https://redmine.pfsense.org/https://redmine.pfsense.org/favicon.ico?16780521162015-12-05T15:54:47ZpfSense bugtrackerpfSense - Bug #5604: SSL/TLS SMTP notfications not workinghttps://redmine.pfsense.org/issues/5604?journal_id=231812015-12-05T15:54:47ZIvor Kreso
<ul><li><strong>Assignee</strong> deleted (<del><i>Jim Pingle</i></del>)</li></ul> pfSense - Bug #5604: SSL/TLS SMTP notfications not workinghttps://redmine.pfsense.org/issues/5604?journal_id=231822015-12-05T16:02:20ZChris Buechlercbuechler@gmail.com
<ul></ul><p>It has bidirectional with gmail on 465 when trying to send a notification, but fails to send anything.</p> pfSense - Bug #5604: SSL/TLS SMTP notfications not workinghttps://redmine.pfsense.org/issues/5604?journal_id=231852015-12-05T21:15:47ZJim Pingle
<ul></ul><p>Works for me on 25 with no auth.</p>
<p>SSL verification failing perhaps?</p> pfSense - Bug #5604: SSL/TLS SMTP notfications not workinghttps://redmine.pfsense.org/issues/5604?journal_id=231862015-12-06T03:48:25ZIvor Kreso
<ul></ul><p>I don't think so, settings were not changed prior the update. I got "Firmware upgrade in progress..." email on 2.2.5, but upon reboot I did not get any email.</p> pfSense - Bug #5604: SSL/TLS SMTP notfications not workinghttps://redmine.pfsense.org/issues/5604?journal_id=231872015-12-06T04:17:21ZIvor Kreso
<ul></ul><p>I've just verified the settings with another 2.2.5 box using the same settings, no issues there. It's definitely something with 2.3 that's preventing SMTP notifications.</p> pfSense - Bug #5604: SSL/TLS SMTP notfications not workinghttps://redmine.pfsense.org/issues/5604?journal_id=231892015-12-06T07:49:42ZJim Pingle
<ul></ul><p>No, not user/pass auth - just SSL certificate verification.</p>
It works for me on mail severs I can access if I use:
<ul>
<li>No auth via port 25 (from an IP I can relay through)</li>
<li>Plain auth on port 587 (no encryption)</li>
</ul>
<p>If it fails for you with either "SMTP over SSL/TLS" or "STARTTLS" checked in the GUI that would suggest a problem in the SSL certificate negotiation or verification. We've enabled a lot more of those things on 2.3, the mail library that's in use might need a nudge toward /etc/ssl/cert.pem or some other similar adjustment, and perhaps a checkbox to disable verification in the GUI.</p> pfSense - Bug #5604: SSL/TLS SMTP notfications not workinghttps://redmine.pfsense.org/issues/5604?journal_id=231952015-12-06T15:09:35ZJim Thompsonjim@netgate.com
<ul><li><strong>Assignee</strong> set to <i>Renato Botelho</i></li></ul> pfSense - Bug #5604: SSL/TLS SMTP notfications not workinghttps://redmine.pfsense.org/issues/5604?journal_id=232102015-12-07T02:38:01ZKill Bill
<ul></ul><p>Jim P wrote:</p>
<blockquote>
<p>and perhaps a checkbox to disable verification in the GUI.</p>
</blockquote>
<p>I'd say any verification should be just disabled by default. Vast majority of mailservers has either self-signed, crappy, non-matching or even expired certificates.</p> pfSense - Bug #5604: SSL/TLS SMTP notfications not workinghttps://redmine.pfsense.org/issues/5604?journal_id=236282015-12-23T22:04:51ZDoug Dimickdoug@dimick.net
<ul></ul><p>It fails using gmail's smtp server, I tried both SSL and STARTTLS. My guess is that it isn't due to a bad server cert.</p> pfSense - Bug #5604: SSL/TLS SMTP notfications not workinghttps://redmine.pfsense.org/issues/5604?journal_id=237492015-12-29T16:27:09ZChris Buechlercbuechler@gmail.com
<ul><li><strong>Subject</strong> changed from <i>SMTP notfications not working</i> to <i>SSL/TLS SMTP notfications not working</i></li><li><strong>Status</strong> changed from <i>New</i> to <i>Confirmed</i></li></ul><p>It is because of certificate validation failures. PHP 5.6 openssl enabled verification by default, it was disabled for notifications previously. Looks like gmail's cert should validate though, seems it's somehow missing ca_root_nss.</p> pfSense - Bug #5604: SSL/TLS SMTP notfications not workinghttps://redmine.pfsense.org/issues/5604?journal_id=237502015-12-29T18:04:06ZChris Buechlercbuechler@gmail.com
<ul></ul><p>still missing something after setting openssl.cafile in php.ini</p> pfSense - Bug #5604: SSL/TLS SMTP notfications not workinghttps://redmine.pfsense.org/issues/5604?journal_id=241262016-01-15T05:30:14ZRenato Botelhorenato@netgate.com
<ul><li><strong>Status</strong> changed from <i>Confirmed</i> to <i>Feedback</i></li><li><strong>% Done</strong> changed from <i>0</i> to <i>100</i></li></ul><p>Applied in changeset <a class="changeset" title="Update smtp class to latest version, fixes #5604 - SMTP class from http://www.phpclasses.org/p..." href="https://redmine.pfsense.org/projects/pfsense/repository/2/revisions/b97c7ee5f88658195fc29ce02ea0e9b8e72d4ca6">b97c7ee5f88658195fc29ce02ea0e9b8e72d4ca6</a>.</p> pfSense - Bug #5604: SSL/TLS SMTP notfications not workinghttps://redmine.pfsense.org/issues/5604?journal_id=241292016-01-15T08:41:37ZJim Pingle
<ul><li><strong>Status</strong> changed from <i>Feedback</i> to <i>Assigned</i></li></ul><p>It appears to work fine now when the SSL certificate validates. When it doesn't, however, a PHP error occurs:</p>
<pre>
Starting TLS cryptograpic protocol
Warning: stream_socket_enable_crypto(): Peer certificate CN=`www.example.com' did not match expected CN=`192.0.2.22' in /etc/inc/smtp.inc on line 1269
Call Stack:
0.0001 238824 1. {main}() /usr/local/www/system_advanced_notifications.php:0
0.2545 2086080 2. notify_via_smtp() /usr/local/www/system_advanced_notifications.php:212
0.2661 2086544 3. send_smtp_message() /etc/inc/notices.inc:333
0.2665 2117048 4. smtp_class->SendMessage() /etc/inc/notices.inc:392
0.2665 2117688 5. smtp_class->Connect() /etc/inc/smtp.inc:1845
0.4152 2130512 6. stream_socket_enable_crypto() /etc/inc/smtp.inc:1269
</pre>
<p>Cert CN/server IP changed but the rest of the error is verbatim.</p> pfSense - Bug #5604: SSL/TLS SMTP notfications not workinghttps://redmine.pfsense.org/issues/5604?journal_id=241312016-01-15T10:20:13ZRenato Botelhorenato@netgate.com
<ul><li><strong>Status</strong> changed from <i>Assigned</i> to <i>Feedback</i></li></ul><p>Applied in changeset <a class="changeset" title="Silence stream_socket_enable_crypto() warning when CN doesn't match. Fixes #5604" href="https://redmine.pfsense.org/projects/pfsense/repository/2/revisions/2cb37fa6c1a5746a55e09186c557ea298865da87">2cb37fa6c1a5746a55e09186c557ea298865da87</a>.</p> pfSense - Bug #5604: SSL/TLS SMTP notfications not workinghttps://redmine.pfsense.org/issues/5604?journal_id=242092016-01-19T13:56:52ZRenato Botelhorenato@netgate.com
<ul><li><strong>Status</strong> changed from <i>Feedback</i> to <i>Resolved</i></li></ul>