pfSense Support Subscription

Author Topic: 2.4.0-RELEASE: eMail Notifications Do Not Work  (Read 1263 times)

0 Members and 1 Guest are viewing this topic.

Offline elvisimprsntr

  • Newbie
  • *
  • Posts: 7
  • Karma: +3/-0
    • View Profile
2.4.0-RELEASE: eMail Notifications Do Not Work
« on: October 15, 2017, 07:44:04 am »
BACKGROUND

This morning I tired to test the SMTP setting via the Notifications GUI and received this error message.  The settings are the same as under 2.3.4p1
Code: [Select]
Could not send the message to xxx@xxxx.com-- Error: LOGIN authentication failure [SMTP: STARTTLS failed (code: 220, response: ready for tls)]

My email host is register.com (web.com), which does not use TLS.    Enable SMTP over SSL/TLS is unchecked.

https://knowledge.web.com/subjects/article/KA-01030

It appears pfSense is forcing STARTTLS and does not fall back to plain text

Entry from /var/log/system.log
Code: [Select]
Oct 15 08:39:31 pfSense php-fpm[23937]: /system_advanced_notifications.php: Could not send the message to xxx@xxxx.com -- Error: LOGIN authentication failure [SMTP: STARTTLS failed (code: 220, response: ready for tls)]



« Last Edit: October 15, 2017, 08:14:36 am by elvisimprsntr »

Offline wolfsec

  • Newbie
  • *
  • Posts: 4
  • Karma: +0/-0
    • View Profile
Re: 2.4.0-RELEASE: eMail Notifications Do Not Work
« Reply #1 on: October 16, 2017, 03:15:10 am »
same here on all my pfsense instances updated to v2.4.0:

Could not send the message to xyxy@xyxyxy.xyx -- Error: PLAIN authentication failure [SMTP: STARTTLS failed (code: 220, response: 2.0.0 Ready to start TLS)]

Offline Blade Runner

  • Jr. Member
  • **
  • Posts: 56
  • Karma: +3/-3
    • View Profile
Re: 2.4.0-RELEASE: eMail Notifications Do Not Work
« Reply #2 on: October 16, 2017, 12:04:10 pm »
I'm seeing a similar error message:
Code: [Select]
[Could not send the message to x@y.z-- Error: Failed to connect to smtp.x.x:465 [SMTP: Invalid response code received from server (code: -1, response: )]/code]
Do not be afraid to fail.

Offline jimp

  • Administrator
  • Hero Member
  • *****
  • Posts: 21488
  • Karma: +1456/-26
    • View Profile
Re: 2.4.0-RELEASE: eMail Notifications Do Not Work
« Reply #3 on: October 16, 2017, 01:34:16 pm »
You may need to make a change in the notification settings:

Under System > Advanced on the Notifications tab:

For STARTTLS, uncheck "Enable SMTP over SSL/TLS" and ensure you are using a port that has STARTTLS enabled such as 587
For SSL/TLS (NOT STARTTLS!), check "Enable SMTP over SSL/TLS" and ensure you are using a port that is SSL/TLS only, such as 465. Make sure the server is actually listening there and responding -- this port has been deprecated for use with SMTP for years but only recently have providers begin to phase it out.

If the server has an invalid or self-signed certificate, there is not currently a way to trust it for use with notifications. We're working on a fix there but it will not be available for a while yet.
Need help fast? Commercial Support!

Co-Author of pfSense: The Definitive Guide. - Check the Doc Wiki for FAQs.

Do not PM for help!

Offline soutieslak

  • Newbie
  • *
  • Posts: 2
  • Karma: +0/-0
    • View Profile
Re: 2.4.0-RELEASE: eMail Notifications Do Not Work
« Reply #4 on: October 24, 2017, 04:34:29 am »
Also getting this error (mail server is with hetzner so required a self-signed certificate) so will have to wait for the bug fix

SMTP: 587
Enable SMTP over SSL/TLS: Unchecked
Error:
Could not send the message to ----------@gmail.com -- Error: LOGIN authentication failure [SMTP: STARTTLS failed (code: 220, response: TLS go ahead)]

SMTP: 587
Enable SMTP over SSL/TLS: Checked
Error:
Could not send the message to ----------@gmail.com -- Error: Failed to connect to ssl://smtp.------.co.za:587 [SMTP: Failed to connect socket: fsockopen(): unable to connect to ssl://smtp.------.co.za:587 (Unknown error) (code: -1, response: )]

SMTP: 465
Enable SMTP over SSL/TLS: Checked
Error:
Could not send the message to ----------@gmail.com -- Error: Failed to connect to ssl://smtp.------.co.za:465 [SMTP: Failed to connect socket: fsockopen(): unable to connect to ssl://smtp.------.co.za:465 (Unknown error) (code: -1, response: )]

Offline Gertjan

  • Hero Member
  • *****
  • Posts: 2283
  • Karma: +173/-9
    • View Profile
Re: 2.4.0-RELEASE: eMail Notifications Do Not Work
« Reply #5 on: October 24, 2017, 06:05:14 am »
Could not send the message to ----------@gmail.com -- Error: LOGIN authentication failure [SMTP: STARTTLS failed (code: 220, response: TLS go ahead)]
I don't think so.
Sending a mail to gmail : use the smtp services from gmail (READ their FAQ) and they will accept your notification mails.
Works for me

Btw : of course, do NOT use port 25 but port 465 - "SMTP over SSL/TLS" (I don't know if port 587 and STARTTLS works with them).

Offline johnpoz

  • Hero Member
  • *****
  • Posts: 14767
  • Karma: +1372/-202
  • Not a pfSense employee, they cannot fire me...
    • View Profile
Re: 2.4.0-RELEASE: eMail Notifications Do Not Work
« Reply #6 on: October 24, 2017, 06:34:08 am »
No issues sending notifications on 2.4 or 2.41.. Been running 2.4 since before RC and have gotten my test email every day...

- An intelligent man is sometimes forced to be drunk to spend time with his fools.
- Please don't PM me for personal help
- if you want to say thanks applaud or https://www.freebsdfoundation.org/donate/
1x SG-2440 2.4.2-RELEASE-p1 (work)
1x SG-4860 2.4.2-RELEASE-p1 (home)

Offline Doktor Jones

  • Jr. Member
  • **
  • Posts: 57
  • Karma: +1/-0
    • View Profile
Re: 2.4.0-RELEASE: eMail Notifications Do Not Work
« Reply #7 on: November 01, 2017, 04:22:24 pm »
I'm getting a similar issue on my own pfSense box (running 2.4.1-RELEASE on an Atom D2500), with my own mail server. The mail server has STARTTLS enabled on port 587 (but not SSL); if I check "Enable SMTP over SSL/TLS" I get:

Error: Failed to connect to ssl://mail.-----.org:587 [SMTP: Failed to connect socket: fsockopen(): unable to connect to ssl://mail.-----.org:587 (Unknown error) (code: -1, response: )]

If I uncheck it, I get:

Error: Failed to set sender: network@-----.org [SMTP: Invalid response code received from server (code: 530, response: 5.7.0 Must issue a STARTTLS command first)]

I'm not seeing anything helpful in the logs. GMail is capable of sending/receiving from the server just fine on port 587 (because I've set up the setting where I can send as addresses on that host) so AFAIK the mail server configured properly.
« Last Edit: November 01, 2017, 04:40:09 pm by Doktor Jones »

Offline Gertjan

  • Hero Member
  • *****
  • Posts: 2283
  • Karma: +173/-9
    • View Profile
Re: 2.4.0-RELEASE: eMail Notifications Do Not Work
« Reply #8 on: November 02, 2017, 04:43:41 am »
"Enable SMTP over SSL/TLS" : in this case the default 465 port should be setup using SSL, good certs etc.

When you unchecked it, you actually are gona use the good old submission, and the STARTTLS smtp sub command. Port 587 is your friend.

Quote
I'm not seeing anything helpful in the logs
You have something better : complete logs from your mail server up until the last byte received ;)

I'm using a postfix setup on a dedicated server. It took me some time (years ;)  to make it 'work' with every mail client on the planet - and it accents mails just fine on ports 465 and 587 (both authenticated of course - recognized signed certs etc).

I'm seeing the green :
Quote
SMTP testing e-mail successfully sent
afters ending a test mail - which I received.

Offline wolfsec

  • Newbie
  • *
  • Posts: 4
  • Karma: +0/-0
    • View Profile
Re: 2.4.0-RELEASE: eMail Notifications Do Not Work
« Reply #9 on: November 13, 2017, 04:02:34 pm »
...
If the server has an invalid or self-signed certificate, there is not currently a way to trust it for use with notifications. We're working on a fix there but it will not be available for a while yet.

any update onto this selgfsigned topic ?

Offline Gertjan

  • Hero Member
  • *****
  • Posts: 2283
  • Karma: +173/-9
    • View Profile
Re: 2.4.0-RELEASE: eMail Notifications Do Not Work
« Reply #10 on: November 13, 2017, 04:25:45 pm »
...
If the server has an invalid or self-signed certificate, there is not currently a way to trust it for use with notifications. We're working on a fix there but it will not be available for a while yet.
any update onto this selgfsigned topic ?
Humm.
Somewhat overlooked that part.
Especially for servers and thus mail server (and pop, imap), there is no need to use non-trusted certs any more. They are there and free these days.
pfSense sends very well mails through my server because I use certs from "Let's Encrypt", which are globally trusted now.

I would say :a way to solve the issue is : ditch these self signed certs, and take some "real ones". Certs are not gadgets anymore, they are the bricks that pave the internet-road. Learn how to drive over them.

Offline tchucho

  • Newbie
  • *
  • Posts: 1
  • Karma: +0/-0
    • View Profile
Re: 2.4.0-RELEASE: eMail Notifications Do Not Work
« Reply #11 on: November 16, 2017, 11:07:09 am »
Hi,

 same problem here. Used Gmail, Outlook, and a own email from my domain... same error on all of them

Offline Gertjan

  • Hero Member
  • *****
  • Posts: 2283
  • Karma: +173/-9
    • View Profile
Re: 2.4.0-RELEASE: eMail Notifications Do Not Work
« Reply #12 on: November 16, 2017, 04:25:29 pm »
gmail : as said above, when setup correctly (as per gmail their instructions) : works.
outlook : dono - depends if they offer standard smtps (port 465) user access, then, yeah, why not.
"own email from my domain" : depends. If YOU setup the mail server then it works when setup correctly - if it is done for you, see their instructions.
 

Offline chaos215bar2

  • Newbie
  • *
  • Posts: 4
  • Karma: +0/-0
    • View Profile
Re: 2.4.0-RELEASE: eMail Notifications Do Not Work
« Reply #13 on: December 26, 2017, 11:56:57 pm »
I'm getting a similar issue on my own pfSense box (running 2.4.1-RELEASE on an Atom D2500), with my own mail server. The mail server has STARTTLS enabled on port 587 (but not SSL); if I check "Enable SMTP over SSL/TLS" I get:

Error: Failed to connect to ssl://mail.-----.org:587 [SMTP: Failed to connect socket: fsockopen(): unable to connect to ssl://mail.-----.org:587 (Unknown error) (code: -1, response: )]

If I uncheck it, I get:

Error: Failed to set sender: network@-----.org [SMTP: Invalid response code received from server (code: 530, response: 5.7.0 Must issue a STARTTLS command first)]

I'm not seeing anything helpful in the logs. GMail is capable of sending/receiving from the server just fine on port 587 (because I've set up the setting where I can send as addresses on that host) so AFAIK the mail server configured properly.
I'm having precisely this problem. Looking at a packet capture between the pfSense box and the mail server, I see the mail server issuing what I assume is a request to use STARTTLS ("250-STARTTLS"), but the next response from pfSense starts right in with the "MAIL" command (followed by the from address). The mail server then responds with the error "530 5.7.0 Must issue a STARTTLS command first".

I'll admit to being unfamiliar with precisely how STARTTLS works, but it looks like no attempt is made to negotiate a TLS connection and certificates aren't even coming into play. The mail server also has a valid Let's Encrypt certificate. Am I missing something?

FWIW, I have a couple Synology boxes that have no problem sending mail via this server over port 587 (which should require STARTTLS, as I'm seeing in the exchange with the pfSense box).

Edit: Okay, so I think this is a bug with the test button. If I clear all settings, save, re-enter them, and test, the test email works. If I test again, it fails with the same error as above. It looks like pfSense loses track of the password I entered before hitting the test button the first time (despite filling the field with a generic 8-character password, indicating something is there but wasn't actually provided back to the browser for obvious security reasons). If I save the settings immediately after entering the password but before sending a test email, everything works fine.
« Last Edit: December 27, 2017, 12:33:20 am by chaos215bar2 »

Offline Gertjan

  • Hero Member
  • *****
  • Posts: 2283
  • Karma: +173/-9
    • View Profile
Re: 2.4.0-RELEASE: eMail Notifications Do Not Work
« Reply #14 on: December 27, 2017, 02:21:57 am »
I agree, entering some values, hit the test button until the test-mail passes, and only then "save" seems more logic.
The text below the test button
Quote
A test notification will be sent even if the service is marked as disabled. The last SAVED values will be used, not necessarily the values entered here.
is quiet clear, though.