Project

General

Profile

Actions

Bug #3180

closed

SMTP notifications not work with 587 port and SSL/TLS

Added by Aitor Fraile about 8 years ago. Updated almost 8 years ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Category:
Notifications
Target version:
-
Start date:
09/03/2013
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
2.0.x
Affected Architecture:
i386

Description

SMTP notifications (System>Advanced>Notifications) not work with 587 port and SSL/TLS authentication checked. The system log shows the following:

php: /system_advanced_notifications.php: Could not send the message to myuser@mydomain.com -- Error: could not connect to the host "smtp.mydomain.com": ??

My pfsense version: 2.0.3-RELEASE
Thanks.

Actions #1

Updated by Aitor Fraile about 8 years ago

Same error in system log with 2.1-RELEASE version.

Actions #2

Updated by Warren Baker about 8 years ago

That would be because your port 587 is not accepting secure connections. In a typical port 587 setup the connection is first established (unsecured) and then a STARTTLS command is sent. As it stands the existing library does not cater for that and tries to establish a secure connection to port 587, which would normally fail. Using port 465 would work as thats expecting a secure connection.

Ideally I guess, specifying port 465 should turn on a secure connection automatically. Any other port specified would be left as unsecure and if TLS is checked, then a STARTTLS would be issued after the connection has been established.

Actions #3

Updated by Aitor Fraile about 8 years ago

Hi Warren,

Thanks for the reply. The problem is that my email provider's SMTP server only accept 587 with TLS encryption1.
On the other hand, it seems that 465 port is deprecated for SMTPS2.

[1]: https://mykolab.com/clients#other
[2]: https://en.wikipedia.org/wiki/Smtps

(Sorry for my bad English)

Actions #4

Updated by Warren Baker about 8 years ago

Aitor Fraile wrote:

On the other hand, it seems that 465 port is deprecated for SMTPS2.

Yes thats right, has been for awhile although the likes of GMail and similar still provide it due to old MUAs wanting to make use of it. Which brings up an interesting question, in pfSense a SSL connection should actually be done away with and only make use of STARTTLS.

I have a patch done, will commit it soon to HEAD.

Actions #5

Updated by Warren Baker about 8 years ago

  • Status changed from New to Feedback
  • % Done changed from 0 to 100
Actions #7

Updated by Warren Baker almost 8 years ago

  • Status changed from Feedback to Closed
Actions

Also available in: Atom PDF