Email Notifications not working with Special Characters in Password
-
I have tested this and confirmed with two different gmail accouts.
- account has a ! is password. This account fails with testing;
Could not send the message to user@domain.com -- Error: PLAIN authentication failure [SMTP: Invalid response code received from server (code: 535, response: 5.7.8 Username and Password not accepted. Learn more at 5.7.8 https://support.google.com/mail/?p=BadCredentials y2sm1046183pfe.146 - gsmtp)]- account has no special characters. This account works fine as
SMTP testing e-mail successfully senttherefore quite clearly, passwords with special characters are not getting parsed accordingly. Could it be a bug?
-
@mr-rosh
Maybe related to the auth bug in DDNS . I had to remove an '@' sign from my No-IP PW to make it work. I guess there's a patch for that. Maybe a similar line edit is needed here.https://github.com/pfsense/pfsense/commit/4aab19d4ade5d164c22bd63b2833d54bab740d59#diff-bcf28745a76c16f378252ea678d7f1caca21c59cabc46f026ff8391c01c9ddea
-
@provels i am not using DDNS at all.
-
johnpoz LAYER 8 Global Moderatorlast edited by johnpoz Jul 31, 2021, 11:28 AM Jul 31, 2021, 11:28 AM
@mr-rosh he wasn't saying you were - what he is pointing out is there is sim issue with @ in that password. So the reason your email password isn't working is prob related to the same sort of issue.
He was linking to the patch to fix the ddns pasword issue, sim sort of edit to the email password stuff might correct the problem.
You using or not using ddns doesn't mean the issue are not related to the parsing or handling of special characters in the password.
-
-
Open a bug report if it's easy to reproduce: https://redmine.pfsense.org
I don't see anything open there currently that would cover this.Steve
-
@stephenw10 Issue #12211 created.
-
So you had this setup before? And it broke with upgrade?
Do you have 2fa turn on with your gmail?
If so you can not use normal passwords and need to create a app password... Which I have never seen use special characters..
https://support.google.com/mail/answer/185833?hl=en-GB
I have had such a password setup for pfsense since 2016..
I find it unlikely that there is a bug - and maybe configuration error with gmail security. For a normal gmail password to work, you would have to have 2fa not enabled in your google account. If you had it on - then it could return such an error.
Would seem that many people would be using gmail with their notification, and would also assume in this day and age they would have special characters in it.. I would love to try and duplicate your problem. But don't feel going through the hassle of disable 2fa, just to turn it back on, etc. But the generated app passwords do not use special characters - they are 16 characters that are generated by google - with no real way to edit the characters set that I am aware of.
It would also be a bad security choice to not have 2fa enable on your gmail..
-
@johnpoz I have Gmail email that I use for notifications on other devices and IoT. they are working fine with an account that has special character in the password.
It only doesn't work in pfsense. So it's surely pointing towards pfsense.
-
Why do you not just setup app password? Are you saying you do not have 2fa setup on your gmail account?
Pretty much every guide and how to all over the net for setting up notification using gmail, says to use app password.. Because 2fa enabled should be the default.
I have my gmail account used for many things - all using app passwords..
I also recall something where you had to hit save before testing, or it wouldn't use the current password you put in? Not sure if that has changed in more recent versions. Like I said looking up my app passwords the one I setup for pfsense was last done in 2016.. Have never had to redo it in pfsense because even on clean installs I just restore my config, etc.
If there was some bug in parsing special characters for the email password - wouldn't you think there would be a lot of people complaining about it? Lots of people use gmail, lots of people use other email servers.. Lots of people use special characters in their email ;)
But if you search for setting up pfsense with gmail - everyone I found says to use app passwords ;) Which don't have special characters in them.
Are you actually hitting the save button before you test?
Here see this thread about the save button which isn't that old
https://forum.netgate.com/topic/151153/system-advanced-notifications-e-mail-smtp-notification-e-mail-auth-password-not-updating/4 -
@johnpoz Lets take google out of the picture.
What we use some other email product and password enforcements are strict on the environment? nad has special character's in password, what then.
issue remains!
-
Your not using this other email now are you?? If so it would work - not working with google, does not mean that special characters do not work..
Here I set my notification to use one of my other domains smtp server, using a very strong password I just set
"XPL!Fx7$vJNWJ2QPowG@uJ"
3 different special characters in it - works just fine.
Now I have to go back and create a new app password so I can use gmail again.. But that was much easier then turning off 2fa auth, etc. and trying it with gmail, etc..
-
Mmm, I've failed to replicate that here too for a generic connection. Unless you're setting something else at the same time as that perhaps?
Steve
-
Yeah gmail is a bit special - can you get it to work without 2fa? Maybe?? Don't know, don't care - have had 2fa on since like 2014, and I was late to the party ;)
But just tested this with one of play domains, no 2fa - just your typical smtp server over 587 works just fine.. So clearly pfsense is parsing special characters in the password. And his issue is most likely do to the special requirements of gmail.