SMTP-AUTH and STARTTLS

SMTP-AUTH and STARTTLS

[Charles Collicutt]

[-- Attachment #1: Type: text/plain, Size: 1049 bytes --]

Hi,

I am currently trying to configure Gnus to authenticate to my SMTP
server so that I can use the same server regardless of where I happen to
be at the time. I am using Gnus v5.11 from the Emacs CVS (mostly because
I'm using Mac OS X and the CVS seems to be the only place to get a
decent version of Emacs for OS X.) I'm sending my mail with smtpmail.el
but I have a couple of problems.

Despite the fact that my SMTP server advertises CRAM-MD5, smtpmail
always authenticates with LOGIN. This wouldn't be so bad if it used TLS
but it refuses to do that either, so it sends my password in plaintext,
which is not good.

I have the following in my .gnus:

(setq message-send-mail-function 'smtpmail-send-it
      smtpmail-smtp-server "smtp.mydomain.net"
      smtpmail-auth-credentials
      '(("smtp.mydomain.net" 25 "myusername" "mypassword"))
      smtp-starttls-credentials
      '(("smtp.mydomain.net" 25 nil nil)))

Could anybody help me to see where I've gone wrong?

Thank you very much.

-- 
Charles Collicutt

[-- Attachment #2: Type: application/pgp-signature, Size: 185 bytes --]

Re: SMTP-AUTH and STARTTLS

[Emily Jackson]

>>>>> "Charles" == Charles Collicutt <charles.collicutt@holyblasphemy.org> writes:

    Charles> Despite the fact that my SMTP server advertises CRAM-MD5,
    Charles> smtpmail always authenticates with LOGIN. This wouldn't be
    Charles> so bad if it used TLS but it refuses to do that either, so
    Charles> it sends my password in plaintext, which is not good.

To use TLS you need to have either the starttls command-line tool
(available from <ftp://ftp.opaopa.org/pub/elisp/starttls-0.9.tar.gz>) or
gnutls (can be installed via fink [if you use fink]) installed. I have
the former installed and TLS works for me (at least it did the last time
I tried it). Here are the relevant lines from my .gnus.el (this is to
use STARTTLS on port 26):

(setq smtpmail-smtp-service 26)
(setq send-mail-function 'smtpmail-send-it)
(setq message-send-mail-function 'smtpmail-send-it)
(setq smtpmail-smtp-server "mail.messagingengine.com")
(setq smtpmail-auth-credentials
           '(("mail.messagingengine.com" 26 "username" "password")))
(setq smtpmail-starttls-credentials
           '(("mail.messagingengine.com" 26 nil nil)))

HTH,

Emily

-- 
"If it seem slow, wait for it; it will surely come, it will not delay."
Emily Jackson
E-mail address altered; reply to m5comp AT fastmail DOT fm
<http://home.hiwaay.net/~emilyj/missjackson.html>

Re: SMTP-AUTH and STARTTLS

[Charles Collicutt]

[-- Attachment #1: Type: text/plain, Size: 1103 bytes --]

"Emily Jackson" <m5comp@fastmail.fm.munged> writes:
> To use TLS you need to have either the starttls command-line tool
> (available from <ftp://ftp.opaopa.org/pub/elisp/starttls-0.9.tar.gz>) or
> gnutls (can be installed via fink [if you use fink]) installed. I have
> the former installed and TLS works for me (at least it did the last time

I have GnuTLS installed and I just installed starttls-0.9 as well for
good measure. Still no joy though.

I just tried switching to a different SMTP server and found that Gnus
did not try to authenticate at all. My normal SMTP server is the same
server that I retrieve my mail from so it has an entry in my .authinfo
file, evidently Gnus was only authenticating because of that.

smtpmail-auth-credentials and smtpmail-starttls-credentials both seem to
be completely ignored. I checked smtpmail.el and I do have a version
that claims to use those variables (as I'd expect, since they are
documented in the Info file.)

Thank you very much for your help but I still can't work out what is
going wrong. Oh well.


-- 
Charles Collicutt

[-- Attachment #2: Type: application/pgp-signature, Size: 185 bytes --]

Re: SMTP-AUTH and STARTTLS

[Simon Josefsson]

Charles Collicutt <charles.collicutt@holyblasphemy.org> writes:

> "Emily Jackson" <m5comp@fastmail.fm.munged> writes:
>> To use TLS you need to have either the starttls command-line tool
>> (available from <ftp://ftp.opaopa.org/pub/elisp/starttls-0.9.tar.gz>) or
>> gnutls (can be installed via fink [if you use fink]) installed. I have
>> the former installed and TLS works for me (at least it did the last time
>
> I have GnuTLS installed and I just installed starttls-0.9 as well for
> good measure. Still no joy though.
>
> I just tried switching to a different SMTP server and found that Gnus
> did not try to authenticate at all. My normal SMTP server is the same
> server that I retrieve my mail from so it has an entry in my .authinfo
> file, evidently Gnus was only authenticating because of that.
>
> smtpmail-auth-credentials and smtpmail-starttls-credentials both seem to
> be completely ignored. I checked smtpmail.el and I do have a version
> that claims to use those variables (as I'd expect, since they are
> documented in the Info file.)
>
> Thank you very much for your help but I still can't work out what is
> going wrong. Oh well.

Did you load the correct smtpmail.el?  I'd guess that you ended up
loading some older version of it.

Try

(load "~/lisp/smtpmail.el")

or something, with a specific path.

Re: SMTP-AUTH and STARTTLS

[Jamie Riden]

Simon Josefsson <jas@extundo.com> writes:

> Charles Collicutt <charles.collicutt@holyblasphemy.org> writes:
> 
> > "Emily Jackson" <m5comp@fastmail.fm.munged> writes:
> >> To use TLS you need to have either the starttls command-line tool
> >> (available from <ftp://ftp.opaopa.org/pub/elisp/starttls-0.9.tar.gz>) or
> >> gnutls (can be installed via fink [if you use fink]) installed. I have
> >> the former installed and TLS works for me (at least it did the last time
> >
> > I have GnuTLS installed and I just installed starttls-0.9 as well for
> > good measure. Still no joy though.
> >
> > I just tried switching to a different SMTP server and found that Gnus
> > did not try to authenticate at all. My normal SMTP server is the same
> > server that I retrieve my mail from so it has an entry in my .authinfo
> > file, evidently Gnus was only authenticating because of that.
> >
> > smtpmail-auth-credentials and smtpmail-starttls-credentials both seem to
> > be completely ignored. I checked smtpmail.el and I do have a version
> > that claims to use those variables (as I'd expect, since they are
> > documented in the Info file.)
> >
> > Thank you very much for your help but I still can't work out what is
> > going wrong. Oh well.
> 
> Did you load the correct smtpmail.el?  I'd guess that you ended up
> loading some older version of it.
> 
> Try
> 
> (load "~/lisp/smtpmail.el")
> 
> or something, with a specific path.

Ok, I'm running Debian unstable, I'm pretty sure I've followed all the
directions at http://josefsson.org/emacs-smtp-starttls.html , and in
the above post, but gnus just doesn't seem to try to do STARTTLS.

*trace .. *

220 mx.gmail.com ESMTP h18sm1111047wxd^M
EHLO localhost.localdomain.gmail.com^M
250-mx.gmail.com at your service^M
250-SIZE 20971520^M
250-8BITMIME^M
250-STARTTLS^M
250 ENHANCEDSTATUSCODES^M
MAIL FROM:<jamie.riden@gmail.com> SIZE=1097^M
530 5.7.0 Must issue a STARTTLS command first h18sm1111047wxd^M
QUIT^M

.emacs:

(require 'gnus)
(setq message-send-mail-function 'smtpmail-send-it)
(setq send-mail-function 'smtpmail-send-it)
(setq smtpmail-auth-credentials '(("smtp.gmail.com" 587 "jamie.riden@gmail.com" "MYPASSWORD")))
(setq smtpmail-starttls-credentials '(("smtp.gmail.com" 587 "" "")))
(setq smtpmail-local-domain "gmail.com")
(setq smtpmail-sendto-domain "gmail.com")
(setq smtpmail-default-smtp-server "smtp.gmail.com")
(setq smtpmail-smtp-service 587
      smtpmail-debug-info t
      smtpmail-smtp-server "smtp.gmail.com")


I have exactly one smtpmail.el and that is

% find /usr -name "smtpmail*" -print
/usr/share/emacs/21.4/lisp/mail/smtpmail.el
% 

";; Modified by Simon Josefsson <simon@josefsson.org>, 2000-10-07, to support
;; STARTTLS.  Requires external program"

and I think I have the binaries I need:

% which starttls
/usr/local/bin/starttls
% which gnutls-cli
/usr/bin/gnutls-cli

I'll admit to being a bit of a cargo-cult programmer when it comes to
elisp, but I just can't seem to figure out why it's not working. Is
there any way I can find out why smtpmail.el is deciding STARTTLS is
not on the agenda?

thanks,
 Jamie

-- 
Jamie Riden / jamie.riden@gmail.com 
"I don't see what C++ has to do with keeping people from shooting themselves
in the foot.  C++ will happily load the gun, offer you a drink to steady
your nerves, and help you aim."         -- Peter da Silva

Re: SMTP-AUTH and STARTTLS

[dvd]

Jamie Riden wrote:

> Ok, I'm running Debian unstable, I'm pretty sure I've followed all the
> directions at http://josefsson.org/emacs-smtp-starttls.html , and in
> the above post, but gnus just doesn't seem to try to do STARTTLS.
>
> *trace .. *
>
> 220 mx.gmail.com ESMTP h18sm1111047wxd^M
> EHLO localhost.localdomain.gmail.com^M
> 250-mx.gmail.com at your service^M
> 250-SIZE 20971520^M
> 250-8BITMIME^M
> 250-STARTTLS^M
> 250 ENHANCEDSTATUSCODES^M
> MAIL FROM:<jamie.riden@gmail.com> SIZE=1097^M
> 530 5.7.0 Must issue a STARTTLS command first h18sm1111047wxd^M
> QUIT^M
>
> .emacs:
>
> (require 'gnus)
> (setq message-send-mail-function 'smtpmail-send-it)
> (setq send-mail-function 'smtpmail-send-it)
> (setq smtpmail-auth-credentials '(("smtp.gmail.com" 587 "jamie.riden@gmail.com" "MYPASSWORD")))
> (setq smtpmail-starttls-credentials '(("smtp.gmail.com" 587 "" "")))
> (setq smtpmail-local-domain "gmail.com")
> (setq smtpmail-sendto-domain "gmail.com")
> (setq smtpmail-default-smtp-server "smtp.gmail.com")
> (setq smtpmail-smtp-service 587
>       smtpmail-debug-info t
>       smtpmail-smtp-server "smtp.gmail.com")
>
>
> I have exactly one smtpmail.el and that is
>
> % find /usr -name "smtpmail*" -print
> /usr/share/emacs/21.4/lisp/mail/smtpmail.el
> %
>
> ";; Modified by Simon Josefsson <simon@josefsson.org>, 2000-10-07, to support
> ;; STARTTLS.  Requires external program"
>
> and I think I have the binaries I need:
>
> % which starttls
> /usr/local/bin/starttls
> % which gnutls-cli
> /usr/bin/gnutls-cli
>
> I'll admit to being a bit of a cargo-cult programmer when it comes to
> elisp, but I just can't seem to figure out why it's not working. Is
> there any way I can find out why smtpmail.el is deciding STARTTLS is
> not on the agenda?
>
> thanks,
>  Jamie

I've been having the same problem. I'm using smtpmail from CVS rather
than what's in the debian package. I don't think the version that came
with 21.4 has starttls support in it, so you might want to try the
latest. Still, I can't seem to get it to use tls even though support
seems to be there now.

-David