Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

gmail :587 +TLS again!

80 views
Skip to first unread message

no.to...@gmail.com

unread,
Mar 4, 2013, 3:25:22 PM3/4/13
to
I normally ignore "buy youself a new one, like mine" advice.
Besides, I can't believe that current gmail won't work on a 2009 OS.
So I tried to follow the stunnel route, but found: --
*** TLS not available: requires Net::SSLeay. Exiting
# locate SSLeay == ..some manS
# which SSLeay == none

So back to this route, which seemed too complex previously:---
From: Ivan Shmakov <onei...@gmail.com>
Newsgroups: comp.mail.misc,comp.internet.services.google,comp.os.linux.networking
Subject: Re: What linux clients do gmail:smtp TLS/SSL
Date: Fri, 08 Feb 2013 09:48:58 +0000
...
FWIW, I use Gnus/Emacs on my GNU/Linux system for both Usenet
and email, including sending via Google Mail's :587 (RFC 6409.)
...
===== start Ivan's good example log ===
Consider, for instance, the following example session:

$ gnutls-cli --starttls --port=submission -- smtp.gmail.com
|<1>| Note that the security level of the Diffie-Hellman key exchange has been lowered to 512 bits and this may allow decryption of the session data
Processed 152 CA certificate(s).
Resolving 'smtp.gmail.com'...
Connecting to '2a00:1450:4010:c04::6d:587'...

- Simple Client Mode:

220 mx.google.com ESMTP pz15sm16403877lab.3 - gsmtp
EHLO MX.EXAMPLE.NET <-C: EHLO crg...@gmail.com
250-mx.google.com at your service, [2XXX:XXXX:XXXX:XXXX:XXXX:XXXX:XXXX:XXXX]
250-SIZE 35882577
250-8BITMIME
250-STARTTLS
250 ENHANCEDSTATUSCODES
STARTTLS <-C
220 2.0.0 Ready to start TLS

[There, one sends EOF (C-d) for gnutls-cli(1) to start TLS.] <--* !

*** Starting TLS handshake
- Peer's certificate is trusted
- The hostname in the certificate matches 'smtp.gmail.com'.
- Session ID: 28:0B:94:74:7F:4A:5D:B7:72:DA:C6:EA:50:63:B8:6B:B9:C7:F7:02:61:60:8B:0E:81:63:45:CE:24:31:9C:30
....
===== end Ivan's good example log === My best log looks similar:-

# gnutls-cli --starttls --port 587 smtp.gmail.com
Resolving 'smtp.gmail.com'...
Connecting to '173.194.67.108:587'...

- Simple Client Mode:

220 mx.google.com ESMTP fg6sm17705779wib.10 - gsmtp
EHLO gmail.com
250-mx.google.com at your service, [41.174.10.205]
250-SIZE 35882577
250-8BITMIME
250-STARTTLS
250 ENHANCEDSTATUSCODES
STARTTLS
220 2.0.0 Ready to start TLS
*** Starting TLS handshake
- Certificate type: X.509
- Got a certificate list of 2 certificates.

- Certificate[0] info:
# The hostname in the certificate matches 'smtp.gmail.com'.
# valid since: Wed Sep 12 13:57:50 SAST 2012
# expires at: Fri Jun 7 21:43:27 SAST 2013
# fingerprint: 96:AC:76:52:9F:17:E4:1D:28:07:80:3A:8E:00:A8:41
# Subject's DN: C=US,ST=California,L=Mountain View,O=Google Inc,CN=smtp.gmail.com
# Issuer's DN: C=US,O=Google Inc,CN=Google Internet Authority

- Certificate[1] info:
# valid since: Mon Jun 8 22:43:27 SAST 2009
# expires at: Fri Jun 7 21:43:27 SAST 2013
# fingerprint: 33:A0:EA:98:0E:3D:6E:26:1D:77:2D:82:DF:66:00:7D
# Subject's DN: C=US,O=Google Inc,CN=Google Internet Authority
# Issuer's DN: C=US,O=Equifax,OU=Equifax Secure Certificate Authority

- Peer's certificate issuer is unknown
- Peer's certificate is NOT trusted
- Version: TLS1.1
- Key Exchange: RSA
- Cipher: ARCFOUR-128
- MAC: SHA1
- Compression: NULL
^C
============ > EXIT

OMG what IS this all about CertificateS ?!


J G Miller

unread,
Mar 4, 2013, 4:04:56 PM3/4/13
to
On Monday, March 4th, 2013, at 20:25:22h +0000, Chris Glurr burbled:

> So I tried to follow the stunnel route, but found: --
>
> *** TLS not available: requires Net::SSLeay. Exiting
>
> # locate SSLeay == ..some manS
> # which SSLeay == none

Do you always ignore postings which have already given you
the information that

1) SSLeay is not an executable program

2) SSLeay is a PERL module

3) Where you can download this PERL module

If you are just going to ignore replies to your questions,
then there is little point in replying to your questions.

For those who are in doubt that such a posting was made,
here it is from this very same newsgroup TWO DAYS AGO.

QUOTE

Subject: Re: HOW2 hook-in STARTTLS to SMTP:gmail ?
From: J G Miller <mil...@yoyo.ORG>
Date: Sat, 2 Mar 2013 16:10:44 +0000 (UTC)
Message-ID: <kgt8a4$16v$5...@dont-email.me>
References: <kfo1ia$pni$1...@dont-email.me> <kfo72l$ek$5...@dont-email.me>
<kfo7no$oqo$1...@dont-email.me> <kftpuc$q1j$1...@dont-email.me>
<kfttld$4ts$2...@dont-email.me> <kfvbfu$6co$1...@dont-email.me>
<kg04pi$p4g$3...@dont-email.me> <kg1sdg$61d$1...@dont-email.me>
<kg2qsn$5di$2...@dont-email.me>
<5dppzsj...@hurtta09lk.i-did-not-set--mail-host-address--so-tickle-me>
<kg8p4b$41n$1...@dont-email.me> <kgs0n9$3d7$1...@dont-email.me>
Bytes: 2513
Lines: 27
Organization: A noiseless patient Spider
Path:
news.vo.lu!newsfeed.xs4all.nl!newsfeed4.news.xs4all.nl!xs4all!feeds.phibee-telecom.net!eternal-september.org!feeder.eternal-september.org!mx05.eternal-september.org!.POSTED!not-for-mail
Newsgroups: comp.os.linux.networking,comp.mail.misc
Mime-Version: 1.0
Injection-Date: Sat, 2 Mar 2013 16:10:44 +0000 (UTC)
Injection-Info: mx05.eternal-september.org;
posting-host="ca66a1b51cf5abbb37bbcab111cfdd60"; logging-data="1247";
mail-complaints-to="ab...@eternal-september.org";
posting-account="U2FsdGVkX1/m+zzhabXldyhZGGRRy/BG92WCotHIBuU="
User-Agent: Pan/0.139 (Sexual Chocolate; GIT bf56508
git://git.gnome.org/pan2)
Cancel-Lock: sha1:aj4nIK6ZyE1xVQczCZUn6PHGTSQ=
Xref: vo.lu comp.os.linux.networking:356681 comp.mail.misc:70544
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

On Saturday, March 2nd, 2013, at 04:55:07h +0000, Chris Glurr observed:

> ./swaks -s smtp.gmail.com -p 587 -tls -ehlo gmail.com -au USER
> -ap PSWRD -t TO.ADR -f FROM.ADR
> *** TLS not available: requires Net::SSLeay. Exiting

So to "get TLS to work", you need to install the Perl Net:SSLeay
module either with the relevant Slackware package, or from the
CPAN repository.

> So it's looking like you said it WANTS NEW SOFTWARE.

In this case, additional software. swaks is written in PERL
and it uses net SSLeay module to set up TLS with openSSL --

<http://search.cpan.org/~mikem/Net-SSLeay-1.52/lib/Net/SSLeay.pod>

"Perl extension for using OpenSSL"

> But my point remains: I've had gmail [as my spare wheel] before 2009.
> How would I have used non-http then ?

The same as you are using non-http now. smtp with TLS is not http.

And as I already explained, I have no idea how gmail was setup up in
its earlier incarnations with regard to access via smtp with or without
TLS or whatever.

UNQUOTE

Avoi...@gmail.com

unread,
Mar 10, 2013, 11:18:25 AM3/10/13
to
In article <kh329o$q66$1...@dont-email.me>, J G Miller <mil...@yoyo.ORG> wrote:

> On Monday, March 4th, 2013, at 20:25:22h +0000, Chris Glurr burbled:
>
> > So I tried to follow the stunnel route, but found: --
> >
> > *** TLS not available: requires Net::SSLeay. Exiting
> >
> > # locate SSLeay == ..some manS
> > # which SSLeay == none
>
> Do you always ignore postings which have already given you
> the information that
>
> 1) SSLeay is not an executable program
>
> 2) SSLeay is a PERL module
>
> 3) Where you can download this PERL module
>
> If you are just going to ignore replies to your questions,
> then there is little point in replying to your questions.
>
IGNORE is an *ACTIVE* act.
OVERLOOK has completly different legal implications.
I can't cope, with the bombs exploding around me in this
failed-state-location

> For those who are in doubt that such a posting was made,
> here it is from this very same newsgroup TWO DAYS AGO.
>
*TWO DAYS AGO* !
Have you got the memory of a fruit-fly or are you still suckling?
No wonder you tell me slak13 is too OLD.
> QUOTE
> > So it's looking like you said it WANTS NEW SOFTWARE.
>
> In this case, additional software. swaks is written in PERL
> and it uses net SSLeay module to set up TLS with openSSL --
>
> <http://search.cpan.org/~mikem/Net-SSLeay-1.52/lib/Net/SSLeay.pod>
>
> "Perl extension for using OpenSSL"
>
> > But my point remains: I've had gmail [as my spare wheel] before 2009.
> > How would I have used non-http then ?
>
> The same as you are using non-http now. smtp with TLS is not http.
>
===> NO!! "using non-http" is my GOAL.
I know only how to mail with http. `links` is the best for me.
As per other thread `links` shows <SLL negotiating> traces while running,
which confirms that slak13 has already got the SSL facilities.
No need to buy a ding-dong.

> And as I already explained, I have no idea how gmail was setup up in
> its earlier incarnations with regard to access via smtp with or without
> TLS or whatever.
>
Well that the bigger context which won't be ignored by those capable
of noticing it.

> UNQUOTE

J G Miller

unread,
Mar 10, 2013, 2:21:13 PM3/10/13
to
On Sunday, March 10th, 2013, at 15:18:25h +0000, Chris Glurr argued:

> IGNORE is an *ACTIVE* act.
> OVERLOOK has completly different legal implications.

Neither ignoring nor overlooking legal prohibitions or
legal requirements is a valid legal defence.

Try arguing that you overlooked paying your annual tax
and that you did not ignore all those reminders that they
sent in the mail.

> I can't cope, with the bombs exploding around me in this
> failed-state-location

What bombs?

You should be thankful that you do not live in Zimbabwe.

And even more so in Afghanistan, Iraq, or Pakistan where
bombs really are exploding on a weekly or sometimes daily basis.

Incidentally, have you sent rehabilitated former bomb-approver
Nelson Mandela a "get well" card?

> Have you got the memory of a fruit-fly or are you still suckling?

It is not I who is exhibiting symptoms of memory problems.

> I know only how to mail with http.

So you either learn how to do otherwise,
or you fester with your problems.

> As per other thread `links` shows <SLL negotiating> traces while running,
> which confirms that slak13 has already got the SSL facilities.

But not Net:SSleay which is *what you asked about*.

"Chris Glurr> *** TLS not available: requires Net::SSLeay. Exiting"

> No need to buy a ding-dong.

You just saved yourself the expense of R176.40

<http://www.buildingfinishes.co.ZA/06ch2106-chime-ding-dong-kit-ac-dc-4xum2.html>
0 new messages