E-Mail Notification SPAM since 23.01

cursix

Is anyone else having PFSense Plus spam e-mail notifications almost every minute? For example I have a certificate expiring and it seems to be sending me an e-mail a minute so now I have over 6000 e-mails in my notification mail folder.

jimp

I'm not sure if this is from you or another separate report: https://redmine.pfsense.org/issues/14031

I don't doubt it's happening as this isn't the first report we have received about it, but thus far nobody has been able to reproduce it in lab conditions and we haven't had any leads about possible causes when checking the code handling notifications.

The messages are put into a queue and the queue is cleared when they are sent, but somehow it must be failing to erase that file when this happens. It's unclear what specifically must be failing to get it into that state, however.

Has this happened more than once? Were there any other errors in the logs before it started happening?

What does /var/db/notifyqueue.messages contain?

Since there is a lock/unlock around modifications of that file I also wonder if applying 053f60e56d09ba711af245c7f0ce6a06673ccc89 via the system patches package might help.

cursix

@jimp Yes, that is my report. There is content in var/db/notifyqueue.messages:

a:1:{s:5:"mails";a:1:{s:4:"item";a:2:{i:0;a:3:{s:4:"time";i:1677139260;s:4:"type";s:4:"mail";s:3:"msg";s:118:"The following CA/Certificate entries are expiring:
Certificate: kanako-test (638dc1866bf9d): Expiring soon, in 10 days";}i:1;a:3:{s:4:"time";i:1677225660;s:4:"type";s:4:"mail";s:3:"msg";s:117:"The following CA/Certificate entries are expiring:
Certificate: kanako-test (638dc1866bf9d)

This has happened once before when the system was briefly unable to resolve acb.netgate.com.

I don't see any logs around these notifications that seem related to mail. If there is verbose option and a way to generate a notification, I would be happy to toggle it.

jimp

Curious. Was that the entire contents? Nothing cut off there? It seems to end prematurely.

cursix

Sorry, yeah I missed a little bit at the end thinking it was part of the SSH Prompt.

a:1:{s:5:"mails";a:1:{s:4:"item";a:2:{i:0;a:3:{s:4:"time";i:1677139260;s:4:"type";s:4:"mail";s:3:"msg";s:118:"The following CA/Certificate entries are expiring:
Certificate: kanako-test (638dc1866bf9d): Expiring soon, in 10 days";}i:1;a:3:{s:4:"time";i:1677225660;s:4:"type";s:4:"mail";s:3:"msg";s:117:"The following CA/Certificate entries are expiring:
Certificate: kanako-test (638dc1866bf9d): Expiring soon, in 9 days";}}}}

yanakis

@cursix hi. I have tue same issue. What's gping on? Got hundreds of emails telated to wan going down every minute.

SteveITS

@yanakis 1) is it flapping?
2) install/update the System Patches package and install patch
Fix SMTP notification loop / config.cache write failures (Redmine #14031, Redmine #14061)

yanakis

@steveits said in E-Mail Notification SPAM since 23.01:

@yanakis 1) is it flapping?
2) install/update the System Patches package and install patch
Fix SMTP notification loop / config.cache write failures (Redmine #14031, Redmine #14061)

1 - meaning?
2 - no new packages available
Fix SMTP notification loop / config.cache write failures (Redmine #14031, Redmine #14061) - I am not that advanced :)

Seems to happen every night, I got more than 1000 messages

Thanks!

stephenw10

@yanakis said in E-Mail Notification SPAM since 23.01:

no new packages available

You already have an old version of the System Patches package installed?

SteveITS

@yanakis flapping meaning, is it actually going up and down? Or is this the same alert being resent repeatedly (the bug).

Re: 2, I meant, install that patch using that package.

yanakis

@steveits said in E-Mail Notification SPAM since 23.01:

@yanakis flapping meaning, is it actually going up and down? Or is this the same alert being resent repeatedly (the bug).

Re: 2, I meant, install that patch using that package.

No, is the same alert repeated although I disabled smtp notifications
I just applied the patch. let's see what happens over night.

SteveITS

@yanakis You have to install the System Patches package I linked above, then go to System/Patches

yanakis

@steveits said in E-Mail Notification SPAM since 23.01:

@yanakis You have to install the System Patches package I linked above, then go to System/Patches

I did but overnight happened again? does it need a restart?

Gertjan

@yanakis

You :

... disabled smtp notifications

and installed the patch.

Still, you receive mails from pfSense ?

yanakis

@gertjan I renabled SMTP notifications after the patch

SteveITS

@yanakis and just to be clear your system logs show only one WAN drop?

yanakis

@steveits said in E-Mail Notification SPAM since 23.01:

@yanakis and just to be clear your system logs show only one WAN drop?

no WAN drop, just thousands of emails containing the same text:

0:49:00 MONITOR: GSM_DHCP has packet loss, omitting from routing group Failover
1.1.1.1|192.168.8.107|GSM_DHCP|50.998ms|0ms|50%|down|highloss
0:49:01 MONITOR: GSM_DHCP is available now, adding to routing group Failover
1.1.1.1|192.168.8.107|GSM_DHCP|46.107ms|2.507ms|0.0%|online|none
18:04:22 MONITOR: WAN_PPPOE has packet loss, omitting from routing group Failover
8.8.8.8|86.122.163.2|WAN_PPPOE|16.069ms|11.825ms|24%|down|highloss
18:06:07 MONITOR: WAN_PPPOE is available now, adding to routing group Failover
8.8.8.8|86.122.163.2|WAN_PPPOE|14.924ms|2.202ms|4%|online|none
18:06:32 MONITOR: WAN_PPPOE has packet loss, omitting from routing group Failover
8.8.8.8|86.122.163.2|WAN_PPPOE|14.82ms|0.573ms|23%|down|highloss
18:07:56 MONITOR: WAN_PPPOE is available now, adding to routing group Failover
8.8.8.8|86.122.163.2|WAN_PPPOE|16.51ms|13.409ms|10%|online|none

SteveITS

@yanakis I'd expect 00:49 and 18:04 to be separate email alerts...

You can change monitoring thresholds, monitoring IPs, or even disable monitoring in the System/Routing page if you want to assume they are always up.

Gertjan

@yanakis said in E-Mail Notification SPAM since 23.01:

MONITOR: GSM_DHCP

That's the typical WAN type interface that fluctuates.
I friend of my doesn't have ADSL or fiber as he lives to far out in the middle of now where.
He tried all type of satalite access (not yet startlink) and now uses a 4G modem/router.
It's pretty good, but bandwidth isn't stable at all. It's a 0 to 50 Mbit/sec dance all day long.

Btw : dpinger monitoring can mail ? I learned something.

jimp

Does /var/db/notifyqueue.messages contain any content right now? If so, rm /var/db/notifyqueue.messages and see if it happens again.