[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [msmtp-users] Exit status EX_OK but still mail not delivered?



Hi Martin,
  Thank you very much for your comprehensive reply. I obtained the
Thawte certificate, altered my rc file, and did another debug session
with altered email content:

host            = smtp.gmail.com
port            = 587
timeout         = off
protocol        = smtp
domain          = localhost
auth            = choose
user            = chad.armstrong@...20...
password        = *
ntlmdomain      = (not set)
tls             = on
tls_trust_file  = /usr/local/ssl/certs/ca-certificates.crt
tls_key_file    = (not set)
tls_cert_file   = (not set)
tls_starttls    = on
tls_certcheck   = on
auto_from       = off
maildomain      = (not set)
from            = chad.armstrong@...20...
dsn_notify      = (not set)
dsn_return      = (not set)
keepbcc         = off
logfile         = (not set)
syslog          = (not set)
reading recipients from the command line
<-- 220 mx.gmail.com ESMTP r9sm350929nza
--> EHLO localhost
<-- 250-mx.gmail.com at your service
<-- 250-SIZE 20971520
<-- 250-8BITMIME
<-- 250-STARTTLS
<-- 250 ENHANCEDSTATUSCODES
--> STARTTLS
<-- 220 2.0.0 Ready to start TLS
TLS certificate information:
    Owner:
        Common Name: smtp.gmail.com
        Organization: Google Inc
        Locality: Mountain View
        State or Province: California
        Country: US
    Issuer:
        Common Name: Thawte Server CA
        Organization: Thawte Consulting cc
        Organizational unit: Certification Services Division
        Locality: Cape Town
        State or Province: Western Cape
        Country: ZA
    Validity:
        Activation time: Thu Sep 16 16:35:45 2004
        Expiration time: Fri Sep 16 16:35:45 2005
    Fingerprints:
        SHA1: CE:3A:0D:3E:DA:4B:77:A3:53:C0:9E:A8:65:B7:F8:C2:09:71:43:41
        MD5:  F5:BD:C3:C8:D5:4B:03:EA:57:BB:81:72:46:6B:26:54
--> EHLO localhost
<-- 250-mx.gmail.com at your service
<-- 250-SIZE 20971520
<-- 250-8BITMIME
<-- 250-AUTH LOGIN PLAIN
<-- 250 ENHANCEDSTATUSCODES
--> AUTH PLAIN **
<-- 235 2.7.0 Accepted
--> MAIL FROM:<chad.armstrong@...20...>
<-- 250 2.1.0 OK
--> RCPT TO:<chad.armstrong@...20...>
<-- 250 2.1.5 OK
--> DATA
<-- 354 Go ahead
--> Subject: Test
-->
--> hi
--> .
<-- 250 2.0.0 OK 1125683721 r9sm350929nza
--> QUIT

Still no email received. I did a lot of postfix testing before this
and wonder if my IP address is blacklisted, if I misconfigured TLS or
something before this, and Google's eyebrows were raised.. Would this
generate a non-250 code, or is the blacklisting entirely internal to
them?

thanks again!
Chad

On 9/2/05, Martin Lambers <marlam@...23...> wrote:
> On Thu, 01. Sep 2005, 11:57:12 -0700, Chad Armstrong wrote:
> > /usr/local/ssl/misc/demoCA $ openssl verify -CAfile cacert.pem FOO-cert.pem
> > /usr/local/ssl/misc/demoCA $ FOO-cert.pem: OK
> 
> > /usr/local/ssl/misc/demoCA $ openssl verify FOO-cert.pem
> > /usr/local/ssl/misc/demoCA $ FOO-cert.pem:
> >              /C=US/ST=CA/O=self/CN=miniserver.miniserver.com/
> >              emailAddress=chad.armstrong@...20...
> >              error 20 at 0 depth lookup:unable to get local issuer certificate
> 
> Did you create FOO-cert.pem and cacert.pem yourself?
> You do not need to do that if you just want a trusted TLS connection
> with smtp.gmail.com. The certificates were probably intended to be used
> as postfix certificates when postfix acts as an SMTP server, but msmtp
> is only an SMTP client.
> 
> If you just would like to verify the certificate that smtp.gmail.com
> presents to you, so that the connection is fully trusted, use the
> following:
> ---
> tls on
> tls_trust_file cacert.pem
> ---
> Here cacert.pem is expected to contain the certificate of the issuer of
> the smtp.gmail.com certificate. You must trust this issuer, or else you
> cannot trust the smtp.gmail.com certificate.
> http://msmtp.sourceforge.net/tips.html describes how to get the issuer
> certificate for smtp.gmail.com if you don't have it yet (since the
> issuer is well known, this certificate is bundled with packages like
> Mozilla, and it is probably already included somwhere in a MacOSX
> installation).
> 
> The two commands tls_key_file and tls_cert_file are completely unrelated
> to the commands above: They are only used if you want to send a
> certificate of yourself to the server. This is still very uncommon; most
> servers do not request or accept client certificates.
> 
> The following gmail settings work for me:
> 
> --- .msmtprc
> defaults
> auth on
> tls on
> # This file comes with Debian and contains the certificates of many
> # well known issuers. Maybe something similar is in MacOSX:
> tls_trust_file /etc/ssl/certs/ca-certificates.crt
> 
> account gmail
> host smtp.gmail.com
> port 587
> from mlambers@...20...
> user mlambers@...20...
> password *
> ---
> 
> > $ touch hi
> > $ echo "hi" > hi
> > $ msmtp --debug chad.armstrong@...20... < hi
> > [...]
> > --> DATA
> > <-- 354 Go ahead
> > -->  hi
> > --> .
> > <-- 250 2.0.0 OK 1125600831 12sm1556269wrl
> 
> This answer from mx.gmail.com (response code 250) means that it has
> taken responsibility to send your mail (this is defined in the RFCs), so
> msmtp rightfully exits with EX_OK. Perhaps there are temporary
> performance problems at Gmail?
> Another problem might be that "hi" is not a valid mail. A valid mail must
> have valid header lines, a blank line separating header and body and a
> (possibly empty) body. Thus, "hi" is interpreted as a header line, but
> it is invalid since it misses a colon.
> This problem can be observed with GMX SMTP servers at least. You might
> want to try the following:
> $ echo -e "Subject: Test\n\nhi" > hi
> $ cat hi
> Subject: Test
> 
> hi
> $ msmtp chad.armstrong@...20... < hi
> 
> Regards,
> Martin
> 
> 
> -------------------------------------------------------
> SF.Net email is Sponsored by the Better Software Conference & EXPO
> September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices
> Agile & Plan-Driven Development * Managing Projects & Teams * Testing & QA
> Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf
> _______________________________________________
> msmtp-users mailing list
> msmtp-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/msmtp-users
>