Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
How-To Setup SMTP with SSL using stunnel
#1
SMTP is used to send email from CQC. You can use this for notifications, etc. Unfortunately in our new secure world, a lot of servers require you to use encryption (SSL) to send emails to their server and CQC doesn't not support SSL natively. GMail is one example of a provider requiring SSL. Even if your email provider/ISP allows you to use SMTP without encryption, if they have SSL available you may want to take advantage of it. Without encryption all traffic is in the clear between your client and server including your username and password, and can be captured easily by anyone on your network, your provider's network, or any network in-between.

This how-to will describe how to setup CQC to communicate with an SMTP server requiring SSL encryption. To do this, we will use an application called stunnel. Stunnel is a generic SSL tunnel utility that listens on a specified TCP port. It then encrypts that traffic using SSL and sends it to another server and port. Stunnel doesn't really care what the protocol it is sending is, it could be POP3, SMTP, HTTP, etc, it just takes the data, encrypts it and forwards it on.

In this how-to we will be using GMAIL as our example server. So traffic flow will be:

CQC --- SMTP Message ---> localhost:5000 ----SSL---> smtp.gmail.com:465

How to Setup Stunnel
  • Download stunnel
  • Install stunnel
  • In the start menu, stunnel group select edit stunnel.conf
  • You will need the following options in the stunnel.conf[INDENT] client=yes

    [smtp]
    accept=5000
    (or whatever port you want to tunnel)
    connect=<servername>:<port>

    <servername> is your mail server, <port> is the server's port typically 465 [/INDENT]
  • In the start menu, install the stunnel service
  • In the start menu, start the stunnel service
Gmail Example stunnel.conf

client=yes

[gmail]
accept=5000
connect=smtp.gmail.com:465

Setup CQC to use SMTP
  • Open the CQC Admin Interface
  • From the menu select Administer...Accounts...Email
  • In the dialog click Add
  • For Type select SMTP
  • For Name put in a descriptive name (i.e. GMAIL)
  • For Server put in the machine running stunnel (i.e localhost)
  • For User put in your SMTP username (i.e. GMAIL username)
  • For Password put in you SMTP password (i.e. GMAIL password)
  • For From Addr put your email address (i.e. me@gmail.com)
  • For IP Port put the port you configured above (i.e. 5000)
  • Click Save
Configure a test template
  • In the CQC Interface Editor create a new template
  • Add a command button to your template
  • In the command button's OnClick action select System...Email
  • For Account click the notepad button and select the account you configured above
  • For Address enter the TO: address you want the Email to go to
  • For Subject enter TEST
  • For Message enter TEST MESSAGE FROM CQC
  • Save your template and load it and click your test button
Code:
[OnClick]
   System::EMail(GMAIL, [email=me@gmail.com]me@gmail.com[/email], TEST, Test Message From CQC)

References
Additional info on how to setup a SMTP for GMAIL can be found here:
http://mail.google.com/support/bin/answe...swer=13287
Wuench
My Home Theater/Automation Website

[THREAD=5957]BlueGlass CQC Config[/THREAD]
[THREAD=10624]Wuench's CQC Drivers[/THREAD]
Reply
#2
Thank you so very much for this how-to! I've been wanting to have this capability for a while.

I can't wait to try this and finally be able to call him and say "So...you've had the garage lights on for 30 minutes now...any reason?". :-D
Reply
#3
Awesomeness! It worked!

However....when I clicked the template I created on a client, I got an error that it couldn't connect to 127.0.0.1:5000. However, when I clicked the template on the cqc-server (where stunnel is installed) it worked.

Sooo...this email thing only works if the PC you setup for this is where the action occurs that sends the email?

I don't think that'll be a big deal for me, as I think most emails will be generated from triggers and actions, which will occur on the cqc server.

Or would everything be solved if I just put the network address of the cqc server instead of localhost?
Reply
#4
I've tried setting it up using a gmail account, but I get this error when pressing the "test" button on the IV.

[Image: cqcemailerror.jpg]

Here is my email setup screen.
[Image: CQCEmailSetup.jpg]

ad-dns-1 is the name of the computer running the stunnel software.

Any suggestions?
Brian

"Really dear, it was too good of a deal to pass up. Besides, look at what it does now...."
I think my wife is getting a little tired of hearing this :-)
Reply
#5
I am not sure I just tested it and it is working for me with my gmail account. Maybe Dean can chime in on why that error might occur. The only things I can think of is:

1.) It doesn't like your username/password
2.) Maybe a firewall issue, make sure port 5000 is opened on your ad-dns-1 machine.
3.) A bug in the CQC version you are on. I am still on 2.4.52. I will probably upgrade to 3.0 in the next couple of days.

If you want to try and take a sniffer trace using wireshark on your ad-dns-1 machine before the data get's encrypted and post it I might be able to troubleshoot further. (But make sure you edit it, your username/password will be in the clear in the sniffer trace).
Wuench
My Home Theater/Automation Website

[THREAD=5957]BlueGlass CQC Config[/THREAD]
[THREAD=10624]Wuench's CQC Drivers[/THREAD]
Reply
#6
Another question. Can you set the Stunnel config file for more than one port/address?

In other words, if I want to use 2 email addresses, can I simply add another line to the congig file. So it would look something like this:
Code:
[gmail]
accept=5000
connect=smtp.gmail.com:465

[live]
accept=4999
connect=smtp.live.com:25

As I write this out, I also realized my potential problem. I had written the config file with these lines:
[smtp]
accept=5000
connect=smtp.gmail.com:465

I didn't realize that you changed the [smtp] line to the name of the email address you used in the CQC setup. So I am sure this is my problem. I also assume it means that you can certainly use more than one email address. Originally I thought there would be multiple lines with the [smtp] header, but obviously that is not the case.

I'll make these changes tonight, but I assume that is the problem. I guess I need to pay more attention to the directions!

Thanks,
Brian

"Really dear, it was too good of a deal to pass up. Besides, look at what it does now...."
I think my wife is getting a little tired of hearing this :-)
Reply
#7
Yes you can setup multiple ports. I have 3 configured for various things. They just need a different name and port.

You have to setup the server name and port of the actual server (smtp.gmail.com) in the stunnel config. Stunnel is just a dumb tunnel, it doesn't know anything about SMTP so it can be used to tunnel any protocol through SSL and encrypt it. The [name] doesn't do anything as long as it is unique in the config file. It doesn't need to match your CQC config.
Wuench
My Home Theater/Automation Website

[THREAD=5957]BlueGlass CQC Config[/THREAD]
[THREAD=10624]Wuench's CQC Drivers[/THREAD]
Reply
#8
Hi Wuench

Thanks for this! It all worked more or less exactly as you outlined. The only issues are the default port number - I used 25 rather than 5000 for GMAIL and the identification for the Server. I ended up using the absolute IP address for CQC master server in both stunnel.conf and Admin Interface. Then it works for any machine on my network.

Now I can automatically send myself a message whenever CQC re-starts after a power failure. Cool!

PJG
Reply
#9
pjgregory Wrote:Now I can automatically send myself a message whenever CQC re-starts after a power failure. Cool!

PJG

How do you run an event only once on CQC startup? I just looked, didn't see a scheduled or triggered event for that.
------------------------------------
Devices I can't stand and wish I could replace: SmartThings, Hue, Concerto, VRUSB
My vlogs: https://www.youtube.com/c/IVBsHomeAutomation
Reply
#10
IVB Wrote:How do you run an event only once on CQC startup? I just looked, didn't see a scheduled or triggered event for that.

There isn't an event for that as far as I know, but one way to do it is to have Variable driver field that defaults to false and then have a scheduled task that periodically checks it (maybe every five minutes or so).

When the task finds the variable false, then a restart has occurred and the variable is set to true to prevent another trigger until another restart occurs.
Reply


Possibly Related Threads...
Thread Author Replies Views Last Post
  How to setup the Weather Channel data feed driver. beelzerob 3 12,289 05-24-2010, 04:39 PM
Last Post: Dean Roddey

Forum Jump:


Users browsing this thread: 1 Guest(s)