Cannot send mails using office365 smtp server



  • I've just switched my email account to office 365 (Exchange server) but the smtp server "smtp.office365.com" does not seam to work in pfSense. I've tried different configurations which lead do different error messages:

    port 25 tls disabled:
    php: /system_advanced_notifications.php: Could not send the message to pfSense@somedomain.com – Error: 504 5.7.4 Unrecognized authentication type

    port 587 tls enabled:
    php: /system_advanced_notifications.php: Could not send the message to pfSense@somedomain.com -- Error: could not connect to the host "smtp.office365.com": ??

    I've also tried if the following patch resolves the problem, but there is no difference:
    http://github.com/pfsense/pfsense/commit/1cddd59c4ed2341f87cf58d9b67d45c82ffd99d0.patch

    Ist this a bug in pfSense or am I doing something wrong? (The second configuration work on my Qnap nas)



  • Hi,

    Having exactly the same issue here! Very odd, I confirmed name lookup (DNS, with drill) and ping … both work. Any luck with this one?

    Thanks!



  • Depending on your ISP port 25 outbound may be, probably is, blocked.

    Try using port 587 without encryption.
    Also try using port 465 with encryption.

    Have you tried with STARTTLS enabled?  Might try that too.

    Oh and also the password must be re-entered every time a change is made.  The field is not populated with the password that is stored in the configuration.



  • From my little bit of testing here it seems that the "Enable SMTP over SSL/TLS" setting only works with port 465 (SMTPS), and does not work if port 587 is specified.

    My mail server has the same SSL/TLS configuration for both port 465 and 587.  But pfSense notification only works with SSL/TLS enabled if port 465 is specified.  And not with port 587.

    This will probably limit your ability to use SSL/TLS with smtp.office365.com unless it listens on port 465.
    Try port 587 with and without STARTTLS enabled.



  • Hi,

    Port 587 is the specified port (and I confirmed, port 465 is not available / open). Interesting point about the password - thanks!

    I tried different settings (all port 587), here is what I get …

    1. Enable SMTP over SSL/TLS -> Error: could not connect to the host "smtp.office365.com": ?? (and fails very quickly)
    2. Enable STARTTLS -> Error: 504 5.7.4 Unrecognized authentication type (takes longer to fail)

    So the connection seems to be happening, but different failure modes? Thoughts?

    Thanks!



  • What do you get using port 587 with no encryption?



  • Did a little more digging and it seems that the pfSense notification system SSL/TLS setting only supports wrapper mode, with no way to disable it other than using Start TLS.

    So if the server, smtp.office365.com, in this case doesn't support ether wrapper mode or Start TLS, then there is no way to use it with encryption.



  • Hi,

    It's supposed to support Start TLS - at least from the digging I can do. So I admit, still a bit confused why it won't connect … :(.

    I have had issues in the past though (with other email servers, like Verizon), needing to use stunnel. Have you seen this before as well? I tried to install Stunnel, but get the error message "ERROR: No digital signature!". Is this something that needs to be updated / added in v2.2?

    Thanks!



  • From your earlier post it looks like the connection is successful with STARTTLS enabled.  But the authentication is failing.

    "2) Enable STARTTLS -> Error: 504 5.7.4 Unrecognized authentication type (takes longer to fail)"

    Google that error code and message string and you'll find lots of information that may point you in the right direction.



  • Hi,

    Yep, looked that error message up, and contacted (Microsoft) Exchange Online support. The one open question they have, that I can't seem to find … is pfSense using TLS v1.1 for the email send? They think that's the problem, but I can't confirm the version.

    Does anyone happen to know?

    Thanks!



  • The problem is not exactly with Office 365 Mail servers - rather with Exchange (and potentially other mailservers as well):

    While researching the issue that pfSense won't send using our Exchange 2010 Server I found the underlying cause for it.

    pfSense (our version is 2.1.5-RELEASE, but I guess other versions are also affected) seems to support several Authentication mechanisms for SMTP (at least that's what I gathered from the various files), but it ALWAYS uses "PLAIN".
    If the E-Mail-Server does not support "PLAIN", E-Mail-Notifications will fail - typically with "Authentication mechanism not supported".
    Now - guess what … Exchange does support plaintext-logins when configured correctly, but only using the method "LOGIN" ...

    The culprit is in File /etc/inc/notices.inc , Line 324:
        // Use SMTP Auth if fields are filled out
        if($config['notifications']['smtp']['username'] &&
          $config['notifications']['smtp']['password']) {
            $smtp->authentication_mechanism = "PLAIN";
            $smtp->user = $config['notifications']['smtp']['username'];
            $smtp->password = $config['notifications']['smtp']['password'];

    if I change this line to
    $smtp->authentication_mechanism = "LOGIN";
    I can send e-mail-notifications via our  Exchange-Server. But I guess this will break Notifications for other mailservers.

    IMHO there are two ways to fix this behaviour (sadly both beyond my pfSense/php-Knowledge):

    1. get the list of supported auth-mechanisms from the server (after doing TLS if necessary - some servers offer plaintext-login only after a secue session was established) and "match" with local supported mechanisms (perhaps the smtp-class allows this already)?
    2. allow the admin to select the auth-mechanism from a list of mechanisms supported by pfsense


  • Hi,

    Very cool finding - awesome! I'll give it a try (manual change), but also … why not start with 2), try 1) later? At least 2) would get things up and running.

    Thanks!



  • I had the same problem Authenticating but with Symantec Messaging Gateway (SMG). Changing PLAIN with LOGIN solve it. Thanks!

    @VoosW:

    The problem is not exactly with Office 365 Mail servers - rather with Exchange (and potentially other mailservers as well):

    While researching the issue that pfSense won't send using our Exchange 2010 Server I found the underlying cause for it.

    pfSense (our version is 2.1.5-RELEASE, but I guess other versions are also affected) seems to support several Authentication mechanisms for SMTP (at least that's what I gathered from the various files), but it ALWAYS uses "PLAIN".
    If the E-Mail-Server does not support "PLAIN", E-Mail-Notifications will fail - typically with "Authentication mechanism not supported".
    Now - guess what … Exchange does support plaintext-logins when configured correctly, but only using the method "LOGIN" ...

    The culprit is in File /etc/inc/notices.inc , Line 324:
        // Use SMTP Auth if fields are filled out
        if($config['notifications']['smtp']['username'] &&
          $config['notifications']['smtp']['password']) {
            $smtp->authentication_mechanism = "PLAIN";
            $smtp->user = $config['notifications']['smtp']['username'];
            $smtp->password = $config['notifications']['smtp']['password'];

    if I change this line to
    $smtp->authentication_mechanism = "LOGIN";
    I can send e-mail-notifications via our  Exchange-Server. But I guess this will break Notifications for other mailservers.

    IMHO there are two ways to fix this behaviour (sadly both beyond my pfSense/php-Knowledge):

    1. get the list of supported auth-mechanisms from the server (after doing TLS if necessary - some servers offer plaintext-login only after a secue session was established) and "match" with local supported mechanisms (perhaps the smtp-class allows this already)?
    2. allow the admin to select the auth-mechanism from a list of mechanisms supported by pfsense


  • Hi,

    If you don't mind me asking - what are the rest of your settings (like port number, SSL/TLS or STARTTLS, etc.)? Still struggling a bit.

    Thanks!!!



  • Got it working! Issue was STARTTLS (and save before Test).

    Thanks!



  • This also fixed my issue, many thanks.



  • for this issue I added my account via POP3 and SMTP in outlook 2016 it works fine and also I test it via power shell and It works fine too.



  • E-Mail server: smtp.office365.com
    SMTP Port of E-Mail server: 587
    Connection timeout to E-Mail server: blank
    Secure SMTP Connection: unchecked
    From e-mail address: user@example.com
    Notification E-Mail address: user@example.com
    Notification E-Mail auth username (optional): user@example.com
    Notification E-Mail auth password: userpassword
    Notification E-Mail auth mechanism: Login
    Send Test
    Save after successful test


 

© Copyright 2002 - 2018 Rubicon Communications, LLC | Privacy Policy