Problems sending mail with ssl on port 465
Torben Knudsen
I am using gnus as a mail client. A while ago I was behind a proxy at
my university and I was using tls on port 587 for sending mail via a
smtp server.
Now the policy has changed, we are not behind a proxy but our
computers are recognised by some number I think. Then I am told to
use ssl on port 465. I then changed 587 to 465 in the .gnus section
below and also changed the port in my .autinfo file which look similar
to the below.
From my .gnus
;; Send mail using SMTP on the mail submission port 587.
(require 'starttls)
(require 'smtpmail)
(setq message-send-mail-function 'smtpmail-send-it
smtpmail-starttls-credentials '(("smtp.es.aau.dk" 587 nil nil))
smtpmail-auth-credentials '(("smtp.es.aau.dk" 587
"t...@es.aau.dk" nil))
smtpmail-default-smtp-server "smtp.es.aau.dk"
smtpmail-smtp-server "smtp.es.aau.dk"
smtpmail-smtp-service 587)
Content of my .autinfo file
machine imap.server login this_is_me@server password my_password port 993
machine smtp.server login this_is_me@server password my_password port 587
Using port 465 I can't send mail. I tried a lot of things.
I tried to install a certificate for the smtp server. Is that
necessary? How should this be done correctly?
Until now I haven't got gnutls-cli so I get the message: "No STARTTLS
program was available (tried 'gnutls-cli')". I then tried to install
gnutls-cli. I didn't make the sending on port 465 work rather I had
to uninstall it to make sending on port 587 work again. Should I use
gnutls-cli and how?
As I don't really understand all this help would be nice.
--
Associate Prof. Ph.D Torben Knudsen Mobile : (+45) 2787 9826
Section of Automation and Control, Direct : 6 8694
Department of Electronic Systems, Email : t...@es.aau.dk
Aalborg University
Gijs Hillenius
> Problems sending mail with ssl on port 465
>
> I am using gnus as a mail client. A while ago I was behind a proxy at
> my university and I was using tls on port 587 for sending mail via a
> smtp server.
Hi Torben,
Check the settings in the Gnus Server buffer (in Group buffer hit ^).
Do the values there correspond to the values in .gnus?
Torben Knudsen
Sorry, but I am not good at this. Could you please specify what values
you what me to check and naybee how. Is it variables.
Gijs Hillenius
[...]
>> Check the settings in the Gnus Server buffer (in Group buffer hit ^).
>> Do the values there correspond to the values in .gnus?
>
> Sorry, but I am not good at this. Could you please specify what values
> you what me to check and naybee how. Is it variables.
Ah!
in Gnus' *Group* buffer (where you have your mail folders) hit the ^ key.
that should get you into the *Server* buffer. It will look like this:
nnfolder:archive} (opened)
{nnimap:someserver} (opened)
{nntp:news.gmane.org} (opened)
{nntp:news.server.somewhere} (opened) (agent)
go to your nnimap:someserver line, and open it for editing with
'e'.
http://www.gnus.org/manual/gnus_158.html
--
Bart: You know, the great thing about Sunday school is we're finally
learning something we can use.
Jessica: Yah, so true. I have to turn my chair this way now.
-- Snubbed again, "Bart's Girlfriend"
marcomaggi
> Problems sending mail with ssl on port 465
>
> I am using gnus as a mail client. A while ago I was behind a proxy at
> my university and I was using tls on port 587 for sending mail via a
> smtp server.
>
> Now the policy has changed, we are not behind a proxy but our
> computers are recognised by some number I think. Then I am told to
> use ssl on port 465.
You do not say which system you use, I will assume GNU+Linux; take a
look at:
http://marcomaggi.github.com/docs/mbfl.html#sendmail
http://marcomaggi.github.com/docs/mbfl.html#sendmail-script-emacs
is the information helpful? On Linux you should be able to try the
examples and understand what is wrong; if you are on another system,
still there may be something useful there.
HTH
--
Marco Maggi
Torben Knudsen
> On 7 Jun 2010, Torben Knudsen wrote:
>
>
> [...]
>
>>> Check the settings in the Gnus Server buffer (in Group buffer hit ^).
>>> Do the values there correspond to the values in .gnus?
>>
>> Sorry, but I am not good at this. Could you please specify what values
>> you what me to check and naybee how. Is it variables.
>
>
> Ah!
>
> in Gnus' *Group* buffer (where you have your mail folders) hit the ^ key.
>
> that should get you into the *Server* buffer. It will look like this:
>
> nnfolder:archive} (opened)
> {nnimap:someserver} (opened)
> {nntp:news.gmane.org} (opened)
> {nntp:news.server.somewhere} (opened) (agent)
>
My *Server* buffer looks like this:
nnfolder:archive} (opened)
{nnimap:someserver} (opened)
{nntp:news.gmane.org} (opened)
{nntp:news.server.somewhere} (opened) (agent)
> go to your nnimap:someserver line, and open it for editing with
> 'e'.
When I do that I get:
gnus-server-edit-server: This server can't be edited
Do you have a next step ?
Torben Knudsen
No STARTTLS program was available (tried 'gnutls-cli')
I tried to install gnutls-cli but then I had other problems. Should I
install gnutls-cli or something else?
Also our IT help pages talk about a certificate. Should I perhaps do
something about this? And how?
For your info the university IT help staff do not support gnus.
Torben Knudsen
I use linux ubuntu emacs gnus. I tried to look at your pages. However,
I guess it takes me to much time to study.
Adam Sjøgren
> I tried to install gnutls-cli but then I had other problems. Should I
> install gnutls-cli or something else?
What problems did you have installing gnutls on Ubuntu? It should be as
easy as installing the "gnutls-bin" package:
* http://packages.ubuntu.com/gnutls-bin
An simple first test is to see if you can connect with gnutls-bin on the
command-line and get an answer from the server, i.e. go something like
(change hostname accordingly; I wrote the EHLO-line and QUIT):
$ gnutls-cli --port 465 mail.koldfront.dk
Resolving 'mail.koldfront.dk'...
Connecting to '95.166.24.143:465'...
- Ephemeral Diffie-Hellman parameters
- Using prime: 1024 bits
- Secret key: 1019 bits
- Peer's public key: 1022 bits
- Certificate type: X.509
- Got a certificate list of 2 certificates.
- Certificate[0] info:
- subject `C=DK,ST=Copenhagen,O=koldfront,OU=Mail delivery,CN=mail.koldfront.dk', issuer `O=koldfront,OU=Self signing authority,EMAIL=as...@koldfront.dk,L=Copenhagen,ST=Copenhagen,C=DK,CN=koldfront.dk', RSA key 1024 bits, signed using RSA-MD5 (broken!), activated `2008-06-06 20:37:46 UTC', expires `2018-06-04 20:37:46 UTC', SHA-1 fingerprint `3d4c8fe730d56684b04bf47ec7d0ea62b20097f9'
- Certificate[1] info:
- subject `O=koldfront,OU=Self signing authority,EMAIL=as...@koldfront.dk,L=Copenhagen,ST=Copenhagen,C=DK,CN=koldfront.dk', issuer `O=koldfront,OU=Self signing authority,EMAIL=as...@koldfront.dk,L=Copenhagen,ST=Copenhagen,C=DK,CN=koldfront.dk', RSA key 1024 bits, signed using RSA-MD5 (broken!), activated `2008-06-06 20:31:33 UTC', expires `2018-06-04 20:31:33 UTC', SHA-1 fingerprint `23f84365849978864d6e420b23131b33a7360249'
- The hostname in the certificate matches 'mail.koldfront.dk'.
- Peer's certificate issuer is unknown
- Peer's certificate is NOT trusted
- Version: TLS1.0
- Key Exchange: DHE-RSA
- Cipher: AES-128-CBC
- MAC: SHA1
- Compression: NULL
- Handshake was completed
- Simple Client Mode:
220 virgil.koldfront.dk ESMTP Postfix (Debian/GNU)
EHLO topper.koldfront.dk
250-virgil.koldfront.dk
250-PIPELINING
250-SIZE 209715200
250-ETRN
250-AUTH LOGIN PLAIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
QUIT
221 2.0.0 Bye
Best regards,
Adam
--
"My internal clock is on Tokyo time." Adam Sj�gren
as...@koldfront.dk
Gijs Hillenius
[...]
>> go to your nnimap:someserver line, and open it for editing with
>> 'e'.
>
> When I do that I get:
>
> gnus-server-edit-server: This server can't be edited
>
> Do you have a next step ?
Grasping at straws, for at this point I'd be forced to start grepping
source code to see why that server shan't be editable...
Since you seem to be missing gnutls-bin (which includes gnutls-cli), I
suggest trying this again once gnutls-bin is installed?
--
My theory of evolution is that Darwin was adopted.
-- Steven Wright
Hasse Hagen Johansen
Torben> Also I get the message: No STARTTLS program was available
Torben> (tried 'gnutls-cli')
Hi Torben
Try install the starttls package/program instead :-)
Regards
Hasse
Torben Knudsen
I have not really success but all the errors and information I found
useful is below. Do you have more help for me? Thanks for your time
so far.
From *Message* when using 465 and sending on port 587 with starttls
and gnutls-cli installed and without vpn
Opening STARTTLS connection to `smtp.es.aau.dk:465'
Then gnus hangs and I have to use C-g twice to get control back
---------
From the command line test with gnutls-cli
tk@tk-laptop:~$ gnutls-cli --port 465 smtp.es.aau.dk
Resolving 'smtp.es.aau.dk'...
Connecting to '130.225.51.26:465'...
- Certificate type: X.509
- Got a certificate list of 1 certificates.
- Certificate[0] info:
- subject `C=DK,ST=Denmark,O=Aalborg Universitet,OU=SMTP server,CN=smtp.es.aau.dk', issuer `O=Aalborg Universitet,OU=Institut for Elektroniske Systemer,EMAIL=ie...@ies.aau.dk,L=Aalborg,ST=Denmark,C=DK,CN=AAU IES CA', RSA key 1024 bits, signed using RSA-SHA, activated `2009-06-15 07:30:23 UTC', expires `2012-06-14 07:30:23 UTC', SHA-1 fingerprint `bbc9274ddd7d193dcd1fa8585bbb4490ba020fcc'
- The hostname in the certificate matches 'smtp.es.aau.dk'.
- Peer's certificate issuer is unknown
- Peer's certificate is NOT trusted
- Version: TLS1.0
- Key Exchange: RSA
- Cipher: AES-128-CBC
- MAC: SHA1
- Compression: NULL
- Handshake was completed
- Simple Client Mode:
220 mta1.es.aau.dk ESMTP Exim 4.63 Tue, 15 Jun 2010 07:49:20 +0200
QUIT
221 mta1.es.aau.dk closing connection
- Peer has closed the GNUTLS connection
tk@tk-laptop:~$
----------
Trace from sending on port 587 with starttls and gnutls-cli installed
and without vpn
Notice the "535 Incorrect authentication data"
Process SMTP killed
220 mta1.es.aau.dk ESMTP Exim 4.63 Tue, 15 Jun 2010 07:53:45 +0200
EHLO tk-laptop
250-mta1.es.aau.dk Hello tk-nb.office.es.aau.dk [172.26.10.148]
250-SIZE 52428800
250-PIPELINING
250-STARTTLS
250 HELP
STARTTLS
220 TLS go ahead
EHLO tk-laptop
250-mta1.es.aau.dk Hello tk-nb.office.es.aau.dk [172.26.10.148]
250-SIZE 52428800
250-PIPELINING
250-AUTH PLAIN LOGIN
250 HELP
AUTH PLAIN AHRrQGVzLmFhdS5kawAxdGtqcmFwMg==
535 Incorrect authentication data
QUIT
221 mta1.es.aau.dk closing connection
-------------
Trace when starttls and gnutls-cli is NOT installed but a vpn
connection is active.
Notice that no authentication seems to go on
Process SMTP deleted
220 mta1.es.aau.dk ESMTP Exim 4.63 Tue, 15 Jun 2010 08:12:21 +0200
EHLO tk-laptop
250-mta1.es.aau.dk Hello pc1.vpn.control.aau.dk [172.16.14.1]
250-SIZE 52428800
250-PIPELINING
250-STARTTLS
250 HELP
MAIL FROM:<t...@es.aau.dk> SIZE=603
250 OK
RCPT TO:<t...@es.aau.dk>
250 Accepted
DATA
354 Enter message, ending with "." on a line by itself
From: Torben Knudsen <t...@es.aau.dk>
To: Torben Knudsen <t...@es.aau.dk>
Subject: dd
Date: Tue, 15 Jun 2010 08:12:18 +0200
Message-ID: <87vd9k4...@es.aau.dk>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/23.1 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: quoted-printable
--=20
Associate Prof. Ph.D Torben Knudsen Mobile : (+45) 2787 9826
Section of Automation and Control, Direct : 6 8694
Department of Electronic Systems, Email : t...@es.aau.dk=20=20=20
Aalborg University=20
Fredrik Bajersvej 7=20
DK-9220 Aalborg =D8
Denmark=20
.
250 OK id=1OOPNr-0001af-8Q
QUIT
221 mta1.es.aau.dk closing connection
Adam Sjøgren
> tk@tk-laptop:~$ gnutls-cli --port 465 smtp.es.aau.dk
[...]
> 220 mta1.es.aau.dk ESMTP Exim 4.63 Tue, 15 Jun 2010 07:49:20 +0200
That looks encouraging. What error message do you get when you try to
send email this way?
> Trace from sending on port 587 with starttls and gnutls-cli installed
> and without vpn
> Notice the "535 Incorrect authentication data"
The obvious question is if you've specified your login/password correct?
> Trace when starttls and gnutls-cli is NOT installed but a vpn
> connection is active.
> Notice that no authentication seems to go on
I'm confused. The email got sent, right? What is the problem?
Torben Knudsen
> On Tue, 15 Jun 2010 08:28:19 +0200, Torben wrote:
>
>> tk@tk-laptop:~$ gnutls-cli --port 465 smtp.es.aau.dk
> [...]
>> 220 mta1.es.aau.dk ESMTP Exim 4.63 Tue, 15 Jun 2010 07:49:20 +0200
>
> That looks encouraging. What error message do you get when you try to
> send email this way?
I haven't tried to send an email by the command line gnutls-cli.
>
>> Trace from sending on port 587 with starttls and gnutls-cli installed
>> and without vpn
>> Notice the "535 Incorrect authentication data"
>
> The obvious question is if you've specified your login/password
> correct?
I belive so but I will ack IT people if there should be something
strange here.
>
>> Trace when starttls and gnutls-cli is NOT installed but a vpn
>> connection is active.
>> Notice that no authentication seems to go on
>
> I'm confused. The email got sent, right? What is the problem?
The problem is that I have to have a vpn running just for this.
Sometimes it disconect and also have to switch it off soetimes. The
reason why the mail is send in this case is that being on the university
network I don't have to give a password.
Maybe I will set low priority on this task for a while partly because I
haven't time for it and partly because the IT administration maybe come
up with some solution we all have to use.
Thanks again for the help.