[Problem was between chair & keyboard] Cannot send notification emails in 2.3.2



  • Hello,

    I'm facing a problem with the email notification setup on my home pfSense.
    I've configured the SMTP notification settings to use mail.gandi.net as SMTP server, but when I send a test email, I get the following error message:

    Could not send the message to infra@xxxxxxx -- Error: 554 5.7.1 <xxx.xxx.141.77.rev.sfr.net[77.141.xxx.xxx]>: Client host rejected: Access denied</xxx.xxx.141.77.rev.sfr.net[77.141.xxx.xxx]>
    

    The IP of the error message is my public IP and reverse DNS.

    If I happen to change mail.gandi.net to something bogus, pfSense complains that it can't resolve the IP / FQDN so at least it tries to use that address.
    If I happen to ssh into pfSense and manually connect to mail.gandi.net via telnet, it works.

    [2.3.2-RELEASE][root@badrouter.badmin.local]/root: telnet mail.gandi.net 587
    Trying 217.70.184.11...
    Connected to mail.gandi.net.
    Escape character is '^]'.
    220 relay.mail.gandi.net ESMTP Postfix
    421 4.4.2 relay5-d.mail.gandi.net Error: timeout exceeded
    Connection closed by foreign host.
    

    Screenshot
    http://imgur.com/a/P4JBO

    I don't have any DNS overrides nor any special firewall rules enabled.
    The pfSense box is bridged to a modem.
    If I understand well, mail.gandi.net gets rewritten somewhere to my public IP.
    But then, why would the telnet command work ?

    Also, pfSense DNS doesn't seem to rewrite it

    [2.3.2-RELEASE][root@badrouter.badmin.local]/root: nslookup mail.gandi.net
    Server:         127.0.0.1
    Address:        127.0.0.1#53
    
    Non-authoritative answer:
    Name:   mail.gandi.net
    Address: 217.70.184.11
    
    

    Anything I missed ? I'm clueless AF :)

    Running pfSense 2.3.2-p1 x64.

    Thanks for any insight.


  • Rebel Alliance Global Moderator

    huh?

    [77.141.xxx.xxx]>: Client host rejected: Access denied

    Says you have access denied.

    So I show that resolves to
    ;; QUESTION SECTION:
    ;mail.gandi.net.                        IN      A

    ;; ANSWER SECTION:
    mail.gandi.net.        86400  IN      A      217.70.184.11

    That error you got yes is the mail server telling you that YOUR IP was rejected, because you didn't auth or it doesn't accept mail from you..

    I get the same error - since clearly I do not have an account when trying to send something..

    root@ns1:~# telnet mail.gandi.net 25
    Trying 2001:4b98:c:521::11…
    Connected to mail.gandi.net.
    Escape character is '^]'.
    220 relay.mail.gandi.net ESMTP Postfix
    mail from: billy@gandi.net
    250 2.1.0 Ok
    rcpt to: test@test.com
    554 5.7.1 <ns1.snipped[2605:6400:snipped:a213]>: Client host rejected: Access denied

    Is that your isp mailserver?  If so you need to get with them on if you can relay mail through and if so do you need to auth, can you use any from address, can you only send to specific addresses, etc. etc..

    You can see I was connecting via its ipv6 address.</ns1.snipped[2605:6400:snipped:a213]>



  • OMFG ! I am so tired I didn't correctly read the error message, thinking that this IP replied instead of the reply saying that my IP isn't allowed.
    Fixed auth, and here we go !
    I feel stupid for the lame post.

    Thanks for the tap behind the head John :)