Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    pfSense 2.4.4 SMTP Question

    Scheduled Pinned Locked Moved General pfSense Questions
    6 Posts 2 Posters 1.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • E
      elvisimprsntr
      last edited by elvisimprsntr

      Does 2.4.4 fix the long standing SMTP issue, or will I be still be required to manually edit the /usr/local/share/pear/Net/SMTP.php file again work work around this issue?

      https://github.com/pear/Net_SMTP/issues/14

      https://github.com/pear/Net_SMTP/commit/68420118ac8f9dfe5c4b8cac1bdb955efcd4be21

      1 Reply Last reply Reply Quote 0
      • jimpJ
        jimp Rebel Alliance Developer Netgate
        last edited by

        It would help if you properly defined what the "SMTP issue" is and what edits you are making to work around it.

        I don't recall any changes we made there but there were major changes to PHP since we switched to 7.2.

        Remember: Upvote with the ๐Ÿ‘ button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        E 1 Reply Last reply Reply Quote 0
        • E
          elvisimprsntr @jimp
          last edited by elvisimprsntr

          @jimp

          Sorry. I assumed is was a well documented and widespread issue.

          https://forum.netgate.com/topic/121424/2-4-0-release-email-notifications-do-not-work

          https://www.bing.com/search?q=pfsense+SMTP+fail&go=Search&qs=n&form=QBRE&sp=-1&pq=pfsense+smtp+fail

          File: /usr/local/share/pear/Net/SMTP.php

          Is:

          this->socket_options = $socket_options;

          Changed to:

          $this->socket_options = array('ssl' => array('verify_peer_name' => false));

          According the the pear developers, there is a mechanism which is not being correctly utilized.

          Ref:
          https://github.com/pear/Net_SMTP/issues/14
          https://github.com/pear/Net_SMTP/commit/68420118ac8f9dfe5c4b8cac1bdb955efcd4be21

          Connection options can be specified via the $socket_options construction
          parameter::
          $socket_options = array('ssl' => array('verify_peer_name' => false));
          $smtp = new Net_SMTP($host, null, null, false, 0, $socket_options);
          Note: PHP 5.6 introduced OpenSSL changes_. Peer certificate verification
          is now enabled by default. Although not recommended, $socket_options can be
          used to disable peer verification (as shown above).

          1 Reply Last reply Reply Quote 0
          • jimpJ
            jimp Rebel Alliance Developer Netgate
            last edited by

            It doesn't matter how widespread the issue may be, if you vaguely define it, people won't know what you're talking about for certain.

            Looking all that over, the question then is: Why do you have to disable peer verification, which is a good thing?

            If you use a hostname and a proper trusted cert, it shouldn't be necessary.

            Is there an open Redmine issue to address the problem?
            As a test, try this patch to see if it works for you without modifying the other code in pear modules:

            diff --git a/src/etc/inc/notices.inc b/src/etc/inc/notices.inc
            index 2e33ab997f..91889cefa1 100644
            --- a/src/etc/inc/notices.inc
            +++ b/src/etc/inc/notices.inc
            @@ -393,7 +393,8 @@ function send_smtp_message($message, $subject = "(no subject)", $force = false)
             		    ? $config['notifications']['smtp']['timeout']
             		    : 20,
             		'debug' => false,
            -		'persist' => false
            +		'persist' => false,
            +		'socket_options' => array('ssl' => array('verify_peer_name' => false))
             	);
             
             	if ($config['notifications']['smtp']['fromaddress']) {
            

            If that works then it would be fairly easy to add a GUI knob to toggle verification.

            Remember: Upvote with the ๐Ÿ‘ button for any user/post you find to be helpful, informative, or deserving of recognition!

            Need help fast? Netgate Global Support!

            Do not Chat/PM for help!

            1 Reply Last reply Reply Quote 0
            • E
              elvisimprsntr
              last edited by

              Seems to work.

              1. restored SMTP.php to original
              2. confirmed test notification fails
              3. made changes to notices.inc as list above
              4. confirmed test notification successful
              SMTP testing e-mail successfully sent
              
              1 Reply Last reply Reply Quote 0
              • jimpJ
                jimp Rebel Alliance Developer Netgate
                last edited by

                Should be simple to fix that now that we can easily disable it. I added https://redmine.pfsense.org/issues/9001 to track it.

                Remember: Upvote with the ๐Ÿ‘ button for any user/post you find to be helpful, informative, or deserving of recognition!

                Need help fast? Netgate Global Support!

                Do not Chat/PM for help!

                1 Reply Last reply Reply Quote 1
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.