Use authenticated SMTP for weekly PBX report

beef99ae · Andrey Filippov · 3f59f976 · beef99ae · beef99ae · beef99ae
Commit beef99ae authored Mar 22, 2026 by Andrey Filippov
Showing with 65 additions and 5 deletions

pbx-backup.example config/pbx-backup.example +7 -1

2026-03-22-backup-and-reports.md notes/2026-03-22-backup-and-reports.md +5 -3

pbx-backup-report.sh scripts/pbx-backup-report.sh +53 -1

No files found.
--- a/config/pbx-backup.example
+++ b/config/pbx-backup.example
@@ -2,4 +2,10 @@ BACKUP_MOUNT=/mnt/pbx-backup
 BACKUP_SUBDIR=elphel-pbx
 KEEP_COUNT=30
 # BACKUP_MAILTO=andrey@elphel.com
-# REPORT_MAILTO=andrey@elphel.com
+# REPORT_FROM=pbx@elphel.com
+# REPORT_MAILTO=backups@elphel.com
+# SMTP_HOST=mail.elphel.com
+# SMTP_PORT=465
+# SMTP_MODE=ssl
+# SMTP_USER=pbx@elphel.com
+# SMTP_PASS=...
--- a/notes/2026-03-22-backup-and-reports.md
+++ b/notes/2026-03-22-backup-and-reports.md
@@ -13,7 +13,7 @@ Reason:
 Replace the old Sunday restart mail with:
 - scheduled local backup to the USB stick
- optional short weekly email report from the backup job
+- optional short weekly email report from the backup job using authenticated SMTP
 ## USB
@@ -44,7 +44,8 @@ The backup script is designed to capture the live state that is harder to recons
 - systemd timer: daily at `03:17`
 - retention: keep the newest `30` runs by default
- optional weekly mail: set `REPORT_MAILTO` in `/etc/default/pbx-backup`
+- optional weekly mail: set `REPORT_FROM`, `REPORT_MAILTO`, `SMTP_USER`, and `SMTP_PASS` in `/etc/default/pbx-backup`
+- for better secret separation, the live PBX may place the weekly mail settings in `/etc/default/pbx-backup-mail`
 - optional per-run mail: set `BACKUP_MAILTO` in `/etc/default/pbx-backup`
 ## Installed On Live PBX
@@ -53,6 +54,7 @@ Installed on `192.168.1.16`:
 - `/usr/local/sbin/pbx-backup.sh`
 - `/usr/local/sbin/pbx-backup-report.sh`
 - `/etc/default/pbx-backup`
+- `/etc/default/pbx-backup-mail`
 - `/etc/systemd/system/pbx-backup.service`
 - `/etc/systemd/system/pbx-backup.timer`
 - `/etc/systemd/system/pbx-backup-report.service`
@@ -62,7 +64,7 @@ Installed on `192.168.1.16`:
 Verified on `2026-03-22`:
 - USB mounted at `/mnt/pbx-backup`
 - timer active and scheduled for the next daily run
- weekly report timer installed; mail delivery still depends on setting `REPORT_MAILTO`
+- weekly report timer installed; mail delivery still depends on setting the authenticated SMTP variables
 - manual backup run `20260322_125605` completed successfully
 - resulting backup size: about `81M`

--- a/scripts/pbx-backup-report.sh
+++ b/scripts/pbx-backup-report.sh
@@ -7,10 +7,20 @@ if [[ -r /etc/default/pbx-backup ]]; then
  # shellcheck disable=SC1091
  . /etc/default/pbx-backup
 fi
+if [[ -r /etc/default/pbx-backup-mail ]]; then
+  # shellcheck disable=SC1091
+  . /etc/default/pbx-backup-mail
+fi
 BACKUP_MOUNT="${BACKUP_MOUNT:-/mnt/pbx-backup}"
 BACKUP_SUBDIR="${BACKUP_SUBDIR:-$(hostname -s)}"
 REPORT_MAILTO="${REPORT_MAILTO:-}"
+REPORT_FROM="${REPORT_FROM:-${SMTP_USER:-pbx@elphel.com}}"
+SMTP_HOST="${SMTP_HOST:-mail.elphel.com}"
+SMTP_PORT="${SMTP_PORT:-465}"
+SMTP_MODE="${SMTP_MODE:-ssl}"
+SMTP_USER="${SMTP_USER:-}"
+SMTP_PASS="${SMTP_PASS:-}"
 HOSTNAME_SHORT="$(hostname -s)"
 ROOT_DIR="${BACKUP_MOUNT}/${BACKUP_SUBDIR}"
@@ -54,6 +64,8 @@ if ! (cd "$LATEST_DIR" && sha256sum -c SHA256SUMS >/dev/null 2>&1); then
 fi
 SUBJECT="[PBX weekly backup] ${HOSTNAME_SHORT} ${BACKUP_TIME}"
+BODY_FILE="$(mktemp)"
+trap 'rm -f "$BODY_FILE"' EXIT
 {
  echo "PBX weekly backup report"
@@ -86,4 +98,44 @@ SUBJECT="[PBX weekly backup] ${HOSTNAME_SHORT} ${BACKUP_TIME}"
  echo
  echo "Recent backup log:"
  tail -n 20 "$BACKUP_LOG"
-} | mail -s "$SUBJECT" "$REPORT_MAILTO"
+} > "$BODY_FILE"
+if [[ -z "$SMTP_USER" || -z "$SMTP_PASS" ]]; then
+  echo "SMTP credentials are not configured; skipping weekly PBX backup report."
+  exit 0
+fi
+REPORT_FROM="$REPORT_FROM" REPORT_MAILTO="$REPORT_MAILTO" SMTP_HOST="$SMTP_HOST" SMTP_PORT="$SMTP_PORT" SMTP_MODE="$SMTP_MODE" SMTP_USER="$SMTP_USER" SMTP_PASS="$SMTP_PASS" REPORT_SUBJECT="$SUBJECT" REPORT_BODY_FILE="$BODY_FILE" python3 - <<'PY'
+import os
+import smtplib
+from email.message import EmailMessage
+host = os.environ["SMTP_HOST"]
+port = int(os.environ["SMTP_PORT"])
+mode = os.environ["SMTP_MODE"].lower()
+user = os.environ["SMTP_USER"]
+password = os.environ["SMTP_PASS"]
+mail_to = os.environ["REPORT_MAILTO"]
+mail_from = os.environ["REPORT_FROM"]
+subject = os.environ["REPORT_SUBJECT"]
+body_path = os.environ["REPORT_BODY_FILE"]
+msg = EmailMessage()
+msg["Subject"] = subject
+msg["From"] = mail_from
+msg["To"] = mail_to
+with open(body_path, "r", encoding="utf-8") as f:
+    msg.set_content(f.read())
+if mode == "starttls":
+    with smtplib.SMTP(host, port) as s:
+        s.ehlo()
+        s.starttls()
+        s.ehlo()
+        s.login(user, password)
+        s.send_message(msg)
+else:
+    with smtplib.SMTP_SSL(host, port) as s:
+        s.login(user, password)
+        s.send_message(msg)
+PY