on two systems I have the Multi-Report script (by @joeschmuck) running. The last months everything went smooth but today I recognized some failed cronjob.runs in the list of Jobs.
Last week I updated to “ElectricEel-24.10.2”, it might have to do something with this update.
On both systems I have a cronjob configures as:
Command: /home/admin/00_SCRIPTS/multi_report/multi_report.sh
Run As User: root
The access rights are:
admin@titan[~/00_SCRIPTS/multi_report]$ ls -alt
total 271
drwxr-xr-x 2 admin admin 6 Feb 27 17:19 .
-rw-r--r-- 1 root root 197257 Feb 14 05:31 statisticalsmartdata.csv
drwxr-xr-x 5 admin admin 7 Oct 31 13:16 ..
-rw-r--r-- 1 root root 23047 Jun 16 2024 multi_report_config.txt
-rwxr-xr-x 1 root root 10128 Jun 16 2024 smr-check.sh
-rwxr-xr-x 1 admin admin 475562 Jun 16 2024 multi_report.sh
The cronjob.runs fail with:
sudo: process 3584143 unexpected status 0x57f
Killed
Executed CronTask - /home/admin/00_SCRIPTS/multi_report/multi_report.sh > /dev/null: sudo: process 3584143 unexpected status 0x57f
Killed
The old CRON didn’t need it but as TrueNAS hardening occurs, we have to find ways to make the system do what we want. This was one of the changes. It is documented in the User Guide and the Quick Start Guide for SCALE.
Sorry you had issues, hopefully nothing broke in the meantime.
At the moment I am having multi_report v3.0.7 on my system (so a bit old).
Running the script as multi_report.sh does not work at all, independent of the parameter I give. I tried with “-update_all”, “-update”, “-config”.
TrueNAS simply kicks it:
sudo: process 538818 unexpected status 0x57f
zsh: killed ./multi_report.sh -update_all
I tried via “sudo su” and directly on the root shell. Nothing works.
Is my version of the script too old to update via the update functionality? Do I have to do a manual update?
Might it have something to do with my script location “/home/admin/00_SCRIPTS/multi_report”?
And just to make absolutely sure: Is there anything to consider in case of a manual update to avoid issues with my config file?
EDIT:
I manually exchanged the script with version 3.16, but the problem still exists. @joeschmuck sorry for bothering you, but do you have an idea?
I have now changed the location of my script from /home/admin/00_SCRIPTS/multi_report/
to /root/SCRIPTS/multi_report/
and it seems to work again to run it as ‘root’.
Do scripts have to be located in the users own homedir? Isn’t root not able to execute script in another users homedir, anymore?
I execute my scripts from a non-root owned directory however I still need to run as root.
You should have been able to keep using your original directory and the command line would be (one long line, long due to your long path): cd mnt/home/admin/00_SCRIPTS/multi_report/multi_report.sh ./home/admin/00_SCRIPTS/multi_report/multi_report.sh
And run as user root.
The -update_all is only for version 3.15 and greater. However you should be able to use -update to download the current version (3.16) on your system, but you need to be a privileged user, like root.
All the craziness is the result of iXsystems hardening of TrueNAS. I do not expect it to get better at all, but maybe in 25.04 I may have an option. But I will not know until the final version comes out. I’m not wasting time on just that it might be possible.
I know you already “fixed” it, but whenever you run into a problem with the script not running, log into a Shell as root and try to run the script. It often is a permissions issue. In this case it is hardening.
@joeschmuck after my script runs again, I ran into the next problem. If I got it correctly, your script is using the new mr_sendemail.py script for sending mails.
In TrueNAS I have configured the ‘SMTP’ method to send mails and TrueNAS is also able to send mails successfully.
However, your script runs into:
Using mr_sendemail.py
Sendemail had a problem. Check the file log at /root/SCRIPTS/multi_report/sendmail_log
{"error": true, "detail": "KO: {'xxx@yyy.zz': (504, b'5.5.2 <mymailusername>: Sender address rejected: need fully-qualified address')}", "logfile": "/root/SCRIPTS/multi_report/sendemail_log/20250227_213443.txt", "total_attach": 0, "ok_attach": 0}
cat /root/SCRIPTS/multi_report/sendemail_log/20250227_213443.txt
File /root/SCRIPTS/multi_report/sendemail_log/20250227_213443.txt successfully generated
4 totals file log
0 totals attachment
trying read mail.config
read mail.config successfully
Switching for the right provider
** SMTP Version **
parsing smtp config
switch from classic send and bulk email
mail hmtl provided
parsing html content
body is a file
start parsing headers
parsing data from config
using fromname TrueNAS Titan
generate a message ID using MYMAILUSERNAME
MYMAILUSERNAME not a valid address, tryng on xxx@yyy.zz
domain: yyy.zz
uuid: 2025_02_27_21_34_43_8764f7b88c0-96c9-4a5a-8394-3b88de4fc2f9
messageid: <2025_02_27_21_34_43_8764f7b88c0-96c9-4a5a-8394-3b88de4fc2f9@yyy.zz>
check for attachements...
get hostname
hostname retrieved: aaa.bbb.ccc
tryng retrieving if more recipient are set
establing connection based on security level set on TN: SSL
entered SSL path
adding ehlo to the message
entering credentials
sending SSL email
KO: {'xxx@yyy.zz': (504, b'5.5.2 <MYMAILUSERNAME>: Sender address rejected: need fully-qualified address')}
Is your script running into an issue, because my mail username for the mailserver is not in the format of an email address?
Things are done a bit differently on Linux vs BSD.
On my phone at the moment so you’ll have to some research and read the man pages. This is from SU.
su is mostly designed for unprivileged users, the recommended solution for privileged users (e.g., scripts executed by root) is to use non-set-user-ID command runuser(1) that does not require authentication and provides separate PAM configuration. If the PAM session is not required at all then the recommended solution is to use command setpriv(1).
@thomas-hn yes, another benefit from a hardening system, iXsystems removed sendmail. @oxyde has created the Python script to send the email. We will need to drag him back into the conversation and he will help out.
@thomas-hn the error mean that your server Is rejecting the request. The script try to accomplish a genuine header with available data, but there are a lot of combination that can make this harder than expected.
From what I can see from logs, the fact that you use a non-email Is not a problem (Is not a problem anymore since various release), but to retrieve a domain the script Is using the from email you set in truenas… Is this address a valid sender for the domain?
In case, can i ask you to share some more data in private to understand what Is going on?
@oxyde I am already in contact with my mail provider, trying to get some information what their error log contains.
I will come back to you later today and provide more information.
perfect, let me know, write me in private also without problem.
The main “mindset” of the script is “if email work in TN, must work in the script too”, so if is something i can fix my side i’m totally available to help
@oxyde my mail provider responded and told me that he sees a invalid “From” field in the mail. The “From” field contains the Username as specified in TrueNAS, but it should contain the “From Email”.
The “Send Mail Method” is set to “SMTP” and the Security is set to “SSL (Implicit TLS)”.
Does this help to diagnose the issue in the script?
afaik this depends on your provider server policy.
Im worried about if changing the actual behaviour can broke other provider that instead are using the SMTP user that Is not an email address (like i have tested).
Just for be sure this Is the real problem, and meanwhile i perform some test on It, replace at row 348 of the script smtp_user with smtp_fromemail and script should work.
Let me know how go
My provider mentioned that the “From” field is used by the receiver’s mail client if you click on reply and, therefore, it needs to be a valid mail address. But I agree, if other providers handle this differently, it could make problems.
Would it be an option to have some kind of config file for your script where we can handle some config options? Or maybe better, to add check to your script where it checks the mailserver address against a lookup table to see which provider needs what format? In this way the script could be very flexible for different special needs for different providers.
Later I will test your proposed change and report the result.
After some research, probably i was too much cautious there, the switch should be possible and should not impact anyone… only if a fromemail address not accepted by the server is compiled the mail will be rejected, but in this case neither TN itself should work. But let me know how the test go for be 100% sure so i can work on a new version
Due to the nature of the script, an additional config file can be tricky to manage, at the moment 1 or 2 settings that can be usefull are taked by multi report config.
The lookup is something beatiful but a bit utopic there are soooo many providers
I thought about something like:
if smtp_server in provider_checklist:
Use special handling
else:
Use the current implementation
And the provider_checklist should contain only the domainname.tld and not any subdomains, because the list would crow heavily if the subdomains are also added.
But that’s only as an idea, if the fix of line 348 will be fine for all users, simply fix it.
there are soooo many providers