[SOLVED] Emails and newbie

Kobach23

New Member
Jun 9, 2022
8
0
1
Fairly new to Proxmox, trying to get emails to work for things like snapshots and drive failures and having a heck of a time with it. At this point I'm fairly certain I've been grinding my forehead against a cheese grater for a couple days trying different walkthroughs that all use gmail but having no luck. Here's the last one I followed that seems to be the most official:

https://forum.proxmox.com/threads/get-postfix-to-send-notifications-email-externally.59940/

I'm mainly Windows experienced, so I'm not sure what logs to check or how. Happy to post anything I can to get this resolved. /var/log/mail.warn and /var/log/mail.info just give me "Permission denied" from the root shell so I'm not sure how I botched that one but.. any help would be appreciated.

Main.cf is attached for reference
 

Attachments

  • maincf.txt
    1.1 KB · Views: 11

oguz

Proxmox Staff Member
Staff member
Nov 19, 2018
5,207
677
118
hi,
/var/log/mail.warn and /var/log/mail.info just give me "Permission denied" from the root shell so I'm not sure how I botched that one but..
have you tried with the cat command before the log file name? as in for example:cat /var/log/mail.info (the reason you get permission denied is because you're probably trying to execute the log file, which isn't an executable)

in your main.cf you're missing:
Code:
smtp_sasl_security_options = noanonymous

and you probably need [] around the "smtp.gmail.com" on the "relayhost" line.

also make sure your /etc/postfix/sasl_passwd file has the contents as decribed in the tutorial you've linked (with your username and password).

after changing those restart the postfix service, and try sending yourself a test email like in the tutorial:
Code:
echo "just testing" | mail -s "PVE email test" your@gmail.com

if that works you're probably good to go.
 

_gabriel

Member
Mar 30, 2021
102
12
18
37
Afaik, Gmail no longer support "Less secure Apps" since June 2022, so smtp or legacy app need an 16 chars application password generated by Gmail.
But I would like to enable mail notification too, in particular about SMART status , and I don't know where to start.
 
Last edited:

Kobach23

New Member
Jun 9, 2022
8
0
1
hi,

have you tried with the cat command before the log file name? as in for example:cat /var/log/mail.info (the reason you get permission denied is because you're probably trying to execute the log file, which isn't an executable)

in your main.cf you're missing:
Code:
smtp_sasl_security_options = noanonymous

and you probably need [] around the "smtp.gmail.com" on the "relayhost" line.

also make sure your /etc/postfix/sasl_passwd file has the contents as decribed in the tutorial you've linked (with your username and password).

after changing those restart the postfix service, and try sending yourself a test email like in the tutorial:
Code:
echo "just testing" | mail -s "PVE email test" your@gmail.com

if that works you're probably good to go.
Thanks for the reply, I've adjusted main.cf with those extra bits and double checked the sasl_passwd. Cat did indeed help, it seems like in the mail.warn I get a single message per attempt:

postfix/smtp[388886]: warning: TLS library problem: error:1408F10B:SSL routines:ssl3_get_record:wrong version number:../ssl/record/ssl3_record.c:331:


I'll look into the application password side of things and see if I can switch to that for testing.


Edit: App password does not seem to help. I think it did make the above error post to mail.warn five times though.
 
Last edited:

oguz

Proxmox Staff Member
Staff member
Nov 19, 2018
5,207
677
118
in the mail.warn I get a single message per attempt:

postfix/smtp[388886]: warning: TLS library problem: error:1408F10B:SSL routines:ssl3_get_record:wrong version number:../ssl/record/ssl3_record.c:331:
is that the only error message? maybe you can check cat /var/log/mail.log
 

Kobach23

New Member
Jun 9, 2022
8
0
1
cat /var/log/mail.log shows below on testing

postfix/smtp[394678]: warning: database /etc/postfix/sasl_passwd.db is older than source file /etc/postfix/sasl_passwd
postfix/smtp[394678]: SSL_connect error to smtp.gmail.com[142.251.6.109]:587: -1
postfix/smtp[394678]: warning: TLS library problem: error:1408F10B:SSL routines:ssl3_get_record:wrong version number:../ssl/record/ssl3_record.c:331:
postfix/smtp[394678]: 52D36C0E13: to=<myemail@gmail.com>, relay=smtp.gmail.com[142.251.6.109]:587, delay=0.19, delays=0.11/0.01/0.07/0, dsn=4.7.5, status=deferred (Cannot start TLS: handshake failure)

This is definitely more information than I've been able to find but I'm not sure where the error lies still..
 

oguz

Proxmox Staff Member
Staff member
Nov 19, 2018
5,207
677
118
warning: database /etc/postfix/sasl_passwd.db is older than source file /etc/postfix/sasl_passwd
doing postmap hash:/etc/postfix/sasl_passwd should get rid of that error.

the rest of your error messages are related to TLS negotiation. maybe you could try with smtp_tls_security_level = verify or smtp_tls_security_level = may and comment smtp_tls_wrappermode = yes and see if that makes a difference (watch mail.log again after reloading/restarting postfix service)
 

Kobach23

New Member
Jun 9, 2022
8
0
1
doing postmap hash:/etc/postfix/sasl_passwd should get rid of that error.

the rest of your error messages are related to TLS negotiation. maybe you could try with smtp_tls_security_level = verify or smtp_tls_security_level = may and comment smtp_tls_wrappermode = yes and see if that makes a difference (watch mail.log again after reloading/restarting postfix service)
Retried with these options and attached logs from test attempts. Restarted postfix in-between tests. This seems to be boiling down to a certificate somewhere that isn't trusted but those details (how to fix, why, etc) are still unclear on my end.
 

Attachments

  • verify vs may.txt
    2.7 KB · Views: 5

Kobach23

New Member
Jun 9, 2022
8
0
1
I think I've got it working with security level 'may' and wrapped mode commented out. Part of the solution may have been the app password from Gmail as well (needed 2FA turned on for that). Not sure why exactly it started working or why no other config would but it's functional now at least.

Follow up question, do I need to do this same config on all nodes separately? I suspect the answer is no but if the mail-configured node is down then email notifications won't work. If anyone can confirm if this is accurate that'd be great.
 

Stoiko Ivanov

Proxmox Staff Member
Staff member
May 2, 2018
6,995
1,086
164
Follow up question, do I need to do this same config on all nodes separately?
yes - the postfix config (and actually almost everything not in /etc/pve) is not synchronized across a cluster

f the mail-configured node is down then email notifications won't work.
the notifications are send from the node where they happen - thus configure it on all nodes
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get your own in 60 seconds.

Buy now!