Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Unable to send notifications

    General pfSense Questions
    2
    4
    1.3k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      robi
      last edited by

      On previous v2.2.x I had e-mail notifications working properly, now I upgraded to v2.3.2, and I get no more mails, but see this in the log:

      /system_advanced_notifications.php: Could not send the message to xxx@xxx.xx -- Error: could not start TLS connection encryption protocol 
      

      The mail server (provided by a zimbra installation) requires STARTTLS at Secure SMTP Connection, and uses PLAIN Notification E-Mail auth mechanism.

      Any idea how to fix?

      1 Reply Last reply Reply Quote 0
      • N
        NOYB
        last edited by

        @robi:

        On previous v2.2.x I had e-mail notifications working properly, now I upgraded to v2.3.2, and I get no more mails, but see this in the log:

        /system_advanced_notifications.php: Could not send the message to xxx@xxx.xx -- Error: could not start TLS connection encryption protocol 
        

        The mail server (provided by a zimbra installation) requires STARTTLS at Secure SMTP Connection, and uses PLAIN Notification E-Mail auth mechanism.

        Any idea how to fix?

        First guess would be certificate trust issue.  i.e. pfSense not having CA cert for the cert the email server is using.

        1 Reply Last reply Reply Quote 0
        • R
          robi
          last edited by

          ???

          It didn't need that before…
          Can't even get it, since the mail sever is managed by a third party...

          Any other tips?

          1 Reply Last reply Reply Quote 0
          • N
            NOYB
            last edited by

            @robi:

            ???

            It didn't need that before…
            Can't even get it, since the mail sever is managed by a third party...

            Any other tips?

            Um, yes you've always needed it.  And it's been there.
            But just because it's been there in the past doesn't mean it's there now.

            Get the cert being sent by the email server and look at its trust chain.  If non of its trust chain certs are in "/usr/local/share/certs/ca-root-nss.crt" then it won't work.  From time to time certs get removed/added.  It is possible the cert needed for your email server has been removed.

            Here is some additional info on the subject.
            SSL/TLS Option Breaks My SMTP Notifications
            https://forum.pfsense.org/index.php?topic=115884.0

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.