Last Updated on August 16, 2022 by Thiago Crepaldi
Having email notification on pfSense or any other service is a great thing because we can react faster to an issue that can quickly escalate due to its severity or because everybody start complaining at the same time. In this post, first you have to configure your Goggle account to allow external access and second enable pfSense to use it on your behalf.
Google account configuration
The first step is to create a new Gmail account at https://gmail.com or to add a new user to your domain at https://admin.google.com/ac/users to use it as an e-mailer account. You can certainly use an existing account, but using a dedicated email account gives you some flexibility for future tweaks, as creating filters, etc
Once you login to the (new) account, we will enable the Two Authentication Factor (2FA) feature for better security and enable your account to receive connections from external programs. Simply visit https://gmail.com, enter your credentials and then visit https://myaccount.google.com/signinoptions/two-step-verification. Your password might be asked one more time, that is OK. Turn on 2FA and select which method your prefer: Google prompts, Authenticator app, or Voice or text messages.
With 2FA in place, visit https://security.google.com/settings/security/apppasswords and create a password that will be used by pfSense to authenticate on the SMTP server. Select ‘Mail’ as the new app and ‘Other (Custom name)’ as the new device. A 16 digit password will be generated and you need to take not because it will never be shown to you again.
Visit https://accounts.google.com/DisplayUnlockCaptcha to complete the security procedure on Google’s side and prevent captcha blocking your emails from being sent by pfSense.
pfSense configuration
The steps below are tested on pfSense 2.4.5-1, but it should work in most versions the same way or with minor differences.
Go to your pfSense GUI, enter your credentials to get to the dashboard. From there, click on System >> Advanced >> Notifications and configure the text Boxes as below:
- Disable SMTP: unchecked
- E-Mail server: smtp.gmail.com
- SMTP Port of E-mail server: 465
- Secure SMTP Connection: checked
- Validate SSL/TLS: checked
- From e-mail address: new gmail account you just configured
- Notification e-mail address: email that will receive the notifications from pfSense
- Notification E-Mail auth username (optional): new gmail account you just configured
- Notification E-Mail auth password: app password generated in the previous steps
- Notification E-Mail auth mechanism: PLAIN
After entering all this information, click on Save button and then on Test SMTP settings. You should have received an email from your new account with a test message on it. Now your pfSense can notify you about important events.