Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    SMTP: Failed to connect socket: stream_socket_client(): unable to connect to ssl://

    Scheduled Pinned Locked Moved General pfSense Questions
    6 Posts 3 Posters 8.7k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      serbus
      last edited by serbus

      Hello!

      On a sg-3100 running 2.4.5.r.20200305.1800

      I started having a problem sending notifications setup via the System -> Advanced -> Notifications tab after updating to the 2.4.5_RC. Notifications worked fine in 2.4.4_p3 using the same smtp server.

      Error is :

      Could not send the message to foo@bar.com -- Error: Failed to connect to ssl://smtp.foo.local:465 [SMTP: Failed to connect socket: stream_socket_client(): unable to connect to ssl://smtp.foo.local:465 (Unknown error) (code: -1, response: )]

      Crash dump:

      [05-Mar-2020 22:04:06 America/Chicago] PHP Warning: stream_socket_client(): SSL operation failed with code 1. OpenSSL Error messages:
      error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed in /usr/local/share/pear/Net/Socket.php on line 159
      [05-Mar-2020 22:04:06 America/Chicago] PHP Warning: stream_socket_client(): Failed to enable crypto in /usr/local/share/pear/Net/Socket.php on line 159
      [05-Mar-2020 22:04:06 America/Chicago] PHP Warning: stream_socket_client(): unable to connect to ssl://smtp.crownehill.local:465 (Unknown error) in /usr/local/share/pear/Net/Socket.php on line 159

      Setting:

      <sslvalidate>disabled</sslvalidate> in the config

      This problem appears to be similar to this thread :

      https://forum.netgate.com/topic/138289/solved-smtp-notification-error-smtp-failed-to-connect-socket-fsockopen-with-tls-and-private-ca

      Additional net chatter :

      https://stackoverflow.com/questions/45942833/pear-mail-unable-to-connect-to-gmail-smtp-failed-to-connect-to-socket

      Based on what I found, my poke-and-hope fix was to add
      'verify_peer' => false
      to the send_smtp_message socket_options in etc/inc/notices.inc

      This fixes the error in my environment.
      I have no idea if this is a valid solution or if will will break something else.
      I was hoping someone with a better understanding of the pfsense pkg environment and code could weigh in.

      Thanks!

      John

      Lex parsimoniae

      1 Reply Last reply Reply Quote 0
      • GertjanG
        Gertjan
        last edited by

        Hi,

        What you are saying is that some mail server out there that your are using is breaking the rules.
        Like "asking you to use SSL and propoising invalid certificates". That like visiting a web site with uses expired certs, or a site that uses a revoked cert. You could use internal settings in your browser so it wouldn't mind ...

        As said in https://stackoverflow.com/questions/45942833/pear-mail-unable-to-connect-to-gmail-smtp-failed-to-connect-to-socket, you can check what happens using the command line, and the "openssl client" command :

        openssl s_client -connect smtp.gmail.com:465 -starttls smtp
        

        returns with

        ....
        Verify return code: 0 (ok)
        

        which means : "all is ok, go ahead"

        This :

        997da724-3cc3-40df-9956-3ef9613e18dd-image.png

        works fine for me.
        But take note : I set up may own mail server (postfix). pfSense cans end mails just fine. As Thunderbird, Outlook 2010, Outlook 365, etc, using SSL

        No "help me" PM's please. Use the forum, the community will thank you.
        Edit : and where are the logs ??

        1 Reply Last reply Reply Quote 0
        • viktor_gV
          viktor_g Netgate
          last edited by

          Based on what I found, my poke-and-hope fix was to add
          'verify_peer' => false
          to the send_smtp_message socket_options in etc/inc/notices.inc

          This fixes the error in my environment.

          Screenshot from 2020-11-13 18-13-33.png

          1 Reply Last reply Reply Quote 0
          • GertjanG
            Gertjan
            last edited by

            @serbus said in SMTP: Failed to connect socket: stream_socket_client(): unable to connect to ssl://:

            bar.com

            I guess the issue was solved : bar.com - and hopefully the MX attached to - it uses a cert that comes from a known issuer.
            Can't really test it's a cloudfaire thing.

            No "help me" PM's please. Use the forum, the community will thank you.
            Edit : and where are the logs ??

            1 Reply Last reply Reply Quote 0
            • S
              serbus
              last edited by

              Hello!

              https://redmine.pfsense.org/issues/10317

              John

              Lex parsimoniae

              GertjanG 1 Reply Last reply Reply Quote 0
              • GertjanG
                Gertjan @serbus
                last edited by

                @serbus said in SMTP: Failed to connect socket: stream_socket_client(): unable to connect to ssl://:

                Hello!

                https://redmine.pfsense.org/issues/10317

                John

                That one was solved 2.4.5-p1 is good.

                No "help me" PM's please. Use the forum, the community will thank you.
                Edit : and where are the logs ??

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.