Personal Blog of Thomas Hampel - Creative Mythbusting in Development and Collaboration

Query results for : June 2015

Print Email Attachments automatically with a RaspberryPI- 23 June 2015 - (5) Comments

Thomas Hampel
 23 June 2015

I am tired of printing email attachments. Yes, I still need to print some of them e.g. invoices for tax computation or travel reimbursement needs, or credit card balance sheets for archiving them offline.
Most of them are e-mails with PDF file attachments which I need to print on a regular basis. In order to print them I need to be at home, using a device with apropriate printer drivers installed and connected to my home network.

There must be a more simple method, so lets see how to allow mobile or remote printing.


What options do we have for remote printing?
  • Google Cloud Print - would be the easiest option but who wants to forward personal data to Google?
  • Using web-connected printers like those from HP or EPSON or Canon, but my current printer(s) do work fine and I see no reason to replace them.
    Furthermore any mail would be routed to the vendors environment which I dont trust.
  • VPN - probably the best approach, but still requires printer drivers and VPN software to be installed.
    Since none of the options above satisfied my needs, lets see if we can build a solution ourselfes...maybe using a Raspberry Pi
    Main idea is to poll an IMAP account on a regular basis and if new mail will meet certain criteria then print the PDF file attachment.

    Image:Print Email Attachments automatically with a RaspberryPI

    Step 1 - Preparations

    Obviously you need to
    buy a Raspberry PI, the Model B+ is enough. You also need some further equipment like a memory card, power adapter, keyboard, etc.
    Beside
    installing and configuring the operating system you need to:
  • Enable SSH
  • Apply latest patches by running update and Upgrade
    $ sudo apt-get update -y && apt-get upgrade -y
  • Install updates automatically by using apt-cron
    $ sudo apt-get install apt-cron
  • Configure your network adapter preferably assign a static IP
  • Change system locale and keyboard layout to fit your needs
  • Don't forget to Change the default password
  • When using a WiFi dongle disable WiFi Adapter Power Saving Mode
    Step 2 - Set up a new IMAP (or POP3) account

    Contact your provider for a description how to do that. Make sure your provider supports SSL/TLS connections and make sure to enable antivirus/antispam control for your IMAP account.
    Remark: SmartCloud Notes / Connections Cloud users need to enable IMAP access first (
    see details)

    Step 3 - Import SSL Root certificate(s)

    SSH into your Raspberry PI and start by creating a new directory for this project
    mkdir pimailprint
    cd pimailprint
     

    For
    verification of SSL certificates we would like to store SSL certificates of our mail provider locally, preferably in another subdirectory.
    mkdir sslcerts
    wget {url-of-provider certificate} -O ./sslcerts/provider-name.cer
    c_rehash ./sslcerts/

    You can verify the functionality
    using OpenSSL

    Step 4 - Install Prerequisites

    Install the required packages

    sudo apt-get install fetchmail procmail uudeview

    Create a configuration file for fetchmail, in our case the file will be located in the project directory instead of the users home folder.
    With this configuration I'm using procmail as mail delivery agent in order to further process the inbound mail.

    nano ./fetchmail.conf

    using this configuration:

    set no bouncemail
    poll IMAP.YOUR-DOMAIN.COM

    service 993

    protocol imap

    user "YOUR-USERNAME"

    password "YOUR-PASSWORD"

    ssl

    sslcertck

    sslproto TLS1

    no keep

    mda "/usr/bin/procmail -m './procmail.conf'"

    Change file permissions so only you can open and see the file.

    chmod 700 ./fetchmail.conf

    Create a configuration file for procmail...

    nano ./procmail.conf

    and use this configuration which will store mails that contain an attachment in the folder ./maildata

    MAIL_DIR=./maildata
    VERBOSE=off

    LOGFILE=./logs/printmail.log

    :0

    *^content-Type:

    $MAIL_DIR/


    Step 5 - Install and Configure CUPS

    CUPS (Common Unix Printing System) allows any computer to act as a print server.
    Just refer to
    this page for installation and configuration instructions
    Remark: Make sure to set this printer to be your default printer.
    Once completed you can manage the printer queue remotely using https://[ip-address-or-dns-name-of-your-raspberrypi]:631

    Image:Print Email Attachments automatically with a RaspberryPI

    Step 4 - Build your Script

    Create a new shell script...

    touch ./printmail.sh
    chmod +x ./printmail.sh

    nano ./printmail.sh

    using the following code
    #!/bin/bash
    # Parameters

    BASEDIR=$(dirname $0)

    CURDIR=$(pwd)

    MAILDIR=./maildata

    LOGFILE=./logs/printmail.log

    ATTACH_DIR=./attachments

    # change directory

    echo "Switching directory to : $BASEDIR"

    cd $BASEDIR

    # create log file if it does not exist

    touch $LOGFILE

    date +%r-%-d/%-m/%-y >> $LOGFILE

    # fetch mail

    echo "Checking for new mail..."

    fetchmail -f ./fetchmail.conf -L $LOGFILE

    # process new mails

    shopt -s nullglob

    for i in $MAILDIR/new/*

    do

      echo "Processing : $i" | tee -a $LOGFILE

      uudeview $i -i -p $ATTACH_DIR/

    # process file attachments with space (thanks to Dr.B.)
       cd $ATTACH_DIR
       for e in ./*
           do
               mv "$e" "${e// /_}"
       done
       for f in *.PDF
           do
           mv $f ${f%.*}.pdf
       done
       cd $BASEDIR
    # end of Dr.B. patch
      echo "Printing PDFs" | tee -a $LOGFILE

      for x in $ATTACH_DIR/*.pdf

      do

              echo "Printing : $x" | tee -a $LOGFILE

              lpr $x

              echo "Deleting file : $x" | tee -a $LOGFILE

              rm $x | tee -a $LOGFILE

      done

      echo "Clean up and remove any other attachments"

      for y in $ATTACH_DIR/*

      do

              rm $y

      done

      # delete mail

      echo "Deleting mail : $i" | tee -a $LOGFILE

      rm $i | tee -a $LOGFILE

    done

    shopt -u nullglob

    echo "Job finished." | tee -a $LOGFILE

    cd $CURDIR


    Step 5 - Test and Scheduling

    in order to test the whole script, just run it :)

    ./printmail.sh
    To run it on a schedule, just add the whole path to crontab.
    crontab -e -u pi

    in my case it is enough to run this script once per hour, feel free to customize it to your needs

    @hourly  /home/pi/pimailprint/printmail.sh

    Image:Print Email Attachments automatically with a RaspberryPI

    Results

    By forwarding a mail to a specific email address I can now print attachments automatically. Back home all the documents I wanted have already been printed or will be printed when switching on my printer and I can quickly process them further on, e.g. for claiming travel expenses back.
    In my case I am forwarding mails manually to a new account if I want to print them. Of course it is also possible to use mail rules for processing mails automatically.

    Enhancement requests / what needs to be done:
    • End to end encryption with S/MIME
  • Reply to sender when print job has completed
  • Define printer settings based on acronym in subject line
    Remark: Feel free to use this script at your own risk.
  • Import & Export Internet Certificates Programatically- 18 June 2015 - (0) Comments

    Thomas Hampel
     18 June 2015

    We all know that Admins are lazy. Being lazy can be helpful when having development skills, especially to reduce the amount of helpdesk calls by automating boring work.
    How to import X509 certificates into a Notes ID when the certificate itself is stored in the Windows certificate store?

    S/MIME Import / Export Automation

    If needed, users can then export or import Internet Certificates directly from the Notes Client, but who wants to do that manually?
    Even exporting the certificate from the Notes ID is too complicated for most users...
    Image:Import & Export Internet Certificates Programatically

    Looking for an automated way to export Internet Certificates, the pubnames.ntf provides there are some undocumented @Formulas that can be found for working with X509 certificates
    • @X509Certificates([Subject];UserCertificate;"");
      Returns the list of subjects of the internet certificates stored in the person document field named "UserCertificate"
    • @Command([PKCS12ExportCertsFromNAB];UserCertificate;Certificate;Number;"0")
      Where "Number" is the element in the list returned by @X509Certificates

    In my opinion those @Functions still show too many dialog boxes, so lets try to make it more simple.
    The C-API documentation provides the functions required namely PKCS12_ExportIDFileToFile and PKCS12_ImportFileToIDFile.

    Wrapping both into a small script is easy...

    Declare
    Function PKCS12_ExportIDFileToFile Lib "nnotes" Alias "PKCS12_ExportIDFileToFile" (_
               ByVal pIdFilename As String,_
               ByVal pIdFilepassword As String,_
               ByVal pPKCS12Filename As String,_
               ByVal pPKCS12Filepassword As String,_
               ByVal ExportFlags As Long,_
               ByVal ReservedFlags As Long,_                
               Preserved As Any) As Integer

    Declare
    Function PKCS12_ImportFileToIDFile Lib "nnotes" Alias "PKCS12_ImportFileToIDFile" (_
               ByVal pPKCS12Filename As String,_
               ByVal pPKCS12Filepassword As String,_
               ByVal pIdFilename As String,_
               ByVal pIdFilepassword As String,_
               ByVal ImportFlags As Long,_
               ByVal ReservedFlags As Long,_                
               Preserved As Any) As Integer

    Const
    PKCS12_EXCLUDE_PRIVATEKEYS=&h00000001


    Calling those API's would be able to import a certificate from a file, but often the certificate has already been deployed to (e.g.) the Windows certificate store.
    It would have been easy to use a Windows API call to export a certificate into a file and then import it again back into the Notes ID using the Notes API calls above.
    Unfortunately M$ discontinued support for CAPICOM after Windows XP... so we have to use old school methods like using command line tools like Certutil

    still with the resulting functions you can Import and Export X509 certificates from the Windows certificate store to the NotesID and back.

    ImportInternetCertificatesFromOSCredentialStore.lss

    ExportnternetCertificatesToOSCredentialStore.lss

    As usual mind YMMV and feel free to further optimize the code to fit your needs-
    Please use at your own risk and report back any suggestions or improvements!

    Special Thanks to Marcus Floeser for providing the screenshot.

    Domino CA Process ’Error processing CCS Mod Request’- 3 June 2015 - (0) Comments

    Thomas Hampel
     3 June 2015

    The CA process in Domino is a server task to manage and process certificate requests. It is very helpful if you want support staff to register new users without knowing the password to your Domino Certificate.
    As employees join or leave the support team you'll have to add / remove people from the list of Registration Authorities by using "Modify Certifier" from the Administrator Client tools menu.
    Image:Domino CA Process ’Error processing CCS Mod Request’

    Granting access for a new team member as usual...
    Image:Domino CA Process ’Error processing CCS Mod Request’

    and submitted the request
    Image:Domino CA Process ’Error processing CCS Mod Request’

    seemed to be successful
    Image:Domino CA Process ’Error processing CCS Mod Request’

    ...but according to the log the Domino CA modification request failed with this error:
    CA Process (OU=OU/O=Company): Error processing CCS Mod Request.: There is no certificate in the Address Book.


    Root cause
    One or more people listed in the first dialog do not have a person document in the Domino Directory or the person document does not have a public key specified.
    Image:Domino CA Process ’Error processing CCS Mod Request’

    Solution
    First remove users which dont have a corresponding person document, and save + submit the request before adding new names.

    Register Community Server at Sametime System Console - Error AIDSC0898E Premature end of file- 2 June 2015 - (0) Comments

    Thomas Hampel
     2 June 2015

    Recently I was trying to registering a Sametime Community Server at the Sametime System Console (SSC) using \Console\registerSTServerNode.sh (or .bat on Windows) as described here.
    Image:Register Community Server at Sametime System Console - Error AIDSC0898E Premature end of file
    Unfortunately the registration failed with this error
    AIDSC0898E: The sax exception occurred.Premature end of file.


    Analysis

    Taking a look into the log file [DominoData]/Console/logs/ConsoleUtility0.log did not show anything obvious, just the same error over and over again. One error for each attempt to register the community server.
    com.ibm.sametime.console.deployment.client.util.SCSaxParser        parse        AIDSC0898E: The sax exception occurred.Premature end of file.


    The script is getting input from two files, both located in the same directory [DominoData]/Console/
    • "productConfig.properties" is used to set the Community server name and the server display name for SSC
    • "console.properties" is used to define the connection properties like hostname, port, username and password

    From your Community Server it was possible to access the Sametime System Console by using the following URL
    http://SystemConsoleServer.YourDomain.tld:9080/stpolicy/policy/all
    Logging in with the WAS credentials defined in the console.properties file worked fine.

    Next step is to make sure your ST Community server responds to the following URL, depending on your configuration either HTTP on port 80 or HTTPS on port 443
    http://CommunityServer.YourDomain.tld:80/servlet/auth/scs?xpath
    Which also worked fine.

    While reviewing the configuration I noticed the console.properties was configured not to use SSL.
    SSCSSLEnabled=false

    While the Domino community server was configured to redirect TCP traffic to SSL
    Image:Register Community Server at Sametime System Console - Error AIDSC0898E Premature end of file
    Redirect TCP to SSL was enabled while I had set SSCSSLEnabled=false, so Domino was requesting to authenticate via SSL.
    At least it was worth trying to streamline this setting - and guess what, it worked.

    Solution
    There are two options to fix this problem
    Either use SSL by setting SSCSSLEnabled=true and specify the correct SSL port number in the file [DominoData]/Console/console.properties
    or (less secure) disable usage of SSL by changing Redirect TCP to SSL to "No" on your Domino server.

    References:

    Notes Widgets disappear from Catalog- 1 June 2015 - (0) Comments

    Thomas Hampel
     1 June 2015

    You are wondering why your beloved Notes widget all of a sudden is no longer available in the Widget catalog?
    Of course the administrator of trust did not do anything - so what happened?

    Here is a small hint:
    Take a quick look into the widget catalog, there is a scheduled agent...
    Image:Notes Widgets disappear from Catalog

    and the brief description
    %REM *********************** Agent Notes **************************
    This agent checks all new/modified documents to make sure that the
    user created the document properly. It checks to make sure the proper
    items are in place, and it also verifies that the categories that are
    set are allowed by the document creator.

    *************************** INTERACTIONS ***************************
    There are no interactions with this agent. It is a scheduled agent
    that is set to work against new/modified documents.

    Conclusion:
    If anything, such as AdminP, modified the document then this agent will run. In our case it was an AdminP name change request which caused the document to be modified.
    Go ElsewhereSubscribe to RSSAboutStay ConnectedAnd More
    Thomas Hampel, All rights reserved.