[Problem was between chair & keyboard] Cannot send notification emails in 2.3.2
-
Hello,
I'm facing a problem with the email notification setup on my home pfSense.
I've configured the SMTP notification settings to use mail.gandi.net as SMTP server, but when I send a test email, I get the following error message:Could not send the message to infra@xxxxxxx -- Error: 554 5.7.1 <xxx.xxx.141.77.rev.sfr.net[77.141.xxx.xxx]>: Client host rejected: Access denied</xxx.xxx.141.77.rev.sfr.net[77.141.xxx.xxx]>
The IP of the error message is my public IP and reverse DNS.
If I happen to change mail.gandi.net to something bogus, pfSense complains that it can't resolve the IP / FQDN so at least it tries to use that address.
If I happen to ssh into pfSense and manually connect to mail.gandi.net via telnet, it works.[2.3.2-RELEASE][root@badrouter.badmin.local]/root: telnet mail.gandi.net 587 Trying 217.70.184.11... Connected to mail.gandi.net. Escape character is '^]'. 220 relay.mail.gandi.net ESMTP Postfix 421 4.4.2 relay5-d.mail.gandi.net Error: timeout exceeded Connection closed by foreign host.
Screenshot
http://imgur.com/a/P4JBOI don't have any DNS overrides nor any special firewall rules enabled.
The pfSense box is bridged to a modem.
If I understand well, mail.gandi.net gets rewritten somewhere to my public IP.
But then, why would the telnet command work ?Also, pfSense DNS doesn't seem to rewrite it
[2.3.2-RELEASE][root@badrouter.badmin.local]/root: nslookup mail.gandi.net Server: 127.0.0.1 Address: 127.0.0.1#53 Non-authoritative answer: Name: mail.gandi.net Address: 217.70.184.11
Anything I missed ? I'm clueless AF :)
Running pfSense 2.3.2-p1 x64.
Thanks for any insight.
-
huh?
[77.141.xxx.xxx]>: Client host rejected: Access denied
Says you have access denied.
So I show that resolves to
;; QUESTION SECTION:
;mail.gandi.net. IN A;; ANSWER SECTION:
mail.gandi.net. 86400 IN A 217.70.184.11That error you got yes is the mail server telling you that YOUR IP was rejected, because you didn't auth or it doesn't accept mail from you..
I get the same error - since clearly I do not have an account when trying to send something..
root@ns1:~# telnet mail.gandi.net 25
Trying 2001:4b98:c:521::11…
Connected to mail.gandi.net.
Escape character is '^]'.
220 relay.mail.gandi.net ESMTP Postfix
mail from: billy@gandi.net
250 2.1.0 Ok
rcpt to: test@test.com
554 5.7.1 <ns1.snipped[2605:6400:snipped:a213]>: Client host rejected: Access deniedIs that your isp mailserver? If so you need to get with them on if you can relay mail through and if so do you need to auth, can you use any from address, can you only send to specific addresses, etc. etc..
You can see I was connecting via its ipv6 address.</ns1.snipped[2605:6400:snipped:a213]>
-
OMFG ! I am so tired I didn't correctly read the error message, thinking that this IP replied instead of the reply saying that my IP isn't allowed.
Fixed auth, and here we go !
I feel stupid for the lame post.Thanks for the tap behind the head John :)