[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [msmtp-users] Relay problems
On Thu, 28. Dec 2006, 15:16:50 +0100, Przemyslaw Gawronski wrote:
> OK, both methods worked plain and login! :)
Good!
> Since TLS is the preferred way, I've tried to use it. With
> msmtp --serverinfo --account=tanren I get:
>
> SMTP server at mail.tanren.pl (s72.superhost.pl [212.162.20.156]), port 25:
> s72.superhost.pl ESMTP Exim 4.52 #1 Thu, 28 Dec 2006 15:00:39 +0100
> Capabilities:
> SIZE 52428800:
> Maximum message size is 52428800 bytes = 50,00 MB
> PIPELINING:
> Support for command grouping for faster transmission
> STARTTLS:
> Support for TLS encryption via the STARTTLS command
> AUTH:
> Supported authentication methods:
> PLAIN LOGIN
> This server might advertise more or other capabilities when TLS is active.
Very good, this server supports TLS with "tls_starttls on".
> and with tls_starttls on I get:
>
> msmtp: TLS certificate check failed: the certificate owner does not
> match hostname mail.tanren.pl
The TLS certificate contains the name of the host that the certificate
is valid for. This name does not match mail.tanren.pl, therefore msmtp
does not trust the server.
You can work around this by setting "tls_certcheck off". Then msmtp will
accept any certificate, regardless of its contents. You still get an
encrypted connection.
It is unfortunately quite common that the hostnames do not match. For
example, mail.tanren.pl has IP address 212.162.20.156, which in turn
resolves to the name s72.superhost.pl. So maybe the certificate is
issued for *.superhost.pl or something similar.
Using TLS with "tls_certcheck off" is still better than not using TLS.
Regards,
Martin