You are not logged in.

#1 2019-05-24 00:50:34

gaenserich
Member
From: Michigan
Registered: 2010-06-07
Posts: 119
Website

Use SMTP for IoT manipulation? [Brainstorming Help]

I have a new Wifi bullet camera that's replacing an older, less feature-full ip camera that I monitored using motion (https://aur.archlinux.org/packages/motion/) on a server on the same LAN. I used motion's scripting capabilities to manipulate other IoT appliances, e.g. whenever it detected motion in my front yard, it would switch on some lights on a smart outlet in my house using a script like this: https://blog.georgovassilis.com/2016/05 … mart-plug/. My server also tracks if I am home or not (using arp-scan to see if my phone is on the LAN), which the motion scripts consult to determine whether to send me a mail alert (If I'm already home, I don't need a mail to tell me someone is in my yard; the lights tell me that).

While the old camera was pretty bare bones, my new one can use an SMTP server to send out alerts. I was wondering if, instead of using motion, I could instead have the new ip camera send SMTP messages to the server, which could then execute the scripts to turn on my lights and/or send the email if I'm not home.

I haven't fiddled with mail servers too much, so I'm not too sure of the logistics of this set up. Would I need an MTA like exim or postfix? Would I be able to have either of those MTAs execute an arbitrary script upon receiving a mail? Since the mail will have an attached jpeg showing motion event in progress, how should I manipulate those?

I have MSMTP already set up on the server to send me system notifications, if that helps, too.

Any back-of-the-napkin ideas out there?


Check out hostsblock for system-wide ad- and malware-blocking.

Offline

#2 2019-05-24 09:37:26

progandy
Member
Registered: 2012-05-17
Posts: 5,184

Re: Use SMTP for IoT manipulation? [Brainstorming Help]

That is possible. You can either write a filter for a mailserver (similar to a spamfilter) or create your own specialized mailserver like e.g.
https://github.com/shantanugoel/email-actions/


| alias CUTF='LANG=en_XX.UTF-8@POSIX ' |

Online

#3 2019-05-24 09:49:43

schard
Member
From: Hannover
Registered: 2016-05-06
Posts: 1,932
Website

Re: Use SMTP for IoT manipulation? [Brainstorming Help]

gaenserich wrote:

My server also tracks if I am home or not (using arp-scan to see if my phone is on the LAN), which the motion scripts consult to determine whether to send me a mail alert (If I'm already home, I don't need a mail to tell me someone is in my yard; the lights tell me that).

God forbid you forget your phone at home and somebody breaks in to steal it.

gaenserich wrote:

While the old camera was pretty bare bones, my new one can use an SMTP server to send out alerts. I was wondering if, instead of using motion, I could instead have the new ip camera send SMTP messages to the server, which could then execute the scripts to turn on my lights and/or send the email if I'm not home.

Unencrypted email is inherently insecure and vulnerable to MITM attacks. Don't do that without encryption or somebody will start playing with your outdoor lights.

gaenserich wrote:

I haven't fiddled with mail servers too much, so I'm not too sure of the logistics of this set up. Would I need an MTA like exim or postfix? Would I be able to have either of those MTAs execute an arbitrary script upon receiving a mail? Since the mail will have an attached jpeg showing motion event in progress, how should I manipulate those?

Well, the you should start with understanding email and learning how to configure a mailserver securely.
But please do it locally in a VM until you know how to do it right.

Offline

#4 2019-05-24 11:52:26

Trilby
Inspector Parrot
Registered: 2011-11-29
Posts: 29,444
Website

Re: Use SMTP for IoT manipulation? [Brainstorming Help]

schard wrote:

Unencrypted email is inherently insecure and vulnerable to MITM attacks. Don't do that without encryption or somebody will start playing with your outdoor lights.

All this is happening within the local network - so provided a reasonable firewall setting, this would not be a relevant concern: these "email" would not be going out over the wider internet, only within the LAN.


"UNIX is simple and coherent..." - Dennis Ritchie, "GNU's Not UNIX" -  Richard Stallman

Offline

#5 2019-05-24 12:25:51

schard
Member
From: Hannover
Registered: 2016-05-06
Posts: 1,932
Website

Re: Use SMTP for IoT manipulation? [Brainstorming Help]

@Trilby: You're correct. I must have skipped that.
But then the mail server should run on the LAN only.
If it also starts to handle emails coming in from the outside, there might still be a problem.

Last edited by schard (2019-05-24 12:27:14)

Offline

#6 2019-05-24 12:34:12

progandy
Member
Registered: 2012-05-17
Posts: 5,184

Re: Use SMTP for IoT manipulation? [Brainstorming Help]

schard wrote:

If it also starts to handle emails coming in from the outside, there might still be a problem.

Normally, mailservers detect the sending/forwarding mail server, so you can use that to filter which mails you want to react to.

Last edited by progandy (2019-05-24 12:36:35)


| alias CUTF='LANG=en_XX.UTF-8@POSIX ' |

Online

#7 2019-05-24 16:13:10

gaenserich
Member
From: Michigan
Registered: 2010-06-07
Posts: 119
Website

Re: Use SMTP for IoT manipulation? [Brainstorming Help]

progandy wrote:

That is possible. You can either write a filter for a mailserver (similar to a spamfilter) or create your own specialized mailserver like e.g.
https://github.com/shantanugoel/email-actions/

email-actions looks exactly like what I want. Thank you!

schard wrote:

God forbid you forget your phone at home and somebody breaks in to steal it.

In both old and new setups, the recordings are still archived, and the scenario you point out is rather moot: (1) My phone is like a personal appendage (and its case is my wallet, too), so it would be highly unlikely for me to leave it at home and (2) if I didn't have my phone with me, I wouldn't get the email notification anyway.

schard wrote:

Unencrypted email is inherently insecure and vulnerable to MITM attacks. Don't do that without encryption or somebody will start playing with your outdoor lights.

Selbstverständlich. Although this will be completely on a WPA2-secured LAN, I would set up nftables on the server to only accept local connections, and would probably eventually setup TLS anyway (my crypto fetish)

schard wrote:

But then the mail server should run on the LAN only.
If it also starts to handle emails coming in from the outside, there might still be a problem.

The only would-be insecure connection would be between camera and server on the LAN. The only contact that this setup would have with the world outside the LAN would be toutwards to a GMAIL SMTP server (after PGP-encryption) or via a Signal message (via signal-cli). Keine Panik.

I'll start tinkering with email-actions https://github.com/shantanugoel/email-actions/ and hopefully post back soon.


Check out hostsblock for system-wide ad- and malware-blocking.

Offline

Board footer

Powered by FluxBB