0gU2Vy
dmVyIENBMSgwJgYJKoZIhvcNAQkBFhlwcmVtaXVtLXNlcnZlckB0aGF3dGUuY29t
MB4XDTk2MDgwMTAwMDAwMFoXDTIwMTIzMTIzNTk1OVowgc4xCzAJBgNVBAYTAlpB
MRUwEwYDVQQIEwxXZXN0ZXJuIENhcGUxEjAQBgNVBAcTCUNhcGUgVG93bjEdMBsG
A1UEChMUVGhhd3RlIENvbnN1bHRpbmcgY2MxKDAmBgNVBAsTH0NlcnRpZmljYXRp
b24gU2VydmljZXMgRGl2aXNpb24xITAfBgNVBAMTGFRoYXd0ZSBQcmVtaXVtIFNl
cnZlciBDQTEoMCYGCSqGSIb3DQEJARYZcHJlbWl1bS1zZXJ2ZXJAdGhhd3RlLmNv
bTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA0jY2aovXwlue2oFBYo847kkE
VdbQ7xwblRZH7xhINTpS9CtqBo87L+pW46+GjZ4X9560ZXUCTe/LCaIhUdib0GfQ
ug2SBhRz1JPLlyoAnFxODLz6FVL88kRu2hFKbgifLy3j+ao6hnO2RlNYyIkFvYMR
uHM/qgeN9EJN50CdHDcCAwEAAaMTMBEwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG
9w0BAQQFAAOBgQAmSCwWwlj66BZ0DKqqX1Q/8tfJeGBeXm43YyJ3Nn6yF8Q0ufUI
hfzJATj/Tb7yFkJD57taRvvBxhEf8UqwKEbJw8RCfbz6q1lu1bdRiBHjpIUZa4JM
pAwSremkrj/xw0llmozFyD4lt5SZu5IycQfwhl7tUCemDaYj+bvLpgcUQg==
-----END CERTIFICATE-----

into the ca.pem -> works. This is actualy the Thawte Premium Server CA base64.

If you don't trust me or do not feel comfortable to copy n paste certificates from unknown sources(which I would understand). It can be found in their recent zip file under:
Thawte SSLWeb Server Roots/thawte Premium Server CA/Thawte Premium Server CA.pem

Looks like they change naming and structure of their CA zips quite often.

So hope this helps..

Ricardo · 2009-06-16 02:31:41

There is an alternative for those having problems with the certificates: to use the built-in (as of fw 1.06) msmtp. It's the same binary used by the firmware to send the email alerts.

An example for GMail is:

root@NAS:~# /usr/bin/msmtp --host=smtp.gmail.com --port=587 --auth=on --user <your_gmail_username> --tls=on --tls-certcheck=off -f <your_gmail_username@gmail.com> -t < /path/to/file_containing_your_message

It will ask for your GMail password and the first two lines of file_containing_your_message must contain the To: and Subject: fields. This example skips any certificate checks, so there's no need for the CA certificates previously mentioned on this thread.

If you insist on checking GMail's server certificate, replace the "--tls-certcheck=off" switch for "--tls-trust-file=/path/to/ca.pem". If you don't want to be asked for a password, use msmtp configuration files ( /usr/local/etc/msmtprc or ~/.msmtprc). For the format of this configuration file, see the man page (http://pwet.fr/man/linux/commandes/msmtp).

Last edited by Ricardo (2009-06-16 02:38:31)

toolbox · 2009-08-23 19:20:28

Anyone has solution of the issue regarding

root@mymachine:~# StartTLS extension not supported by MTA
0 (null)
someone@email.address: 0 (null)

I have been able to send mail using info from this thread under chroot'd debian without any problem. Yesterday, I switched back to ffp to try out some optware package and want to have the ability to send mail. I duplicated my debian setup under ffp but have no luck sending mail. I keep getting this "~# StartTLS extension not supported by MTA error".

dweezil · 2009-08-24 01:58:45

Hi toolbox,

After I spent a couple hours trying to solve that issue on 1.05, I ended up trying up
atx32 solution http://dns323.kood.org/forum/viewtopic.php?id=3563 or was it Ricardo's?

Anyway, I had to upgrade to 1.08 beta5 (1.06 should work but I wanted to try 1.08).

It works simply and fast.

Cheers

Last edited by dweezil (2009-08-24 02:00:59)

toolbox · 2009-08-24 06:06:22

dweezil wrote:
Hi toolbox,

After I spent a couple hours trying to solve that issue on 1.05, I ended up trying up
atx32 solution http://dns323.kood.org/forum/viewtopic.php?id=3563 or was it Ricardo's?

Anyway, I had to upgrade to 1.08 beta5 (1.06 should work but I wanted to try 1.08).

It works simply and fast.

Cheers

Thanks. For gmail, I don't need to modify .msmtp to get it to work.

alynrtiedtke · 2011-03-31 15:31:16

nickdns wrote:
And If you get "Invalid peer certificate (error 20)"
do:

cd ~
pwd

=> this should point to /home/root

if it does point to / then your .authenticate directory should be moved to /

Also, make sure that .authenticate is chmod 0600

Sorry to awake an old post.

I have mailx working with esmtp. I am using my normal ISP port 25 smtp server and everything is working great.

However trying to get it to use the gmail smtp server with the certificate as posted here is not working. Whatever i do i get the 'invalid certificate' error message.

My question is, where exactly does esmtp look for the .authenticate directory ???

if i cd ~ this points me to /mnt/HD/HD_a2/ffp/home/root

I have tried the .authenticate (with correct permissions of 0600 and 0700 for file/folder respectfully) in the folder above along with...

/home/root
/mnt/HD/HD_a2/ffp/etc (where my .esmtprc file is)

all give 'invalid certificate'

where exactly should the .authenticate folder be ???

p.s. I am using a DNS-320 but have the funplug.local installed to symlink /mnt/HD/HD_a2 to /mnt/HD_a2 also.

Any help with this would be much appreciated.

Many thanks chaps.

GailH · 2011-10-02 13:53:55

alynrtiedtke said: Sorry to awake an old post. I have mailx working with esmtp. [...] However trying to get it to use the gmail smtp server with the certificate as posted here is not working. Whatever i do i get the 'invalid certificate' error message. [...etc]

alynrtiedtke: have you solved your problem yet? And why aren't you using msmtp, intead of mailx+esmtp?

Last edited by GailH (2011-10-02 13:55:03)

scaramanga · 2011-10-02 22:02:00

GailH wrote:
alynrtiedtke said: Sorry to awake an old post. I have mailx working with esmtp. [...] However trying to get it to use the gmail smtp server with the certificate as posted here is not working. Whatever i do i get the 'invalid certificate' error message. [...etc]
alynrtiedtke: have you solved your problem yet? And why aren't you using msmtp, intead of mailx+esmtp?

The reason is, simply, because the certificate changed. Grab the new certificate from GeoTrust here: http://www.geotrust.com/resources/root- … index.html
The Root 1 - Equifax Secure Certificate Authority worked for me (past tense - haven't used it in a while).
I ran into time-out issues with mutt+msmtp.

I'm holding off writing a short how-to set-up mailing using msmtp+mutt. Lazy, I guess.

Last edited by scaramanga (2011-10-02 22:03:12)

GailH · 2011-10-07 08:43:05

driemar: good intentions, but an inaccurate and unfocused "howto".

I have spent many, many hours trying to replicate the recommendations in this "howto". it turns out that there are many inaccuracies and mistakes here, which cause a lot of frustration and a waste of precious time. In addition, it turns out that esmtp is terribly buggy, badly documented and its error messages are non- existent, non- understandable or misleading.

For the sake of other users of fun_plug on DNS-323 (and DNS-32*) , DNS-343 etc., here are my findings:

1. root's home directory ("~") is: "/", not "/home/root" mentioned in this "howto".

2. .esmtprc must be a hidden file, (a dot in front of its name), and must be at root's home directory: ~ (namely: "/"). and not at /ffp/etc mentioned in this "howto".

3. esmtp is very buggy, and its error messages are terribly laconic. opaque and confusing.
There is a problem in esmtp (and therefore in mailx). The "-t" option does not work. If you use it, you get an error message saying: "no recipients specified", or: "failed to parse headers". Therefore, even if you have headers in your message, you must still specify a recipient on the command line. I have seen other forums complain about this bug.

4. "Invalid peer certificate" error. Certificate: The only working certificate I found is from: http://curl.haxx.se/ca/cacert.pem .
thanks to this blog: http://www.tym-project.fr/blog/2010/08/ … n-script/. The other certificates mentioned in this howto thread do not work.

By the way, what's going on in this forum? It seems deserted. Have people stopped using Linux on the DNS-3** NAS'es? Or have all the users dumped their DNS'es and purchased other brands?

Last edited by GailH (2011-10-07 09:15:54)

scaramanga · 2011-10-07 13:30:27

GailH, did you manage to sort it out? I've been too lazy to post my own how-to, using mutt and msmtp which are pre-installed on the DNS-323.

GailH · 2011-10-07 13:49:07

scaramanga wrote:
GailH, did you manage to sort it out?

Affirmative. I have sorted it out. Just follow through the steps in driemar's first how-to post in this thread, but then go carefully through my previous post here, and change all the points I've mentioned. It should work then (mailx+esmtp).

Last edited by GailH (2011-10-08 11:28:44)

GailH · 2011-11-04 23:04:32

scaramanga wrote:
GailH, did you manage to sort it out? I've been too lazy to post my own how-to, using mutt and msmtp which are pre-installed on the DNS-323.

Eventually I've decided to go the msmtp route - I have installed BackupPC and I find msmtp better for BackupPC_SendEmail.

By the way, where does the original firmware installation of msmtp store the configuration files and msmtp "default account"?

DSM-G600, DNS-3xx and NSA-220 Hack Forum

Announcement

#1 2009-02-15 04:41:04

Long, basic "instructions" for sending emails using Gmail account

#2 2009-03-09 20:56:26

Re: Long, basic "instructions" for sending emails using Gmail account

#3 2009-03-13 16:47:44

Re: Long, basic "instructions" for sending emails using Gmail account

#4 2009-03-15 04:21:11

Re: Long, basic "instructions" for sending emails using Gmail account

jotka wrote:

#5 2009-03-21 13:27:15

Re: Long, basic "instructions" for sending emails using Gmail account

#6 2009-05-04 20:11:21

Re: Long, basic "instructions" for sending emails using Gmail account

fandcm wrote:

#7 2009-05-05 10:40:00

Re: Long, basic "instructions" for sending emails using Gmail account

bfg100k wrote:

#8 2009-05-13 19:29:40

Re: Long, basic "instructions" for sending emails using Gmail account

jotka wrote:

#9 2009-05-17 06:15:02

Re: Long, basic "instructions" for sending emails using Gmail account

Code:

#10 2009-06-12 02:57:12

Re: Long, basic "instructions" for sending emails using Gmail account

#11 2009-06-12 03:18:27

Re: Long, basic "instructions" for sending emails using Gmail account

#12 2009-06-14 15:22:46

Re: Long, basic "instructions" for sending emails using Gmail account

#13 2009-06-16 02:31:41

Re: Long, basic "instructions" for sending emails using Gmail account

#14 2009-08-23 19:20:28

Re: Long, basic "instructions" for sending emails using Gmail account

#15 2009-08-24 01:58:45

Re: Long, basic "instructions" for sending emails using Gmail account

#16 2009-08-24 06:06:22

Re: Long, basic "instructions" for sending emails using Gmail account

dweezil wrote:

#17 2011-03-31 15:31:16

Re: Long, basic "instructions" for sending emails using Gmail account

nickdns wrote:

#18 2011-10-02 13:53:55

Re: Long, basic "instructions" for sending emails using Gmail account

#19 2011-10-02 22:02:00

Re: Long, basic "instructions" for sending emails using Gmail account

GailH wrote:

#20 2011-10-07 08:43:05

Re: Long, basic "instructions" for sending emails using Gmail account

#21 2011-10-07 13:30:27

Re: Long, basic "instructions" for sending emails using Gmail account

#22 2011-10-07 13:49:07

Re: Long, basic "instructions" for sending emails using Gmail account

scaramanga wrote:

#23 2011-11-04 23:04:32

Re: Long, basic "instructions" for sending emails using Gmail account

scaramanga wrote:

Board footer