Office 365 doesn’t work with VPN – Solution for pfSense firewalls. In your pfSense firewall navigate to VPN / OpenVPN / Servers / Edit. Scroll down until you find Advanced Client Settings and make sure to fill it out like in my example. Make sure DNS Server 1 is the IP address of YOUR pfSense firewall. The second IP address can be anything. When entering the Office 365 SMTP details in the Infusion Email Defaults, you may have to configure an SMTP relay on your email server's end for it work correctly. The requirement for this will depend on your Office 365 security settings and configuration.
Bug #8535
Duplicate
Normal
-
Notifications
-
05/23/2018
2.4.3_1
Description
Problems:
1) I read on the pfSense forums that the new Pear-Mail should automatically use STARTTLS if the server offers it, but according to a Wireshark packet trace I made, my server offered it and my pfSense did not use it but sent the test email via plaintext.
2) My email server also supports using regular TLS, but when I check the box 'Enable SMTP over SSL/TLS' in pfSense, the emails fail to send at all. Censored error = 'Could not send the message to [email protected] -- Error: Failed to connect to ssl://MYDOMAIN-com.mail.protection.outlook.com:25 [SMTP: Failed to connect socket: fsockopen(): unable to connect to ssl://MYDOMAIN-com.mail.protection.outlook.com:25 (Unknown error) (code: -1, response: )]'
1) I read on the pfSense forums that the new Pear-Mail should automatically use STARTTLS if the server offers it, but according to a Wireshark packet trace I made, my server offered it and my pfSense did not use it but sent the test email via plaintext.
2) My email server also supports using regular TLS, but when I check the box 'Enable SMTP over SSL/TLS' in pfSense, the emails fail to send at all. Censored error = 'Could not send the message to [email protected] -- Error: Failed to connect to ssl://MYDOMAIN-com.mail.protection.outlook.com:25 [SMTP: Failed to connect socket: fsockopen(): unable to connect to ssl://MYDOMAIN-com.mail.protection.outlook.com:25 (Unknown error) (code: -1, response: )]'
Details:
I created a Relay Connector in my Office 365 account that authenticates all emails via my public IP, so no username or password is necessary to send an email through it. Microsoft's website (https://support.office.com/en-us/article/how-to-set-up-a-multifunction-device-or-application-to-send-email-using-office-365-69f58e99-c550-4274-ad18-c805d654b4c4) explains that the relay should work on port 25 and TLS is 'optional'. I can successfully send emails through the relay using the built-in Powershell command (Send-MailMessage -From [email protected] -Subject 'test 1' -To [email protected] -Body 'test 111' -Port 25 -SmtpServer MYDOMAIN-com.mail.protection.outlook.com) with the 'UseSSL' parameter and without. When UseSSL is included, the Wireshark trace looks encrypted, and without UseSSL included, the Wireshark trace seems to be encrypted after the first packet. But the notification test emails from pfSense can only send if the 'Enable SMTP over SSL/TLS' box is unchecked so the emails are always sent in plaintext.
I created a Relay Connector in my Office 365 account that authenticates all emails via my public IP, so no username or password is necessary to send an email through it. Microsoft's website (https://support.office.com/en-us/article/how-to-set-up-a-multifunction-device-or-application-to-send-email-using-office-365-69f58e99-c550-4274-ad18-c805d654b4c4) explains that the relay should work on port 25 and TLS is 'optional'. I can successfully send emails through the relay using the built-in Powershell command (Send-MailMessage -From [email protected] -Subject 'test 1' -To [email protected] -Body 'test 111' -Port 25 -SmtpServer MYDOMAIN-com.mail.protection.outlook.com) with the 'UseSSL' parameter and without. When UseSSL is included, the Wireshark trace looks encrypted, and without UseSSL included, the Wireshark trace seems to be encrypted after the first packet. But the notification test emails from pfSense can only send if the 'Enable SMTP over SSL/TLS' box is unchecked so the emails are always sent in plaintext.
My guess is that the Mail feature of pfSense has some configuration or compatibility issue with Office 365's TLS and STARTTLS features of its Relay Connector. I have a similar problem with sending email from Duplicati through it. Duplicati fails to send using normal TLS, but it does succeed with STARTTLS=ALWAYS.
Sorry I'm not an expert with Wireshark but I hope this was helpful. If you want me to share the Wireshark traces, I'd prefer to email them privately to the pfSense team.
History
#1 Updated by Jim Pingleover 1 year ago
Pfsense Office 365 Smtp Setup
- Status changed from New to Duplicate
Some of this appears to be a duplicate of #8313 and others may be a settings issue. If you still have problems, post on the forum for assistance.
Also available in: AtomPDF
Pfsense Office 365 Smtp Outlook
Hallo zusammen,
Lsi pci sv92pp soft modem drivers for mac computer. was sind denn für die SMTP Konfiguration der PFSense (neueste Version) für Standardeinstellungen nötig? Habe schon verschiedenste Einstellungen probiert:
E-Mail Server: smtp.office365.com
SMTP Port of E-Mail Server: 587
SMTP Port of E-Mail Server: 587
Pfsense Office 365 Smtp Settings
mit STARTTLS -> Error: 535 5.7.3 Authentication unsuccessful
ohne STARTTLS -> Error: server does not require authentication
ohne STARTTLS -> Error: server does not require authentication
Pfsense Office 365 Smtp Configuration
From e-mail address: info@…
Notification E-Mail address: it-hel..@..
Notification E-Mail auth username (optional): info@..
Notification E-Mail auth Password: Passwort für info@..
Notification E-Mail auth mechanism: LOGIN
Notification E-Mail address: it-hel..@..
Notification E-Mail auth username (optional): info@..
Notification E-Mail auth Password: Passwort für info@..
Notification E-Mail auth mechanism: LOGIN
Danke,
Gruß David
Gruß David