[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [msmtp-users] Relay problems

To: msmtp-users@lists.sourceforge.net
Subject: Re: [msmtp-users] Relay problems
From: Martin Lambers <marlam@...23...>
Date: Thu, 28 Dec 2006 15:38:56 +0100
In-reply-to: <20061228141650.GB1179@...90...>
List-archive: <http://sourceforge.net/mailarchive/forum.php?forum=msmtp-users>
List-help: <mailto:msmtp-users-request@lists.sourceforge.net?subject=help>
List-id: "General discussion, questions & answers" <msmtp-users.lists.sourceforge.net>
List-post: <mailto:msmtp-users@lists.sourceforge.net>
List-subscribe: <https://lists.sourceforge.net/lists/listinfo/msmtp-users>, <mailto:msmtp-users-request@lists.sourceforge.net?subject=subscribe>
List-unsubscribe: <https://lists.sourceforge.net/lists/listinfo/msmtp-users>, <mailto:msmtp-users-request@lists.sourceforge.net?subject=unsubscribe>
Mail-followup-to: msmtp-users@lists.sourceforge.net
Openpgp: id=15BC348B; url=http://www.marlam.de/key.txt
References: <20061227164921.GA19408@...90...> <20061228114331.GA5090@...61...> <20061228121739.GB30743@...90...> <20061228134406.GA5586@...61...> <20061228141650.GB1179@...90...>
User-agent: Mutt/1.5.13 (2006-08-11)

On Thu, 28. Dec 2006, 15:16:50 +0100, Przemyslaw Gawronski wrote:
> OK, both methods worked plain and login! :)

Good!

> Since TLS is the preferred way, I've tried to use it. With 
> msmtp --serverinfo --account=tanren I get:
> 
> SMTP server at mail.tanren.pl (s72.superhost.pl [212.162.20.156]), port 25:
>     s72.superhost.pl ESMTP Exim 4.52 #1 Thu, 28 Dec 2006 15:00:39 +0100
> Capabilities:
>     SIZE 52428800:
>         Maximum message size is 52428800 bytes = 50,00 MB
>     PIPELINING:
>         Support for command grouping for faster transmission
>     STARTTLS:
>         Support for TLS encryption via the STARTTLS command
>     AUTH:
>         Supported authentication methods:
>         PLAIN LOGIN
> This server might advertise more or other capabilities when TLS is active.

Very good, this server supports TLS with "tls_starttls on".

> and with tls_starttls on I get:
> 
> msmtp: TLS certificate check failed: the certificate owner does not
> match hostname mail.tanren.pl

The TLS certificate contains the name of the host that the certificate
is valid for. This name does not match mail.tanren.pl, therefore msmtp
does not trust the server.

You can work around this by setting "tls_certcheck off". Then msmtp will
accept any certificate, regardless of its contents. You still get an
encrypted connection.

It is unfortunately quite common that the hostnames do not match. For
example, mail.tanren.pl has IP address 212.162.20.156, which in turn
resolves to the name s72.superhost.pl. So maybe the certificate is
issued for *.superhost.pl or something similar.

Using TLS with "tls_certcheck off" is still better than not using TLS.

Regards,
Martin

Follow-Ups:
- Re: [msmtp-users] Relay problems
  - From: Przemyslaw Gawronski <pgg@...88...>

References:
- [msmtp-users] Relay problems
  - From: Przemyslaw Gawronski <pgg@...88...>
- Re: [msmtp-users] Relay problems
  - From: Martin Lambers <marlam@...23...>
- Re: [msmtp-users] Relay problems
  - From: Przemyslaw Gawronski <pgg@...88...>
- Re: [msmtp-users] Relay problems
  - From: Martin Lambers <marlam@...23...>
- Re: [msmtp-users] Relay problems
  - From: Przemyslaw Gawronski <pgg@...88...>

Prev by Date: Re: [msmtp-users] Relay problems
Next by Date: Re: [msmtp-users] Relay problems
Previous by thread: Re: [msmtp-users] Relay problems
Next by thread: Re: [msmtp-users] Relay problems
Index(es):
- Date
- Thread