OTP Email Setup

I have asked for approval to add this comment to the OTP link but i put it here also incase its not approved.

 

 

Hi,

 

 

I would like to add some additional info I have experienced during the implementation of the email based OTP design. The build I have implemented is based on a version of the F5 Tutorial provided with a slight difference. My client is not using a sms gateway or email server to send emails to the user but a mixture of both: the principle is still the same for the email based OTP.

 

 

My build works like this, the F5 points to an smtp server as a relay server, which sends an email to mysmsserviceonline@telco.com to send the text message to the user.

 

 

I followed the instructions to setup mail relay from the guide

 

 

http://support.f5.com/kb/en-us/solutions/public/3000/600/sol3664.html

 

ltm01 ~ cat /etc/postfix/main.cf | grep relay

 

relayhost = [smtp.server.com]

 

 

To provide accountability and auditable for my client, I created a custom log, using the guide below:

 

 

https://devcentral.f5.com/Tutorials/TechTips/tabid/63/articleType/ArticleView/articleId/1084377/Writing-to-and-rotating-custom-log-files.aspx

 

 

OTP EMAIL Scipt

 

 

I amended the script to my needs,

 

 

!/bin/bash

 

while true

 

do

 

tail -n0 -f /var/log/customlog | while read line

 

do

 

var2=`echo "$line" | grep -i otp | awk -F'[,]' '{ print $2 }'`

 

var3=`echo "$line" | grep -i otp | awk -F'[,]' '{ print $3 }'`

 

var4=`echo "$line" | grep -i otp | awk -F'[,]' '{ print $4 }'`

 

Mobile number from AD

 

var6=`echo "$line" | grep -i otp | awk -F'[,]' '{ print $6 }'`

 

Strips whitespaces from mobile number

 

var6=`echo "$var6" | sed 's/ //g'`

 

if [ "$var3" = "otp" -a -n "$var4" ]; then

 

I was required to amend header to lock down who was requiring access by using '-- -f ', email address pulled from AD

 

echo One Time Password is $var4 | mail $var6@telcosmsgateway.com -- -f user@myclient.com

 

fi

 

done

 

done

 

 

I had several issues with the script being called; basically, if I ran it manually it would work however the script wouldn’t get called automatically. I tried several options before I came up with my solution; one suggestion was to use user_alerf config file to call my program, this worked in a fashion, but the delay between when it was called was too great for the APM session.

 

 

https://devcentral.f5.com/Community/GroupDetails/tabid/1082223/asg/44/aft/1178752/showtab/groupforums/Default.aspx1227184

 

https://devcentral.f5.com/Tutorials/TechTips/tabid/63/articleType/ArticleView/articleId/256/Custom-SNMP-Traps.aspx

 

 

To get round my issue I came up with two custom scripts to ensure the script ruan in the background. The first would run every 5 minutes to check the script is still running and restart if necessary and the other would restart the script at 4:05am.

 

 

The reason for the second script was I encountered some issues with the log file rollover; the script was still running but would not process requests. I believe the issue was due to the customlog being tarred and so the ‘while true’ was no longer valid.

 

 

I tested this by manually deleting the log and testing. It held true, I had to manually restart syslog-ns to make the script write to the log again.

 

 

These are the scripts I used:

 

 

OTPEmailCheck.sh

 

 

!/bin/bash

 

RUNNING=`ps -ef | grep OTPEmail.sh | grep -v grep | awk '{print $2}'`

 

 

echo $RUNNING

 

 

If the variable RUNNING has not been define i.e. is empy then run

 

if [[ -z $RUNNING ]]; then

 

/config/OTPEmail.sh &

 

echo "script stated"

 

else

 

echo "already running"

 

fi

 

 

OTPEmailRestart.sh

 

 

!/bin/bash

 

 

RUNNING=`ps -ef | grep OTPEmail.sh | grep -v grep | awk '{print $2}'`

 

echo $RUNNING

 

if [[ -z $RUNNING ]]; then

 

echo "OTPEmail.sh is not running. OTPEmailCheck.sh will start program within 5mins"

 

else

 

KILL=`kill -9 $RUNNING`

 

echo $KILL

 

/config/OTPEmail.sh &

 

echo "OTPEmail.sh was restated"

 

fi

 

 

Crontab

 

 

5 * * * * /bin/bash /root/scripts/OTPEmailCheck.sh

 

5 4 * * * /bin/bash /root/scripts/OTPEmailRestart.sh

 

 

After that it worked as desired.

 

 

Hope this helps someone else who’s having issues

 

 

Ferg.