Email Notification error when using microsoft exchange
-
Hello there!
I have a running PFSense 2.5 and went to System > Advanced > Notifications and configured my email on it.
I inserted everything correctly - smtp.office365.com, port 587, and the auth email with correct password but when i click TEST SMTP settings i get the message:Error: Failed to connect to ssl://smtp.office365.com:587 [SMTP: Failed to connect socket: fsockopen(): unable to connect to ssl://smtp.office365.com:587 (Unknown error) (code: -1, response: )]
Does anyone knows the procedure to fix this?
-
@raulchiarella
You have obviously enabled "Secure SMTP Connection", but that is not supported by the server.
It provides STARTTLS instead, which is used automatically by pfSense. -
You mean secure SMTPS on the server side or the microsoft exchange side?
I tested with the option Enable SMTP over SSL/TLS ENABLED and DISABLED but when i try the disabled method it returns "You need SSL/TLS connection for this to work", when i enable again it returns the error above
I m not sure why thats not working. My Microsoft acc works well with other mails like thunderbird, outlook etc
-
I've had issues setting up M365 email also. My notes:
via M365: smtp.office365.com:587, user/pass, SSL/TLS unchecked, auth mechanism LOGIN
MS has a document on SMTP relay but the settings don't quite match up and/or seem inconsistent. On occasion I have given up and used some other relay to be honest. :)
Two notes:
- save changes before testing
- enter the password every time you save changes (it may be auto-filling, and/or not remembering it)
-
Newer Office365 tenants have MFA (Multi-Factor Auth) enabled (i.e. login verification by MSFT Authenticator app or SMS) so that simple name+password+STARTTLS is going to fail.
You first have to ENABLE SMTP Auth as an allowed auth method in the users Mail / Manage Mail Apps settings. SMTP Auth is now DISABLED by default so it has to be checked for it to work at all.
There is a way to disable this I believe by creating an "application password" which is accepted for auth, bypassing MFA.
- You have to set the user account to "Enforce" MFA first.
- Then go to https://mysignins.microsoft.com/security-info as the user and then add a method "App password" to create the static password to allow login without MFA.
More detail here:
https://d365demystified.com/2021/10/17/allow-users-to-create-app-passwords-in-office-365-multi-factor-authentication/
I'm working on this now as I just migrated to O365 and all my automated notifications are broken.
-
@lohphat All true. What we have done in many cases is, if the office has a fixed IP, set up a connector (option 3 in the MS doc page) to allow relaying from that IP. No credentials necessary. That also covers other devices like scanners/MFPs. If desired pfSense firewall rules can block port 25 outbound from other devices.
The "app password" idea works but to me it's just a second (third, fourth) valid password that bypasses MFA. I'd feel a bit better if MS made them like 3x longer.
-
@lohphat said in Email Notification error when using microsoft exchange:
Newer Office365 tenants have MFA (Multi-Factor Auth) enabled (i.e. login verification by MSFT Authenticator app or SMS) so that simple name+password+STARTTLS is going to fail.
You first have to ENABLE SMTP Auth as an allowed auth method in the users Mail / Manage Mail Apps settings. SMTP Auth is now DISABLED by default so it has to be checked for it to work at all.
There is a way to disable this I believe by creating an "application password" which is accepted for auth, bypassing MFA.
- You have to set the user account to "Enforce" MFA first.
- Then go to https://mysignins.microsoft.com/security-info as the user and then add a method "App password" to create the static password to allow login without MFA.
More detail here:
https://d365demystified.com/2021/10/17/allow-users-to-create-app-passwords-in-office-365-multi-factor-authentication/
I'm working on this now as I just migrated to O365 and all my automated notifications are broken.
Thanks. This is what was causing the issue... I enabled SMTP Auth and now everything works fine.
