Advanced > Security

LUA SMTP socket does not support TLS/SSL

(1/2) > >>

Henk:
Referring to these threads:

http://forum.mios.com/index.php?topic=6153.0
http://forum.mios.com/index.php?topic=6656.0

The SMTP socket that Lua incorporates does not allow encrypted connections using TLS or SSL f.i. used by Gmail and other providers.

Also open servers that do not require AUTH do not work when the AUTH user and AUTH password strings are empy.

In my opinion this socket functionality should be improved and ruggadized to properly support SMTP in luup code as mentioned in the referred threads.

guessed:
@Henk, these are part of [pseudo] standard Lua "extensions", and just included by MiOS.  You'd need to persue the package owners to see if they'd add the SSL/TLS (LuaSec) stuff into it, since they're from the Lua community itself.

Internally, I believe they look for values being set against the User vars prior to emitting an AUTH Header.  If there are not present (as distinct from "blank") then it'll work just fine.

Technically, the pieces to build SSL-SMTP are there, but it would be a lot of work to get it going (or to understand how to better hook LuaSec into the LuaSocket framework)... likely more time than anyone here has to spare. 

In many reguards, it would be simpler to petition MCV to add native SMTP setup to the Local Vera box (since Linux has all the requisite bits already), and then just send Email locally through it.  Unfortunately, that would add complexity to the install (etc) that most people probably aren't prepared for.

Henk:

--- Quote from: guessed on June 07, 2011, 03:28:49 pm ---@Henk, these are part of [pseudo] standard Lua "extensions", and just included by MiOS.  You'd need to persue the package owners to see if they'd add the SSL/TLS (LuaSec) stuff into it, since they're from the Lua community itself.

Internally, I believe they look for values being set against the User vars prior to emitting an AUTH Header.  If there are not present (as distinct from "blank") then it'll work just fine.

Technically, the pieces to build SSL-SMTP are there, but it would be a lot of work to get it going (or to understand how to better hook LuaSec into the LuaSocket framework)... likely more time than anyone here has to spare. 

In many reguards, it would be simpler to petition MCV to add native SMTP setup to the Local Vera box (since Linux has all the requisite bits already), and then just send Email locally through it.  Unfortunately, that would add complexity to the install (etc) that most people probably aren't prepared for.

--- End quote ---

@guessed

I understand what you are saying. And if neither of us have the time (or as in my case) the knowhow to either hook LuaSec into the LuaSocket framework or to get it going ourselves, i support your point of view that MCV should make an effort to have this incorperated into the MiOS engine. As far as the implemention goes now, we either have to rely ont the MiOS email notifications of which we have all seen strange and uncontrolled behaviour (not sending notifications, sending them hours or days late or sending them multiple times) that confuses users with false positives on security devices like motion sensors, locks and door sensors.

Of course as a workaround external options like Prowl for iPhone or Veralert for Android exist, but these are out of the normal scope of Vera and IMHO Vera should provide secure and reliable notifciations out of the box.

Aerma:

--- Quote from: Henk on June 07, 2011, 04:36:12 pm ---
--- Quote from: guessed on June 07, 2011, 03:28:49 pm ---As far as the implemention goes now, we either have to rely ont the MiOS email notifications of which we have all seen the instant knockout results pictures strange and uncontrolled behaviour (not sending notifications, sending them hours or days late or sending them multiple times) that confuses users with false positives on security devices like motion sensors, locks and door sensors.

--- End quote ---

That's the same thing I've noticed with our motion sensors. Several false positives. I just found your post. Do you think these false positives could be from this SMTP socket issue?
--- End quote ---

DennisCrane:

--- Quote from: Henk on June 06, 2011, 10:41:59 am ---Referring to these threads:

http://forum.mios.com/index.php?topic=6153.0
http://forum.mios.com/index.php?topic=6656.0

The SMTP socket that Lua incorporates does not allow encrypted connections using TLS or SSL f.i. used by Gmail and other providers.

Also open servers that do not require AUTH do not work when the AUTH user and AUTH password strings are empy.

In my opinion i rather have phenq this socket functionality should be improved and ruggadized to properly support SMTP in luup code as mentioned in the referred threads.

--- End quote ---
If your email does not require authentification from your home IP, edit your send.smtp and remove "user" and "password" variables. It worked for me.

Navigation

[0] Message Index

[#] Next page

Go to full version