[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [msmtp-users] Diffie Hellman prime sent by the server is not acceptable

To: msmtp-users@lists.sourceforge.net
Subject: Re: [msmtp-users] Diffie Hellman prime sent by the server is not acceptable
From: Martin Lambers <marlam@...23...>
Date: Fri, 9 Nov 2007 06:57:33 +0100
In-reply-to: <20071108235126.GC12099@...130...>
List-archive: <http://sourceforge.net/mailarchive/forum.php?forum_name=msmtp-users>
List-help: <mailto:msmtp-users-request@lists.sourceforge.net?subject=help>
List-id: "General discussion, questions & answers" <msmtp-users.lists.sourceforge.net>
List-post: <mailto:msmtp-users@lists.sourceforge.net>
List-subscribe: <https://lists.sourceforge.net/lists/listinfo/msmtp-users>, <mailto:msmtp-users-request@lists.sourceforge.net?subject=subscribe>
List-unsubscribe: <https://lists.sourceforge.net/lists/listinfo/msmtp-users>, <mailto:msmtp-users-request@lists.sourceforge.net?subject=unsubscribe>
Mail-followup-to: msmtp-users@lists.sourceforge.net
Openpgp: id=15BC348B; url=http://www.marlam.de/key.txt
References: <20071108174442.GB1406@...130...> <20071108181028.GA4698@...61...> <20071108235126.GC12099@...130...>
User-agent: Mutt/1.5.13 (2006-08-11)

On Thu, 08. Nov 2007, 17:51:26 -0600, Ryan C. Underwood wrote:
> > No, msmtp implements the sendmail commandline interface. It can only
> > signal failure by returning an error code. In the default configuration,
> > Mutt does not put msmtp in the background, so you get an immediate
> > failure notice.
> 
> I see, I'll have to wrap it with a script that checks the exit code
> then.  I was forced to configure it to run in the background because of
> transmission of large attachments... :-(

Maybe the msmtpqueue scripts can be a starting point for this. See the
scripts subdirectory of the msmtp source.

> > - Ask the SMTP server admins to use more secure settings
> >   (recommended if the admins will listen to you)
> 
> They don't.  They insist that because the following command works on
> their end:
> 
> $ openssl s_client -connect smtp.umr.edu:25 -starttls smtp
> 
> that the mail server is not insecure and the problem is my client.

They have a point. It is unfortunate that GnuTLS and OpenSSL have
different requirements here. I do not know enough about cryptography to
decide which one is right, but if in doubt, I go with the stricter
checks.

> > Future msmtp version will most likely *not* override the GnuTLS default
> > settings.  The GnuTLS people probably have very good reasons for the
> > stricter checks.
> 
> Does this mean that a patch to msmtp is always required if the server is
> broken in this manner?

If you put it that way, it does not sound like a good idea ;)

I don't want to add a set of configuration commands that can change
every TLS session parameter requirement.

But perhaps one could add a single command 'tls_lax_security' which
enables the weaker requirements of older GnuTLS versions and/or OpenSSL.

Or a command 'tls_security' with the settings "off" (no requirements
whatsoever), "lax" (the old set of requirements), "default" (library default).

What do you think?

Martin

References:
- [msmtp-users] Diffie Hellman prime sent by the server is not acceptable
  - From: "Ryan C. Underwood" <nemesis-lists@...128...>
- Re: [msmtp-users] Diffie Hellman prime sent by the server is not acceptable
  - From: Martin Lambers <marlam@...23...>
- Re: [msmtp-users] Diffie Hellman prime sent by the server is not acceptable
  - From: "Ryan C. Underwood" <nemesis-lists@...128...>

Prev by Date: Re: [msmtp-users] Diffie Hellman prime sent by the server is not acceptable
Next by Date: [msmtp-users] Testversion msmtp-1.4.14 to fix problem with Diffie Hellman prime length
Previous by thread: Re: [msmtp-users] Diffie Hellman prime sent by the server is not acceptable
Next by thread: [msmtp-users] Testversion msmtp-1.4.14 to fix problem with Diffie Hellman prime length
Index(es):
- Date
- Thread