Email notofication and gmail smtp



  • Hi,
    Maybe the notification is not supposed to work with gmail but I have tester a connection to gmail smtp to receive pf notification on my gmail account:

    IP Address of E-Mail server : smtp.gmail.com
    SMTP Port of E-Mail server : 587

    Every time I hit the save button and a test is made I receive this error message in the logs:

    php: /system_advanced_notifications.php: Could not send the message to romain.pelissier@gmail.com – Error: 530 5.7.0 Must issue a STARTTLS command first. h20sm7434523qck.24

    Found this on the net but not yet investigate further:
    http://www.mail-archive.com/info-gnus-english@gnu.org/msg08196.html


  • LAYER 8 Global Moderator

    If you SENDING to an gmail account you sure don't need use tls, etc.

    Just use port 25, and the server would be the standard mx record for gmail, not smtp.gmail.com – which would be for sending to other domains from your gmail account.

    So pick one of these
    ;; QUESTION SECTION:
    ;gmail.com.                     IN      MX

    ;; ANSWER SECTION:
    gmail.com.              3594    IN      MX      10 alt1.gmail-smtp-in.l.google.com.
    gmail.com.              3594    IN      MX      20 alt2.gmail-smtp-in.l.google.com.
    gmail.com.              3594    IN      MX      30 alt3.gmail-smtp-in.l.google.com.
    gmail.com.              3594    IN      MX      40 alt4.gmail-smtp-in.l.google.com.
    gmail.com.              3594    IN      MX      5 gmail-smtp-in.l.google.com.

    Port 25, your gmail email address and the from address you can make from whoever pfsense@alert.tld you don't need a username or password, to send directly to gmail servers.  That info would be for if you were using say some other smtp server to send to otherdomainnothostedbysmtpserver.com




  • I have tested with one of the smtp server you have found but still have the same issue. I have then use the smtp server provided by my internet provider and all is working now.


  • LAYER 8 Global Moderator

    Well its possible your ISP blocks outbound to 25 off its network, so then sure you would not be able to talk to the servers directly, easy enough to do a simple test of that with telnet.

    C:\Windows\System32>telnet gmail-smtp-in.l.google.com 25

    220 mx.google.com ESMTP f13si33722846ibb.22
    quit
    221 2.0.0 closing connection f13si33722846ibb.22

    If you can not connect, then no you would not be able to send directly to gmail and would have to use your ISP smtp server, etc.



  • Still doesn't work for me using my ISP (Rogers - which uses Yahoo email servers).

    On port 25 with all the correct settings it still fails with "Error: 530 authentication required"… seems pfense 2.0 is not sending the credentials.  My email client (Thunderbird) has no issues.


  • LAYER 8 Global Moderator

    On this document it clearly states to use port 587

    http://www.rogershelp.com/yahoo/mail/settings.html

    Outgoing (SMTP) Port Number: 587



  • Highly amusing, they have changed all their web pages to port 587 from port 25 from 2 years ago. But not relevant, my email client works fine on port 25 and I can telnet there and test without issue.  Changing it to port 587 in any case does not help with the pfsense error.


  • LAYER 8 Global Moderator

    Well I just tested using another smtp server, and yup it fails.

    I know for a fact that have the correct username and password, since I just tested the auth from command line

    250 homiemail-a48.g.dreamhost.com
    auth login
    snipped
    235 2.7.0 Authentication successful

    To test from telnet you need to base64 your email address and password, send base64 encoded emailaddress, then enter then base64 encoded password.  And this works fine, but put the same info into pfsense and yup it fails.

    But if you have telnet access off your network, then just send directly to the mail server for the domain your wanting to sent email too.

    But they need to correct this, think I will do a sniff and see what its doing wrong.

    edit: Ok from a capture it never sends the auth command, nor the info.. So yeah its broke!



  • Rebel Alliance Developer Netgate

    Some commits happened for this over the weekend, can you try a new snapshot and see if it works?



  • Just upgraded tested e-mail on the latest snapshot (Mon Jan 3 03:26 2011)

    I get an error:

    Warning: require_once(sasl.inc): failed to open stream: No such file or directory in /etc/inc/notices.inc on line 286 
    Fatal error: require_once(): Failed opening required 'sasl.inc' (include_path='.:/etc/inc:/usr/local/www:/usr/local/captiveportal:/usr/local/pkg') in /etc/inc/notices.inc on line 286
    

  • Rebel Alliance Developer Netgate

    Here is the open ticket for that, the error messages would be useful to the person working on the issue: http://redmine.pfsense.org/issues/1141


  • LAYER 8 Global Moderator

    yup getting the same error when try to change the notification section to use auth.

    Warning: require_once(sasl.inc): failed to open stream: No such file or directory in /etc/inc/notices.inc on line 286 Fatal error: require_once(): Failed opening required 'sasl.inc' (include_path='.:/etc/inc:/usr/local/www:/usr/local/captiveportal:/usr/local/pkg') in /etc/inc/notices.inc on line 286

    On the latest snap

    2.0-BETA5 (i386)
    built on Mon Jan 3 03:26:07 EST 2011

    edit:
    Ok, tested the lastest snap and still not working
    2.0-BETA5 (i386)
    built on Mon Jan 3 13:22:20 EST 2011

    now bug says it was fixed because he did not include the sasl.inc or sasl.php from the class – but that was still missing after the update..  But I grabbed the file from the links in the bug, renamed to .inc and then changed the names for the other files to be .inc vs .php and its working.. I would assume the next snap will include file?

    But if not you can always make it work on your own.. Just grab from the link in the bug.

    I tested sending to my dreamhost server authing, and its send to my gmail address just fine.

    As you can see from capture its sending auth now ;)  I'll the file I added and edited before I upgrade to the next snap to verify its now included, etc.




  • Hi all,

    Yeah, I made only a partial operation with git and I forgot to add /etc/inc/sasl.inc :-(

    The file should now be in the lastest snapshot, can you just try again to validate all is ok ?

    Many thanks,
    Pierre



  • Works for me now with latest snap.

    Thanks!



  • Working for me now also with 1/5/11 snapshot.



  • I just joined the 2.x revolution and was unable to get e-mail notifications working as previously described in this post.  For one reason or another, my pfSense is unable to authenticate against smtp.gmail.com:587.  Since I use Google Apps to host my domain's e-mail, I decided to extend the guidance above by performing a lookup on my domain (http://www.mxtoolbox.com is a handy tool), and I used the resulting hostname in my config.  Same deal – use port 25, no need for AUTH, the From: address can even be 'spoofed'.  Hope this helps anyone who may run into the same problem!


  • LAYER 8 Global Moderator

    Guess Im going to sound like a dick no matter how I say this - but no shit you would not be able to connect to gmail.com on port 25 - nobody ever suggested that you do such a thing.. I clearly pointed out the MX records for gmail.com – why would you have tried to use gmail.com??

    But yes as already went over you could send directly to the smtp server for you domain, and would have no need to auth..  But as also went over they corrected the issue and now you can auth to whatever smtp server you want to use to send email to your notification address.



  • My bad.  I was trying so many different configs – meant to note that my pfSense was unable to auth against smtp.gmail.com:587.



  • gmail smtp requires ssl so use port 587 or 465


Log in to reply