[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [msmtp-users] Exit status EX_OK but still mail not delivered?
Hi Martin,
Thank you very much for your comprehensive reply. I obtained the
Thawte certificate, altered my rc file, and did another debug session
with altered email content:
host = smtp.gmail.com
port = 587
timeout = off
protocol = smtp
domain = localhost
auth = choose
user = chad.armstrong@...20...
password = *
ntlmdomain = (not set)
tls = on
tls_trust_file = /usr/local/ssl/certs/ca-certificates.crt
tls_key_file = (not set)
tls_cert_file = (not set)
tls_starttls = on
tls_certcheck = on
auto_from = off
maildomain = (not set)
from = chad.armstrong@...20...
dsn_notify = (not set)
dsn_return = (not set)
keepbcc = off
logfile = (not set)
syslog = (not set)
reading recipients from the command line
<-- 220 mx.gmail.com ESMTP r9sm350929nza
--> EHLO localhost
<-- 250-mx.gmail.com at your service
<-- 250-SIZE 20971520
<-- 250-8BITMIME
<-- 250-STARTTLS
<-- 250 ENHANCEDSTATUSCODES
--> STARTTLS
<-- 220 2.0.0 Ready to start TLS
TLS certificate information:
Owner:
Common Name: smtp.gmail.com
Organization: Google Inc
Locality: Mountain View
State or Province: California
Country: US
Issuer:
Common Name: Thawte Server CA
Organization: Thawte Consulting cc
Organizational unit: Certification Services Division
Locality: Cape Town
State or Province: Western Cape
Country: ZA
Validity:
Activation time: Thu Sep 16 16:35:45 2004
Expiration time: Fri Sep 16 16:35:45 2005
Fingerprints:
SHA1: CE:3A:0D:3E:DA:4B:77:A3:53:C0:9E:A8:65:B7:F8:C2:09:71:43:41
MD5: F5:BD:C3:C8:D5:4B:03:EA:57:BB:81:72:46:6B:26:54
--> EHLO localhost
<-- 250-mx.gmail.com at your service
<-- 250-SIZE 20971520
<-- 250-8BITMIME
<-- 250-AUTH LOGIN PLAIN
<-- 250 ENHANCEDSTATUSCODES
--> AUTH PLAIN **
<-- 235 2.7.0 Accepted
--> MAIL FROM:<chad.armstrong@...20...>
<-- 250 2.1.0 OK
--> RCPT TO:<chad.armstrong@...20...>
<-- 250 2.1.5 OK
--> DATA
<-- 354 Go ahead
--> Subject: Test
-->
--> hi
--> .
<-- 250 2.0.0 OK 1125683721 r9sm350929nza
--> QUIT
Still no email received. I did a lot of postfix testing before this
and wonder if my IP address is blacklisted, if I misconfigured TLS or
something before this, and Google's eyebrows were raised.. Would this
generate a non-250 code, or is the blacklisting entirely internal to
them?
thanks again!
Chad
On 9/2/05, Martin Lambers <marlam@...23...> wrote:
> On Thu, 01. Sep 2005, 11:57:12 -0700, Chad Armstrong wrote:
> > /usr/local/ssl/misc/demoCA $ openssl verify -CAfile cacert.pem FOO-cert.pem
> > /usr/local/ssl/misc/demoCA $ FOO-cert.pem: OK
>
> > /usr/local/ssl/misc/demoCA $ openssl verify FOO-cert.pem
> > /usr/local/ssl/misc/demoCA $ FOO-cert.pem:
> > /C=US/ST=CA/O=self/CN=miniserver.miniserver.com/
> > emailAddress=chad.armstrong@...20...
> > error 20 at 0 depth lookup:unable to get local issuer certificate
>
> Did you create FOO-cert.pem and cacert.pem yourself?
> You do not need to do that if you just want a trusted TLS connection
> with smtp.gmail.com. The certificates were probably intended to be used
> as postfix certificates when postfix acts as an SMTP server, but msmtp
> is only an SMTP client.
>
> If you just would like to verify the certificate that smtp.gmail.com
> presents to you, so that the connection is fully trusted, use the
> following:
> ---
> tls on
> tls_trust_file cacert.pem
> ---
> Here cacert.pem is expected to contain the certificate of the issuer of
> the smtp.gmail.com certificate. You must trust this issuer, or else you
> cannot trust the smtp.gmail.com certificate.
> http://msmtp.sourceforge.net/tips.html describes how to get the issuer
> certificate for smtp.gmail.com if you don't have it yet (since the
> issuer is well known, this certificate is bundled with packages like
> Mozilla, and it is probably already included somwhere in a MacOSX
> installation).
>
> The two commands tls_key_file and tls_cert_file are completely unrelated
> to the commands above: They are only used if you want to send a
> certificate of yourself to the server. This is still very uncommon; most
> servers do not request or accept client certificates.
>
> The following gmail settings work for me:
>
> --- .msmtprc
> defaults
> auth on
> tls on
> # This file comes with Debian and contains the certificates of many
> # well known issuers. Maybe something similar is in MacOSX:
> tls_trust_file /etc/ssl/certs/ca-certificates.crt
>
> account gmail
> host smtp.gmail.com
> port 587
> from mlambers@...20...
> user mlambers@...20...
> password *
> ---
>
> > $ touch hi
> > $ echo "hi" > hi
> > $ msmtp --debug chad.armstrong@...20... < hi
> > [...]
> > --> DATA
> > <-- 354 Go ahead
> > --> hi
> > --> .
> > <-- 250 2.0.0 OK 1125600831 12sm1556269wrl
>
> This answer from mx.gmail.com (response code 250) means that it has
> taken responsibility to send your mail (this is defined in the RFCs), so
> msmtp rightfully exits with EX_OK. Perhaps there are temporary
> performance problems at Gmail?
> Another problem might be that "hi" is not a valid mail. A valid mail must
> have valid header lines, a blank line separating header and body and a
> (possibly empty) body. Thus, "hi" is interpreted as a header line, but
> it is invalid since it misses a colon.
> This problem can be observed with GMX SMTP servers at least. You might
> want to try the following:
> $ echo -e "Subject: Test\n\nhi" > hi
> $ cat hi
> Subject: Test
>
> hi
> $ msmtp chad.armstrong@...20... < hi
>
> Regards,
> Martin
>
>
> -------------------------------------------------------
> SF.Net email is Sponsored by the Better Software Conference & EXPO
> September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices
> Agile & Plan-Driven Development * Managing Projects & Teams * Testing & QA
> Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf
> _______________________________________________
> msmtp-users mailing list
> msmtp-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/msmtp-users
>