no email on primary wan fail
-
-
Hello!
I see this occasionally with notifications on multi-wan.
I think that error message is from the PEAR Mail code.Use a longer timeout...?
Check outbound nat mappings that push smtp out a certain address...?
Local WAN egress filtering for smtp...?
Fallback ISP (default route) blocking smtp...? Alternate smtp port...?
Check /var/db/notices_lastmsg.txt & notifyqueue.messages to see if it was queued...?John
Lex parsimoniae
-
@serbus At this point I'm thinking seriously of going with a sonicwall. :(
-
@serbus said in no email on primary wan fail:
I think that error message is from the PEAR Mail code.
/usr/local/share/pear/Mail.php - line 141 : the PHP mail() function is used.
Not really different from what the packet manager would use, as wget.If the button fails, what does :
telnet outbound.mailhop.org 25?
If that fails, use option 16
16) Restart PHP-FPMand try again.
@beavisnbutthead said in no email on primary wan fail:
thinking seriously of going with a sonicwall.
Or use time effort money to get a better WAN uplink ? ;)
edit : php info :
/usr/sbin/sendmail isn't part of pfSense any more.
-
I noticed that too. Based on my log inspection it looks like pfSense tries to send emails and pushover notifications too soon - before switching the default gateway to failover. Developers need to look into it.
-
Hello!
The timing is an issue, but so is queueing. There is some basic smtp message queueing in pfsense, but it is not an mta. I usually setup a pi along side pfsense and run postfix, in addition to all of the other packages that are nice/needed but really shouldnt be run under pfsense.
John
-
@gertjan said in no email on primary wan fail:
@serbus said in no email on primary wan fail:
I think that error message is from the PEAR Mail code.
/usr/local/share/pear/Mail.php - line 141 : the PHP mail() function is used.
Not really different from what the packet manager would use, as wget.If the button fails, what does :
telnet outbound.mailhop.org 25?
If that fails, use option 16
16) Restart PHP-FPMand try again.
@beavisnbutthead said in no email on primary wan fail:
thinking seriously of going with a sonicwall.
Or use time effort money to get a better WAN uplink ? ;)
edit : php info :
/usr/sbin/sendmail isn't part of pfSense any more.
Uptime on primary wan is 179 days.
I'm running:
1 1000 fiber
2 1000 fiber
3 150x150 comcast -
@pfpv What does the 'flush all states' do? Would this fix the problem?
-
Submitted a bug report:
https://redmine.pfsense.org/issues/13439#change-62630
Seems a failure to send wan alert emails is functioning as designed.
<gripe mode on>
What the heck kind of mickey mouse crap is this? I'm not a veteran of pfsense only having run it at my office for ~2 years, but I never had this inadequacy w/ sonicwalls or watchguards.
This was a test case before I started rolling out to clients' offices.
Thanks to those that replied.
-
@beavisnbutthead said in no email on primary wan fail:
@pfpv What does the 'flush all states' do? Would this fix the problem?
It didn't help in my experience. It looks like messages are sent after the primary gateway failed but before the failover to the secondary.
The new pfSense version (I am on 22.05) has 3 options. One of them is "Kill states for all gateways which are down", so it won't flush all states but only those that make sense. That's what I use but again, it doesn't help here.
-
dunno man...
i just gave up and put a sonicwall in my amazon cart
-
@beavisnbutthead During my latest failover I received the gateway failure email and see from the log that it was sent a second after the failover. I don't know if it's by design or coincidence. I am on 22.05. Based on the closed ticket it seems like a coincidence. Maybe pfSense was busy and delayed sending.
UPDATE: The second time the primary gateway failed the Pushover notification was sent before "Gateway, switch to: WAN2_PPPOE" (the backup gateway and it didn't go through (Pushover API server did not return data in expected format!) but the email was sent after the switchover and "Message sent to Email OK". So, timing is not tracked.
-
@pfpv My cpu load is low, around 5%. Ram usage is <20%. This is running a 4 core celeron box w/ ssd. Honestly, I've never had this trouble ever before. Had high hopes for pfsense, but I know I can solve this by replacing w/ another brand faster and cheaper than trying to fix it.
-
@beavisnbutthead said in no email on primary wan fail:
Submitted a bug report:
https://redmine.pfsense.org/issues/13439#change-62630
Seems a failure to send wan alert emails is functioning as designed.
<gripe mode on>
What the heck kind of mickey mouse crap is this? I'm not a veteran of pfsense only having run it at my office for ~2 years, but I never had this inadequacy w/ sonicwalls or watchguards.
This was a test case before I started rolling out to clients' offices.
Thanks to those that replied.
Pinging @jimp who closed the ticket. Notification are perhaps the most critical pieces of information admins can get about gateways failures, especially when admins are away. I can't find notifications anywhere later after I log in to pfSense. If they are missed they are gone. I can deduce what happened from the logs but the notifications are concise. They seem to be sent immediately after the event, which makes sense, but often before the switch to the secondary gateway. I wonder if it's possible to implement a one second delay to sending them. This will greatly increase chances of them going through in failover situations.
-
@pfpv I don't know. I did see that emails have a timeout, default is 20 seconds. When I pull the wan1 link, the failover happens in <5 seconds.
I've run multi wan for decades... never had problems w/ this feature even when I used linksys/dlink.
