Re: [msmtp-users] msmtp + tls (trust,key,cert) files + Gmail

[Martin Lambers <marlam@...23...>]

Hello!

On Sun, 10. May 2009, 21:06:24 +0000, Joseph LP wrote:
> I have successfully created a config to allow smtp connections over ssl to gmail
> with:
> 
>  $cat .msmtprc
> 
>  host smtp.gmail.com
>  port 587
>  protocol smtp
>  auth on
>  from ootput@...20...
>  user ootput@...20...
>  tls on
>  tls_starttls on
>  tls_trust_file /usr/share/ca-certificates/mozilla/Thawte_Premium_Server_CA.crt
> 
> Now, I've noticed that the password from my .netrc is sent in plain text across
> the internet to the smtp server;

This should not happen since tls is active. How did you test this?

> ideally, I would like to be able to send a
> client certificate in it's place.

Does gmail.com support this at all?

> I've read the manpage for msmtp, but I'm still unsure as to which file goes
> where. I've tried variations of files for tls_key_file and tls_cert_file to no
> avail.
> 
>  $ openssl req -nodes -newkey rsa:2048 -keyout nick.key -x509 -days 365 -out
> nick.cer
> 
> Int this case, I've tried specifying tls_cert_file = nick.cer, and tls_key_file
> = nick.key, but again, unable to verify keys.

You cannot just create your own certificate. The service provider needs
to create one for you, or at least sign it.

Martin