• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Unable to configure notifications using port 587

Scheduled Pinned Locked Moved General pfSense Questions
4 Posts 3 Posters 242 Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • W
    wineguy
    last edited by 25 days ago

    I'm running a Netgate 3100 with 24.11-RELEASE (arm). I'm attempting to configure notifications using port 587 and get the error: :SMTP: Invalid response code received from server (code: 530, response: 5.7.0 Must issue a STARTTLS command first)"
    My email server showed that it never got a STARTTLS from the Netgate 3100.
    To verify, I ran tcpdump - and verified that Netgate 3100 with 24.11-RELEASE (arm) connects, EHLOs, gets the menu from my mailserver, then jumps straight to MAIL FROM. It never sends STARTTLS.

    My configuration settings are below. I thought this was supposed to be automatic. What am I missing? Why is Netgate 3100 with 24.11-RELEASE (arm) not sending STARTTLS when port 587 is chosen?

    b7dfdda6-5d7e-4257-96c6-3d16c2d2da98-image.png

    1 Reply Last reply Reply Quote 0
    • S
      stephenw10 Netgate Administrator
      last edited by 25 days ago

      It should. However it only does so when authentication is enabled and it looks like you haven't entered a username. That could well be stopping it trying to authenticate. Though I'm not sure I've ever tested that. 🤔

      W 1 Reply Last reply 25 days ago Reply Quote 0
      • W
        wineguy @stephenw10
        last edited by 25 days ago

        @stephenw10

        Thank you!

        When I entered the username, it did indeed issue the required STARTTLS.

        I expected that it would default to the 'From email address', which would make a nice enhancement.

        But I also expected from RFC-6409 that the mail client would issue the STARTTLS even without an authenticated sender rather than sending the MAILFROM in plaintext. So, another nice enhancement would be to require a username and password when port 587 is selected.

        I'm just whining at this point. I really do appreciate your help!

        G 1 Reply Last reply 25 days ago Reply Quote 1
        • G
          Gertjan @wineguy
          last edited by 25 days ago

          @wineguy said in Unable to configure notifications using port 587:

          I expected that it would default to the 'From email address', which would make a nice enhancemen

          Noop.
          The "From" is the mail address from which you send the mail.
          This can be different one as the USER login credential, needed for submission over port 587 (smtp with authentication) to work. These two can be identical, true.

          @wineguy said in Unable to configure notifications using port 587:

          So, another nice enhancement would be to require a username and password when port 587 is selected.

          '587' or submission means (imho - check with RFC ?) : must authenticate.

          You could go one step beyond :
          Set up your mail server to use plain TLS, or SMTPS, normally over port 465. Most FAI's - look how gmail does things - don't use - or should I say : don't enforce the use of 587 anymore. It's TLS all the way = port 465, which means : from byte zero all is TLS.
          You can pick any port actually, as it would be used by your mail clients, the ones you control.

          No "help me" PM's please. Use the forum, the community will thank you.
          Edit : and where are the logs ??

          1 Reply Last reply Reply Quote 0
          1 out of 4
          • First post
            1/4
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
            This community forum collects and processes your personal information.
            consent.not_received