* SMTP over SSL
@ 2010-09-06 12:18 Jarmo Hurri
2010-09-06 12:42 ` Jarmo Hurri
` (2 more replies)
0 siblings, 3 replies; 6+ messages in thread
From: Jarmo Hurri @ 2010-09-06 12:18 UTC (permalink / raw)
To: info-gnus-english
I've played with this for quite a while, and I don't know how to fix it.
My ISP provides SMTP over SSL on the SMTP server smtp.welho.com on port
465. I know this, because running
openssl s_client -crlf -connect smtp.welho.com:465
gives me a lot of TLS/SSL info and then an SMTP prompt. No username or
password is needed to get the prompt. After I get the prompt, I can
issue SMTP commands just fine. So the SMTP connection over SSL works
perfectly.
However, I have had a lousy time trying to utilize this secure
connection with Gnus. When trying to send email with Gnus, the
connection just hangs, no SMTP prompt or output after the following
message:
Opening STARTTLS connection to smtp.welho.com:465: done.
When I change the port to the default (insecure) 25, everything works
fine. Here is my setup from .gnus.
----------------------------------------------------------------------
(require 'starttls)
(setq smtpmail-debug-info t)
(setq starttls-use-gnutls t)
(setq smtpmail-smtp-service 465)
(setq smtpmail-starttls-credentials '(("smtp.welho.com" 465 nil nil)))
(setq send-mail-function 'smtpmail-send-it)
(setq message-send-mail-function 'smtpmail-send-it)
(setq smtpmail-smtp-server "smtp.welho.com")
----------------------------------------------------------------------
Help would be much appreciated. I am running No Gnus v0.11 on Fedora 13.
--
Jarmo Hurri
Remove all garbage from header email address when replying, or just
use firstname.lastname@edu.hel.fi .
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: SMTP over SSL
2010-09-06 12:18 SMTP over SSL Jarmo Hurri
@ 2010-09-06 12:42 ` Jarmo Hurri
2010-09-06 12:42 ` Gijs Hillenius
[not found] ` <87aanuq4xz.fsf@topper.koldfront.dk>
2 siblings, 0 replies; 6+ messages in thread
From: Jarmo Hurri @ 2010-09-06 12:42 UTC (permalink / raw)
To: info-gnus-english
A bit of additional info: running the following from the command line
gives me an SMTP prompt as well:
gnutls-cli -s -p 465 smtp.welho.com
after typing end-of-file (Ctrl-D) after the prompt
- Simple Client Mode:
So gnutls-cli seems to be working as well, although I have no idea
whether it is supposed to expect the end of file before proceeding.
--
Jarmo Hurri
Remove all garbage from header email address when replying, or just
use firstname.lastname@syk.fi .
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: SMTP over SSL
2010-09-06 12:18 SMTP over SSL Jarmo Hurri
2010-09-06 12:42 ` Jarmo Hurri
@ 2010-09-06 12:42 ` Gijs Hillenius
2010-09-06 13:15 ` Jarmo Hurri
[not found] ` <87aanuq4xz.fsf@topper.koldfront.dk>
2 siblings, 1 reply; 6+ messages in thread
From: Gijs Hillenius @ 2010-09-06 12:42 UTC (permalink / raw)
To: info-gnus-english
On 6 Sep 2010, Jarmo Hurri wrote:
[...]
>
> However, I have had a lousy time trying to utilize this secure
> connection with Gnus. When trying to send email with Gnus, the
> connection just hangs, no SMTP prompt or output after the following
> message:
[...]
> Help would be much appreciated. I am running No Gnus v0.11 on Fedora 13.
I'm not an expert, but
add this to .gnus, start Gnus again and start looking in *Messages*
;; Debug Imap
(setq imap-debug "*imap-debug*")
(setq imap-log t)
or/and try debugging by using gnutls-cli-debug
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: SMTP over SSL
2010-09-06 12:42 ` Gijs Hillenius
@ 2010-09-06 13:15 ` Jarmo Hurri
0 siblings, 0 replies; 6+ messages in thread
From: Jarmo Hurri @ 2010-09-06 13:15 UTC (permalink / raw)
To: info-gnus-english
Hi Gijs!
Gijs> add this to .gnus, start Gnus again and start looking in
Gijs> *Messages*
Gijs> ;; Debug Imap
Gijs> (setq imap-debug "*imap-debug*")
Gijs> (setq imap-log t)
Gijs> or/and try debugging by using gnutls-cli-debug
Thanks for the tip, but I'm having problems with outgoing mail and
SMTP. My incoming mail with imap is nicely secure already.
--
Jarmo Hurri
Remove all garbage from header email address when replying, or just
use firstname.lastname@syk.fi .
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: SMTP over SSL
[not found] ` <87aanuq4xz.fsf@topper.koldfront.dk>
@ 2010-09-21 16:29 ` Jarmo Hurri
[not found] ` <87vd5z2gd3.fsf@topper.koldfront.dk>
0 siblings, 1 reply; 6+ messages in thread
From: Jarmo Hurri @ 2010-09-21 16:29 UTC (permalink / raw)
To: info-gnus-english
Adam> Do you want to use TLS or SSL? It looks like you are testing SSL
Adam> but you are trying to use TLS.
What I really want is encrypted outgoing mail: the method is not
relevant for me.
Adam> If you want to test TLS, something like this should do it:
Adam> $ openssl s_client -starttls smtp -connect smtp.welho.com:465
Ok. The response is
CONNECTED(00000003)
Is this good or bad?
>> When I change the port to the default (insecure) 25, everything works
>> fine.
Adam> Port 25 _with starttls_ is not insecure.
I know, but starttls does not work in port 25.
--
Jarmo Hurri
Remove all garbage from header email address when replying, or just
use firstname.lastname@syk.fi .
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: SMTP over SSL
[not found] ` <87vd5z2gd3.fsf@topper.koldfront.dk>
@ 2010-09-27 5:41 ` Jarmo Hurri
0 siblings, 0 replies; 6+ messages in thread
From: Jarmo Hurri @ 2010-09-27 5:41 UTC (permalink / raw)
To: info-gnus-english
Adam> $ openssl s_client -starttls smtp -connect smtp.welho.com:465
>> CONNECTED(00000003)
>> Is this good or bad?
Adam> If it stops there, then it's bad.
Yep, it stops there. But this works:
--------------------------------------------------------------------------
[jarmo@localhost ~]$ gnutls-cli --port 465 smtp.welho.com
...
- Version: TLS1.0
- Key Exchange: DHE-RSA
- Cipher: AES-128-CBC
- MAC: SHA1
- Compression: NULL
- Handshake was completed
- Simple Client Mode:
220 smtp6.welho.com ESMTP Postfix
--------------------------------------------------------------------------
Adam> Port 25 _with starttls_ is not insecure.
>> I know, but starttls does not work in port 25.
Adam> So "openssl s_client -starttls smtp -connect smtp.welho.com:25"
Adam> doesn't work?
Nope, as demonstrated by the following:
--------------------------------------------------------------------------
[jarmo@localhost ~]$ openssl s_client -starttls smtp -connect smtp.welho.com:25
...
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 189 bytes and written 148 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
---
--------------------------------------------------------------------------
--
Jarmo Hurri
Remove all garbage from header email address when replying, or just
use firstname.lastname@syk.fi .
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2010-09-27 5:41 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2010-09-06 12:18 SMTP over SSL Jarmo Hurri
2010-09-06 12:42 ` Jarmo Hurri
2010-09-06 12:42 ` Gijs Hillenius
2010-09-06 13:15 ` Jarmo Hurri
[not found] ` <87aanuq4xz.fsf@topper.koldfront.dk>
2010-09-21 16:29 ` Jarmo Hurri
[not found] ` <87vd5z2gd3.fsf@topper.koldfront.dk>
2010-09-27 5:41 ` Jarmo Hurri
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).