Recently msmtp has been failing to connect to my STARTTLS-enabled SMTP
server (perhaps since upgrading to Ubuntu 14.10). gnutls-cli has no
trouble connecting [1]. msmtp for some reason fails with "operation
timed out" during TLS handshaking [2]. Judging by the output from
Wireshark it seems that the client receives a handshake packet from the
server, ACKs it and then ACK/RSTs the connection. Unfortunately the
debug output offered by msmtp has no clues as to why this is
happened. Any ideas?
Cheers,
- Ben
[1] gnutls
$ gnutls-cli --starttls mail.smart-cactus.org -p 587
Processed 168 CA certificate(s).
Resolving 'mail.smart-cactus.org'...
Connecting to '54.187.36.80:587'...
- Simple Client Mode:
220 mail.smart-cactus.org ESMTP Postfix (Ubuntu)
EHLO localhost.localdomain
250-mail.smart-cactus.org
250-PIPELINING
250-SIZE 104857600
250-ETRN
250-STARTTLS
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
STARTTLS
220 2.0.0 Ready to start TLS
*** Starting TLS handshake
- Certificate type: X.509
- Got a certificate list of 2 certificates.
- Certificate[0] info:
- subject `C=US,CN=mail.smart-cactus.org,EMAIL=bgamari@...20...', issuer `C=IL,O=StartCom Ltd.,OU=Secure Digital Certificate Signing,CN=StartCom Class 1 Primary Intermediate Server CA', RSA key 4096 bits, signed using RSA-SHA256, activated `2014-05-28 07:59:13 UTC', expires `2015-05-29 08:35:42 UTC', SHA-1 fingerprint `0e82e89bd10a1e3fc9913fc1118ca16bf31a6dec'
Public Key ID:
f109f6c5d837dbaa907e72889f555e4aeccabd53
Public key's random art:
+--[ RSA 4096]----+
| |
| + |
| + . + o |
| . = o o + |
| S + = o|
| . = +E|
| .o.. =. |
| ..o=o+. |
| .+++ oo |
+-----------------+
- Certificate[1] info:
- subject `C=IL,O=StartCom Ltd.,OU=Secure Digital Certificate Signing,CN=StartCom Class 1 Primary Intermediate Server CA', issuer `C=IL,O=StartCom Ltd.,OU=Secure Digital Certificate Signing,CN=StartCom Certification Authority', RSA key 2048 bits, signed using RSA-SHA1, activated `2007-10-24 20:54:17 UTC', expires `2017-10-24 20:54:17 UTC', SHA-1 fingerprint `f691fc87efb3135354225a10e127e911d1c7f8cf'
- Status: The certificate is trusted.
- Successfully sent 0 certificate(s) to server.
- Description: (TLS1.2)-(ECDHE-RSA-SECP256R1)-(AES-128-GCM)
- Session ID: 6F:D9:F4:31:78:5F:05:F0:C9:F3:60:92:9F:9B:95:73:CE:57:E2:9C:94:6A:91:29:6F:01:D0:E8:CA:7D:C2:38
- Ephemeral EC Diffie-Hellman parameters
- Using curve: SECP256R1
- Curve size: 256 bits
- Version: TLS1.2
- Key Exchange: ECDHE-RSA
- Server Signature: RSA-SHA256
- Cipher: AES-128-GCM
- MAC: AEAD
- Compression: NULL
[2] msmtp
msmtp -a smart-cactus ben@...377... -v --tls-certcheck=off
ignoring system configuration file /usr/local/etc/msmtprc: No such file or directory
loaded user configuration file /home/ben/.msmtprc
using account smart-cactus from /home/ben/.msmtprc
host = mail.smart-cactus.org
port = 587
proxy host = (not set)
proxy port = 0
timeout = off
protocol = smtp
domain = localhost.localdomain
auth = choose
user = ben@...377...
password = *
passwordeval = (not set)
ntlmdomain = (not set)
tls = on
tls_starttls = on
tls_trust_file = (not set)
tls_crl_file = (not set)
tls_fingerprint = (not set)
tls_key_file = (not set)
tls_cert_file = (not set)
tls_certcheck = off
tls_min_dh_prime_bits = (not set)
tls_priorities = (not set)
auto_from = off
maildomain = (not set)
from = ben@...377...
dsn_notify = (not set)
dsn_return = (not set)
keepbcc = off
logfile = /home/ben/.msmtp.log
syslog = (not set)
aliases = (not set)
reading recipients from the command line
<-- 220 mail.smart-cactus.org ESMTP Postfix (Ubuntu)
--> EHLO localhost.localdomain
<-- 250-mail.smart-cactus.org
<-- 250-PIPELINING
<-- 250-SIZE 104857600
<-- 250-ETRN
<-- 250-STARTTLS
<-- 250-ENHANCEDSTATUSCODES
<-- 250-8BITMIME
<-- 250 DSN
--> STARTTLS
<-- 220 2.0.0 Ready to start TLS
msmtp: TLS handshake failed: the operation timed out
msmtp: could not send mail (account smart-cactus from /home/ben/.msmtprc)
Attachment:
pgpgP4bCBRqbl.pgp
Description: PGP signature