Notifications on Pfsense on Netgate
-
Any tips on setting up email notifications? I use both gmail and Office365. Thought the server would be smtp@office365 with my login. Not having much luck. I'd like to just set up a gmail account to share with a group.
-
@Happydog see https://learn.microsoft.com/en-us/exchange/mail-flow-best-practices/how-to-set-up-a-multifunction-device-or-application-to-send-email-using-microsoft-365-or-office-365
-
Tried that. Error: Failed to connect to ssl://smtp.office365.com:587 [SMTP: Failed to connect socket: fsockopen(): Unable to connect to ssl://smtp.office365.com:587 (Unknown error) (code: -1, response: )]
-
When SMTP Port of E-Mail server is set to '587', outgoing traffic should be initially not be TLS (SSL).
But you've checked "Secure SMTP Connection" so outgoing traffic will be TLS (SSL) from byte 0, hence the error "ssl://smtp.office365.com:587" : it fails as port 587 is 'non TLS'.
When the 'clear' connection is established, pfSense, acting as the mail client, will output a mail server capabilities command : "EHLO something" and the answer will be something like :
250-PIPELINING 250-SIZE 31457280 250-ETRN 250-STARTTLS 250-AUTH PLAIN LOGIN 250-AUTH=PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250-DSN 250-SMTPUTF8 250 CHUNKINGBecause STARTTLS is present, pfSense will use it, and from then on, the connection will be TLS (SSL).
You need to uncheck ""Secure SMTP Connection".
If you were using the more modern port 465 = smtps = a connection over TLS from byte 0.
smtps also used authentication and is TLS all the way. -
No joy: LOGIN authentication failure [SMTP: Invalid response code received from server (code: 535, response: 5.7.139 Authentication unsuccessful, SmtpClientAuthentication is disabled for the Mailbox. Visit https://aka.ms/smtp_auth_disabled for more information. [YT4PR01CA0405.CANPRD01.PROD.OUTLOOK.COM 2023-08-02T15:03:04.265Z 08DB9326DA21574B])]
-
No joy ?
Some joy ! as now you know that you can't use that account because "SmtpClientAuthentication" is disabled for the (that) Mailbox.
So the error is Authentication unsuccessful.
Tip of the day : use an account that you have access to ^^And https://aka.ms/smtp_auth_disabled brings you back to https://learn.microsoft.com/en-us/exchange/clients-and-mobile-in-exchange-online/authenticated-client-smtp-submission
-
@Happydog The purple note on option 1 for the MS doc I posted is:
"This option is not compatible with Microsoft Security Defaults. We recommend using Modern Authentication when connecting with our service. Although SMTP AUTH now supports OAuth, most devices and clients have not been designed to use OAuth with SMTP AUTH. As a result, there are no plans to disable Basic Authentication for SMTP AUTH clients at this time. To find out more about OAuth, see Authenticate an IMAP, POP or SMTP connection using OAuth.
You must also verify that SMTP AUTH is enabled for the mailbox being used. SMTP AUTH is disabled for organizations created after January 2020 but can be enabled per-mailbox. For more information, see [Enable or disable authenticated client SMTP submission (SMTP AUTH) in Exchange Online]."
If you have a static IP option 3, the connector, is easiest.
