Configure mail transport agent on Raspbian with external SMTP server

I want to get email notifications for actions on my Raspberry Pi using Raspbian. You could setup a separate mail server for that action but that seems to be a little bit overkill.

msmtp is a mail transfer agent which uses a configured smtp server for email transfer. This allows you to send emails via a configured smtp server (in my case from my webspace provider All-Inkl.com – by creating a new account using this link you’ll support the costs for running this blog).

Upgrade your raspbian:

sudo apt-get update && sudo apt-get upgrade

Install msmtp:

sudo apt-get install msmtp msmtp-mta mailutils

Get the location of the configuration files:

> msmtp --version
msmtp version 1.6.6
Platform: arm-unknown-linux-gnueabihf
TLS/SSL library: GnuTLS
Authentication library: GNU SASL
Supported authentication methods:
plain scram-sha-1 external gssapi cram-md5 digest-md5 login ntlm
IDN support: enabled
NLS: enabled, LOCALEDIR is /usr/share/locale
Keyring support: none
System configuration file name: /etc/msmtprc
User configuration file name: /home/pi/.msmtprc

Copyright (C) 2016 Martin Lambers and others.
This is free software.  You may redistribute copies of it under the terms of
the GNU General Public License <http://www.gnu.org/licenses/gpl.html>.
There is NO WARRANTY, to the extent permitted by law.

Configure the system configuration:

sudo vi /etc/msmtprc

The content of my configuration file (note the necessary changes for servers and email addresses):

# Set default values for all following accounts.
defaults

# Use the mail submission port 587 instead of the SMTP port 25.
port 465

# Always use TLS.
tls on
tls_starttls off

# Set a list of trusted CAs for TLS. The default is to use system settings, but
# you can select your own file.
tls_trust_file /etc/ssl/certs/ca-certificates.crt

# If you select your own file, you should also use the tls_crl_file command to
# check for revoked certificates, but unfortunately getting revocation lists and
# keeping them up to date is not straightforward.
#tls_crl_file ~/.tls-crls

# Mail account
# TODO: Use your own mail address
account user@domain.name

# Host name of the SMTP server
# TODO: Use the host of your own mail account
host <your Username provided by KAS>.kasserver.com

# As an alternative to tls_trust_file/tls_crl_file, you can use tls_fingerprint
# to pin a single certificate. You have to update the fingerprint when the
# server certificate changes, but an attacker cannot trick you into accepting
# a fraudulent certificate. Get the fingerprint with
# $ msmtp --serverinfo --tls --tls-certcheck=off --host=smtp.freemail.example
#tls_fingerprint 00:11:22:33:44:55:66:77:88:99:AA:BB:CC:DD:EE:FF:00:11:22:33

# Envelope-from address
# TODO: Use your own mail address
from user@domain.name

# Authentication. The password is given using one of five methods, see below.
auth on

# TODO: Use your own user name fpr the mail account
user <The username of the email account you use for sending emails>

# Password method 1: Add the password to the system keyring, and let msmtp get
# it automatically. To set the keyring password using Gnome's libsecret:
# $ secret-tool store --label=msmtp \
#   host smtp.freemail.example \
#   service smtp \
#   user joe.smith

# Password method 2: Store the password in an encrypted file, and tell msmtp
# which command to use to decrypt it. This is usually used with GnuPG, as in
# this example. Usually gpg-agent will ask once for the decryption password.
#passwordeval gpg2 --no-tty -q -d ~/.msmtp-password.gpg

# Password method 3: Store the password directly in this file. Usually it is not
# a good idea to store passwords in plain text files. If you do it anyway, at
# least make sure that this file can only be read by yourself.
# TODO: Use the password of your own mail account
password <The password of the email account you use for sending emails>

# Password method 4: Store the password in ~/.netrc. This method is probably not
# relevant anymore.

# Password method 5: Do not specify a password. Msmtp will then prompt you for
# it. This means you need to be able to type into a terminal when msmtp runs.

# Set a default account
# TODO: Use your own mail address
account default: user@domain.name

# Map local users to mail addresses (for crontab)
aliases /etc/aliases

This file contains a username and password. Therefore limit its access to only root:

sudo chmod 600 /etc/msmtprc

Duplicate the config file to ~/.msmtprc if you want to provide email configuration for your user as well.

Now configure the recipients for your systems users by setting the recipients in /etc/aliases. Make sure, that you don’t have trailing spaces behind the email addresses:

root: user@domain.name
default: user@domain.name

Let your computer now that msmtp should be used as replacement for sendmail by adding this content to /etc/mail.rc

set sendmail="/usr/bin/msmtp -t"

Test your configuration by sending an email from the terminal:

echo "Content of your mail" | mail -s "Subject" user@domain.name

Use all-inkl.com DDNS with Synology DiskStation

I’ve recently upgraded my all-inkl.com webspace to the PrivatPlus tariff. As part of this tariff I’m now able to use DDNS running under the Domains I’m able to manage.

Setting up DDNS in KAS is explained quite well. However, I did not see instructions on how to use these credentials on a Synology DiskStation OS. Luckily, somebody else did this already.

The important part was, that when you’ll need to customize a DDNS provider first before it can be setup in DiskStation settings.

  • Go to Control Panel, External Access and click on Customize
  • Add a new name for the DDNS provider, e.g. All-Inkl.com
  • Use this Query URL (for IPv4): dyndns.kasserver.com/?myip=__MYIP__
  • Now you can add a new DDNS entry
  • Select All-Inkl.com as provider
  • Enter the credentials as required
  • Enter the hostname you want to setup for DDNS
  • Click on “Test Connection”
  • The state should be “Normal”
  • Click on “OK”

Free purgeable space on MacOS Mojave

I’ve recently deleted a large preview database file for Lightroom and was happy about the 80GB won free space. However, the MacOS disk utility as well as the terminal command “df -h” did not show the free space. I’ve also checked the trash and cleared it, but there was no change in the available disk space.

I’ve taken a closer look at the free space column in the disk utility and found a new variable behind the available disk space: GB purgeable.

However, there is nowhere an option to purge this space. Upon further searching I’ve found this tip on stack overflow:

It looks like TimeMachine takes up a lot of free space in APFS snapshots which needs manual cleaning using this command:

tmutil thinlocalsnapshots / $((100 * 1024 * 1204 * 1024)) 4

This command tries to free 100GB space from the local snapshots. It’s using the highest priority (4) to speed up the cleaning.

After I’ve executed that command, the available free disk space was shown correctly again.

Configure Mosquitto mqtt broker user authentication in Docker running on Synology NAS

Today I’ve tried to enable user authentication for my Mosquitto mqtt broker running in a Docker container on my Synology NAS.

Here’s my shared folder for use with docker, its under /volume1/docker:

mqtt
├── data
├── log
│   └── mosquitto.log
├── mosquitto.conf
└── mosquitto.passwd

The mqtt folder needs to be accessible by the docker process running in the container, e.g. by using:

sudo chown -R 1883:1883 mqtt/

The content of my used docker-compose.yml:

version: '3'
services:
  mosquitto:
    hostname: mosquitto
    image: eclipse-mosquitto:latest
    restart: always
    volumes:
      - /volume1/docker/mqtt/mosquitto.conf:/mosquitto/config/mosquitto.conf:ro
      - /volume1/docker/mqtt/mosquitto.passwd:/mosquitto/config/mosquitto.passwd
      - /volume1/docker/mqtt/log/mosquitto.log:/mosquitto/log/mosquitto.log
      - /volume1/docker/mqtt/data:/mosquitto/data
    ports:
      - "1883:1883"

The mapped files in the volume section need to be present, otherise docker will complain during startup of the container.

Make also sure that you’re writing mosquitto with double t. I’ve forgotten this and used only one t, wondering why nothing was working the way I’ve expected it.

Here’s the content of my mosquitto.conf:

pid_file /var/run/mosquitto.pid

persistence true
persistence_location /mosquitto/data/

log_dest file /mosquitto/log/mosquitto.log
log_dest stdout

password_file /mosquitto/config/mosquitto.passwd
allow_anonymous false

You can setup the mosquitto.passwd using the docker container and/or an installation of mosquitto, so that you can use the mosquitto_passwd tool.

mosquitto_passwd -c /mosquitto/config/mosquitto.passwd <username>

It will ask you twice for the password for the username. If you want to setup additional users, you should omit the -c parameter, so that the existing file won’t be overwritten.

The “allow_anonymous false” line will disable anonymous authentication to the broker.

You can now SSH to your Synology and start the docker container using the docker-compose file:

docker-compose -f docker-compose.yml up -d

This will look for the docker-compose.yml in the current folder and will execute docker in daemon mode. It will restart automatically when your Synology is restarting (e.g. after system updates).

Creating a backup of an existing OpenHAB installation

I’m about to try an update of my existing OpenHAB installation. Right now I’ve got a few things in a working state and in case I destroy anything I want to have a working backup.

Luckily, there’s an integrated backup script on my 2.4.0 installation I can use. I just need to install the zip package first on my Raspbian using

sudo apt-get install zip

Now I can run a backup using

sudo $OPENHAB_RUNTIME/bin/backup

#########################################
       openHAB 2.x.x backup script
#########################################

Using '/etc/openhab2' as conf folder...
Using '/var/lib/openhab2' as userdata folder...
Using '/usr/share/openhab2/runtime' as runtime folder...
Using '/var/lib/openhab2/backups' as backup folder...
Writing to '/var/lib/openhab2/backups/openhab2-backup-19_11_21-19_24_30.zip'...
Making Temporary Directory if it is not already there
Using /tmp/openhab2/backup as TempDir
Copying configuration to temporary folder...
Removing unnecessary files...
Backup Directory is inside userdata, not including in this backup!
Zipping folder...
Removing temporary files...
Success! Backup made in /var/lib/openhab2/backups/openhab2-backup-19_11_21-19_24_30.zip

The backup includes the installed plugins as well as the used configuration. Quite easy and fun to use!