WEMO Event notifications

As part of my on going playing with some Belkins WEMO devices I started to have a look at the UPNP Event support.

The UPNP standard as well as including discover and endpoints for control has an event system, this allows devices to publish their status changes to interested parties. The event system uses some extensions to HTTP.


To subscribe to events from a given device you send a request similar to the following to the eventSubURL given as defined in the setup.xml which is linked to in the UPNP discovery response.

SUBSCRIBE /upnp/event/bridge1 HTTP/1.1
NT: upnp:event
TIMEOUT: Second-600

CALLBACK -> is the URL to be notified
TIMEOUT -> how long to send notifications

Gets the following response:

HTTP/1.1 200 OK
DATE: Sun, 11 Jan 2015 18:27:05 GMT
SERVER: Unspecified, UPnP/1.0, Unspecified
X-User-Agent: redsonic
SID: uuid:7206f5ac-1dd2-11b2-80f3-e76de858414e
TIMEOUT: Second-600

SID -> the Subscription ID

The SID is used to identify which notification come from this subscription, it can also be used to renew the subscription before the timeout expires by sending a SUBSCRIBE message like this:

SUBSCRIBE /upnp/event/bridge1 HTTP/1.1
SID: uuid:7206f5ac-1dd2-11b2-80f3-e76de858414e
TIMEOUT: Second-600


Incoming event notifications get delivered every time the state of the device changes and look like this for the WeMo Socket:

CONTENT-TYPE: text/xml; charset="utf-8"
NT: upnp:event
NTS: upnp:propchange
SID: uuid:7206f5ac-1dd2-11b2-80f3-e76de858414e
SEQ: 0

<e:propertyset xmlns:e="urn:schemas-upnp-org:event-1-0">

The events from the light bulbs is a bit more complex, how parse them is demonstrated in the code.


And when your done you can unsubscribe with the following:

SID: uuid:7206f5ac-1dd2-11b2-80f3-e76de858414e


Having worked all these bits out I put the following node js app together to test it all out with the WeMo devices I have:

Next step is to put all this together to build a new WeMo node module and then a improved Node-RED node.

Out Of Office Engine

Over Christmas (among other things) I’ve been messing around writing a little app to handle Out Of Office notifications for my Dad’s business.

Beaches and Blenders

Dad’s mail server runs Postfix on Linux and while there are a number of options to set up auto response messages, such as the vacation application. This seams to work well, but requires the user to edit files on the server to make it work. I wanted something a little bit more user friendly as none of the userbase for this tool have any idea what a Linux command line looks like.

I’ve finally started to move all my little side project from Java to NodeJS so I set out by crawling through npmjs to see which nodes I could use to help.

I started out with mailparser to be able to read and pull out the useful stuff from the original mail like the headers and any attachments.

Next up came email-templates to allow me to built a standard reply template then slot in a per user specific message. This was paired with nodemailer to actually send the response.

That was it for the bit that actually read and replied to the mail, but I needed user interface so I opted for a simple express web server using ejs to template the data.

Out Of Office Editor

All this is tied together with a small Mongodb to hold the details of each Out Of Office period and the list of email addresses that have been replied to. Mongodb is probably overkill for this but it’s simple to setup. It holds a record like this one for each user:

   "_id" : ObjectId("54a7d6f4176a69088a22b4b5"), 
  "name" : "b.hardill", 
  "startDate" : "2015-01-02T12:29:57.238Z", 
  "endDate" : "2015-01-30T21:59:17.971Z", 
  "subject" : "Away", 
  "message" : "I'll be out of the office for the next week, I'll get back to you when I get back", 
  "list" : [

I’ve stuck the project up on github here

It probably still needs some more testing but it should be good enough for what my Dad needs.

If I end up feeling really adventurous I may even try and remember hot to write a Thunderbird plugin to enable/disable things and set the dates.

Quick tip, don’t run a public facing SMTP server if you can help it

In between the Gingerbread engineering and Lego building and as part of my usual round of Christmas time IT support I ran into a new issue for me.

Towards the end of last year my dad acquired a small engineering business, as usual I got roped in to help sort out the IT side of things. I had a quick look round at what they had already over a weekend and worked out how to set up a quick off site backup system similar to the one I’ve mentioned before. The system was all Windows based so I stuck a Raspberry Pi in the wiring cupboard to give a remote access jumping off point to be able to poke at things from a far and to host a OpenVPN server to allow proper remote access.

The previous owners had set up a email system using a Windows based SMTP/POP/IMAP server app called MDaemon. It all seamed to work and I didn’t have time to swap it out for something I’m familiar with (Postfix/Dovecot on Linux) so I left it alone when I had my first look round. It turns out that the server was setup to not only accept incoming email on it’s internet facing side of things but also forward mail for signed in users. Normally I would set a mail server to only forward from users on the private internal LAN side of things, but if properly secured this arrangement should be OK. In this case things were not properly secured, lets just say that some people will be getting into the office in the new year to polite notes about selecting secure password and probably a link to this.

So one of the account had their password compromised and the server was used to send a bunch of SPAM. Once this was spotted the offending account was removed and the sever config tweaked to be a bit more sensible. This stopped the flow of SPAM and things seamed to be OK for a while until a couple of people that the business interacts with started to mention that they had not been receiving some of the email that had been sent. It turns out the IP address for the mail server had been added to a number of blacklists.

There is a site called mxtoolbox which hosts a tool for checking IP addresses against a number of the more popular blacklists. In our case we had ended up on 3 of them. The tool provides links to the sites which manage the lists and have forms to submit requests to be removed from the list once what ever has been sending the SPAM has been fixed. I have managed to successfully submit removal requests to 2 out of the 3 lists, but the Barracuda form is currently terminating the connection when ever I submit the form. As it’s the holiday period it looks like I’m going to wait until these guys are back in the office to get this fixed and hopefully get everybody accepting email.

I also found a very well hidden link to a form to get Google gmail to accept mail from us again as well, the pretty much say they you will never hear anything back from them and it could take weeks to get actioned or not…. I’ve sent this off but I’m hoping getting cleared from the other lists will help with this as well.

The other option I considered was to see if I could get the static IP assigned to the ASDL changed, but the ISP didn’t really want to entertain that so it looks like we’ll be changing ISP if I can’t get that list fixed.

So the moral of this story is find somebody to host your email for you.