Solution for adding STARTTLS support

[Feribv]

I managed to make emailing functional in ghettoVCB with email servers that require STARTTLS before any mail commands. netcat/nc does not support this, so I needed to switch to openssl (included in ESXi).
Here is what needs to be modified in ghettoVCB.sh

The lines:
cat "${EMAIL_LOG_CONTENT}" | sendDelay| "${NC_BIN}" "${EMAIL_SERVER}" "${EMAIL_SERVER_PORT}" > /dev/null 2>&1
will be replaced by:
cat "${EMAIL_LOG_CONTENT}" | sendDelay | openssl s_client -starttls smtp -crlf -pause -connect "${EMAIL_SERVER}":"${EMAIL_SERVER_PORT}"
in the If/else just before the "Start of Main Script" Section

In the SendDelay() function, we need to modify the line:
[ $c -lt 4 ] && sleep ${EMAIL_DELAY_INTERVAL}
to:
[ $c -lt 15 ] && sleep ${EMAIL_DELAY_INTERVAL}

With these applied ghettovcb.sh will connect to the mail server using TLS and will be able to send the log file reports.

[bisi-sysadmin]

Kudos for that! I took a different tack, and set up (free) accounts at SMTP2go.com for my clients/users.  Did not have to do their "domain verification" step, and I was able to substitute the smtp2go server for the smtp server that had previously been provided by the local ISP (Shaw Cable) for the past >20 years.  Less secure, in theory, but the vast majority of the reports are ending up in mailboxes hosted by google or microsoft, in one form or another, so they are thoroughly indexed and recorded already, regardless of TLS.  My lawyer clients have long used their own mail server via local LAN or VPN. Do the the script modifications need to be tested with more than one smtp relay host?  I can use the smtp2go.com server for that, if desired.  We know TLS works between smtp2go and certain photocopiers (scan-to-mail was actually the precipitating event -- we didn't relish to dealing with the Cable Co "customer support" to set up an account for the sole purpose of relaying mail). Cheers! d. On 2022-09-07 07:51, Feribv wrote: I managed to make emailing functional in ghettoVCB with email servers that require STARTTLS before any mail commands. netcat/nc does not support this, so I needed to switch to openssl (included in ESXi). Here is what needs to be modified in ghettoVCB.sh The lines: cat "${EMAIL_LOG_CONTENT}" | sendDelay| "${NC_BIN}" "${EMAIL_SERVER}" "${EMAIL_SERVER_PORT}" > /dev/null 2>&1 will be replaced by: cat "${EMAIL_LOG_CONTENT}" | sendDelay | openssl s_client -starttls smtp -crlf -pause -connect "${EMAIL_SERVER}":"${EMAIL_SERVER_PORT}" in the If/else just before the "Start of Main Script" Section In the SendDelay() function, we need to modify the line: [ $c -lt 4 ] && sleep ${EMAIL_DELAY_INTERVAL} to: [ $c -lt 15 ] && sleep ${EMAIL_DELAY_INTERVAL} With these applied ghettovcb.sh will connect to the mail server using TLS and will be able to send the log file reports. — Reply to this email directly, view it on GitHub, or unsubscribe. You are receiving this because you are subscribed to this thread.Message ID: ***@***.***> [ { ***@***.***": "http://schema.org", ***@***.***": "EmailMessage", "potentialAction": { ***@***.***": "ViewAction", "target": "#269", "url": "#269", "name": "View Issue" }, "description": "View this Issue on GitHub", "publisher": { ***@***.***": "Organization", "name": "GitHub", "url": "https://github.com" } } ]

[ressof]

This dosent work with smtp.gmail.com port 587.
You will have to change
echo -ne "RCPT TO: <${EMAIL_ADDRESS}>\r\n" >> "${EMAIL_LOG_HEADER}"
to
echo -ne "rcpt to: <${EMAIL_ADDRESS}>\r\n" >> "${EMAIL_LOG_HEADER}"
on line 1493. But still dosent work.

[Feribv]

you could try increasing EMAIL_DELAY_INTERVAL=3 in the conf file.

[ressof]

Still didnt work.

I got this in the log

250 smtp.gmail.com at your service
250-smtp.gmail.com at your service, [83.251.177.73]
250-SIZE 35882577
250-8BITMIME
250-AUTH LOGIN PLAIN XOAUTH2 PLAIN-CLIENTTOKEN OAUTHBEARER XOAUTH
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-CHUNKING
250 SMTPUTF8
334 [removed]
334 [removed]
235 2.7.0 Accepted
250 2.1.0 OK [removed] - gsmtp
250 2.1.5 OK [removed] - gsmtp
354  Go ahead [removed] - gsmtp
DONE

[Admin-andjaro]

Hello ,
It doesn't work for me.
I am on an online exchange server.

I have the following error:
250 SMTPUTF8
501 5.5.4 Invalid domain name [PR3P189CA0028.EURP189.PROD.OUTLOOK.COM]
501 5.5.4 Invalid domain name [PR3P189CA0028.EURP189.PROD.OUTLOOK.COM]
503 5.5.2 Send hello first [PR3P189CA0028.EURP189.PROD.OUTLOOK.COM]

Or all seems ok at the end I have the DONE
250 SMTPUTF8
DONE
But I do not receive an email

[craigywsm]

I also get this error:
250 SMTPUTF8
501 5.5.4 Invalid domain name [LNXP123CA0004.GBRP123.PROD.OUTLOOK.COM 2023-12-05T15:47:49.149Z 08DBF51C16D133CE]
501 5.5.4 Invalid domain name [LNXP123CA0004.GBRP123.PROD.OUTLOOK.COM 2023-12-05T15:47:54.149Z 08DBF51C16D133CE]
503 5.5.2 Send hello first [LNXP123CA0004.GBRP123.PROD.OUTLOOK.COM 2023-12-05T15:47:59.165Z 08DBF51C16D133CE]
RENEGOTIATING
39378326632:error:140940F5:SSL routines:ssl3_read_bytes:unexpected record:s3_pkt.c:1651:
2023-12-05 15:48:05 -- info: ERROR: Failed to email log output to smtp.office365.com:587

[ryder-hook]

I had the same problems like @Admin-andjaro and @craigywsm, I could find the following solution for me.
The problem seems to be that same servers are not able to handle "Message-Id" and in "EMAIL_LOG_CONTENT" where "^M". So I removed both and extended the scipt with the following lines:

tempfile=$(mktemp) # remove line starting with "Message-Id" and ^M from the file and write in tmp file cat "$EMAIL_LOG_CONTENT" | sed -e "s/\r//g" | grep -v "^Message-Id:" > "$tempfile" # pass to openssl cat "$tempfile" | sendDelay | openssl s_client -starttls smtp -crlf -quiet -connect "${EMAIL_SERVER}":"${EMAIL_SERVER_PORT}" # remove tmp file rm $tempfile

[lucadp76]

I had the same problems like @Admin-andjaro and @craigywsm, I could find the following solution for me. The problem seems to be that same servers are not able to handle "Message-Id" and in "EMAIL_LOG_CONTENT" where "^M". So I removed both and extended the scipt with the following lines:

tempfile=$(mktemp) # remove line starting with "Message-Id" and ^M from the file and write in tmp file cat "$EMAIL_LOG_CONTENT" | sed -e "s/\r//g" | grep -v "^Message-Id:" > "$tempfile" # pass to openssl cat "$tempfile" | sendDelay | openssl s_client -starttls smtp -crlf -quiet -connect "${EMAIL_SERVER}":"${EMAIL_SERVER_PORT}" # remove tmp file rm $tempfile

Hello @ryder-hook ,
can you write in detail what you changed from the original ghettovcb.sh file?

Many thanks

[ryder-hook]

@lucadp76
I'm not sure what you really need. In words - I replaced the line which holds the "openssl" command with the code I posted before.
I do not know how to post the snipset without breaking the line breaks.
Additional I created a diff file with the following command:
diff -Naru /opt/ghettovcb/bin/ghettoVCB_org.sh /opt/ghettovcb/bin/ghettoVCB.sh

I hope this helps you.

ghettoVCB_diff_office365.patch

[lucadp76]

Thank you very much @ryder-hook,
I'll try it out and let you know if it works for me.

[support4it]

Hello
After patching latest version with diff about i got error like:

`235 2.7.0 Authentication successful
250 2.1.0 Ok
250 2.1.5 Ok
read:errno=104

---

postfix log
2025-01-29T10:51:17.401870+01:00 one postfix/smtpd[372896]: 6205340A17: reject: DATA from static.xxxx.clients.your-server.de[x.x.x.x]: 503 5.5.0 <DATA>: Data command rejected: Improper use of SMTP command pipelining; from=<backup@yyyyl> to=<user@yyyy> proto=ESMTP helo=<static> 2025-01-29T10:51:17.401911+01:00 one postfix/smtpd[372896]: warning: non-SMTP command from static.xxxx.clients.your-server.de[x.x.x.x]: From: backup@yyyy
`
Maybe someone have patched version that works ?

Regards
Mateusz

[ryder-hook]

I also struggle my self again with getting no e-mails. Do you know any why how to debug the error and/or how to send test e-mails with ghettoVCB without doing a backup job.
I also read about an issue with openssl. It is important to use small characters for the SMTP command: "RCPT TO:". So you MUST write "rcpt to:". I already changes this in my script, but it did not help. When you explain me how to debug/log the smtp action from ghettoVCB, I try to help you with the smtp problem.

[support4it]

i fixed this adding IP of my esxi to mynetworks ( postfix main.cf ).
Error is still in postfix logs but emails are sent.