[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [msmtp-users] Diffie Hellman prime sent by the server is not acceptable



On Thu, 08. Nov 2007, 17:51:26 -0600, Ryan C. Underwood wrote:
> > No, msmtp implements the sendmail commandline interface. It can only
> > signal failure by returning an error code. In the default configuration,
> > Mutt does not put msmtp in the background, so you get an immediate
> > failure notice.
> 
> I see, I'll have to wrap it with a script that checks the exit code
> then.  I was forced to configure it to run in the background because of
> transmission of large attachments... :-(

Maybe the msmtpqueue scripts can be a starting point for this. See the
scripts subdirectory of the msmtp source.

> > - Ask the SMTP server admins to use more secure settings
> >   (recommended if the admins will listen to you)
> 
> They don't.  They insist that because the following command works on
> their end:
> 
> $ openssl s_client -connect smtp.umr.edu:25 -starttls smtp
> 
> that the mail server is not insecure and the problem is my client.

They have a point. It is unfortunate that GnuTLS and OpenSSL have
different requirements here. I do not know enough about cryptography to
decide which one is right, but if in doubt, I go with the stricter
checks.

> > Future msmtp version will most likely *not* override the GnuTLS default
> > settings.  The GnuTLS people probably have very good reasons for the
> > stricter checks.
> 
> Does this mean that a patch to msmtp is always required if the server is
> broken in this manner?

If you put it that way, it does not sound like a good idea ;)

I don't want to add a set of configuration commands that can change
every TLS session parameter requirement.

But perhaps one could add a single command 'tls_lax_security' which
enables the weaker requirements of older GnuTLS versions and/or OpenSSL.

Or a command 'tls_security' with the settings "off" (no requirements
whatsoever), "lax" (the old set of requirements), "default" (library default).

What do you think?

Martin