Email Notifications Not Working with SSL/TLS Checked



  • I've configured Notifications to point to a Ubuntu server running Postfix (myhost.domain.com). I've verified that Notifications work if I use port 25/tcp without the SSL/TLS checkbox checked. As soon as I check the SSL/TLS box, I get the following error message in my pfSense system logs:

    php: /system_advanced_notifications.php: Could not send the message to myuser@mydomain.com – Error: could not connect to the host "myhost.domain.com": ??

    I've taken the time to verify that TLS authentication is successfully working on Ubuntu server by manually authenticating using telnet and setting it up as an SMTP server in Apple Mail. So I'm at a loss for why it's not working on pfSense.

    I've turned up the logging on Postfix to capture some more details and noticed it may be sending some kind of string that doesn't seem to be recognized by the postfix server.

    Apr  6 20:28:17 myhost postfix/smtpd[20568]: > me.domain.com[xx.xxx.xxx.xxx]: 220 me.domain.com ESMTP Postfix (Ubuntu)
    Apr  6 20:28:17 myhost postfix/smtpd[20568]: watchdog_pat: 0xb9245a18
    Apr  6 20:28:17 myhost postfix/smtpd[20568]: < me.domain.com[xx.xxx.xxx.xxx]: ?y???
    Apr  6 20:28:17 myhost postfix/smtpd[20568]: match_string: ?y??? ~? CONNECT
    Apr  6 20:28:17 myhost postfix/smtpd[20568]: match_string: ?y??? ~? GET
    Apr  6 20:28:17 myhost postfix/smtpd[20568]: match_string: ?y??? ~? POST
    Apr  6 20:28:17 myhost postfix/smtpd[20568]: match_list_match: ?y???: no match
    Apr  6 20:28:17 myhost postfix/smtpd[20568]: > me.domain.com[xx.xxx.xxx.xxx]: 502 5.5.2 Error: command not recognized

    Have you seen this before or have any ideas on what I might be doing wrong?



  • I believe I've got this working, but I'm not sure why it works now. I made two changes. First, I configured pfSense to use port 465 and then I enabled smtpd_tls_wrappermode in master.cf on the postfix server.

    smtps    inet  n      -      -      -      -      smtpd
      -o syslog_name=postfix/smtps
      -o smtpd_tls_wrappermode=yes
    #  -o smtpd_sasl_auth_enable=yes
    #  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
    #  -o milter_macro_daemon_name=ORIGINATING

    Any idea on why that would fix the issue?



  • http://forum.pfsense.org/index.php/topic,60510.0.html

    pfSense appears to always insists on "wrapper mode"
    http://forum.pfsense.org/index.php/topic,60517.0.html

    Should be able to use the port of your choosing so long as it is configured for "wrapper mode".


Log in to reply