Hello! Warren Baker <war...@decoy.co.za> wrote:
> That commit was not pushed to 2.1 (i have done this now). So it will > be available in the next release. It applies cleanly to 2.1 so you > should just be able to apply that patch to your existing install. ok, I'll do that- > Andreas that TLS option was only aimed at 465 connections where the > actual transport layer is secured. > Port 25 and Port 587 are plaintext ports until STARTTLS is sent which > upgrades the connection from plaintext to a secured one. Yes, this is my understanding of starttls. I only need it if I enforce the MTA to smtpd_enforce_tls=yes. In the LAN that's not implicitly necessary. > Prior to this commit one could only use port 465 (iirc there might > still have been a problem). Port 465 is deprecated (way back in 1998) > as well so its use should be avoided. ok. But I have another problem with the notification email of pfsense. I thougt if I set "Notification E-Mail auth username (optional)" with the password, some kind of SASl is used. If I set it, the log says: php: /system_advanced_notifications.php: Could not send the message to i...@anup.de -- Error: server does not require authentication and the connection to the MTA is lost. If I don't set it, the notification-email is blocked, because the pfsense is considered a dialup-IP. Oct 17 11:37:03 delta postfix/smtpd[27273]: connect from p54B30B6D.dip0.t-ipconnect.de[84.179.11.109] Oct 17 11:37:03 delta postfix/smtpd[27273]: NOQUEUE: reject: RCPT from p54B30B6D.dip0.t-ipconnect.de[84.179.11.109]: 554 5.7.1 Service unavailable; Client host [84.179.11.109] blocked using zen.spamhaus.org; http://www.spamhaus.org/query/bl?ip=84.179.11.109; from=<i...@anup.de> to=<i...@anup.de> proto=ESMTP helo=<hotspot1.anup.lan> Oct 17 11:37:04 delta postfix/smtpd[27273]: lost connection after DATA from p54B30B6D.dip0.t-ipconnect.de[84.179.11.109] Oct 17 11:37:04 delta postfix/smtpd[27273]: disconnect from p54B30B6D.dip0.t-ipconnect.de[84.179.11.109] I thougt, this SMTP authentication is used to tell the MTA I'm allowed to send and the check of zen.spamhaus.org comes after that. Andreas > On Thu, Oct 17, 2013 at 12:22 AM, Andreas Meyer <anme...@anup.de> wrote: > > Hell! > > > > I tried with both, port 587 and port 25. I use > > > > 2.1-RELEASE (i386) > > built on Wed Sep 11 18:16:22 EDT 2013 > > FreeBSD 8.3-RELEASE-p11 > > > > nanobsd (4g) > > > > Andreas > > > > > > Yehuda Katz <yeh...@ymkatz.net> wrote: > > > >> As of about a month ago ( > >> https://github.com/pfsense/pfsense/commit/1cddd59c4ed2341f87cf58d9b67d45c82ffd99d0) > >> StartTLS is an independant setting and should work no matter what port you > >> are using. > >> I do not know whether that code has made it to a release (can log in to > >> check from where I am now) and I don't know how much that changed the > >> behavior from before, but it is probably worth a look. > >> > >> - Y > >> > >> > >> On Wed, Oct 16, 2013 at 5:53 PM, Andreas Meyer <anme...@anup.de> wrote: > >> > >> > Hello! > >> > > >> > Moshe Katz <mo...@ymkatz.net> wrote: > >> > > >> > > On Wed, Oct 16, 2013 at 5:41 PM, Andreas Meyer <anme...@anup.de> wrote: > >> > > > >> > > > Hello all! > >> > > > > >> > > > php: /system_advanced_notifications.php: Could not send > >> > > > the message to i...@anup.de -- Error: 530 5.7.0 Must issue a > >> > > > STARTTLS > >> > > > command first > >> > > > > >> > > > Is starttls possible with pfsense? > >> > > >> > > There is a checkbox on the "System" -> "Advanced" -> "Notifications" > >> > > page > >> > > that says "Enable SSL/TLS Authentication". Make sure that box is > >> > checked, > >> > > and it should work. > >> > > >> > Isn't that checkbox for port 465 only? > >> > php: /system_advanced_notifications.php: Could not send the message to > >> > i...@anup.de -- Error: could not connect to the host "mail.anup.de": ?? > >> > > >> > > > >> > > Moshe > >> > > >> > Andreas > >> > _______________________________________________ > >> > List mailing list > >> > List@lists.pfsense.org > >> > http://lists.pfsense.org/mailman/listinfo/list > >> > > > > > _______________________________________________ > > List mailing list > > List@lists.pfsense.org > > http://lists.pfsense.org/mailman/listinfo/list > > > _______________________________________________ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list