User agent (and other headers) for email on embedded systems?

[David_AVD]

I was confused as well.     I was actually thinking of Reply-To which I've now added and that works.

I've been thinking of the email account side of things.   What could be done is have a separate email address and password for each end user (or installation). eg. 123@xyz.com, 456@xyz.com, etc.

Each remote device would have those credentials entered by the installer, along with the recipient details.  That could give some additional control.

Moving to SSL would seem like a significant effort on a micro.  How likely is unauthorised usage (spammers) when using port 25 with authorisation?

The proposed internet connection is a 4G modem.

[Monkeh]

I was confused as well.     I was actually thinking of Reply-To which I've now added and that works.

And is only of any utility if you want to send a message in response. It will not get any failure messages sent back to an email you can read.

I've been thinking of the email account side of things.   What could be done is have a separate email address and password for each end user (or installation). eg. 123@xyz.com, 456@xyz.com, etc.

Each remote device would have those credentials entered by the installer, along with the recipient details.  That could give some additional control.

Moving to SSL would seem like a significant effort on a micro.  How likely is unauthorised usage (spammers) when using port 25 with authorisation?

The proposed internet connection is a 4G modem.

Welcome to the joys of the internet of insecure things.

If anyone can sniff out the connection at any stage, they can use your login credentials. However, you could lock down the mail server to only allow these credentials to relay to specific addresses. This greatly limits the damage, unless they can fake valid emails from your device and cause hassle that way.

[David_AVD]

One thing that does bother me is someone having to maintain an email server for the life of the products.

The same would apply if I had the remote devices accessing a web server with POSTs.

I'll have to discuss the subscription service model with my client.

The only way I can see around that is to have the end users set up their own gmail accounts, but I haven't looked to see if they support non SSL logins.

[BradC]

Just fyi. This is an E-mail generated by one of my UPS network cards.
I've removed the stuff inserted by the mail servers it traverses to get to me to leave the basics the card sends.

Code: [Select]

MIME-Version: 1.0
Date: Tue, 27 Jun 2017 14:25:46 GMT
To: root@srv.home
From: apc-gfups@ups-gf.home
Cc:
Subject: System: Console user 'apc' logged out from serial port.
X-Mailer: Email Server
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 7bit
Message-Id: <E1dPrR0-00084J-3J@srv.home>

Name     : APC XXXXX

APC devices are used worldwide by IT departments and complaints about functionailty or lack thereof are taken pretty seriously.
I will say though, they are capable of SSL/TLS, although currently there are known issues with older APC units and Gmail. It doesn't affect me as all my stuff is internal.

[krho]

The only way I can see around that is to have the end users set up their own gmail accounts, but I haven't looked to see if they support non SSL logins.

Gmail doesn't support non ssl logins. And along with that you need at least TLS 1.0 support, with pretty strong ciphers. So forget you can do that on non beefy mcu.

The only way you can do this okayish is for your client to require setting up their own server. I'd think of providing a http script that can receive encrypted message over plain http link (there are safe encryption algorithms) that could be run on mcu. And that script can then relay the message over the smtp or just use smtp sending services like sendpost, mailgun etc.

[HwAoRrDk]

I tried adding in a Return-Path header, but it seems to be getting overridden by the mail server.

Ah, my mistake. I forgot the outbound mail host would want to override that. Really only applicable for direct-send in that case.

[David_AVD]

Thanks for all the help guys.  I seem to have a working solution now.