Sending email through SendGrid fails



  • I use SendGrid to process notification emails for my devices. I've configured it to work with other devices (i.e. FreeNAS). I configured System | Advanced | Notifications | Email as follows:

    E-Mail server: smtp.sendgrid.com
    SMTP Port of E-Mail server: 465
    Secure SMTP Connection: X
    Validate SSL/TLS: X
    From e-mail address: firewall
    Notification E-Mail address: <my full email address>
    Notification E-Mail auth username (optional): apikey
    Notification E-Mail auth password: <api key as password>
    Notification E-Mail auth mechanism: LOGIN

    When I test SMTP settings, I get this notification error in the GUI:

    Could not send the message to nick@demarcohome.com -- Error: Failed to connect to ssl://smtp.sendgrid.com:465 [SMTP: Failed to connect socket: fsockopen(): unable to connect to ssl://smtp.sendgrid.com:465 (Unknown error) (code: -1, response: )]
    

    This topic discusses the same error. I'm using SendGrid, so their certificate should be trusted by root CAs (I think). Some of the example text seems to be missing from user posts, but I'm pretty sure the examples wouldn't help me.

    I'm not sure where to go from here.


  • LAYER 8 Global Moderator

    Looks more like you just could not connect vs a ssl not trusted.. simple test from pfsense sure looks like cert is fine.

    [2.4.4-RELEASE][admin@sg4860.local.lan]/root: openssl s_client -connect smtp.sendgrid.com:465
    CONNECTED(00000003)
    depth=3 C = US, O = "The Go Daddy Group, Inc.", OU = Go Daddy Class 2 Certification Authority
    verify return:1
    depth=2 C = US, ST = Arizona, L = Scottsdale, O = "GoDaddy.com, Inc.", CN = Go Daddy Root Certificate Authority - G2
    verify return:1
    depth=1 C = US, ST = Arizona, L = Scottsdale, O = "GoDaddy.com, Inc.", OU = http://certs.godaddy.com/repository/, CN = Go Daddy Secure Certificate Authority - G2
    verify return:1
    depth=0 OU = Domain Control Validated, CN = *.smtp.sendgrid.net
    verify return:1
    ---
    Certificate chain
     0 s:/OU=Domain Control Validated/CN=*.smtp.sendgrid.net
       i:/C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, Inc./OU=http://certs.godaddy.com/repository//CN=Go Daddy Secure Certificate Authority - G2
     1 s:/C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, Inc./OU=http://certs.godaddy.com/repository//CN=Go Daddy Secure Certificate Authority - G2
       i:/C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, Inc./CN=Go Daddy Root Certificate Authority - G2
     2 s:/C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, Inc./CN=Go Daddy Root Certificate Authority - G2
       i:/C=US/O=The Go Daddy Group, Inc./OU=Go Daddy Class 2 Certification Authority
    ---
    Server certificate
    -----BEGIN CERTIFICATE-----
    MIIGvzCCBaegAwIBAgIIR8KHdm5J8J0wDQYJKoZIhvcNAQELBQAwgbQxCzAJBgNV
    BAYTAlVTMRAwDgYDVQQIEwdBcml6b25hMRMwEQYDVQQHEwpTY290dHNkYWxlMRow
    GAYDVQQKExFHb0RhZGR5LmNvbSwgSW5jLjEtMCsGA1UECxMkaHR0cDovL2NlcnRz
    LmdvZGFkZHkuY29tL3JlcG9zaXRvcnkvMTMwMQYDVQQDEypHbyBEYWRkeSBTZWN1
    cmUgQ2VydGlmaWNhdGUgQXV0aG9yaXR5IC0gRzIwHhcNMTgxMjI4MjAyMjIwWhcN
    MjAxMjI4MjAyMjIwWjBBMSEwHwYDVQQLExhEb21haW4gQ29udHJvbCBWYWxpZGF0
    ZWQxHDAaBgNVBAMMEyouc210cC5zZW5kZ3JpZC5uZXQwggEiMA0GCSqGSIb3DQEB
    AQUAA4IBDwAwggEKAoIBAQC/xYdx1oyPHcE6EdH61RXJK9JYA9p9GOrYhJ6rVq2c
    zpGR3/4EHwaZO/daZxvTn5p3LRBBW5KBBBNCLa0Vl84dLt6skUg3oWo17mim2ly1
    AegTwN15/wxqq8Hf2G4Sr9g00zlBAEs2HeOyr3SxEvLCLscYtIKG7cD+CsUi0JT6
    EeDXCVL04nJIheFh4h9TRcCook97yuqt7muySrarzekatOnpv4kuU8bk0uq4ym5K
    NO4zRUiCRy7JXAC2KZ4+0qhSlPFACRvygdPxK5ICvQq8/ZPlRWVn3yrWnQ4kEekp
    jDT4ucOpv8V/SxYmsBRqFD35ASDj6PZLYmJFb9XdzGCzAgMBAAGjggNFMIIDQTAM
    BgNVHRMBAf8EAjAAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAOBgNV
    HQ8BAf8EBAMCBaAwNwYDVR0fBDAwLjAsoCqgKIYmaHR0cDovL2NybC5nb2RhZGR5
    LmNvbS9nZGlnMnMxLTkwMS5jcmwwXQYDVR0gBFYwVDBIBgtghkgBhv1tAQcXATA5
    MDcGCCsGAQUFBwIBFitodHRwOi8vY2VydGlmaWNhdGVzLmdvZGFkZHkuY29tL3Jl
    cG9zaXRvcnkvMAgGBmeBDAECATB2BggrBgEFBQcBAQRqMGgwJAYIKwYBBQUHMAGG
    GGh0dHA6Ly9vY3NwLmdvZGFkZHkuY29tLzBABggrBgEFBQcwAoY0aHR0cDovL2Nl
    cnRpZmljYXRlcy5nb2RhZGR5LmNvbS9yZXBvc2l0b3J5L2dkaWcyLmNydDAfBgNV
    HSMEGDAWgBRAwr0njsw0gzCiM9f7bLPwtCyAzjAxBgNVHREEKjAoghMqLnNtdHAu
    c2VuZGdyaWQubmV0ghFzbXRwLnNlbmRncmlkLm5ldDAdBgNVHQ4EFgQUqLajl4xR
    pZ1YZD2l6KsTfcmd8t4wggF9BgorBgEEAdZ5AgQCBIIBbQSCAWkBZwB2AKS5CZC0
    GFgUh7sTosxncAo8NZgE+RvfuON3zQ7IDdwQAAABZ/Z7aIYAAAQDAEcwRQIhAOhF
    95cuap1qIlSVtRzNkaUbNHxpgj+RoBfxcSFgqlBZAiBNsRnVaIwWMBoR9s+a9YwC
    neLWWN777jRjew5mv2DVbwB2AO5Lvbd1zmC64UJpH6vhnmajD35fsHLYgwDEe4l6
    qP3LAAABZ/Z7bY8AAAQDAEcwRQIgJZMibCSMJDwTwEp64XSQQXCuYtKJDvhT7FwK
    rxoyH6oCIQCz1HVQbPLwMOXQPBRQFtpYEb18JCVdzlh8+f0hITgC5gB1AF6nc/nf
    VsDntTZIfdBJ4DJ6kZoMhKESEoQYdZaBcUVYAAABZ/Z7cugAAAQDAEYwRAIgQoxF
    Fak6Aq9tVDo5BjaSl+90pZ8928SmDpA3XrQ7BrQCIHdOuigFbYK96gJ/GPaVNGqc
    w5FKxw9Z8TnpjZH1GEC/MA0GCSqGSIb3DQEBCwUAA4IBAQBbBTL603nJ9H7ClsKR
    g/XmFpGwQ4C5OftGmZ/Z/CG9iqOkLB2TPqdJ9NZRruMpWjnOnvDFoQ3NMSfDYdsn
    25fzh30fx2+zIWW2IdKa1yO4A9tr3cxn4iINy/+dcNmF6tciGJtdBhZZgpyqhymu
    kjuMCQRL17uVkLyrYA/+Ti5N02fzRchprOydiasnhHSdDM3HVZQOqjOvoB5omtuf
    D1aldjrgW+TcILlnZxYvaqDPeMvUIZxQPzealRniQ7tmMOAgJfjZXxzuXatqXqw0
    zbvQOiY2pSDn7WPxLbGafLAOFWIWhHtkEZMRC2n3WpupiZuC0pacmQeUgVY6Vabs
    KU8W
    -----END CERTIFICATE-----
    subject=/OU=Domain Control Validated/CN=*.smtp.sendgrid.net
    issuer=/C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, Inc./OU=http://certs.godaddy.com/repository//CN=Go Daddy Secure Certificate Authority - G2
    ---
    No client certificate CA names sent
    Peer signing digest: SHA512
    Server Temp Key: ECDH, P-256, 256 bits
    ---
    SSL handshake has read 4785 bytes and written 433 bytes
    ---
    New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384
    Server public key is 2048 bit
    Secure Renegotiation IS supported
    Compression: NONE
    Expansion: NONE
    No ALPN negotiated
    SSL-Session:
        Protocol  : TLSv1.2
        Cipher    : ECDHE-RSA-AES256-GCM-SHA384
        Session-ID: DE92BB35A6B24AAE55159AD906448E4844606291B7668347162789BB5C963029
        Session-ID-ctx: 
        Master-Key: 548DB14B6DF768C62A1E5160C64BFCFEA430207AABBA7FAAF0E03BF25A78240EB640F422206D85FF305E8644AC216B90
        Key-Arg   : None
        PSK identity: None
        PSK identity hint: None
        SRP username: None
        TLS session ticket lifetime hint: 300 (seconds)
        TLS session ticket:
        0000 - de 4f 91 5d 77 7a b3 2f-d0 96 47 44 15 bb e1 07   .O.]wz./..GD....
        0010 - 26 22 32 b6 1a 4f cd 02-a0 77 94 4b 14 2d c5 6f   &"2..O...w.K.-.o
        0020 - b4 85 a0 db 3b 01 af 61-8d d2 9f e9 a1 50 86 39   ....;..a.....P.9
        0030 - e1 76 17 29 db 1c 40 43-de 58 13 1c 6a f1 12 45   .v.)..@C.X..j..E
        0040 - d4 f9 c1 91 e5 f8 a0 46-ee 5d bb f5 6b eb 1a c9   .......F.]..k...
        0050 - 67 7a 7b c4 dc a9 20 8a-50 c7 0a 0b 05 2e 51 27   gz{... .P.....Q'
        0060 - c8 73 9a 00 34 e6 66 33-1c ed 36 a5 de 52 5f 49   .s..4.f3..6..R_I
        0070 - 86 dd d4 52 b8 8c 78 25-f7 6f 92 e9 f5 3e 1e c5   ...R..x%.o...>..
        0080 - 44 11 9f 45 64 6c 50 e5-fe 8e f5 43 58 fb 7e bc   D..EdlP....CX.~.
        0090 - e1 25 d4 d3 7e 78 a6 bc-57 bc d7 f3 71 9e 10 ad   .%..~x..W...q...
    
        Start Time: 1575468725
        Timeout   : 300 (sec)
        Verify return code: 0 (ok)
    ---
    220 SG ESMTP service ready at ismtpd0129p1mdw1.sendgrid.net
    
    


  • @johnpoz said in Sending email through SendGrid fails:

    openssl s_client -connect smtp.sendgrid.com:465

    I ran the same test as you did, and I can connect also.

    FYI, the SMTP password is a 69 character long string, if the length causes authentication issues. An example:

    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
    
    [2.4.4-RELEASE][nick@firewall.demarcohome.com]/tmp: cat sendgridtest.log
    CONNECTED(00000003)
    ---
    Certificate chain
     0 s:/OU=Domain Control Validated/CN=*.smtp.sendgrid.net
       i:/C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, Inc./OU=http://certs.godaddy.com/repository//CN=Go Daddy Secure Certificate Authority - G2
     1 s:/C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, Inc./OU=http://certs.godaddy.com/repository//CN=Go Daddy Secure Certificate Authority - G2
       i:/C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, Inc./CN=Go Daddy Root Certificate Authority - G2
     2 s:/C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, Inc./CN=Go Daddy Root Certificate Authority - G2
       i:/C=US/O=The Go Daddy Group, Inc./OU=Go Daddy Class 2 Certification Authority
    ---
    Server certificate
    -----BEGIN CERTIFICATE-----
    MIIGvzCCBaegAwIBAgIIR8KHdm5J8J0wDQYJKoZIhvcNAQELBQAwgbQxCzAJBgNV
    BAYTAlVTMRAwDgYDVQQIEwdBcml6b25hMRMwEQYDVQQHEwpTY290dHNkYWxlMRow
    GAYDVQQKExFHb0RhZGR5LmNvbSwgSW5jLjEtMCsGA1UECxMkaHR0cDovL2NlcnRz
    LmdvZGFkZHkuY29tL3JlcG9zaXRvcnkvMTMwMQYDVQQDEypHbyBEYWRkeSBTZWN1
    cmUgQ2VydGlmaWNhdGUgQXV0aG9yaXR5IC0gRzIwHhcNMTgxMjI4MjAyMjIwWhcN
    MjAxMjI4MjAyMjIwWjBBMSEwHwYDVQQLExhEb21haW4gQ29udHJvbCBWYWxpZGF0
    ZWQxHDAaBgNVBAMMEyouc210cC5zZW5kZ3JpZC5uZXQwggEiMA0GCSqGSIb3DQEB
    AQUAA4IBDwAwggEKAoIBAQC/xYdx1oyPHcE6EdH61RXJK9JYA9p9GOrYhJ6rVq2c
    zpGR3/4EHwaZO/daZxvTn5p3LRBBW5KBBBNCLa0Vl84dLt6skUg3oWo17mim2ly1
    AegTwN15/wxqq8Hf2G4Sr9g00zlBAEs2HeOyr3SxEvLCLscYtIKG7cD+CsUi0JT6
    EeDXCVL04nJIheFh4h9TRcCook97yuqt7muySrarzekatOnpv4kuU8bk0uq4ym5K
    NO4zRUiCRy7JXAC2KZ4+0qhSlPFACRvygdPxK5ICvQq8/ZPlRWVn3yrWnQ4kEekp
    jDT4ucOpv8V/SxYmsBRqFD35ASDj6PZLYmJFb9XdzGCzAgMBAAGjggNFMIIDQTAM
    BgNVHRMBAf8EAjAAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAOBgNV
    HQ8BAf8EBAMCBaAwNwYDVR0fBDAwLjAsoCqgKIYmaHR0cDovL2NybC5nb2RhZGR5
    LmNvbS9nZGlnMnMxLTkwMS5jcmwwXQYDVR0gBFYwVDBIBgtghkgBhv1tAQcXATA5
    MDcGCCsGAQUFBwIBFitodHRwOi8vY2VydGlmaWNhdGVzLmdvZGFkZHkuY29tL3Jl
    cG9zaXRvcnkvMAgGBmeBDAECATB2BggrBgEFBQcBAQRqMGgwJAYIKwYBBQUHMAGG
    GGh0dHA6Ly9vY3NwLmdvZGFkZHkuY29tLzBABggrBgEFBQcwAoY0aHR0cDovL2Nl
    cnRpZmljYXRlcy5nb2RhZGR5LmNvbS9yZXBvc2l0b3J5L2dkaWcyLmNydDAfBgNV
    HSMEGDAWgBRAwr0njsw0gzCiM9f7bLPwtCyAzjAxBgNVHREEKjAoghMqLnNtdHAu
    c2VuZGdyaWQubmV0ghFzbXRwLnNlbmRncmlkLm5ldDAdBgNVHQ4EFgQUqLajl4xR
    pZ1YZD2l6KsTfcmd8t4wggF9BgorBgEEAdZ5AgQCBIIBbQSCAWkBZwB2AKS5CZC0
    GFgUh7sTosxncAo8NZgE+RvfuON3zQ7IDdwQAAABZ/Z7aIYAAAQDAEcwRQIhAOhF
    95cuap1qIlSVtRzNkaUbNHxpgj+RoBfxcSFgqlBZAiBNsRnVaIwWMBoR9s+a9YwC
    neLWWN777jRjew5mv2DVbwB2AO5Lvbd1zmC64UJpH6vhnmajD35fsHLYgwDEe4l6
    qP3LAAABZ/Z7bY8AAAQDAEcwRQIgJZMibCSMJDwTwEp64XSQQXCuYtKJDvhT7FwK
    rxoyH6oCIQCz1HVQbPLwMOXQPBRQFtpYEb18JCVdzlh8+f0hITgC5gB1AF6nc/nf
    VsDntTZIfdBJ4DJ6kZoMhKESEoQYdZaBcUVYAAABZ/Z7cugAAAQDAEYwRAIgQoxF
    Fak6Aq9tVDo5BjaSl+90pZ8928SmDpA3XrQ7BrQCIHdOuigFbYK96gJ/GPaVNGqc
    w5FKxw9Z8TnpjZH1GEC/MA0GCSqGSIb3DQEBCwUAA4IBAQBbBTL603nJ9H7ClsKR
    g/XmFpGwQ4C5OftGmZ/Z/CG9iqOkLB2TPqdJ9NZRruMpWjnOnvDFoQ3NMSfDYdsn
    25fzh30fx2+zIWW2IdKa1yO4A9tr3cxn4iINy/+dcNmF6tciGJtdBhZZgpyqhymu
    kjuMCQRL17uVkLyrYA/+Ti5N02fzRchprOydiasnhHSdDM3HVZQOqjOvoB5omtuf
    D1aldjrgW+TcILlnZxYvaqDPeMvUIZxQPzealRniQ7tmMOAgJfjZXxzuXatqXqw0
    zbvQOiY2pSDn7WPxLbGafLAOFWIWhHtkEZMRC2n3WpupiZuC0pacmQeUgVY6Vabs
    KU8W
    -----END CERTIFICATE-----
    subject=/OU=Domain Control Validated/CN=*.smtp.sendgrid.net
    issuer=/C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, Inc./OU=http://certs.godaddy.com/repository//CN=Go Daddy Secure Certificate Authority - G2
    ---
    No client certificate CA names sent
    Peer signing digest: SHA512
    Server Temp Key: ECDH, P-256, 256 bits
    ---
    SSL handshake has read 4785 bytes and written 433 bytes
    ---
    New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384
    Server public key is 2048 bit
    Secure Renegotiation IS supported
    Compression: NONE
    Expansion: NONE
    No ALPN negotiated
    SSL-Session:
        Protocol  : TLSv1.2
        Cipher    : ECDHE-RSA-AES256-GCM-SHA384
        Session-ID: 75B8055B16B17B8D1125E6BBD9AB2FBA5E7F8E82E03BE80F33884C4AEA887585
        Session-ID-ctx:
        Master-Key: A48487A26B8DE701F574F006C1A2E20589D5BD23D1641DAE832E0C1A33017D1EE5C27490559604E32D5A291F75421855
        Key-Arg   : None
        PSK identity: None
        PSK identity hint: None
        SRP username: None
        TLS session ticket lifetime hint: 300 (seconds)
        TLS session ticket:
        0000 - 49 fd ab 92 6f 3e e8 d4-13 45 92 cd f8 f2 64 10   I...o>...E....d.
        0010 - 02 4e d3 50 ab ee 2a 6b-26 06 b5 81 e3 3a 5b a1   .N.P..*k&....:[.
        0020 - 2b 34 a7 18 bf 53 52 71-ae 5c e8 b4 a1 e9 36 0c   +4...SRq.\....6.
        0030 - 1c 09 c5 28 41 31 3e 03-7e e3 29 89 d9 fb ca 2c   ...(A1>.~.)....,
        0040 - f6 4f 5f dc 52 74 90 e8-4c ad e4 55 e6 04 59 90   .O_.Rt..L..U..Y.
        0050 - 64 55 2b 8d 62 01 70 6a-a9 f7 07 46 88 b0 43 7d   dU+.b.pj...F..C}
        0060 - fd e7 5d a9 6b 90 b5 b0-b3 ee 78 b6 57 3d e5 fa   ..].k.....x.W=..
        0070 - c0 c2 17 5f ec 56 00 0c-e5 88 19 76 01 0b 17 2d   ..._.V.....v...-
        0080 - 73 57 d5 28 0b dc c7 20-4b e3 13 60 a9 f6 a5 69   sW.(... K..`...i
        0090 - 1f 1c 4d 2b db 85 ed fe-99 3b 6b 75 39 c5 6f 21   ..M+.....;ku9.o!
    
        Start Time: 1575473240
        Timeout   : 300 (sec)
        Verify return code: 0 (ok)
    ---
    220 SG ESMTP service ready at ismtpd0063p1mdw1.sendgrid.net
    


  • I'm still facing this issue. Authentication fails, though I've double checked my configuration. I've also used the same authentication and similar parameters to send emails through FreeNAS.

    I've looked in the system logs. The notification error text is duplicated in the logs. What's a good next step for troubleshooting? I imagine going to the command line, and manually connecting would be next. Any guidance is appreciated.



  • Hi, I'm bumping to attract attention. I'm not seeing any log messages.

    Any next step to troubleshoot?



  • I tested with this one deactivated

    @ndemarco said in Sending email through SendGrid fails:

    Validate SSL/TLS: X

    fbf314a7-6a5b-4561-898a-16441b620db4-image.png

    Logging shows that I managed to connect.

    513a9815-fe06-4c86-9714-6d4d8c9366db-image.png

    Identification failed of course.



  • @Gertjan Thanks! That worked a treat.

    I posted a quick tutorial on my blog here, and someone else did the same here.


Log in to reply