Zemarmor Scheduled Reports Email Not Working

Started by Meg, February 04, 2024, 08:27:32 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
February 04, 2024, 08:27:32 PM Last Edit: February 06, 2024, 05:14:43 AM by Meg
Hello: I have been trying to get zenarmor email working with several different smtp servers. With gmail and outlook I get SMTP AUTH extension not supported by server. When I set up using smtp.eastlink.ca I don't get any errors with , but no email sends. I am currently on zenarmor 1.16.2. I have seen many posts online about this dating back a couple of years. Does anybody have a solution to get reports email working without using zenconsole?

Do I need to have a paid account for scheduled reports email to work?
February 11, 2024, 10:17:51 PM #1
Hello,

Actually not. Gmail and Hotmail doesn't allow to third party apps to send email for free users. But you could be able to use your own server. Can you share /usr/local/opnsense/scripts/OPNsense/Zenarmor/report-gen/send.sh command output?





February 12, 2024, 04:34:31 AM #2
Thanks for the reply. I ran /usr/local/opnsense/scripts/OPNsense/Zenarmor/report-gen/send.sh, and the output was [: ==: unexpected operator. What does that mean?
February 13, 2024, 11:20:13 AM #3 Last Edit: February 14, 2024, 10:24:05 AM by wstemb
Found the same error using the local mail server and investigated it a little:

The script cannot be run just as is in the post, the command must receive arguments from the caller, your error is because of lack of arguments.

usage: send.py [-h] [-b PDF] [-S SERVER] [-R PROVIDER] [-P PORT] [-s SECURED] [-u USERNAME] [-p PASSWORD] [-f SENDER] [-t TO] [-v NOSSLVERIFY]

Bug no  1.: When you use it on plain  SMTP with No security (without userid and password), the switches --userid and --password are still in the command without arguments:

added echo $@ > filename in the script:

--provider smtp-server --pdf false --server a.b.c.d --port 25 --secured true --username --password --sender i@am.here --to you@are.there --nosslverify false

producing a send.py error message:   

end.py: error: argument -u/--username: expected one argument
or
send.py: error: argument -p/--password: expected one argument  - if you put userid and empty password

and the error in GUI: Error (200) There was an issue on our end. Sorry about that.


bug no 2:

If you stay with plain SMTP on port 25, and No security and put some  userid/password data to bypass the bug no.1,  the script send.sh passes valid data to send.py, which wrongly answers with:

{"successful": false, "message": "Smtp :No suitable authentication method found."}

Which authentication methods? -  I am using plain SMTP on port 25, No security! 

What works?

When in CLI I run the script send.sh with all switches, except --userid and --password, the result of the script (send.py called by send.sh) is:

{"successful": true, "message": "Mail has been send successfully!"}

and test mail is sent and received.

Conclusion:
the script send.py has to be rewritten with  better argument parsing:
a) permiting the empty --userid --and password;
b) dropping them as parameters if the Connection security is "No Security".  Now the script wrongly assumes that the existing password in arguments  means login, plain SMTP with No security do not need  login.

I needed the report to work, so I hard-coded a little the script send.py to make it work in the simplest scenario (No security), but I stilll have to check with STARTTLS. 

Where is the PDF check un the GUI?
February 13, 2024, 06:45:29 PM #4
So I imagine these bugs are something that needs to be fixed by the zenarmor team?
February 13, 2024, 08:25:42 PM #5
Yes, the maintain and upgrade process has some rules. 

I changed the script a little (two lines), to make it work just for me in one strict scenario (No security). It is a brute force approach,  my copy will be probably overwritten soon by upgrading Zenarmor.
February 13, 2024, 10:07:26 PM #6
Have you submitted these bugs yet to have them fixed? It seems these bugs have been there for quit a few versions.
February 14, 2024, 08:35:40 AM #7
I sent a feedback/bug report following the instructions: https://www.zenarmor.com/docs/support/reporting-bug
February 14, 2024, 09:49:19 AM #8 Last Edit: February 14, 2024, 10:09:04 AM by wstemb
DISCLAIMER: what I  write in next rows is not a solution, it is a brute force workaround for just one fixed scenario (SMTP server, No security) if you desperately need  the mail report.

OPNsense 23.7.12_5
Zenarmor 1.16.2

Edit send.py and comment around line 246:

#       if password:
#           smtp.login(username, password)

to avoid bug 2 from previous post.

Then you MUST choose (if/when posible and applicable):
Mail provider: SMTP Server
Mail server hostname: Hostname  or IP of a server without authentication
Connection Security: No Security

Mail server port will change to Port 25

You have to put some dummy data for username and password to avoid the bug 1 from previous post.
February 14, 2024, 04:41:26 PM #9
Hi Wstemb,

Thank you for your valuable analysis and feedback. Your feedback has been forwarded to the dev team.
Thank you for your co-operation.
May 23, 2024, 10:01:53 PM #10
With help from the Zenarmor help desk and long discussion with Eastlink service provider I have discovered that Eastlink mail servers were blocking the emails as they told me that these emails have been reported as spam. Not just for me but many others. They could not whitelist this for me, so to get my reports I had to use a third party smpt forwarding service.
November 12, 2024, 10:27:12 PM #11
Quote from: IHK on February 14, 2024, 04:41:26 PM
Hi Wstemb,

Thank you for your valuable analysis and feedback. Your feedback has been forwarded to the dev team.
Thank you for your co-operation.

Nothing has been fixed since. Still getting error 200
Code Select
Connection Error
There was an issue on our end. Sorry about that.

Zenarmor 1.18.2
Print
Go Up Pages1
User actions