[Problem was between chair & keyboard] Cannot send notification emails in 2.3.2

deajan

Hello,

I'm facing a problem with the email notification setup on my home pfSense.
I've configured the SMTP notification settings to use mail.gandi.net as SMTP server, but when I send a test email, I get the following error message:

Could not send the message to infra@xxxxxxx -- Error: 554 5.7.1 <xxx.xxx.141.77.rev.sfr.net[77.141.xxx.xxx]>: Client host rejected: Access denied</xxx.xxx.141.77.rev.sfr.net[77.141.xxx.xxx]>

The IP of the error message is my public IP and reverse DNS.

If I happen to change mail.gandi.net to something bogus, pfSense complains that it can't resolve the IP / FQDN so at least it tries to use that address.
If I happen to ssh into pfSense and manually connect to mail.gandi.net via telnet, it works.

[2.3.2-RELEASE][root@badrouter.badmin.local]/root: telnet mail.gandi.net 587
Trying 217.70.184.11...
Connected to mail.gandi.net.
Escape character is '^]'.
220 relay.mail.gandi.net ESMTP Postfix
421 4.4.2 relay5-d.mail.gandi.net Error: timeout exceeded
Connection closed by foreign host.

Screenshot
http://imgur.com/a/P4JBO

I don't have any DNS overrides nor any special firewall rules enabled.
The pfSense box is bridged to a modem.
If I understand well, mail.gandi.net gets rewritten somewhere to my public IP.
But then, why would the telnet command work ?

Also, pfSense DNS doesn't seem to rewrite it

[2.3.2-RELEASE][root@badrouter.badmin.local]/root: nslookup mail.gandi.net
Server:         127.0.0.1
Address:        127.0.0.1#53

Non-authoritative answer:
Name:   mail.gandi.net
Address: 217.70.184.11

Anything I missed ? I'm clueless AF :)

Running pfSense 2.3.2-p1 x64.

Thanks for any insight.

johnpoz

huh?

[77.141.xxx.xxx]>: Client host rejected: Access denied

Says you have access denied.

So I show that resolves to
;; QUESTION SECTION:
;mail.gandi.net.                        IN      A

;; ANSWER SECTION:
mail.gandi.net.        86400  IN      A      217.70.184.11

That error you got yes is the mail server telling you that YOUR IP was rejected, because you didn't auth or it doesn't accept mail from you..

I get the same error - since clearly I do not have an account when trying to send something..

root@ns1:~# telnet mail.gandi.net 25
Trying 2001:4b98:c:521::11…
Connected to mail.gandi.net.
Escape character is '^]'.
220 relay.mail.gandi.net ESMTP Postfix
mail from: billy@gandi.net
250 2.1.0 Ok
rcpt to: test@test.com
554 5.7.1 <ns1.snipped[2605:6400:snipped:a213]>: Client host rejected: Access denied

Is that your isp mailserver?  If so you need to get with them on if you can relay mail through and if so do you need to auth, can you use any from address, can you only send to specific addresses, etc. etc..

You can see I was connecting via its ipv6 address.</ns1.snipped[2605:6400:snipped:a213]>

deajan

OMFG ! I am so tired I didn't correctly read the error message, thinking that this IP replied instead of the reply saying that my IP isn't allowed.
Fixed auth, and here we go !
I feel stupid for the lame post.

Thanks for the tap behind the head John :)