Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    SMTP notifications can't connect

    Scheduled Pinned Locked Moved General pfSense Questions
    4 Posts 2 Posters 25 Views 2 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • O Offline
      ohmantics
      last edited by

      I have two sites (main and satellite) connected via a Wireguard tunnel. I'm running FRR BGP and the routes all look fine. I can connect to both sides properly from either side, etc. Everything generally works.

      On the satellite site, I've just tried to setup SMTP notifications and am getting errors that it can't connect to our SMTP server. I can connect to it just fine from the shell.

      The split DNS config I have setup will resolve the mail server FQDN if the tunnel is up or down and neither resolution causes connectivity to work.

      The default gateway is set to Automatic, but setting it to the WAN doesn't resolve it.

      If some firewall rule is relevant, I'm not sure which set of rules apply to the SMTP notification process; I'm not seeing any blocks logged, but I don't have logging on for the default block on every interface (not trying to kill SSDs fast). The tunnel has an allow any-to-any rule and nothing is blocked outbound on the WAN.

      O 1 Reply Last reply Reply Quote 0
      • O Offline
        ohmantics @ohmantics
        last edited by

        Oh look, the "Validate the SSL/TLS certificate presented by the server" checkbox doesn't seem to actually disable validation. (Yes, I'm using a self-signed certificate. Not debating that here.) I've tried adding the CA and certificate via the Certificates UI with the CA going into the system trust store.

        It's connecting to the SMTP server from the tunnel address, which doesn't have a PTR record, so that also fails some of my postfix config's checks. PTR lookups aren't resolving between the two sites. Not quite sure how to do that -- I use the Forwarder.

        1 Reply Last reply Reply Quote 0
        • stephenw10S Offline
          stephenw10 Netgate Administrator
          last edited by

          So its throwing an error trying to connect to the server? What are you actually seeing?

          O 1 Reply Last reply Reply Quote 0
          • O Offline
            ohmantics @stephenw10
            last edited by

            @stephenw10

            Could not send the message to root@example.com -- Error: Failed to connect to ssl://example.com:587 [SMTP: Failed to connect socket: stream_socket_client(): Unable to connect to ssl://example.com:587 (Unknown error) (code: -1, response: )]

            Submission is set to require TLS and it's failing and not seeming to be taking the CA/certs I added.

            Could not send the message to root@example.com -- Error: Failed to add recipient: root@example.com [SMTP: Invalid response code received from server (code: 450, response: 4.7.1 Client host rejected: cannot find your reverse hostname, [10.254.0.1])]

            This is because there's no PTR for the far side of the tunnel between the sites and the dnsmasq setup is currently just domain override-based.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.