pfSense 2.4.4 SMTP Question
-
Does 2.4.4 fix the long standing SMTP issue, or will I be still be required to manually edit the /usr/local/share/pear/Net/SMTP.php file again work work around this issue?
https://github.com/pear/Net_SMTP/issues/14
https://github.com/pear/Net_SMTP/commit/68420118ac8f9dfe5c4b8cac1bdb955efcd4be21
-
It would help if you properly defined what the "SMTP issue" is and what edits you are making to work around it.
I don't recall any changes we made there but there were major changes to PHP since we switched to 7.2.
-
Sorry. I assumed is was a well documented and widespread issue.
https://forum.netgate.com/topic/121424/2-4-0-release-email-notifications-do-not-work
https://www.bing.com/search?q=pfsense+SMTP+fail&go=Search&qs=n&form=QBRE&sp=-1&pq=pfsense+smtp+fail
File: /usr/local/share/pear/Net/SMTP.php
Is:
this->socket_options = $socket_options;
Changed to:
$this->socket_options = array('ssl' => array('verify_peer_name' => false));
According the the pear developers, there is a mechanism which is not being correctly utilized.
Ref:
https://github.com/pear/Net_SMTP/issues/14
https://github.com/pear/Net_SMTP/commit/68420118ac8f9dfe5c4b8cac1bdb955efcd4be21Connection options can be specified via the
$socket_optionsconstruction
parameter::
$socket_options = array('ssl' => array('verify_peer_name' => false));
$smtp = new Net_SMTP($host, null, null, false, 0, $socket_options);
Note: PHP 5.6 introducedOpenSSL changes_. Peer certificate verification
is now enabled by default. Although not recommended,$socket_optionscan be
used to disable peer verification (as shown above). -
It doesn't matter how widespread the issue may be, if you vaguely define it, people won't know what you're talking about for certain.
Looking all that over, the question then is: Why do you have to disable peer verification, which is a good thing?
If you use a hostname and a proper trusted cert, it shouldn't be necessary.
Is there an open Redmine issue to address the problem?
As a test, try this patch to see if it works for you without modifying the other code in pear modules:diff --git a/src/etc/inc/notices.inc b/src/etc/inc/notices.inc index 2e33ab997f..91889cefa1 100644 --- a/src/etc/inc/notices.inc +++ b/src/etc/inc/notices.inc @@ -393,7 +393,8 @@ function send_smtp_message($message, $subject = "(no subject)", $force = false) ? $config['notifications']['smtp']['timeout'] : 20, 'debug' => false, - 'persist' => false + 'persist' => false, + 'socket_options' => array('ssl' => array('verify_peer_name' => false)) ); if ($config['notifications']['smtp']['fromaddress']) {If that works then it would be fairly easy to add a GUI knob to toggle verification.
-
Seems to work.
- restored SMTP.php to original
- confirmed test notification fails
- made changes to notices.inc as list above
- confirmed test notification successful
SMTP testing e-mail successfully sent -
Should be simple to fix that now that we can easily disable it. I added https://redmine.pfsense.org/issues/9001 to track it.
