Email Notifications Not Working with SSL/TLS Checked
-
I've configured Notifications to point to a Ubuntu server running Postfix (myhost.domain.com). I've verified that Notifications work if I use port 25/tcp without the SSL/TLS checkbox checked. As soon as I check the SSL/TLS box, I get the following error message in my pfSense system logs:
php: /system_advanced_notifications.php: Could not send the message to myuser@mydomain.com – Error: could not connect to the host "myhost.domain.com": ??
I've taken the time to verify that TLS authentication is successfully working on Ubuntu server by manually authenticating using telnet and setting it up as an SMTP server in Apple Mail. So I'm at a loss for why it's not working on pfSense.
I've turned up the logging on Postfix to capture some more details and noticed it may be sending some kind of string that doesn't seem to be recognized by the postfix server.
Apr 6 20:28:17 myhost postfix/smtpd[20568]: > me.domain.com[xx.xxx.xxx.xxx]: 220 me.domain.com ESMTP Postfix (Ubuntu)
Apr 6 20:28:17 myhost postfix/smtpd[20568]: watchdog_pat: 0xb9245a18
Apr 6 20:28:17 myhost postfix/smtpd[20568]: < me.domain.com[xx.xxx.xxx.xxx]: ?y???
Apr 6 20:28:17 myhost postfix/smtpd[20568]: match_string: ?y??? ~? CONNECT
Apr 6 20:28:17 myhost postfix/smtpd[20568]: match_string: ?y??? ~? GET
Apr 6 20:28:17 myhost postfix/smtpd[20568]: match_string: ?y??? ~? POST
Apr 6 20:28:17 myhost postfix/smtpd[20568]: match_list_match: ?y???: no match
Apr 6 20:28:17 myhost postfix/smtpd[20568]: > me.domain.com[xx.xxx.xxx.xxx]: 502 5.5.2 Error: command not recognizedHave you seen this before or have any ideas on what I might be doing wrong?
-
I believe I've got this working, but I'm not sure why it works now. I made two changes. First, I configured pfSense to use port 465 and then I enabled smtpd_tls_wrappermode in master.cf on the postfix server.
smtps inet n - - - - smtpd
-o syslog_name=postfix/smtps
-o smtpd_tls_wrappermode=yes
# -o smtpd_sasl_auth_enable=yes
# -o smtpd_client_restrictions=permit_sasl_authenticated,reject
# -o milter_macro_daemon_name=ORIGINATINGAny idea on why that would fix the issue?
-
http://forum.pfsense.org/index.php/topic,60510.0.html
pfSense appears to always insists on "wrapper mode"
http://forum.pfsense.org/index.php/topic,60517.0.htmlShould be able to use the port of your choosing so long as it is configured for "wrapper mode".