• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

pfSense Email notification

Scheduled Pinned Locked Moved General pfSense Questions
17 Posts 7 Posters 4.4k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • P
    PDrallod
    last edited by Apr 5, 2022, 6:28 PM

    I am trying to get Email notification setup on my new system. This is pfSense 2.6.0 on Protectli FW2-2 hardware. The basic functions are all working but I am not succeeding with the notification setup using my home gmail. From what I see - Google is making this hard and it only going to get worse in May when they remove support for "less secure apps". The error message on test references Authentication 5.7.0. I did some looking at Yahoo and it seems they are going the same way. Does any know know of an email platform that is more friendly to third party apps or workaround to the google restrictions?

    I had this working on my prior pfSense system until Google started pulling the plug on the support about 1.5 years ago.

    Thanks.

    1 Reply Last reply Reply Quote 0
    • S
      stephenw10 Netgate Administrator
      last edited by Apr 5, 2022, 6:54 PM

      How are you trying to use it?

      There have been a few threads about this and needing to use an 'app password' rather than the main account password to avoid the MFA requirement.

      Steve

      P 1 Reply Last reply Apr 5, 2022, 7:09 PM Reply Quote 0
      • P
        PDrallod @stephenw10
        last edited by Apr 5, 2022, 7:09 PM

        @stephenw10 So I already have an update after reading through some of the other messages on the topic. I have it working - at least for now. The main thing is that I did not have a CA - certification authority setup. Unfortunately none of the error message or google guides ever mentioned CA to even prompt me to look at that. I set up a self signed CA. I did also find a message on the classic gmail setup which I followed - though I think I had tried that configuration. Now the only question is will it stay working after May when Google is dropping support for "less secure apps".

        S 1 Reply Last reply Apr 5, 2022, 7:46 PM Reply Quote 0
        • S
          SteveITS Galactic Empire @PDrallod
          last edited by Apr 5, 2022, 7:46 PM

          @pdrallod If your ISP doesn't block outbound port 25 you can try using your email address's MX record as a smart host, with no credentials. (basically, inbound email to yourself). Port 25 is likely blocked by most residential and many business ISPs though.

          Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
          When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
          Upvote πŸ‘ helpful posts!

          G 1 Reply Last reply Apr 7, 2022, 12:59 PM Reply Quote 0
          • G
            Gertjan @SteveITS
            last edited by Apr 7, 2022, 12:59 PM

            @steveits

            Port 25 ?
            That port really should only be used for originating and receiving mail servers.
            "Mail box clients", that you me and everybody else should use the ports reserved for that usage.

            Here it is :

            ee21136c-e495-408e-a90b-4d3bc8cac6d1-image.png

            and yes, the 'password' is not my gmail mail password.
            I created years ago a password "app password ?" especially for this pfSense setup.

            Except for the password story, this mail setup is 100 % vanilla.
            Port 465 delivering mail over TLS from the start, using identification. That's the default these days.
            smtp.gmail.com looks pretty logic also.

            I'm not aware of the fact that gmail is going to cancel this functionality.

            Automated boxes like pfSense, your hair dryer, central hating, front door cam, etc etc should not use your gmails (email) password. You have to create additional passwords, gmail will generate the for you, and you have to add some info so you will know in the future what and device is using what password. This permits you to have access to your gmail account with your own password, and remove/block/etc devices that you don't own/control any more.

            Why an app or device password ?
            If the device falls into wrong hands, and the password was stored in clear, you have a problem.
            If you change your mail password, you have to change also all the devices where you use the same gmail password. That's tedious, and you will always forget one, which means : no more notifications from that device (and gmail gets hit with many login attempts from this device that will fail).

            No "help me" PM's please. Use the forum, the community will thank you.
            Edit : and where are the logs ??

            F 1 Reply Last reply Apr 7, 2022, 1:36 PM Reply Quote 0
            • F
              flat4 @Gertjan
              last edited by Apr 7, 2022, 1:36 PM

              @gertjan try port 587

              G 1 Reply Last reply Apr 7, 2022, 1:56 PM Reply Quote 0
              • G
                Gertjan @flat4
                last edited by Gertjan Apr 7, 2022, 1:57 PM Apr 7, 2022, 1:56 PM

                @flat4 said in pfSense Email notification:

                try port 587

                Submission ? Why ?
                Very useful in the past. 587 is old and only needed for devices that have issues with TLS. You should not use these any more.

                Btw : my setup works without issues, and has been crafted as per 'gmail''s mail instructions.

                Submission uses non-TLS to start with, example :

                220 mail.my-domain.fr ESMTP Postfix
                EHLO me.tld
                250-mail.my-domain.fr
                250-PIPELINING
                250-SIZE 31457280
                250-ETRN
                250-STARTTLS
                250-AUTH PLAIN LOGIN
                250-AUTH=PLAIN LOGIN
                250-ENHANCEDSTATUSCODES
                250-8BITMIME
                250-DSN
                250-SMTPUTF8
                250 CHUNKING
                

                mail.my-domain.fr is one of my own domain names, with a mail server.

                I could enforce TLS usage at this moment, so the only command the mail client can issue is "STARTTLS". After that, the connection will be TLS. Autenfication will follow, and then the mail upload.
                Or, if I'm not enforcing TLS because my client app (device) doesn't handle TLS, or just an ancient version like SSL2 or SSL3, I could accept a 'clear' mail upload.
                I've no ancient devices or software any more, so I don't need 587 any more.

                It '465' with TLS 1.3 from bit one for me now.
                Google - gmail also prefers 465 by far.

                No "help me" PM's please. Use the forum, the community will thank you.
                Edit : and where are the logs ??

                F 1 Reply Last reply Apr 7, 2022, 2:03 PM Reply Quote 0
                • F
                  flat4 @Gertjan
                  last edited by Apr 7, 2022, 2:03 PM

                  @gertjan Just from experience 465 would not would not work so I tried 587 and it worked. At that point I didn't care if it was SSL/TLS i just needed to work,

                  G 1 Reply Last reply Apr 7, 2022, 2:30 PM Reply Quote 0
                  • G
                    Gertjan @flat4
                    last edited by Apr 7, 2022, 2:30 PM

                    @flat4 said in pfSense Email notification:

                    not would not work

                    Send email from a printer, scanner, or app

                    and scroll down on that page until you reach :

                    afd11659-7a0c-4f1b-9e73-e96e48b87875-image.png

                    and unfold that part.

                    IMHO, option 3 is the best one.

                    Note : I'm not Google, don't know if they 'firewall' IPs - or whatever system they use to protect their IPs.

                    Btw : If really needed, even port 25 can be used. That is, if your ISP let you do so.

                    No "help me" PM's please. Use the forum, the community will thank you.
                    Edit : and where are the logs ??

                    N F 2 Replies Last reply Apr 7, 2022, 2:48 PM Reply Quote 0
                    • N
                      NogBadTheBad @Gertjan
                      last edited by Apr 7, 2022, 2:48 PM

                      I followed this and it works:-

                      https://forum.netgate.com/topic/111569/howto-notifications-with-gmail-smtp

                      Andy

                      1 x Netgate SG-4860 - 3 x Linksys LGS308P - 1 x Aruba InstantOn AP22

                      G 1 Reply Last reply Apr 7, 2022, 3:14 PM Reply Quote 1
                      • F
                        flat4 @Gertjan
                        last edited by Apr 7, 2022, 3:11 PM

                        @gertjan I no longer use gmail but when i did, i used an app password and port 587. That's why I suggested it since port 465 would not work at that time.

                        1 Reply Last reply Reply Quote 0
                        • G
                          Gertjan @NogBadTheBad
                          last edited by Apr 7, 2022, 3:14 PM

                          @nogbadthebad said in pfSense Email notification:

                          https://forum.netgate.com/topic/111569/howto-notifications-with-gmail-smtp

                          #meto

                          That's how I created the image shown above.

                          No "help me" PM's please. Use the forum, the community will thank you.
                          Edit : and where are the logs ??

                          S 1 Reply Last reply Apr 7, 2022, 3:15 PM Reply Quote 0
                          • S
                            SteveITS Galactic Empire @Gertjan
                            last edited by SteveITS Apr 7, 2022, 3:18 PM Apr 7, 2022, 3:15 PM

                            I think OP is referring to:
                            https://support.google.com/accounts/answer/6010255?hl=en
                            "To help keep your account secure, starting May 30, 2022, ​​Google will no longer support the use of third-party apps or devices which ask you to sign in to your Google Account using only your username and password.

                            Please note this deadline does not apply to Google Workspace or Google Cloud Identity customers. The enforcement date for these customers will be announced on the Workspace blog at a later date."

                            Edit: I clicked on the sections, and it also says, "Because less secure apps can make your account more vulnerable, Google will automatically turn this setting off if it’s not being used."
                            and
                            "If "Less secure app access" is turned off for your account, you can turn it back on. We recommend switching to more secure apps instead."

                            So that part doesn't sound at all like they're turning it off.

                            Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
                            When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
                            Upvote πŸ‘ helpful posts!

                            G P 2 Replies Last reply Apr 7, 2022, 9:34 PM Reply Quote 0
                            • G
                              Gertjan @SteveITS
                              last edited by Apr 7, 2022, 9:34 PM

                              @steveits
                              There is also a difference between accessing the entire Google 'account' or just sending a mail.
                              We'll see what happens.

                              No "help me" PM's please. Use the forum, the community will thank you.
                              Edit : and where are the logs ??

                              1 Reply Last reply Reply Quote 0
                              • jimpJ
                                jimp Rebel Alliance Developer Netgate
                                last edited by Apr 11, 2022, 1:45 PM

                                See the recent note at the bottom of the docs page section on e-mail notifications:

                                https://docs.netgate.com/pfsense/en/latest/config/advanced-notifications.html#smtp-e-mail

                                Your account must have 2-step verification on and then you must create an app password for it.

                                I'm not sure if you could create an app password without 2FA in the past, but the first thing I'd check is to ensure that 2FA is enabled for the account. They may have locked that part down. It wouldn't surprise me if you had to make a new app password after enabling 2FA as well.

                                Remember: Upvote with the πŸ‘ button for any user/post you find to be helpful, informative, or deserving of recognition!

                                Need help fast? Netgate Global Support!

                                Do not Chat/PM for help!

                                G 1 Reply Last reply Apr 11, 2022, 2:25 PM Reply Quote 0
                                • G
                                  Gertjan @jimp
                                  last edited by Apr 11, 2022, 2:25 PM

                                  I just checked my account.
                                  I'm using F2A for many years already.

                                  This is what I found :

                                  a2d9406c-db9a-4087-b326-88967ab12008-image.png

                                  So, I'm actually using these "App passwords", that is, my 2 pfSense are using them, as the image shows (Apr 10 & Apr 9).

                                  No "help me" PM's please. Use the forum, the community will thank you.
                                  Edit : and where are the logs ??

                                  1 Reply Last reply Reply Quote 0
                                  • P
                                    PDrallod @SteveITS
                                    last edited by Apr 14, 2022, 4:17 PM

                                    @steveits You are correct that my original post was referring to Google's May 30, 2022 deadline turning off third party app support. I think perhaps I read more into this than I should - but we'll know for sure in about 6 weeks. In the meantime - I have set up 2FA and set up an App password for pfSense. Notification is all working well for now. Thanks to all for their advice.

                                    I do wish pfSense provided a little more control of which notifications to send, but that is a different topic.

                                    1 Reply Last reply Reply Quote 0
                                    2 out of 17
                                    • First post
                                      2/17
                                      Last post
                                    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
                                      This community forum collects and processes your personal information.
                                      consent.not_received