Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    SMTP Notifications bomb my email address.

    Routing and Multi WAN
    2
    5
    510
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      reberhar
      last edited by reberhar

      Re: Failover Notifications Mail bombing my email server

      I still have the email bombing problem. I finally gave up on using SMTP notifications. I disabled them. I have two servers that would just send the same email every few seconds. One would send an email about packet loss and the other sent out an error about acb and DNS failure which I fixed, but the emails kept coming.

      To turn off notifications, I had to check the box in advance notifications turning off SMTP notifications, save and reboot the boxes. Just checking the box and saving did nothing.

      One system is CE and the other is plus.

      I have three other systems that use notifications without problems, at least up to now.
      Two are HA, CARP, and one is a single server.

      I see that there is a complaint from 2012 about the same problem.

      GertjanG 1 Reply Last reply Reply Quote 0
      • GertjanG
        Gertjan @reberhar
        last edited by

        @reberhar

        Can you test / run this one : How to Run a pfSense Software File System Check (5/2020).

        If it's not a file system issue, I would considering a full in place re install of the firmware.

        When a notification or message is send, it is placed in a file, like a queue.
        Then the sender is started, using all notification mechanisms. When the notification gets send successfully, the message is removed from the queue.
        This process loops until there are no more messages in he queue/file.

        There could be an issue with this queue handling, but in that case we would all see that behaviour, not only you.
        Because we all run/use the same code.

        You could also use another smtp service (gmail works great) so you will know if the issue is the mail server depended, or not.

        I'm using my own mail servers, so I can check how pfSense sends a mail, and it behaves correctly.

        No "help me" PM's please. Use the forum, the community will thank you.
        Edit : and where are the logs ??

        R 1 Reply Last reply Reply Quote 0
        • R
          reberhar @Gertjan
          last edited by

          @gertjan Hi Gertjan, Yes of course I can do a file check. I will have to find a time when the systems can be rebooted and I will do this.

          I also am using my own email server over my tunnels. I use Horde. My other five servers are working well, not sending one email ever second.

          I appreciate the information on how the SMTP system works. Can you tell me about the file structure where this lives and I will see if I can repair it. So where is this offending queue and the supporting files? What is the process associated with it? Can I reinstall it using the static install process at the command line?

          I am not thrilled about the idea of doing a new firmware install. I am not onsite and the systems are many thousands of miles from me in another country. Yes I have done it by being creative, but trying to get an uninitiate to do what I want is a challenge. I have spend days in doing this, getting the most recent image, getting it onsite and trying to get someone to understand what I am attempting to do.

          When I am there it is a matter of 5 minutes.

          GertjanG 1 Reply Last reply Reply Quote 0
          • GertjanG
            Gertjan @reberhar
            last edited by

            @reberhar

            The mails you receive, are they 'the same', with only the time stamp that differs ?

            The notification send happens here : /etc/inc/notices.inc - the last lines of the file.

            Btw : you can't 're install' this functionality, it's part of pfSense core files.

            If your pfSense generates events that create a notification, then the issue isn't actually the mails that get send, but the event itself. The notification sender just does its job.

            Some things you can test :
            /var/db/notices_lastmsg.txt
            is the message mail being sent.
            /var/db/notifyqueue.messages
            is the queue file. When empty, it should contain :

            a:1:{s:5:"mails";a:1:{s:4:"item";a:0:{}}}

            @reberhar said in SMTP Notifications bomb my email address.:

            I appreciate the information on how the SMTP system works. Can you tell me about the file structure where this lives and I will see if I can repair it. So where is this offending queue and the supporting files? What is the process associated with it?

            See the last lines in /etc/inc/notices.inc :

            You'll find

            /* Notify via remote methods only - not via GUI. */
function notify_all_remote($msg) {
	notify_via_smtp($msg);
	notify_via_telegram($msg);
	notify_via_pushover($msg);
	notify_via_slack($msg);
}

            Follow / find notify_via_smtp();

            If the 'smtp' is disabled, just return (do nothing).
            if the message is the same as the last message, just return (do nothing)
            if $force is false, add the mail to the queue file, the notify_via_queue_add(); function is used.
            If $force was true, just send the mail direct.

            The notify_via_queue_add() is pretty straight forward : it puts the message (mail) in an array, and stores the serialized array in a fil, the queue : /var/db/notifyqueue.messages
            Then the PHP script file /usr/local/bin/notify_monitor.php is called, and executes in the background.

            /usr/local/bin/notify_monitor.php is very minimalist : if it isn't already running, it calls notices_sendqueue(); and that function you can find in /etc/inc/notices.inc.

            But again : I don't thing this part is at fault.
            it's the fact your pfSense generates events.
            These get transmitted.
            What are these events ?
            If needed, I can help you stop these ones (and only these ones).

            No "help me" PM's please. Use the forum, the community will thank you.
            Edit : and where are the logs ??

            R 1 Reply Last reply Reply Quote 0
            • R
              reberhar @Gertjan
              last edited by

              @gertjan Thanks Gertjan!

              My 2440, one of the problem machines, crashed. I am going to replace it. Perhaps it has been hardware all along. That little box has problems with the clock on the Celeron. Still, having the information on the location of the code and how the code works for SMTP will be immensely helpful for me on the other machine.

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.