Automating MikroTik Router Backups via Email with Ubuntu SMTP Relay

Ensuring that backups of router configurations are performed regularly is critical for disaster recovery and maintaining network stability. This blog post outlines a method for automating daily backups of MikroTik routers, using an Ubuntu virtual machine (VM) as an SMTP relay that forwards emails through a Gmail account. This setup allows for unauthenticated SMTP from MikroTik routers on port 25, while securely sending outbound mail via Gmail.

Setting Up the Ubuntu SMTP Relay

Step 1: Configure Ubuntu VM for SMTP Relay

First, set up an Ubuntu VM within your network that will act as the SMTP relay. This VM will accept unauthenticated SMTP connections from MikroTik routers and relay them through a Gmail account.

Step 2: Install Postfix and Dovecot

Postfix will handle SMTP services, while Dovecot provides the necessary SASL (Simple Authentication and Security Layer) framework for authenticating with Gmail.

1. Update your package list and install Postfix and Dovecot:

sudo apt update
sudo apt install postfix dovecot-core dovecot-imapd mailutils -y

During the Postfix installation, you may be prompted to select a configuration type. Choose "Internet Site" and proceed with the installation.

2. Configure Postfix to use Gmail as a relay:

Edit the Postfix configuration file:

sudo nano /etc/postfix/main.cf

Add the following lines to the end of the file:

relayhost = [smtp.gmail.com]:587
smtp_use_tls = yes
smtp_sasl_auth_enable = yes
smtp_sasl_security_options = noanonymous
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt

3. Set up the Gmail credentials for Postfix:

Create a new file to store the Gmail credentials:

sudo nano /etc/postfix/sasl_passwd

Add the following line, replacing yourgmail@gmail.com with your Gmail address and yourapppassword with your Gmail app password:

[smtp.gmail.com]:587 yourgmail@gmail.com:yourapppassword

Secure and hash the password file:

sudo chmod 600 /etc/postfix/sasl_passwd
sudo postmap /etc/postfix/sasl_passwd

4. Restart Postfix to apply the changes:

sudo systemctl restart postfix

Step 3: Test Email Relay

Use telnet to test that the outbound mail is working correctly:

telnet localhost 25

Send a test email. Here's an example sequence of commands you might use within the telnet session (replace email addresses accordingly):

ehlo localhost
mail from: yourgmail@gmail.com
rcpt to: recipientemail@example.com
data
Subject: Test Email

This is a test email from Postfix.
.
quit

If everything is configured correctly, the test email should be relayed through Gmail to the recipient.

Configuring MikroTik Router for Automated Backups

Step 1: Create the Backup Script

Access your MikroTik router via terminal or SSH and create a new script that generates a backup and sends it via email:

/system script add name="backup_script" source={
    /export file=backup
    /tool e-mail send to="noc@example.com" subject=("Backup - " . [/system clock get date] . " - " . [/system identity get name]) body=("System Identity: " . [/system identity get name] . "\nSerial Number: " . [/system routerboard get serial-number] . "\nModel: " . [/system routerboard get model]) file=backup.rsc
}

Step 2: Schedule the Backup Script

Create a scheduler entry to run the backup script daily:

/system scheduler add name="daily_backup" start-time=03:00:00 interval=24h on-event=backup_script

Step 3: Configure MikroTik Email Settings

Configure the MikroTik router to use the Ubuntu VM as its SMTP server:

/tool e-mail set address=ubuntu_vm_ip_from_address port=25 from=yourgmail@gmail.com

Ensure you replace ubuntu_vm_ip_from_address with the IP address of your Ubuntu VM. This step assumes that the MikroTik management network IP range has been added to the mail config to prevent it from being an open relay.

That's it, You're Done!

By leveraging an Ubuntu VM as an SMTP relay for MikroTik router backups, network administrators can automate the process of generating and emailing backups daily. This method not only enhances the security and reliability of network management but also simplifies recovery procedures in the event of a configuration loss or hardware failure. Remember, enabling IMAP/POP on your Gmail account and creating an app password are essential steps for using Gmail as an outbound mail relay securely.