For the sake of anyone who might come across this at some future date, I can now advise EXACTLY how I have sorted this ... with much thanks to the support people!
Firstly, I didn't actually notice that the advice two posts ago was using port 587 until this morning, so I added the following to my /etc/vmware/firewall/service.xml file by
1) changing the file's permissions using chmod to 644
<service id='9999'> <id>SMTPout-465</id> <rule id='0001'> <direction>outbound</direction> <protocol>tcp</protocol> <porttype>dst</porttype> <port>587</port> </rule> <enabled>true</enabled> <required>false</required> </service>
I left the earlier SMTPout-587 block unchanged, hence the rule id change to 0001
For the sake of anyone else, there were two issues with copying the code as posted.
1) the cut and paste included a windows CR-LF end-of-line rather than just a Posix LF
2) the second close quote as given used the 'proper' close quotes character rather than the simple " char. If you look carefully at the last code snippet in the admin's reply above, you can see this clearly if you compare the two quotes. Here it is as a code snippet again for easy reference
Notice the close quote is different to the opening quote.
To ensure that I completely eliminated the Windows/Posix line end issues, I copied and pasted the text provided into note++ which made the additional LF char really obvious and helped me identify the offending " char. It also meant a minimum risk of typos. I then cut and pasted from the note++ text into the service.xml file.
I then reran the
esxcli network firewall ruleset set --ruleset-id="SMTPout-465"--enabled=true
command changing it to reference the 465 port (for gmail access) as shown. This returned an apparent connection.
Don't forget to chmod back to 444 when done ...
I know most people who are doing this sort of stuff probably will not need any of the above pointing out, but just in case. Please don't take offense if any of this seems so obvious that you think I must be stupid :-)
Don't worry much, only the wisest entangle in apparently stupid problems. This doesn't explain why your rules were not being added, it doesn't matter what port the remote server uses, the rule must be added to the ESXi firewall.
Please, note that you have left this in in your rule:
Actually, that reminds me of the time somone was battling with a portable VC server. They had tested it the previous night and all was working. After ~ 4 hours they said they didn't understand why there was no sound. I asked them "have you checked the external volume control?", they said "which one?", I said "this one" and turned it up ... this was a guy at BT labs in Martlesham, by no means a dummy ...
I've just checked, I did catch that in the actual file, the error was only in the note++ text ... phew ... :-)
Last edited by chc-pr (2019-02-05 09:35:31)
Follow up Q
Why does this line work
/vmfs/volumes/fxcn4_HDS0/xsi-dir/xsibackup --check-smtp=my.emal@address --use-smtp=2
but when I test the connection from the menu it fails?