Email notofication and gmail smtp

romainp

Hi,
Maybe the notification is not supposed to work with gmail but I have tester a connection to gmail smtp to receive pf notification on my gmail account:

IP Address of E-Mail server : smtp.gmail.com
SMTP Port of E-Mail server : 587

Every time I hit the save button and a test is made I receive this error message in the logs:

php: /system_advanced_notifications.php: Could not send the message to romain.pelissier@gmail.com – Error: 530 5.7.0 Must issue a STARTTLS command first. h20sm7434523qck.24

Found this on the net but not yet investigate further:
http://www.mail-archive.com/info-gnus-english@gnu.org/msg08196.html

johnpoz

If you SENDING to an gmail account you sure don't need use tls, etc.

Just use port 25, and the server would be the standard mx record for gmail, not smtp.gmail.com – which would be for sending to other domains from your gmail account.

So pick one of these
;; QUESTION SECTION:
;gmail.com. IN MX

;; ANSWER SECTION:
gmail.com. 3594 IN MX 10 alt1.gmail-smtp-in.l.google.com.
gmail.com. 3594 IN MX 20 alt2.gmail-smtp-in.l.google.com.
gmail.com. 3594 IN MX 30 alt3.gmail-smtp-in.l.google.com.
gmail.com. 3594 IN MX 40 alt4.gmail-smtp-in.l.google.com.
gmail.com. 3594 IN MX 5 gmail-smtp-in.l.google.com.

Port 25, your gmail email address and the from address you can make from whoever pfsense@alert.tld you don't need a username or password, to send directly to gmail servers. That info would be for if you were using say some other smtp server to send to otherdomainnothostedbysmtpserver.com

gmailnote.jpg_thumb

romainp

I have tested with one of the smtp server you have found but still have the same issue. I have then use the smtp server provided by my internet provider and all is working now.

johnpoz

Well its possible your ISP blocks outbound to 25 off its network, so then sure you would not be able to talk to the servers directly, easy enough to do a simple test of that with telnet.

C:\Windows\System32>telnet gmail-smtp-in.l.google.com 25

220 mx.google.com ESMTP f13si33722846ibb.22
quit
221 2.0.0 closing connection f13si33722846ibb.22

If you can not connect, then no you would not be able to send directly to gmail and would have to use your ISP smtp server, etc.

rilles

Still doesn't work for me using my ISP (Rogers - which uses Yahoo email servers).

On port 25 with all the correct settings it still fails with "Error: 530 authentication required"… seems pfense 2.0 is not sending the credentials. My email client (Thunderbird) has no issues.

johnpoz

On this document it clearly states to use port 587

http://www.rogershelp.com/yahoo/mail/settings.html

Outgoing (SMTP) Port Number: 587

rilles

Highly amusing, they have changed all their web pages to port 587 from port 25 from 2 years ago. But not relevant, my email client works fine on port 25 and I can telnet there and test without issue. Changing it to port 587 in any case does not help with the pfsense error.

johnpoz

Well I just tested using another smtp server, and yup it fails.

I know for a fact that have the correct username and password, since I just tested the auth from command line

250 homiemail-a48.g.dreamhost.com
auth login
snipped
235 2.7.0 Authentication successful

To test from telnet you need to base64 your email address and password, send base64 encoded emailaddress, then enter then base64 encoded password. And this works fine, but put the same info into pfsense and yup it fails.

But if you have telnet access off your network, then just send directly to the mail server for the domain your wanting to sent email too.

But they need to correct this, think I will do a sniff and see what its doing wrong.

edit: Ok from a capture it never sends the auth command, nor the info.. So yeah its broke!

capture.jpg_thumb

jimp

Some commits happened for this over the weekend, can you try a new snapshot and see if it works?

ldpaniak

Just upgraded tested e-mail on the latest snapshot (Mon Jan 3 03:26 2011)

I get an error:

Warning: require_once(sasl.inc): failed to open stream: No such file or directory in /etc/inc/notices.inc on line 286 
Fatal error: require_once(): Failed opening required 'sasl.inc' (include_path='.:/etc/inc:/usr/local/www:/usr/local/captiveportal:/usr/local/pkg') in /etc/inc/notices.inc on line 286

jimp

Here is the open ticket for that, the error messages would be useful to the person working on the issue: http://redmine.pfsense.org/issues/1141

johnpoz

yup getting the same error when try to change the notification section to use auth.

Warning: require_once(sasl.inc): failed to open stream: No such file or directory in /etc/inc/notices.inc on line 286 Fatal error: require_once(): Failed opening required 'sasl.inc' (include_path='.:/etc/inc:/usr/local/www:/usr/local/captiveportal:/usr/local/pkg') in /etc/inc/notices.inc on line 286

On the latest snap

2.0-BETA5 (i386)
built on Mon Jan 3 03:26:07 EST 2011

edit:
Ok, tested the lastest snap and still not working
2.0-BETA5 (i386)
built on Mon Jan 3 13:22:20 EST 2011

now bug says it was fixed because he did not include the sasl.inc or sasl.php from the class – but that was still missing after the update.. But I grabbed the file from the links in the bug, renamed to .inc and then changed the names for the other files to be .inc vs .php and its working.. I would assume the next snap will include file?

But if not you can always make it work on your own.. Just grab from the link in the bug.

I tested sending to my dreamhost server authing, and its send to my gmail address just fine.

As you can see from capture its sending auth now ;) I'll the file I added and edited before I upgrade to the next snap to verify its now included, etc.

authworking.png_thumb

ppomes

Hi all,

Yeah, I made only a partial operation with git and I forgot to add /etc/inc/sasl.inc :-(

The file should now be in the lastest snapshot, can you just try again to validate all is ok ?

Many thanks,
Pierre

ldpaniak

Works for me now with latest snap.

Thanks!

rilles

Working for me now also with 1/5/11 snapshot.

TheAngryPenguin

I just joined the 2.x revolution and was unable to get e-mail notifications working as previously described in this post. For one reason or another, my pfSense is unable to authenticate against smtp.gmail.com:587. Since I use Google Apps to host my domain's e-mail, I decided to extend the guidance above by performing a lookup on my domain (http://www.mxtoolbox.com is a handy tool), and I used the resulting hostname in my config. Same deal – use port 25, no need for AUTH, the From: address can even be 'spoofed'. Hope this helps anyone who may run into the same problem!

johnpoz

Guess Im going to sound like a dick no matter how I say this - but no shit you would not be able to connect to gmail.com on port 25 - nobody ever suggested that you do such a thing.. I clearly pointed out the MX records for gmail.com – why would you have tried to use gmail.com??

But yes as already went over you could send directly to the smtp server for you domain, and would have no need to auth.. But as also went over they corrected the issue and now you can auth to whatever smtp server you want to use to send email to your notification address.

TheAngryPenguin

My bad. I was trying so many different configs – meant to note that my pfSense was unable to auth against smtp.gmail.com:587.

photonman

gmail smtp requires ssl so use port 587 or 465