Project

General

Profile

Bug #3180

SMTP notifications not work with 587 port and SSL/TLS

Added by Aitor Fraile over 7 years ago. Updated over 7 years ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Category:
Notifications
Target version:
-
Start date:
09/03/2013
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
Release Notes:
Default
Affected Version:
2.0.x
Affected Architecture:
i386

Description

SMTP notifications (System>Advanced>Notifications) not work with 587 port and SSL/TLS authentication checked. The system log shows the following:

php: /system_advanced_notifications.php: Could not send the message to myuser@mydomain.com -- Error: could not connect to the host "smtp.mydomain.com": ??

My pfsense version: 2.0.3-RELEASE
Thanks.

Associated revisions

Revision 1cddd59c (diff)
Added by Warren Baker over 7 years ago

Split SSL/TLS into separate checkboxes so that plaintext connections can be made secured by using STARTTLS. Support for SMTPS connections should probably be done away with in future. Fixes #3180

Revision dd33fd4e (diff)
Added by Warren Baker over 7 years ago

Split SSL/TLS into separate checkboxes so that plaintext connections can be made secured by using STARTTLS. Support for SMTPS connections should probably be done away with in future. Fixes #3180

History

#1 Updated by Aitor Fraile over 7 years ago

Same error in system log with 2.1-RELEASE version.

#2 Updated by Warren Baker over 7 years ago

That would be because your port 587 is not accepting secure connections. In a typical port 587 setup the connection is first established (unsecured) and then a STARTTLS command is sent. As it stands the existing library does not cater for that and tries to establish a secure connection to port 587, which would normally fail. Using port 465 would work as thats expecting a secure connection.

Ideally I guess, specifying port 465 should turn on a secure connection automatically. Any other port specified would be left as unsecure and if TLS is checked, then a STARTTLS would be issued after the connection has been established.

#3 Updated by Aitor Fraile over 7 years ago

Hi Warren,

Thanks for the reply. The problem is that my email provider's SMTP server only accept 587 with TLS encryption1.
On the other hand, it seems that 465 port is deprecated for SMTPS2.

[1]: https://mykolab.com/clients#other
[2]: https://en.wikipedia.org/wiki/Smtps

(Sorry for my bad English)

#4 Updated by Warren Baker over 7 years ago

Aitor Fraile wrote:

On the other hand, it seems that 465 port is deprecated for SMTPS2.

Yes thats right, has been for awhile although the likes of GMail and similar still provide it due to old MUAs wanting to make use of it. Which brings up an interesting question, in pfSense a SSL connection should actually be done away with and only make use of STARTTLS.

I have a patch done, will commit it soon to HEAD.

#5 Updated by Warren Baker over 7 years ago

  • Status changed from New to Feedback
  • % Done changed from 0 to 100

#7 Updated by Warren Baker over 7 years ago

  • Status changed from Feedback to Closed

Also available in: Atom PDF