[SOLVED] BUG? 5.7.0 Must issue a STARTTLS command first (in reply to MAIL FROM command)

[CRCinAU]

I've just set up the SMTP notifications on PVE - and the test email works fine.

When the system itself starts to send notifcations via the SMTP path, the mail server replies with:

<email@host.com: host mail.server[<mail server ip>] said: 530
    5.7.0 Must issue a STARTTLS command first (in reply to MAIL FROM command)
Diagnostic-Code: smtp; 530 5.7.0 Must issue a STARTTLS command first

Given that the test email works fine, it seems that when in actual use, it doesn't issue a STARTTLS - even though that is selected in the SMTP server options on PVE.

It also looks like the "Authentication" checkbox keeps getting checked - even if no username / password is required.

 

[Lukas Wagner]

Hi CRCinAU,

could you share your /etc/pve/notifications.cfg?

Thanks!

 

[CRCinAU]

Hi CRCinAU,

could you share your /etc/pve/notifications.cfg?

Thanks!

matcher: default-matcher
        comment Route all notifications to mail-to-root
 mode all
 target <mailserver with . changed to _>

sendmail: mail-to-root
 comment Send mails to root@pam's email address
 disable true
 mailto-user root@pam

smtp: <mailserver with . changed to _>
 from-address root@<pve fqdn>
 mailto-user root@pam
 mode starttls
 port 26
server <mailserver>

 

[Lukas Wagner]

Given that the test email works fine, it seems that when in actual use, it doesn't issue a STARTTLS - even though that is selected in the SMTP server options on PVE.

The configuration looks fine to me. Also, the code path of any test emails and actual notifications is the same, so the problem should be somewhere else.

When the system itself starts to send notifcations via the SMTP path, the mail server replies with:

<email@host.com: host mail.server[<mail server ip>] said: 530 5.7.0 Must issue a STARTTLS command first (in reply to MAIL FROM command) Diagnostic-Code: smtp; 530 5.7.0 Must issue a STARTTLS command first

Where do you get this message from? Is this logged in the system logs, and if yes, by which process?

I assume we are talking about backup notifications - have you set the backup job's notification mode to 'notification system'? If it is set to 'auto' or 'legacy-sendmail', then you might be using postfix by accident to send actual notification mails, which would explain why the test emails work while the others don't.

 

[Lukas Wagner]

It also looks like the "Authentication" checkbox keeps getting checked - even if no username / password is required.

I can't really reproduce this. What is your pveversion -v ?

 

[CRCinAU]

Ahhhh - gotcha! I did have the Notification mode set to 'Auto'.

I changed this to "Notification system" and I'll see what happens after the backups overnight.

The message I got was from the mail subsystem - so probably via the local postfix service.

As for the checkbox, it shows as:


Install 8.4.1 on both nodes:

pveversion -v
proxmox-ve: 8.4.0 (running kernel: 6.14.5-1-bpo12-pve)
pve-manager: 8.4.1 (running version: 8.4.1/2a5fa54a8503f96d)
proxmox-kernel-helper: 8.1.1
proxmox-kernel-6.14.5-1-bpo12-pve-signed: 6.14.5-1~bpo12+1
proxmox-kernel-6.14: 6.14.5-1~bpo12+1
proxmox-kernel-6.8.12-11-pve-signed: 6.8.12-11
proxmox-kernel-6.8: 6.8.12-11
ceph-fuse: 17.2.7-pve3
corosync: 3.1.9-pve1
criu: 3.17.1-2+deb12u1
glusterfs-client: 10.3-5
ifupdown2: 3.2.0-1+pmx11
ksm-control-daemon: 1.5-1
libjs-extjs: 7.0.0-5
libknet1: 1.30-pve2
libproxmox-acme-perl: 1.6.0
libproxmox-backup-qemu0: 1.5.1
libproxmox-rs-perl: 0.3.5
libpve-access-control: 8.2.2
libpve-apiclient-perl: 3.3.2
libpve-cluster-api-perl: 8.1.0
libpve-cluster-perl: 8.1.0
libpve-common-perl: 8.3.1
libpve-guest-common-perl: 5.2.2
libpve-http-server-perl: 5.2.2
libpve-network-perl: 0.11.2
libpve-rs-perl: 0.9.4
libpve-storage-perl: 8.3.6
libspice-server1: 0.15.1-1
lvm2: 2.03.16-2
lxc-pve: 6.0.0-1
lxcfs: 6.0.0-pve2
novnc-pve: 1.6.0-2
proxmox-backup-client: 3.4.1-1
proxmox-backup-file-restore: 3.4.1-1
proxmox-firewall: 0.7.1
proxmox-kernel-helper: 8.1.1
proxmox-mail-forward: 0.3.2
proxmox-mini-journalreader: 1.4.0
proxmox-offline-mirror-helper: 0.6.7
proxmox-widget-toolkit: 4.3.11
pve-cluster: 8.1.0
pve-container: 5.2.6
pve-docs: 8.4.0
pve-edk2-firmware: 4.2025.02-3
pve-esxi-import-tools: 0.7.4
pve-firewall: 5.1.1
pve-firmware: 3.15-4
pve-ha-manager: 4.0.7
pve-i18n: 3.4.4
pve-qemu-kvm: 9.2.0-5
pve-xtermjs: 5.5.0-2
qemu-server: 8.3.12
smartmontools: 7.3-pve1
spiceterm: 3.3.0
swtpm: 0.8.0+pve1
vncterm: 1.8.0
zfsutils-linux: 2.2.7-pve2

 

[Lukas Wagner]

The message I got was from the mail subsystem - so probably via the local postfix service.

As for the checkbox, it shows as:

Oh, finally managed to reproduce it, seems to only affect browsers based on Chromium. Seems to be a race-condition somewhere in the frontend JavaScript code.

Thanks for the report! Seems like this was reported before, but I failed to reproduce it back then [1].

[1] https://bugzilla.proxmox.com/show_bug.cgi?id=5588

 

[CRCinAU]

Ahhh, good catch - I had no idea what I was looking at... Javascript isn't my strong point

 

[CRCinAU]

I changed this to "Notification system" and I'll see what happens after the backups overnight.

I can confirm that this fixed the issue and the backup emails worked successfully. Thanks for letting me know about this setting.

 

[Lukas Wagner]

Great! Consider marking this thread as solved, as this might make it easier for others who have the same problem