Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    HELP: cannot send email out after upgraded to 2.3.3

    Scheduled Pinned Locked Moved General pfSense Questions
    29 Posts 6 Posters 3.8k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      dgcom
      last edited by

      @NOYB:

      pfSense likely missing the CA for the server cert.

      I agree. But that needs to be tested/verified :)

      DG

      1 Reply Last reply Reply Quote 0
      • N
        NOYB
        last edited by

        @dgcom:

        @NOYB:

        pfSense likely missing the CA for the server cert.

        I agree. But that needs to be tested/verified :)

        Which is not that difficult to do and the start tls error message being thrown is exactly what happens when the CA is missing.

        Error: could not start TLS connection encryption protocol

        Going on a week and 2 forum pages for this without looking at the certs is nonsense.

        1 Reply Last reply Reply Quote 0
        • C
          caigeliu
          last edited by

          packages for 587:

          14:47:44.261660 00:08:a2:09:4b:7f > 00:31:46:3d:ab:84, ethertype IPv4 (0x0800), length 74: (tos 0x0, ttl 64, id 37126, offset 0, flags [DF], proto TCP (6), length 60)
              pfsense-IP.43442 > mail-server-IP.587: Flags , cksum 0x4e45 (incorrect -> 0xfe42), seq 2694817911, win 65228, options [mss 1460,nop,wscale 7,sackOK,TS val 3730712934 ecr 0], length 0
          14:47:44.306341 00:31:46:3d:ab:84 > 00:08:a2:09:4b:7f, ethertype IPv4 (0x0800), length 74: (tos 0x0, ttl 59, id 0, offset 0, flags [DF], proto TCP (6), length 60)
              mail-server-IP.587 > pfsense-IP.43442: Flags [S.], cksum 0xc474 (correct), seq 307632312, ack 2694817912, win 14480, options [mss 1460,sackOK,TS val 1847944902 ecr 3730712934,nop,wscale 7], length 0
          14:47:44.306391 00:08:a2:09:4b:7f > 00:31:46:3d:ab:84, ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl 64, id 27877, offset 0, flags [DF], proto TCP (6), length 52)
              pfsense-IP.43442 > mail-server-IP.587: Flags [.], cksum 0x4e3d (incorrect -> 0x299c), seq 1, ack 1, win 520, options [nop,nop,TS val 3730712979 ecr 1847944902], length 0
          14:47:44.336073 00:31:46:3d:ab:84 > 00:08:a2:09:4b:7f, ethertype IPv4 (0x0800), length 145: (tos 0x0, ttl 59, id 32330, offset 0, flags [DF], proto TCP (6), length 131)
              mail-server-IP.587 > pfsense-IP.43442: Flags [P.], cksum 0x14db (correct), seq 1:80, ack 1, win 114, options [nop,nop,TS val 1847944949 ecr 3730712979], length 79
          14:47:44.336109 00:08:a2:09:4b:7f > 00:31:46:3d:ab:84, ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl 64, id 50477, offset 0, flags [DF], proto TCP (6), length 52)
              pfsense-IP.43442 > mail-server-IP.587: Flags [.], cksum 0x4e3d (incorrect -> 0x2901), seq 1, ack 80, win 519, options [nop,nop,TS val 3730713009 ecr 1847944949], length 0
          14:47:44.336429 00:08:a2:09:4b:7f > 00:31:46:3d:ab:84, ethertype IPv4 (0x0800), length 87: (tos 0x0, ttl 64, id 63278, offset 0, flags [DF], proto TCP (6), length 73)
              pfsense-IP.43442 > mail-server-IP.587: Flags [P.], cksum 0x4e52 (incorrect -> 0x7a9c), seq 1:22, ack 80, win 520, options [nop,nop,TS val 3730713009 ecr 1847944949], length 21
          14:47:44.341645 00:31:46:3d:ab:84 > 00:08:a2:09:4b:7f, ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl 59, id 32331, offset 0, flags [DF], proto TCP (6), length 52)
              mail-server-IP.587 > pfsense-IP.43442: Flags [.], cksum 0x2a65 (correct), seq 80, ack 22, win 114, options [nop,nop,TS val 1847944977 ecr 3730713009], length 0
          14:47:44.342041 00:31:46:3d:ab:84 > 00:08:a2:09:4b:7f, ethertype IPv4 (0x0800), length 306: (tos 0x0, ttl 59, id 32332, offset 0, flags [DF], proto TCP (6), length 292)
              mail-server-IP.587 > pfsense-IP.43442: Flags [P.], cksum 0x9f00 (correct), seq 80:320, ack 22, win 114, options [nop,nop,TS val 1847944977 ecr 3730713009], length 240
          14:47:44.342076 00:08:a2:09:4b:7f > 00:31:46:3d:ab:84, ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl 64, id 57252, offset 0, flags [DF], proto TCP (6), length 52)
              pfsense-IP.43442 > mail-server-IP.587: Flags [.], cksum 0x4e3d (incorrect -> 0x27db), seq 22, ack 320, win 518, options [nop,nop,TS val 3730713015 ecr 1847944977], length 0
          14:47:44.344219 00:08:a2:09:4b:7f > 00:31:46:3d:ab:84, ethertype IPv4 (0x0800), length 76: (tos 0x0, ttl 64, id 64068, offset 0, flags [DF], proto TCP (6), length 62)
              pfsense-IP.43442 > mail-server-IP.587: Flags [P.], cksum 0x4e47 (incorrect -> 0xe56c), seq 22:32, ack 320, win 520, options [nop,nop,TS val 3730713017 ecr 1847944977], length 10
          14:47:44.349626 00:31:46:3d:ab:84 > 00:08:a2:09:4b:7f, ethertype IPv4 (0x0800), length 96: (tos 0x0, ttl 59, id 32333, offset 0, flags [DF], proto TCP (6), length 82)
              mail-server-IP.587 > pfsense-IP.43442: Flags [P.], cksum 0x1212 (correct), seq 320:350, ack 32, win 114, options [nop,nop,TS val 1847944985 ecr 3730713017], length 30
          14:47:44.349665 00:08:a2:09:4b:7f > 00:31:46:3d:ab:84, ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl 64, id 15982, offset 0, flags [DF], proto TCP (6), length 52)
              pfsense-IP.43442 > mail-server-IP.587: Flags [.], cksum 0x4e3d (incorrect -> 0x27a1), seq 32, ack 350, win 520, options [nop,nop,TS val 3730713023 ecr 1847944985], length 0
          14:47:44.381135 00:08:a2:09:4b:7f > 00:31:46:3d:ab:84, ethertype IPv4 (0x0800), length 281: (tos 0x0, ttl 64, id 32683, offset 0, flags [DF], proto TCP (6), length 267)
              pfsense-IP.43442 > mail-server-IP.587: Flags [P.], cksum 0x4f14 (incorrect -> 0x9b5d), seq 32:247, ack 350, win 520, options [nop,nop,TS val 3730713054 ecr 1847944985], length 215
          14:47:44.390630 00:31:46:3d:ab:84 > 00:08:a2:09:4b:7f, ethertype IPv4 (0x0800), length 1514: (tos 0x0, ttl 59, id 32334, offset 0, flags [DF], proto TCP (6), length 1500)
              mail-server-IP.587 > pfsense-IP.43442: Flags [.], seq 350:1798, ack 247, win 122, options [nop,nop,TS val 1847945024 ecr 3730713054], length 1448
          14:47:44.390661 00:08:a2:09:4b:7f > 00:31:46:3d:ab:84, ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl 64, id 36301, offset 0, flags [DF], proto TCP (6), length 52)
              pfsense-IP.43442 > mail-server-IP.587: Flags [.], cksum 0x4e3d (incorrect -> 0x20dd), seq 247, ack 1798, win 509, options [nop,nop,TS val 3730713064 ecr 1847945024], length 0
          14:47:44.391858 00:31:46:3d:ab:84 > 00:08:a2:09:4b:7f, ethertype IPv4 (0x0800), length 1514: (tos 0x0, ttl 59, id 32335, offset 0, flags [DF], proto TCP (6), length 1500)
              mail-server-IP.587 > pfsense-IP.43442: Flags [.], seq 1798:3246, ack 247, win 122, options [nop,nop,TS val 1847945024 ecr 3730713054], length 1448
          14:47:44.391883 00:08:a2:09:4b:7f > 00:31:46:3d:ab:84, ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl 64, id 16571, offset 0, flags [DF], proto TCP (6), length 52)
              pfsense-IP.43442 > mail-server-IP.587: Flags [.], cksum 0x4e3d (incorrect -> 0x1b34), seq 247, ack 3246, win 509, options [nop,nop,TS val 3730713065 ecr 1847945024], length 0
          14:47:44.392776 00:31:46:3d:ab:84 > 00:08:a2:09:4b:7f, ethertype IPv4 (0x0800), length 1225: (tos 0x0, ttl 59, id 32336, offset 0, flags [DF], proto TCP (6), length 1211)
              mail-server-IP.587 > pfsense-IP.43442: Flags [P.], seq 3246:4405, ack 247, win 122, options [nop,nop,TS val 1847945024 ecr 3730713054], length 1159
          14:47:44.392800 00:08:a2:09:4b:7f > 00:31:46:3d:ab:84, ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl 64, id 2578, offset 0, flags [DF], proto TCP (6), length 52)
              pfsense-IP.43442 > mail-server-IP.587: Flags [.], cksum 0x4e3d (incorrect -> 0x16aa), seq 247, ack 4405, win 511, options [nop,nop,TS val 3730713066 ecr 1847945024], length 0
          14:47:44.400702 00:08:a2:09:4b:7f > 00:31:46:3d:ab:84, ethertype IPv4 (0x0800), length 276: (tos 0x0, ttl 64, id 63205, offset 0, flags [DF], proto TCP (6), length 262)
              pfsense-IP.43442 > mail-server-IP.587: Flags [P.], cksum 0x4f0f (incorrect -> 0xf5a4), seq 247:457, ack 4405, win 520, options [nop,nop,TS val 3730713074 ecr 1847945024], length 210
          14:47:44.406888 00:31:46:3d:ab:84 > 00:08:a2:09:4b:7f, ethertype IPv4 (0x0800), length 332: (tos 0x0, ttl 59, id 32337, offset 0, flags [DF], proto TCP (6), length 318)
              mail-server-IP.587 > pfsense-IP.43442: Flags [P.], cksum 0x5976 (correct), seq 4405:4671, ack 457, win 130, options [nop,nop,TS val 1847945042 ecr 3730713074], length 266
          14:47:44.406931 00:08:a2:09:4b:7f > 00:31:46:3d:ab:84, ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl 64, id 33146, offset 0, flags [DF], proto TCP (6), length 52)
              pfsense-IP.43442 > mail-server-IP.587: Flags [.], cksum 0x4e3d (incorrect -> 0x14a7), seq 457, ack 4671, win 518, options [nop,nop,TS val 3730713080 ecr 1847945042], length 0
          14:47:44.407347 00:08:a2:09:4b:7f > 00:31:46:3d:ab:84, ethertype IPv4 (0x0800), length 103: (tos 0x0, ttl 64, id 16572, offset 0, flags [DF], proto TCP (6), length 89)
              pfsense-IP.43442 > mail-server-IP.587: Flags [P.], cksum 0x4e62 (incorrect -> 0xd85d), seq 457:494, ack 4671, win 520, options [nop,nop,TS val 3730713080 ecr 1847945042], length 37
          14:47:44.410894 00:08:a2:09:4b:7f > 00:31:46:3d:ab:84, ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl 64, id 31114, offset 0, flags [DF], proto TCP (6), length 52)
              pfsense-IP.43442 > mail-server-IP.587: Flags [F.], cksum 0x4e3d (incorrect -> 0x147b), seq 494, ack 4671, win 520, options [nop,nop,TS val 3730713084 ecr 1847945042], length 0
          14:47:44.412746 00:31:46:3d:ab:84 > 00:08:a2:09:4b:7f, ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl 59, id 32338, offset 0, flags [DF], proto TCP (6), length 52)
              mail-server-IP.587 > pfsense-IP.43442: Flags [F.], cksum 0x15ff (correct), seq 4671, ack 494, win 130, options [nop,nop,TS val 1847945048 ecr 3730713080], length 0
          14:47:44.412801 00:08:a2:09:4b:7f > 00:31:46:3d:ab:84, ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl 64, id 64743, offset 0, flags [DF], proto TCP (6), length 52)
              pfsense-IP.43442 > mail-server-IP.587: Flags [F.], cksum 0x4e3d (incorrect -> 0x1472), seq 494, ack 4672, win 520, options [nop,nop,TS val 3730713086 ecr 1847945048], length 0
          14:47:44.416204 00:31:46:3d:ab:84 > 00:08:a2:09:4b:7f, ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl 59, id 32339, offset 0, flags [DF], proto TCP (6), length 52)
              mail-server-IP.587 > pfsense-IP.43442: Flags [.], cksum 0x15f7 (correct), seq 4672, ack 495, win 130, options [nop,nop,TS val 1847945051 ecr 3730713084], length 0

          1 Reply Last reply Reply Quote 0
          • marcellocM
            marcelloc
            last edited by

            put your capture under [c o d e]  [/c o d e] (without spaces on code word) for a better undestanding

            14:47:44.261660 00:08:a2:09:4b:7f > 00:31:46:3d:ab:84, ethertype IPv4 (0x0800), length 74: (tos 0x0, ttl 64, id 37126, offset 0, flags [DF], proto TCP (6), length 60)
pfsense-IP.43442 > mail-server-IP.587: Flags , cksum 0x4e45 (incorrect -> 0xfe42), seq 2694817911, win 65228, options [mss 1460,nop,wscale 7,sackOK,TS val 3730712934 ecr 0], length 0
14:47:44.306341 00:31:46:3d:ab:84 > 00:08:a2:09:4b:7f, ethertype IPv4 (0x0800), length 74: (tos 0x0, ttl 59, id 0, offset 0, flags [DF], proto TCP (6), length 60)
    mail-server-IP.587 > pfsense-IP.43442: Flags [S.], cksum 0xc474 (correct), seq 307632312, ack 2694817912, win 14480, options [mss 1460,sackOK,TS val 1847944902 ecr 3730712934,nop,wscale 7], length 0
14:47:44.306391 00:08:a2:09:4b:7f > 00:31:46:3d:ab:84, ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl 64, id 27877, offset 0, flags [DF], proto TCP (6), length 52)
    pfsense-IP.43442 > mail-server-IP.587: Flags [.], cksum 0x4e3d (incorrect -> 0x299c), seq 1, ack 1, win 520, options [nop,nop,TS val 3730712979 ecr 1847944902], length 0
14:47:44.336073 00:31:46:3d:ab:84 > 00:08:a2:09:4b:7f, ethertype IPv4 (0x0800), length 145: (tos 0x0, ttl 59, id 32330, offset 0, flags [DF], proto TCP (6), length 131)
    mail-server-IP.587 > pfsense-IP.43442: Flags [P.], cksum 0x14db (correct), seq 1:80, ack 1, win 114, options [nop,nop,TS val 1847944949 ecr 3730712979], length 79
14:47:44.336109 00:08:a2:09:4b:7f > 00:31:46:3d:ab:84, ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl 64, id 50477, offset 0, flags [DF], proto TCP (6), length 52)
    pfsense-IP.43442 > mail-server-IP.587: Flags [.], cksum 0x4e3d (incorrect -> 0x2901), seq 1, ack 80, win 519, options [nop,nop,TS val 3730713009 ecr 1847944949], length 0
14:47:44.336429 00:08:a2:09:4b:7f > 00:31:46:3d:ab:84, ethertype IPv4 (0x0800), length 87: (tos 0x0, ttl 64, id 63278, offset 0, flags [DF], proto TCP (6), length 73)
    pfsense-IP.43442 > mail-server-IP.587: Flags [P.], cksum 0x4e52 (incorrect -> 0x7a9c), seq 1:22, ack 80, win 520, options [nop,nop,TS val 3730713009 ecr 1847944949], length 21
14:47:44.341645 00:31:46:3d:ab:84 > 00:08:a2:09:4b:7f, ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl 59, id 32331, offset 0, flags [DF], proto TCP (6), length 52)
    mail-server-IP.587 > pfsense-IP.43442: Flags [.], cksum 0x2a65 (correct), seq 80, ack 22, win 114, options [nop,nop,TS val 1847944977 ecr 3730713009], length 0
14:47:44.342041 00:31:46:3d:ab:84 > 00:08:a2:09:4b:7f, ethertype IPv4 (0x0800), length 306: (tos 0x0, ttl 59, id 32332, offset 0, flags [DF], proto TCP (6), length 292)
    mail-server-IP.587 > pfsense-IP.43442: Flags [P.], cksum 0x9f00 (correct), seq 80:320, ack 22, win 114, options [nop,nop,TS val 1847944977 ecr 3730713009], length 240
14:47:44.342076 00:08:a2:09:4b:7f > 00:31:46:3d:ab:84, ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl 64, id 57252, offset 0, flags [DF], proto TCP (6), length 52)
    pfsense-IP.43442 > mail-server-IP.587: Flags [.], cksum 0x4e3d (incorrect -> 0x27db), seq 22, ack 320, win 518, options [nop,nop,TS val 3730713015 ecr 1847944977], length 0
14:47:44.344219 00:08:a2:09:4b:7f > 00:31:46:3d:ab:84, ethertype IPv4 (0x0800), length 76: (tos 0x0, ttl 64, id 64068, offset 0, flags [DF], proto TCP (6), length 62)
    pfsense-IP.43442 > mail-server-IP.587: Flags [P.], cksum 0x4e47 (incorrect -> 0xe56c), seq 22:32, ack 320, win 520, options [nop,nop,TS val 3730713017 ecr 1847944977], length 10
14:47:44.349626 00:31:46:3d:ab:84 > 00:08:a2:09:4b:7f, ethertype IPv4 (0x0800), length 96: (tos 0x0, ttl 59, id 32333, offset 0, flags [DF], proto TCP (6), length 82)
    mail-server-IP.587 > pfsense-IP.43442: Flags [P.], cksum 0x1212 (correct), seq 320:350, ack 32, win 114, options [nop,nop,TS val 1847944985 ecr 3730713017], length 30
14:47:44.349665 00:08:a2:09:4b:7f > 00:31:46:3d:ab:84, ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl 64, id 15982, offset 0, flags [DF], proto TCP (6), length 52)
    pfsense-IP.43442 > mail-server-IP.587: Flags [.], cksum 0x4e3d (incorrect -> 0x27a1), seq 32, ack 350, win 520, options [nop,nop,TS val 3730713023 ecr 1847944985], length 0
14:47:44.381135 00:08:a2:09:4b:7f > 00:31:46:3d:ab:84, ethertype IPv4 (0x0800), length 281: (tos 0x0, ttl 64, id 32683, offset 0, flags [DF], proto TCP (6), length 267)
    pfsense-IP.43442 > mail-server-IP.587: Flags [P.], cksum 0x4f14 (incorrect -> 0x9b5d), seq 32:247, ack 350, win 520, options [nop,nop,TS val 3730713054 ecr 1847944985], length 215
14:47:44.390630 00:31:46:3d:ab:84 > 00:08:a2:09:4b:7f, ethertype IPv4 (0x0800), length 1514: (tos 0x0, ttl 59, id 32334, offset 0, flags [DF], proto TCP (6), length 1500)
    mail-server-IP.587 > pfsense-IP.43442: Flags [.], seq 350:1798, ack 247, win 122, options [nop,nop,TS val 1847945024 ecr 3730713054], length 1448
14:47:44.390661 00:08:a2:09:4b:7f > 00:31:46:3d:ab:84, ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl 64, id 36301, offset 0, flags [DF], proto TCP (6), length 52)
    pfsense-IP.43442 > mail-server-IP.587: Flags [.], cksum 0x4e3d (incorrect -> 0x20dd), seq 247, ack 1798, win 509, options [nop,nop,TS val 3730713064 ecr 1847945024], length 0
14:47:44.391858 00:31:46:3d:ab:84 > 00:08:a2:09:4b:7f, ethertype IPv4 (0x0800), length 1514: (tos 0x0, ttl 59, id 32335, offset 0, flags [DF], proto TCP (6), length 1500)
    mail-server-IP.587 > pfsense-IP.43442: Flags [.], seq 1798:3246, ack 247, win 122, options [nop,nop,TS val 1847945024 ecr 3730713054], length 1448
14:47:44.391883 00:08:a2:09:4b:7f > 00:31:46:3d:ab:84, ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl 64, id 16571, offset 0, flags [DF], proto TCP (6), length 52)
    pfsense-IP.43442 > mail-server-IP.587: Flags [.], cksum 0x4e3d (incorrect -> 0x1b34), seq 247, ack 3246, win 509, options [nop,nop,TS val 3730713065 ecr 1847945024], length 0
14:47:44.392776 00:31:46:3d:ab:84 > 00:08:a2:09:4b:7f, ethertype IPv4 (0x0800), length 1225: (tos 0x0, ttl 59, id 32336, offset 0, flags [DF], proto TCP (6), length 1211)
    mail-server-IP.587 > pfsense-IP.43442: Flags [P.], seq 3246:4405, ack 247, win 122, options [nop,nop,TS val 1847945024 ecr 3730713054], length 1159
14:47:44.392800 00:08:a2:09:4b:7f > 00:31:46:3d:ab:84, ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl 64, id 2578, offset 0, flags [DF], proto TCP (6), length 52)
    pfsense-IP.43442 > mail-server-IP.587: Flags [.], cksum 0x4e3d (incorrect -> 0x16aa), seq 247, ack 4405, win 511, options [nop,nop,TS val 3730713066 ecr 1847945024], length 0
14:47:44.400702 00:08:a2:09:4b:7f > 00:31:46:3d:ab:84, ethertype IPv4 (0x0800), length 276: (tos 0x0, ttl 64, id 63205, offset 0, flags [DF], proto TCP (6), length 262)
    pfsense-IP.43442 > mail-server-IP.587: Flags [P.], cksum 0x4f0f (incorrect -> 0xf5a4), seq 247:457, ack 4405, win 520, options [nop,nop,TS val 3730713074 ecr 1847945024], length 210
14:47:44.406888 00:31:46:3d:ab:84 > 00:08:a2:09:4b:7f, ethertype IPv4 (0x0800), length 332: (tos 0x0, ttl 59, id 32337, offset 0, flags [DF], proto TCP (6), length 318)
    mail-server-IP.587 > pfsense-IP.43442: Flags [P.], cksum 0x5976 (correct), seq 4405:4671, ack 457, win 130, options [nop,nop,TS val 1847945042 ecr 3730713074], length 266
14:47:44.406931 00:08:a2:09:4b:7f > 00:31:46:3d:ab:84, ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl 64, id 33146, offset 0, flags [DF], proto TCP (6), length 52)
    pfsense-IP.43442 > mail-server-IP.587: Flags [.], cksum 0x4e3d (incorrect -> 0x14a7), seq 457, ack 4671, win 518, options [nop,nop,TS val 3730713080 ecr 1847945042], length 0
14:47:44.407347 00:08:a2:09:4b:7f > 00:31:46:3d:ab:84, ethertype IPv4 (0x0800), length 103: (tos 0x0, ttl 64, id 16572, offset 0, flags [DF], proto TCP (6), length 89)
    pfsense-IP.43442 > mail-server-IP.587: Flags [P.], cksum 0x4e62 (incorrect -> 0xd85d), seq 457:494, ack 4671, win 520, options [nop,nop,TS val 3730713080 ecr 1847945042], length 37
14:47:44.410894 00:08:a2:09:4b:7f > 00:31:46:3d:ab:84, ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl 64, id 31114, offset 0, flags [DF], proto TCP (6), length 52)
    pfsense-IP.43442 > mail-server-IP.587: Flags [F.], cksum 0x4e3d (incorrect -> 0x147b), seq 494, ack 4671, win 520, options [nop,nop,TS val 3730713084 ecr 1847945042], length 0
14:47:44.412746 00:31:46:3d:ab:84 > 00:08:a2:09:4b:7f, ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl 59, id 32338, offset 0, flags [DF], proto TCP (6), length 52)
    mail-server-IP.587 > pfsense-IP.43442: Flags [F.], cksum 0x15ff (correct), seq 4671, ack 494, win 130, options [nop,nop,TS val 1847945048 ecr 3730713080], length 0
14:47:44.412801 00:08:a2:09:4b:7f > 00:31:46:3d:ab:84, ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl 64, id 64743, offset 0, flags [DF], proto TCP (6), length 52)
    pfsense-IP.43442 > mail-server-IP.587: Flags [F.], cksum 0x4e3d (incorrect -> 0x1472), seq 494, ack 4672, win 520, options [nop,nop,TS val 3730713086 ecr 1847945048], length 0
14:47:44.416204 00:31:46:3d:ab:84 > 00:08:a2:09:4b:7f, ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl 59, id 32339, offset 0, flags [DF], proto TCP (6), length 52)
    mail-server-IP.587 > pfsense-IP.43442: Flags [.], cksum 0x15f7 (correct), seq 4672, ack 495, win 130, options [nop,nop,TS val 1847945051 ecr 3730713084], length 0

            This way it's easier to see some cksum 0x4e52 (incorrect -> 0x7a9c) on your tcpdump

            Treinamentos de Elite: http://sys-squad.com

            Help a community developer! ;D

            1 Reply Last reply Reply Quote 0
            • C
              caigeliu
              last edited by

              @marcelloc:

              put your capture under [c o d e]  [/c o d e] (without spaces on code word) for a better undestanding

              …

              This way it's easier to see some cksum 0x4e52 (incorrect -> 0x7a9c) on your dump

              Thank you for your instruction. I'll follow this way to display.

              1 Reply Last reply Reply Quote 0
              • N
                NOYB
                last edited by

                What's that cliché again.  Definition of insanity is doing the same thing over and over again and expecting a different result.

                Verify pfSense has valid CA for the server cert per this thread linked to earlier by dgcom.
                SSL/TLS Option Breaks My SMTP Notifications

                No point in doing anything else until that is verified.  The start tls error being thrown is consistent with missing CA cert.

                Error: could not start TLS connection encryption protocol

                1 Reply Last reply Reply Quote 0
                • D
                  dgcom
                  last edited by

                  Correct, even without seeing all packet details I can guess where initial SMTP handshake is, where pfSense sends STARTTLS and gets back servers cert… and then closing connection because it does not trust it...

                  pfSense should have an option to disable certificate validation in case someone needs it, PHPMailer has instructions.

                  DG

                  1 Reply Last reply Reply Quote 0
                  • C
                    caigeliu
                    last edited by

                    Thank marcelloc , NOYB  and dgcom very much.  Your opinions solved this problem.

                    We have two email servers, only one server's CA certificate is authorized. In old pfSense 2.2.5, we use the server whose certificate is not authorized and works. When updated to pfSense 2.3.3, all setting in pfSense is the same as before.

                    Now I changed into the email server whose certificate is authorized, and email notification works now. This problem is solved.

                    Thank you very much.

                    1 Reply Last reply Reply Quote 0
                    • D
                      dgcom
                      last edited by

                      Good, glad you were able to resolve this.

                      DG

                      1 Reply Last reply Reply Quote 0
                      • First post
                        Last post
                      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.