plugout.net

[Kippara]

I have set up notifications to use smtp.office365.com server on port 587 with TLS plus user@domain.com.au and Pword but keep getting error!(1) and error!(104).

From sendmail CLI test I get :
5.7.57 SMTP; Client was not authenticated to send anonymous mail during MAIL FROM [ME2PR01CA0013.ausprd01.prod.outlook.com] which sugests I need to disable authenticated client SMTP submission (SMTP AUTH) in Exchange/Office365. Any suggestions please.

I have set up a new SMTP server and tested it with a variety of results. I have some questions-
1. Am I correct in assuming that emails are sent using the "mail" command only
2. Where can I find the mail log files?
3. What is the distribution and version of Lunix?

After further investigation using "mail" and a different SMTP host (smtp2go) I have an error file which I believe contains the information which is causing the problem. When using the "Send a test email" option in notifications I am currently getting an "email sent" result but do not receive them at the nominated recipient address. I have another NAS (non fvdw) configured the same way where alert emails are delivered with out a problem.
Any suggestions welcome.

[fvdw]

--updated

Sorry to keep you waiting.
About sendmail. The binaries and required files to set it up are in the firmware. It is not used by our firmware and it requires specific privat information to set up.Therevis a file included in /etc/mail/readme-sendmail.txt and /mail/auth/readme.txt with main directions to set it up.However it us tricky especially generating the certificates. It has been quite a while that I did it so need to check my notes for details. I am not at home so that will need to wait.
The "mail" command is indeed just for notifications. On my sytems and many others it works so the reason must be the authenciation setup of your smtp server. Apparently it doesn't support the method used by the mail command.
I think DIGEST-MD5 should be in the AUTH list. it is missing in your case as indicated by the pdf file you posted.
Does it work when you switch off TLS? and why do you use port 2525 ? (it is not a common port for TLS)

ps. The "mail" command is a shell script, you can find it in /usr/bin folder. It doesn't produce a log file but you can run it from the command lineto see whats happening. The script contains a description.

Code: Select all

# simple mail script fvdw-sl version 7.1
# to sent e-mail via remote smtp mail server
# usage mail -s "subject" toemail < from-message
# subject is the mail subject, use " " if the subject contains spaces
# toemail is the e-mail address of the receiver
# from-message is a text file
# first line can or not contain an e-mail sender (will be used in the mail header) , all other lines the message to be sent
# this command also needs a file /rw_fs/etc/mailfvdw-sl.conf with
# first line username for the mail server (username="yourlogin")
# second line password for the mail server(password="yourpwd")
# third line mail server name for example mail.example.com(mailserver="yoursmtpserver")
# fourth line mail server port(port=yoursmtpserverport)
# fifth line 'true'/'false' if the smtp server needs to enforce TLS service(starttls="true/false")
# an optional sixth line with a full qualified domain name for helo command(helo=yourDDNS or empty)


About linux version, I assume you mean the kernel version.
Use this command to list kernel version

Code: Select all

uname -a

If you use 18-2 firmware it should be kernel 4.14.133

[fvdw]

I updated my previous post with some extra information

[Jocko]

Hi

I am sorry but I will be able to deepen your issue only next week.

According with you output, it seems you try to send an email whereas you did not yet authenticate

[Kippara]

root@Kogo-NAS2:/usr/ssl # uname -a
Linux Kogo-NAS2.local 3.14.2 #11 Mon Feb 27 18:10:55 CET 2017 armv5tel unknown unknown GNU/Linux
Looks like I need a kernel update. Please advise where can I find 4.14.133.

[fvdw]

root@Kogo-NAS2:/usr/ssl # uname -a
Linux Kogo-NAS2.local 3.14.2 #11 Mon Feb 27 18:10:55 CET 2017 armv5tel unknown unknown GNU/Linux
Looks like I need a kernel update. Please advise where can I find 4.14.133.

:doh my fault, this is not a 5big2 but a 5big1 and it uses indeed kernel 3.14.2.

The reason is the space available at boot time to load a kernel. Only 2MB. Newer kernels cannot be loaded without stripping them and loosing functionality

[Jocko]

Hi
We go to start by the beginning what is the output if you try

Code: Select all

openssl s_client -starttls smtp -connect smtp.office365.com:587

if all is ok, quit the openssl session (Ctrl+C) and we go to test the authentication.

first do a base24 encrypting with your credential:

Code: Select all

/usr/bin/echo -ne "\000username\000password" | /usr/bin/openssl enc -base64 -A

where username and password are the credentials to connect on your smtp server.

Then start the openssl session

Code: Select all

openssl s_client -starttls smtp -connect smtp.office365.com:587

and try the do an authentication

Code: Select all

auth plain XXXXXX

where XXXX is the string got previously with your credential

[Kippara]

login as: root
root@192.168.1.1's password:
root@NAS2:/ # openssl s_client -starttls smtp -connect smtp.office365.com:587
gethostbyname failure
connect:errno=0
root@NAS2:/ #
Any suggestions Jocko?

[Jocko]

It is clearly an issue on your side because the same code returns the right output on my nas

Code: Select all

root@Acrab:/ # openssl s_client -starttls smtp -connect smtp.office365.com:587
CONNECTED(00000003)
depth=1 C = US, O = DigiCert Inc, CN = DigiCert Cloud Services CA-1
verify error:num=20:unable to get local issuer certificate
verify return:0
---
Certificate chain
 0 s:/C=US/ST=Washington/L=Redmond/O=Microsoft Corporation/CN=outlook.com
   i:/C=US/O=DigiCert Inc/CN=DigiCert Cloud Services CA-1
 1 s:/C=US/O=DigiCert Inc/CN=DigiCert Cloud Services CA-1
   i:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Global Root CA
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIItTCCB52gAwIBAgIQBeRdpmILjXqaFmm9H/71XjANBgkqhkiG9w0BAQsFADBL
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNl....

So check if your DNS server are rightly set (LAN setup menu) and update the root CA bundle on the nas (setup menu > other settings tab)

[Kippara]

You were right Jocko, had to set DNA to my local DNS then I could update my root CA bundle and the openssl script worked. It actually worked fine using ISP mail except for an upper case issue but still wouldn't work at all for smtp.office365.com. My suspicion is that it is an exchange server problem or perhaps an MX record problem. I have attached the output from my testing. Could you have a look when you have some time and give me your opinion please?

Thanks