• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Email Links not Working

Firewalling
5
10
762
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • T
    tkopp
    last edited by Jan 8, 2024, 4:57 PM

    I get emails that have links to websites in pictures or hyperlinked in words. When I click them I get This site can’t provide a secure connectionclick.convertkit-mail.com sent an invalid response. When I connect to the internet through a different connection I have no issues using the links. If when I get back onto the connection in question then I copy that link and paste into a browswer it goes through no problem.

    I am assuming it is something the firewall is blocking. Anyone know how to fix it?

    S J 2 Replies Last reply Jan 8, 2024, 5:19 PM Reply Quote 0
    • S
      SteveITS Galactic Empire @tkopp
      last edited by Jan 8, 2024, 5:19 PM

      @tkopp Is this a standard mailto: link? That opens whatever your browser/OS is set to open. If they are all referencing this site do you have some sort of email plugin in your browser? What is that site?

      "sent an invalid response" sounds like it connected and got some sort of response.

      Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
      When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
      Upvote πŸ‘ helpful posts!

      T 1 Reply Last reply Jan 8, 2024, 5:26 PM Reply Quote 0
      • T
        tkopp @SteveITS
        last edited by Jan 8, 2024, 5:26 PM

        @SteveITS If I am connected to the network at school I get the Site can't provide a sec...... response, but If I turn off the network and connect the same computer through my phone it goes through with no issue.

        Meaning I don't have any plugins on the computer itself it only affects the email when I am on the school network. In addition we use google for email, if I forward the message to a different email provider I get the same issue. When I am on the school network it doesn't work if I switch to my phone it goes through.

        The only common demonator I can find is our Pf Sense firewall.

        J 1 Reply Last reply Jan 8, 2024, 6:41 PM Reply Quote 0
        • J
          jrey @tkopp
          last edited by Jan 8, 2024, 6:37 PM

          @tkopp said in Email Links not Working:

          connectionclick.convertkit-mail.com

          is that the actual name ?

          name does not DNS lookup > CNAME = NXDOMAIN response

          convertkit-mail.com

          that does lookup, it is inside mailgun.org

          is something in the school network trying to track the click and/or prevent the click by changing the link, thus making it invalid.
          does the link look the same when inside and outside the school network?

          T 1 Reply Last reply Jan 8, 2024, 7:06 PM Reply Quote 0
          • J
            johnpoz LAYER 8 Global Moderator @tkopp
            last edited by johnpoz Jan 8, 2024, 6:42 PM Jan 8, 2024, 6:41 PM

            @tkopp said in Email Links not Working:

            network at school I get the Site can't provide a sec...... response

            Sounds like they running through a proxy, and your box/device/phone whatever it is your using doesn't like that..

            Does pfsense have a proxy setup that would mess with a https connection?

            An intelligent man is sometimes forced to be drunk to spend time with his fools
            If you get confused: Listen to the Music Play
            Please don't Chat/PM me for help, unless mod related
            SG-4860 24.11 | Lab VMs 2.7.2, 24.11

            1 Reply Last reply Reply Quote 0
            • T
              tkopp @jrey
              last edited by Jan 8, 2024, 7:06 PM

              @jrey Yes when I am on the network that is what pops up first, but that is just one site. I have other emails that have done the same thing but with different addresses. If I turn off the network and use a different connection no issue.

              S B 3 Replies Last reply Jan 8, 2024, 7:50 PM Reply Quote 0
              • S
                SteveITS Galactic Empire @tkopp
                last edited by Jan 8, 2024, 7:50 PM

                @tkopp Ok so what packages are you running on your pfSense?

                Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
                When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
                Upvote πŸ‘ helpful posts!

                1 Reply Last reply Reply Quote 0
                • B
                  bmeeks @tkopp
                  last edited by bmeeks Jan 8, 2024, 9:02 PM Jan 8, 2024, 9:01 PM

                  @tkopp:
                  Are you a student at this school or the admin of the network? If admin, then you should know exactly what packages, if any, are installed on pfSense. Providing that list will let the folks in this thread offer some suggestions.

                  If you are a student or guest at the school, my best guess is the netwok security admins have either implemented email security features or the network traffic is being routed through some manner of proxy for security reasons. In either case, you will need to address the issue with them directly (the network security admins).

                  The fact you can bypass the issue when you use a cellular connection makes this all the more likely. It's not a pfSense "malfunction", but rather is likely a network security feature implemented by the school to prevent introduction of malware via email links. It could also be a consequence of a third-party package such as Squid or HA-Proxy.

                  1 Reply Last reply Reply Quote 1
                  • B
                    bmeeks @tkopp
                    last edited by Jan 8, 2024, 9:27 PM

                    @tkopp said in Email Links not Working:

                    @jrey Yes when I am on the network that is what pops up first, but that is just one site. I have other emails that have done the same thing but with different addresses. If I turn off the network and use a different connection no issue.

                    In line with my other reply, if you are a student at this school or an employee, and you are not the network adminstrator, then I would think twice about bypassing the normal network by using a cellphone hotspot or similar procedure to allow a school computer to bypass the network security features in place.

                    If you were to inadvertently introduce malware onto the school network by infecting the computer you are using with this bypass method, the school authorities might not be too happy with you πŸ™‚.

                    J 1 Reply Last reply Jan 8, 2024, 10:52 PM Reply Quote 0
                    • J
                      johnpoz LAYER 8 Global Moderator @bmeeks
                      last edited by Jan 8, 2024, 10:52 PM

                      I'm with @bmeeks here - schools and companies quite often block web based email, that they allow gmail might be because they use gmail. Many companies block that for sure.

                      It could be its blocked and the block page coming up via an https link is what your browser is complaining about, redirection to a block page normally will force a browser to complain, hey I was trying to go to www.emaildomain.com why is the certs sending back www.somethingelse.com in the cert..

                      if you admin the pfsense box at this school - we can for sure help you figure out how to allow what you want to allow, etc. But if this is school pfsense box that you do not admin - you need to get with the school IT admins.

                      Also agree with not connecting schools equipment to non school network, ie your phone hotspot.

                      An intelligent man is sometimes forced to be drunk to spend time with his fools
                      If you get confused: Listen to the Music Play
                      Please don't Chat/PM me for help, unless mod related
                      SG-4860 24.11 | Lab VMs 2.7.2, 24.11

                      1 Reply Last reply Reply Quote 0
                      10 out of 10
                      • First post
                        10/10
                        Last post
                      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.