[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[msmtp-users] Exit status EX_OK but still mail not delivered?

Hi all,
  (sorry for the 'subscribe' to the list)

  I'm on Mac OS X (which may or may not matter), and was trying to use
Postfix for a simple problem (forwarding outgoing mail to an external
ISP to be delivered) and was recommended msmtp instead for a simpler
solution. I'm using TLS and OpenSSL certificates, and think it is set
up correctly:

/usr/local/ssl/misc/demoCA $ openssl verify -CAfile cacert.pem FOO-cert.pem
/usr/local/ssl/misc/demoCA $ FOO-cert.pem: OK

although the following happens when I do not use the -CAfile option
(formatted for readability):

/usr/local/ssl/misc/demoCA $ openssl verify FOO-cert.pem
/usr/local/ssl/misc/demoCA $ FOO-cert.pem:
             /C=US/ST=CA/O=self/CN=miniserver.miniserver.com/
             emailAddress=chad.armstrong@...20...
             error 20 at 0 depth lookup:unable to get local issuer certificate

.msmtprc file:
-----------------------------------------
# Set default values for all following accounts.
defaults
tls on
tls_certcheck off
#tls_trust_file /usr/local/ssl/misc/demoCA/cacert.pem
tls_key_file /usr/local/ssl/misc/demoCA/FOO-key.pem
tls_cert_file /usr/local/ssl/misc/demoCA/FOO-cert.pem
logfile ~/.msmtp.log

account gmail
host smtp.gmail.com
port 587
from chad.armstrong@...20...
auth on
user chad.armstrong@...20...
password *************

account default : gmail
-------------------------------------------

.msmtp.log:
-------------------------------------------
Aug 31 22:34:31 host=smtp.gmail.com tls=on auth=on
user=chad.armstrong@...20... from=chad.armstrong@...20...
recipients=chad.armstrong@...20... errormsg='TLS certificate
verification failed: unable to get local issuer certificate'
exitcode=EX_UNAVAILABLE <--------[[this happens when I uncomment the
line in the rc file]]
Aug 31 22:39:01 host=smtp.gmail.com tls=on auth=on
user=chad.armstrong@...20... from=chad.armstrong@...20...
recipients=chad.armstrong@...20... mailsize=4 exitcode=EX_OK
<---------[[this happens when I comment the line in the rc file, and
change tls_certcheck to off]]
-------------------------------------------

Because I could not figure out the OpenSSL issue, I was using the
"bypass" by setting tls_certcheck to off, and removing the trustfile
location. This generates an EX_OK from msmtp, but is it really ok
because I haven't seen the email for 12 hours now?

--debug session:
-------------------------------------------
$ touch hi
$ echo "hi" > hi
$ msmtp --debug chad.armstrong@...20... < hi
ignoring system configuration file /usr/local/etc/msmtprc: No such
file or directory
loaded user configuration file /Users/admin/.msmtprc
using account default from /Users/admin/.msmtprc
host            = smtp.gmail.com
port            = 587
timeout         = off
protocol        = smtp
domain          = miniserver.com
auth            = choose
user            = chad.armstrong@...20...
password        = *
ntlmdomain      = (not set)
tls             = on
tls_trust_file  = (not set)
tls_key_file    = /usr/local/ssl/misc/demoCA/FOO-key.pem
tls_cert_file   = /usr/local/ssl/misc/demoCA/FOO-cert.pem
tls_starttls    = on
tls_certcheck   = off
auto_from       = off
maildomain      = miniserver.com
from            = chad.armstrong@...20...
dsn_notify      = (not set)
dsn_return      = (not set)
keepbcc         = off
logfile         = /Users/admin/.msmtp.log
syslog          = (not set)
reading recipients from the command line
<-- 220 mx.gmail.com ESMTP 12sm1556269wrl
--> EHLO miniserver.com
<-- 250-mx.gmail.com at your service
<-- 250-SIZE 20971520
<-- 250-8BITMIME
<-- 250-STARTTLS
<-- 250 ENHANCEDSTATUSCODES
--> STARTTLS
<-- 220 2.0.0 Ready to start TLS
TLS certificate information:
    Owner:
        Common Name: smtp.gmail.com
        Organization: Google Inc
        Locality: Mountain View
        State or Province: California
        Country: US
    Issuer:
        Common Name: Thawte Server CA
        Organization: Thawte Consulting cc
        Organizational unit: Certification Services Division
        Locality: Cape Town
        State or Province: Western Cape
        Country: ZA
    Validity:
        Activation time: Thu Sep 16 16:35:45 2004
        Expiration time: Fri Sep 16 16:35:45 2005
    Fingerprints:
        SHA1: CE:3A:0D:3E:DA:4B:77:A3:53:C0:9E:A8:65:B7:F8:C2:09:71:43:41
        MD5:  F5:BD:C3:C8:D5:4B:03:EA:57:BB:81:72:46:6B:26:54
--> EHLO miniserver.com
<-- 250-mx.gmail.com at your service
<-- 250-SIZE 20971520
<-- 250-8BITMIME
<-- 250-AUTH LOGIN PLAIN
<-- 250 ENHANCEDSTATUSCODES
--> AUTH PLAIN AGNoYWQuYXJtc3Ryb25nQGdtYWlsLmNvbQAyN2tyYWNL
<-- 235 2.7.0 Accepted
--> MAIL FROM:<chad.armstrong@...20...>
<-- 250 2.1.0 OK
--> RCPT TO:<chad.armstrong@...20...>
<-- 250 2.1.5 OK
--> DATA
<-- 354 Go ahead
-->  hi
--> .
<-- 250 2.0.0 OK 1125600831 12sm1556269wrl
--> QUIT
-----------------------------------

But still no receipt of email after a few attempts and waiting..

Thanks all for any help!
Chad