Hi all, I'm looking at adding an SMTP client to my router so that it can send me email notifications about various things (configure a cron job to check for updates and send me an email when updates are available, for example). I see on this page there are a few choices - https://openwrt.org/docs/guide-user/services/email/smtp.client and I'm wondering if there is a "best" one or a preferred one among the community?
They all look easy enough to configure and all look like they would serve my purposes just fine, but I would like to know if one has any advantages (or disadvantages) over the others so that I don't just end up arbitrarily choosing a client.
pretty much comes down to what you need to send?, server authtype?. and how much resources you have?...
Well, at the moment I am only considering sending text emails with no attachments (though I may find attachments useful in the future). For server authtype, I want to be as secure as I can, so I would like to use SSL/TLS. And I'm using a Linksys WRT32X, so I think I should have sufficient resources.
Take msmtp, it's quite easy to configure and it's actively maintained (ssmtp is unmaintained in debian repo).
The option I use, which doesn’t require mail credentials on the machine, is mosquitto to send the body only over MQTT over TLS. The subscriber to that message on a “trusted” machine sends the email to a controlled set of destinations, if needed. Subscription to the MQTT alone may be enough in many situations.
Edit: I use Python on the trusted host for both the MQTT subscriber as well as the mail sender.
Interesting, I'm not familiar with MQTT but it looks like a good option. I assume the trusted host in this case would need to be a server of some sort? I don't currently have any always-on devices at the moment, but could a Raspberry Pi serve this purpose?
Good to know about ssmtp, I'll remove it from consideration.
More than enough processing capability, as well as a full-featured install of Python, Mosquitto, and your choice of TLS and SMTP tooling.
One of the valuable features of MQTT, at least for me, is guaranteed delivery -- if the server isn't available, the client will queue QoS 1 (at least once) and 2 (exactly once) messages until it can reconnect (or runs out of memory for them).
Good to know. I have a few more questions. Is it a security risk to have mail credentials on your OpenWRT router? If so, is this because the router is the Internet-facing device and therefore the most vulnerable? And did you opt for MQTT and handle the emailing from a separate device simply for this improved security or do you use it for other things as well?
I don't know what I don't know and am trying to learn as much as I can and see what other cool things I can do with OpenWRT!
In my opinion, yes, credentials on a router are poor security practice. Encrypting them doesn’t accomplish anything as they are programmatically unlocked.
I use MQTT for all kinds of monitoring and control, both with an “inside” server (“broker”) as well as one on a VPS in the cloud (in case my network is down, or unexpectedly changes its public IP).
To add to that... if you wanted to say pull those messages into another transport ... say pop-up notifications on your mobile... mqqt would pretty much scale in any direction you choose....