From mboxrd@z Thu Jan  1 00:00:00 1970
X-Msuck: nntp://news.gmane.io/gmane.emacs.gnus.general/66957
Path: news.gmane.org!not-for-mail
From: reader@newsguy.com
Newsgroups: gmane.emacs.gnus.general
Subject: Re: [OT]sendmail ssl authentication
Date: Fri, 16 May 2008 18:15:45 -0500
Organization: Still searching...
Message-ID: <87fxsh4z8e.fsf@newsguy.com>
References: <87bq37aba8.fsf@newsguy.com>
	<kzzlqqitj5.fsf@kafka.physik3.gwdg.de> <874p8y5dxt.fsf@newsguy.com>
	<kz8wya82ts.fsf@kafka.physik3.gwdg.de>
NNTP-Posting-Host: lo.gmane.org
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Trace: ger.gmane.org 1210979829 9276 80.91.229.12 (16 May 2008 23:17:09 GMT)
X-Complaints-To: usenet@ger.gmane.org
NNTP-Posting-Date: Fri, 16 May 2008 23:17:09 +0000 (UTC)
To: ding@gnus.org
Original-X-From: ding-owner+M15434@lists.math.uh.edu Sat May 17 01:17:45 2008
Return-path: <ding-owner+M15434@lists.math.uh.edu>
Envelope-to: ding-account@gmane.org
Original-Received: from util0.math.uh.edu ([129.7.128.18])
	by lo.gmane.org with esmtp (Exim 4.50)
	id 1Jx9BG-0000IB-HN
	for ding-account@gmane.org; Sat, 17 May 2008 01:17:42 +0200
Original-Received: from localhost ([127.0.0.1] helo=lists.math.uh.edu)
	by util0.math.uh.edu with smtp (Exim 4.63)
	(envelope-from <ding-owner+M15434@lists.math.uh.edu>)
	id 1Jx99g-0007jG-BD; Fri, 16 May 2008 18:16:04 -0500
Original-Received: from mx1.math.uh.edu ([129.7.128.32])
	by util0.math.uh.edu with esmtps (TLSv1:AES256-SHA:256)
	(Exim 4.63)
	(envelope-from <ding-account@m.gmane.org>)
	id 1Jx99e-0007j2-Vj
	for ding@lists.math.uh.edu; Fri, 16 May 2008 18:16:03 -0500
Original-Received: from quimby.gnus.org ([80.91.231.51])
	by mx1.math.uh.edu with esmtp (Exim 4.67)
	(envelope-from <ding-account@m.gmane.org>)
	id 1Jx99Z-0008So-4z
	for ding@lists.math.uh.edu; Fri, 16 May 2008 18:16:02 -0500
Original-Received: from main.gmane.org ([80.91.229.2] helo=ciao.gmane.org)
	by quimby.gnus.org with esmtp (Exim 3.35 #1 (Debian))
	id 1Jx99n-00068O-00
	for <ding@gnus.org>; Sat, 17 May 2008 01:16:11 +0200
Original-Received: from list by ciao.gmane.org with local (Exim 4.43)
	id 1Jx99Y-0008SB-GE
	for ding@gnus.org; Fri, 16 May 2008 23:15:56 +0000
Original-Received: from c-67-162-73-42.hsd1.il.comcast.net ([67.162.73.42])
        by main.gmane.org with esmtp (Gmexim 0.1 (Debian))
        id 1AlnuQ-0007hv-00
        for <ding@gnus.org>; Fri, 16 May 2008 23:15:56 +0000
Original-Received: from reader by c-67-162-73-42.hsd1.il.comcast.net with local (Gmexim 0.1 (Debian))
        id 1AlnuQ-0007hv-00
        for <ding@gnus.org>; Fri, 16 May 2008 23:15:56 +0000
X-Injected-Via-Gmane: http://gmane.org/
Original-Lines: 54
Original-X-Complaints-To: usenet@ger.gmane.org
X-Gmane-NNTP-Posting-Host: c-67-162-73-42.hsd1.il.comcast.net
User-Agent: Gnus/5.110007 (No Gnus v0.7) Emacs/22.2 (gnu/linux)
Cancel-Lock: sha1:6skqxl2Dl7jj+KT6DJFlMhPBoWk=
X-Spam-Score: -1.6 (-)
List-ID: <ding.gnus.org>
Precedence: bulk
Xref: news.gmane.org gmane.emacs.gnus.general:66957
Archived-At: <http://permalink.gmane.org/gmane.emacs.gnus.general/66957>

David <de_bb@arcor.de> writes:

> reader@newsguy.com writes:
>> And it does appear there may be some hope since I see mention of
>> STARTTLS in the output of swaks:
>>   
>> reader > swaks --auth --tls-on-connect -p 465 -s smtp.comcast.net   
>> To: reader@jtan.com
>> Username: My-uid
>> Password: My-passwd
>> === Trying smtp.comcast.net:465...
>> === Connected to smtp.comcast.net.
>> === TLS started w/ cipher DHE-RSA-AES256-SHA
>> <~  220 OMTA02.emeryville.ca.mail.comcast.net comcast ESMTP server ready
>
> The "--tls-on-connect" initiates a ssmtp connection, i.e. the TLS
> session is started right away so that everything is already encrypted
> (even the server greeting).

> When I telnet to smtp.comcast.net on the SMTP standard port (25) I also
> see a "250-STARTTLS" after the EHLO handshake, so this server should
> support STARTTLS on the standard port, and that's the correct thing to
> do for SSL encrypted authentication. You can try it with

Odd, when I do it, which is what led to my posting here, It refuses to
connect at all:
  reader > telnet smtp.comcast.net 25
Trying 76.96.30.117...
  Finally times out and server closes.
So no EHLO is possible.

I wonder if they block their own customers or something..?

However I learned it did show STARTTLS on port 587 by telnetting there
so I configured sendmail to contact port 587 and all is well.

The server I get on 587:
  OMTA14.westchester.pa.mail.comcast.net

But trying the exact name on port 25 I still cannot connect.

> If this works, configure sendmail to do authentication with STARTTLS on
> the standard port 25 and don't use port 465. If it doesn't work, you
> might indeed have to set up stunnel if sendmail doesn't support ssmtp
> directly.

See above... but there is no real configuring to do.. at least not for
clientside.. modern sendmail, if it has STARTTLS compiled in, will do
the right thing if you have the password and uid in the necessary
places.

Thanks for your input... I like swaks.  Although telnet will tell you
enough to figure it out .. swaks is nice