Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Email Notifications Not Working with SSL/TLS Checked

    General pfSense Questions
    2
    3
    3242
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      digm
      last edited by

      I've configured Notifications to point to a Ubuntu server running Postfix (myhost.domain.com). I've verified that Notifications work if I use port 25/tcp without the SSL/TLS checkbox checked. As soon as I check the SSL/TLS box, I get the following error message in my pfSense system logs:

      php: /system_advanced_notifications.php: Could not send the message to myuser@mydomain.com – Error: could not connect to the host "myhost.domain.com": ??

      I've taken the time to verify that TLS authentication is successfully working on Ubuntu server by manually authenticating using telnet and setting it up as an SMTP server in Apple Mail. So I'm at a loss for why it's not working on pfSense.

      I've turned up the logging on Postfix to capture some more details and noticed it may be sending some kind of string that doesn't seem to be recognized by the postfix server.

      Apr  6 20:28:17 myhost postfix/smtpd[20568]: > me.domain.com[xx.xxx.xxx.xxx]: 220 me.domain.com ESMTP Postfix (Ubuntu)
      Apr  6 20:28:17 myhost postfix/smtpd[20568]: watchdog_pat: 0xb9245a18
      Apr  6 20:28:17 myhost postfix/smtpd[20568]: < me.domain.com[xx.xxx.xxx.xxx]: ?y???
      Apr  6 20:28:17 myhost postfix/smtpd[20568]: match_string: ?y??? ~? CONNECT
      Apr  6 20:28:17 myhost postfix/smtpd[20568]: match_string: ?y??? ~? GET
      Apr  6 20:28:17 myhost postfix/smtpd[20568]: match_string: ?y??? ~? POST
      Apr  6 20:28:17 myhost postfix/smtpd[20568]: match_list_match: ?y???: no match
      Apr  6 20:28:17 myhost postfix/smtpd[20568]: > me.domain.com[xx.xxx.xxx.xxx]: 502 5.5.2 Error: command not recognized

      Have you seen this before or have any ideas on what I might be doing wrong?

      1 Reply Last reply Reply Quote 0
      • D
        digm
        last edited by

        I believe I've got this working, but I'm not sure why it works now. I made two changes. First, I configured pfSense to use port 465 and then I enabled smtpd_tls_wrappermode in master.cf on the postfix server.

        smtps    inet  n      -      -      -      -      smtpd
          -o syslog_name=postfix/smtps
          -o smtpd_tls_wrappermode=yes
        #  -o smtpd_sasl_auth_enable=yes
        #  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
        #  -o milter_macro_daemon_name=ORIGINATING

        Any idea on why that would fix the issue?

        1 Reply Last reply Reply Quote 0
        • N
          NOYB
          last edited by

          http://forum.pfsense.org/index.php/topic,60510.0.html

          pfSense appears to always insists on "wrapper mode"
          http://forum.pfsense.org/index.php/topic,60517.0.html

          Should be able to use the port of your choosing so long as it is configured for "wrapper mode".

          1 Reply Last reply Reply Quote 0
          • First post
            Last post