Setting up e-mail notifications under pfSense 23.01

highc

Hi, just moved to a new SG2100. Trying to setup e-mail notifications to my own mail server. The data used previously (pfSense 2.6) doesn't work anymore...

This is what I have from the old box:

- <notifications>
- <smtp>
  <ipaddress>mail.sample.com</ipaddress> 
  <port>587</port> 
  <timeout /> 
  <notifyemailaddress>info@example.com</notifyemailaddress> 
- <username>
- <![CDATA[ xxx@example.com
  ]]> 
  </username>
  <authentication_mechanism>LOGIN</authentication_mechanism> 
  <fromaddress>xxx@example.com</fromaddress> 
- <password>
- <![CDATA[ xxx
  ]]> 
  </password>
  </smtp>
  </notifications>

When I use this with the new 23.01 box, I'm getting an error.

pfSense error:

Could not send the message to info@example.com -- Error: Failed to set sender: pfsense@firewall.example.com [SMTP: Invalid response code received from server (code: 530, response: 5.7.0 Must issue a STARTTLS command first)]

mail server (postfix) log:

May  6 10:17:59 postamt postfix/smtpd[76434]: connect from firewall.example.com[172.16.0.1]
May  6 10:17:59 postamt postfix/smtpd[76434]: disconnect from firewall.example.com[172.16.0.1] ehlo=1 mail=0/1 rset=0/1 quit=1 commands=2/4

How do I get pfSense to initiate STARTTLS? To my knowledge, this needs to be initiated by the connecting client.

Thanks!

(Edit: Found a workaround by using port 465. Still wonder how to get STARTTLS on port 587 working with pfSense)

SteveITS

@highc Enable the Secure SMTP Connection option. https://docs.netgate.com/pfsense/en/latest/config/advanced-notifications.html says that will use it. Tbh, I sometimes have trouble getting it to connect to some mail servers and just try a bunch of options…

highc

@steveits said in Setting up e-mail notifications under pfSense 23.01:

https://docs.netgate.com/pfsense/en/latest/config/advanced-notifications.html

Thanks for looking into this and getting back to me on a weekend. With this option activated, I am getting a different error:

Could not send the message to xxx@example.com -- Error: Failed to connect to ssl://xxx.example.com:587 [SMTP: Failed to connect socket: fsockopen(): Unable to connect to ssl://xxx.example.com:587 (Unknown error) (code: -1, response: )]

Related mail server log:

May  6 15:03:04 postamt postfix/smtpd[85109]: connect from firewall.example.com[172.16.0.1]
May  6 15:03:04 postamt postfix/smtpd[85109]: lost connection after UNKNOWN from firewall.example.com[172.16.0.1]
May  6 15:03:04 postamt postfix/smtpd[85109]: disconnect from firewall.example.com[172.16.0.1] unknown=0/1 commands=0/1

Same error, if I switch from LOGIN to PLAIN.

I will just not worry about this any further and go ahead with port 465.

Thanks again!

stephenw10

What's the email server you're trying to connect to? How is it configured? What connection type does it expect?

Steve