• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

email Notification login credentials not yet implimented?

Scheduled Pinned Locked Moved General pfSense Questions
12 Posts 4 Posters 696 Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • O
    Oclair
    last edited by Oclair Oct 19, 2019, 12:59 PM Oct 19, 2019, 12:56 PM

    why is there not a category in the forums for email notifications?

    Hey all, under email notifications I have entered the login credentials and still pfsense does not authenticate with the external email server (running postfix/dovecot on FreeBSD 11.3)

    Instead it only works without logging in and I get Received-SPF: softfail which should not be relevant if it is a well behaved client logging in to send email via pop3 or imap...

    Could not send the message to recipientuser@domain.ext -- Error: Failed to set sender: senderuser@domain.ext [SMTP: Invalid response code received from server (code: 530, response: 5.7.0 Must issue a STARTTLS command first)]

    Does pfsense thinks it's going to relay and use credentials for host.domain and that's just that?

    Are the login credentials are not yet being implemented?

    This thread might be related as my mail server uses STARTTLS https://www.reddit.com/r/PFSENSE/comments/7pwzd6/notification_emails_not_working_with_starttls/

    I am thinking it's just not a good idea to activate email notifications which appears at worst to send out email via cleartext on the wire, and at best should be blocked as the ip of this residential network constantly changes and the SPF will fail anyways.

    S G 2 Replies Last reply Oct 20, 2019, 1:28 PM Reply Quote 0
    • S
      smithclarkson001 Banned @Oclair
      last edited by smithclarkson001 Feb 28, 2020, 10:01 PM Oct 20, 2019, 1:28 PM

      This post is deleted!
      1 Reply Last reply Reply Quote 0
      • G
        Gertjan @Oclair
        last edited by Oct 21, 2019, 12:19 PM

        @Oclair said in email Notification login credentials not yet implimented?:

        Does pfsense thinks it's going to relay and use credentials for host.domain and that's just that?

        Dono if it thinks ☺

        Oct 21 14:05:26 ns311465 postfix/smtpd[28285]: > Blablabla 250-mail.kroeb.me
        Oct 21 14:05:26 ns311465 postfix/smtpd[28285]: > Blablabla 250-PIPELINING
        Oct 21 14:05:26 ns311465 postfix/smtpd[28285]: > Blablabla 250-SIZE 31457280
        Oct 21 14:05:26 ns311465 postfix/smtpd[28285]: > Blablabla 250-VRFY
        Oct 21 14:05:26 ns311465 postfix/smtpd[28285]: > Blablabla 250-ETRN
        Oct 21 14:05:26 ns311465 postfix/smtpd[28285]: > Blablabla 250-AUTH PLAIN LOGIN CRAM-MD5 DIGEST-MD5
        Oct 21 14:05:26 ns311465 postfix/smtpd[28285]: > Blablabla 250-AUTH=PLAIN LOGIN CRAM-MD5 DIGEST-MD5
        Oct 21 14:05:26 ns311465 postfix/smtpd[28285]: > Blablabla 250-ENHANCEDSTATUSCODES
        Oct 21 14:05:26 ns311465 postfix/smtpd[28285]: > Blablabla 250-8BITMIME
        Oct 21 14:05:26 ns311465 postfix/smtpd[28285]: > Blablabla 250 DSN
        Oct 21 14:05:26 ns311465 postfix/smtpd[28285]: < Blablabla AUTH LOGIN
        

        What I do know, is that when your postfix setup is instructed to ask for STARTTLS, pfSense will act on it.
        As you can see, my postfix is sending a "250 STARTTLS" as a possible option.
        Yours does the same ?

        Oct 21 14:05:26 ns311465 postfix/smtpd[28285]: < Blablabla STARTTLS
        ......
        Oct 21 14:05:26 ns311465 postfix/smtpd[28285]: > Blablabla 220 2.0.0 Ready to start TLS
        

        @Oclair said in email Notification login credentials not yet implimented?:

        which appears at worst to send out email via cleartext on the wire

        Yep, right.
        That's why '587' or STARTTLS and all that is phasing out.
        It '465' and SSL right away these days.
        Up to you to make that happening, by setting up postfix the right way.

        No "help me" PM's please. Use the forum, the community will thank you.
        Edit : and where are the logs ??

        O 1 Reply Last reply Oct 21, 2019, 1:11 PM Reply Quote 0
        • O
          Oclair @Gertjan
          last edited by Oct 21, 2019, 1:11 PM

          @Gertjan said in email Notification login credentials not yet implimented?:

          That's why '587' or STARTTLS and all that is phasing out.
          It '465' and SSL right away these days.
          Up to you to make that happening, by setting up postfix the right way.

          Asshat award goes to...

          G 1 Reply Last reply Oct 21, 2019, 1:15 PM Reply Quote 0
          • O
            Oclair
            last edited by Oct 21, 2019, 1:13 PM

            TROLLS in forums: What happens when BSD becomes the cornerstone of someone's for profit company.... Well just don't be a dick I suppose...

            1 Reply Last reply Reply Quote 0
            • G
              Gertjan @Oclair
              last edited by Oct 21, 2019, 1:15 PM

              @Oclair said in email Notification login credentials not yet implimented?:

              Asshat award goes to...

              To no-one.

              Was replying to your

              at worst to send out email via cleartext ...

              and I agree.

              So go pure SSL == 465.
              Right ? (You're in command)

              No "help me" PM's please. Use the forum, the community will thank you.
              Edit : and where are the logs ??

              O 1 Reply Last reply Nov 4, 2019, 6:16 PM Reply Quote 0
              • O
                Oclair @Gertjan
                last edited by Oclair Nov 4, 2019, 6:19 PM Nov 4, 2019, 6:16 PM

                I asked a question regarding STARTTLS support in pfsense, Not if I should change my mailserver host's config

                STARTTLS is not going anywhere, it is not been depreciated

                the notifications implementation appears to be broken?

                1 Reply Last reply Reply Quote 0
                • G
                  Gertjan
                  last edited by Gertjan Nov 5, 2019, 11:55 AM Nov 5, 2019, 11:44 AM

                  I'm using it right now :

                  fc1703b1-3324-4de5-b940-6bd3d07e58b0-image.png

                  After sending a test : mail - server side logs :

                  Nov  5 12:27:33 ns311465 postfix/smtpd[29808]: > mail.****.me[2001:470:1f12:xxxx::2]: 250-mail.*******.me
                  Nov  5 12:27:33 ns311465 postfix/smtpd[29808]: > mail.****.me[2001:470:1f12:xxxx::2]: 250-PIPELINING
                  Nov  5 12:27:33 ns311465 postfix/smtpd[29808]: > mail.****.me[2001:470:1f12:xxxx::2]: 250-SIZE 31457280
                  Nov  5 12:27:33 ns311465 postfix/smtpd[29808]: > mail.****.me[2001:470:1f12:xxxx::2]: 250-VRFY
                  Nov  5 12:27:33 ns311465 postfix/smtpd[29808]: > mail.****.me[2001:470:1f12:xxxx::2]: 250-ETRN
                  Nov  5 12:27:33 ns311465 postfix/smtpd[29808]: > mail.****.me[2001:470:1f12:xxxx::2]: 250-STARTTLS
                  Nov  5 12:27:33 ns311465 postfix/smtpd[29808]: > mail.****.me[2001:470:1f12:xxxx::2]: 250-ENHANCEDSTATUSCODES
                  Nov  5 12:27:33 ns311465 postfix/smtpd[29808]: > mail.****.me[2001:470:1f12:xxxx::2]: 250-8BITMIME
                  Nov  5 12:27:33 ns311465 postfix/smtpd[29808]: > mail.****.me[2001:470:1f12:xxxx::2]: 250 DSN
                  

                  As you can see, my mail server sends out it's capabilities.
                  Among them, there is "STARTSSL".

                  Because the mailing system of pfSense scans the capabilities, and it found STARTSSL, it issues a STARTTLS

                  Nov  5 12:27:33 ns311465 postfix/smtpd[29808]: < mail.****.me[2001:470:1f12:xxxx::2]: STARTTLS
                  ...
                  

                  The TCP connection is renegotiated as an SSL connection, the entire process start over, this time encrypted.
                  Mail caps are send again (except STRTSSL, because SSL that mode is activated now) and the LOGIN starts :

                  Nov  5 12:27:33 ns311465 postfix/smtpd[29808]: < mail.****.me[2001:470:1f12:xxxx::2]: AUTH LOGIN
                  .....
                  

                  Btw : my postfix settings for this domain, protocol submission (port 587) :

                  mail.*******.me:submission      inet    n       -       -       -       -       smtpd -v
                    -o myhostname=mail.*****.me
                    -o smtp_helo_name=mail.*****.me
                    -o smtpd_tls_security_level=may
                    -o smtpd_etrn_restrictions=reject
                    -o smtpd_tls_cert_file=/etc/ssl/*****.me/*****.me.pem
                    -o smtpd_tls_key_file=/etc/ssl/****.me/*****.me.pem
                    -o smtpd_client_restrictions=permit_sasl_authenticated,reject
                    -o content_filter=amavis:[127.0.0.1]:10026
                    -o milter_macro_daemon_name=ORIGINATING
                    -o smtpd_sasl_auth_enable=yes
                  

                  The important part is the

                  smtpd_tls_security_level=may
                  

                  setting which activated STARTSSL capabilities.

                  When I have some time, I could show you the same thing using gmail's mail server, also proposing submission with SSL (STARTSSL). In that case, I won't have access to the mail servers logs ;)

                  @Oclair said in email Notification login credentials not yet implimented?:

                  Not if I should change my mailserver host's config

                  You and I use the same "pfSense". Right ?
                  There are no settings on the pfSense side, except the usual mail server address and port.
                  What do you want me to say ?
                  Let's be neutral : when both sides agree, mail communication will use STARTSSL.

                  Another proof :
                  My Outlook 2010 mail client settings
                  7ae3552a-7723-4466-9acb-11b4e57d1f0e-image.png

                  As you can see, it uses "587" (submission) and the TLS (STARTTLS). Outlook can send mails just fine, doing the same thing as pfSense does.

                  Outlook 365 and Outlook 2016 : same result.

                  No "help me" PM's please. Use the forum, the community will thank you.
                  Edit : and where are the logs ??

                  1 Reply Last reply Reply Quote 0
                  • N
                    nikkinemo95 Banned
                    last edited by Sep 2, 2020, 7:08 AM

                    Why is there not a category in the forums for email notifications?

                    G 1 Reply Last reply Sep 2, 2020, 8:35 AM Reply Quote 1
                    • G
                      Gertjan @nikkinemo95
                      last edited by Sep 2, 2020, 8:35 AM

                      @nikkinemo95 said in email Notification login credentials not yet implimented?:

                      Why is there not a category in the forums for email notifications?

                      Serious ?
                      The answer showed up the moment you posted :

                      eda9ceda-e56b-4bc5-82a2-6dc9cb19e429-image.png

                      Btw : the image above isn't acutal any more.
                      'submission' is phasing out.
                      It's all port 465 now, or smtps.
                      The protocol setting for 'smtps' connections can be set to "Auto" as Outlook 365 will figure it out.

                      No "help me" PM's please. Use the forum, the community will thank you.
                      Edit : and where are the logs ??

                      O 1 Reply Last reply Sep 4, 2020, 10:45 AM Reply Quote 0
                      • N
                        nikkinemo95 Banned
                        last edited by nikkinemo95 Sep 4, 2020, 10:16 AM Sep 4, 2020, 10:16 AM

                        This post is deleted!
                        1 Reply Last reply Reply Quote 0
                        • O
                          Oclair @Gertjan
                          last edited by Sep 4, 2020, 10:45 AM

                          Btw : the image above isn't acutal any more.
                          'submission' is phasing out.
                          It's all port 465 now, or smtps.
                          The protocol setting for 'smtps' connections can be set to "Auto" as Outlook 365 will figure it out.

                          Omg who is this guy?
                          This is so wrong on so many levels ...

                          1 Reply Last reply Reply Quote 0
                          • First post
                            Last post
                          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
                            This community forum collects and processes your personal information.
                            consent.not_received