Why can't RPi email?

[Frank Miles]

I've been struggling - trying to get my RPi to send me an e-mail.
This is on a wifi connection. Having configured ssmtp.conf and
revaliases (as per http://iqjar.com/jar/sending-emails-from-the-raspberry-pi/),
it's still not working. I can login to gmail.com with the browser,
have relaxed the checking. When I try:
echo "TEST" | sendmail -v logi...@mydest.edu
I get a series of lines that shows the dialog between google and
the RPi. All seems well - the ELHO looks good, it starts using
TLS, then attempts AUTH LOGIN. After a few lines of gibberish
it gives the dreaded Authorization Failed error message with a
reference to the google support message 14257.

I've checked and rechecked the AuthUser and AuthPass data, and
they appear correct. I've logged into gmail.com with those same
values - on the RPi - and it works.

This is on a new RPi-2 with a Edimax (realtek) wifi device.
Raspbian with all updates.

The one possible questionable message is in /var/log/mail.info,
it has lines indicating that SSL connection is attempting to
use RSA_ARCFOUR_SHA1. Is that what it should be using?

Any hints on how I might diagnose this problem would be appreciated!

TIA!

[The Natural Philosopher]

Probably not
SSL/TLS probably.

http://lifehacker.com/111166/how-to-use-gmail-as-your-smtp-server

its TLS you need

http://www.nixtutor.com/linux/send-mail-with-gmail-and-ssmtp/

> Any hints on how I might diagnose this problem would be appreciated!
>
> TIA!
>

--
New Socialism consists essentially in being seen to have your heart in
the right place whilst your head is in the clouds and your hand is in
someone else's pocket.

[Graham.]

Is the RPi sending a "from" address that is different to the gmail
address? If so, as will as relaxing the User Agent checking, you also
have to enter all the foreign "from" addresses you might want to use
somewhere in the Gmail web site. It's a damn nuisance in my case.

--

Graham.

%Profound_observation%

[The Natural Philosopher]

More here

http://askubuntu.com/questions/246237/configure-ssmtp-with-gmail-in-ubuntu-12-04-lts

and here

https://wiki.debian.org/sSMTP


looks like START TLS and port 587 is the magic combo
add these to the conf file

UseTLS=YES
UseSTARTTLS=YES
mailhub=smtp.gmail.com:587

[Martin Gregorie]

On Fri, 31 Jul 2015 17:06:22 +0000, Frank Miles wrote:

> This is on a new RPi-2 with a Edimax (realtek) wifi device.
> Raspbian with all updates.
>

When was your last update?

> The one possible questionable message is in /var/log/mail.info,
> it has lines indicating that SSL connection is attempting to use
> RSA_ARCFOUR_SHA1. Is that what it should be using?
>

A number of SSL encryption standards have recently been deprecated
recently because they're fundamentally broken and, as a result, are being
removed. This is why you may have also seen HTTPS connection refusals if
you're using the latest Firefox version: its the same thing.

If you, as the client end (still using a deprecated cypher), try to open
an encrypted connection to a server that no longer supports that cypher,
then you'll get the connection request refused with that type of
rejection.

Unless you're an SSL maven about all you can do is update your RPi and,
if the problem is still there, raise a bug with the the RPi sendmail
maintainers.

The same thing can also bite you the other way round: I had a problem
last week when Firefox 39.0, which no longer supports the deprecated
cypher, got its https connection refused by a government server[1] which
*only* supported the deprecated cypher. I fired up an old version of
Opera (12.16), guessing that used the deprecated cypher. It did, and I
was able to use it to do the job. I also raised a bug with the server
admins, who are on the case and seemed happy to get the heads-up, but are
taking their time to get the change made (probably due to the
bureaucratic faff that impacts any changes made to a government or
banking server).

[1] a helpful bunch of sysadmins, so no names, no pack drill except
to say it isn't a UK Government server


--
martin@ | Martin Gregorie
gregorie. | Essex, UK
org |

[Frank Miles]

Thanks, tnp (and Martin and Graham). So far no improvement. I
UseSTARTTLS setting, tried UseTLS on and absent. Still nothing.
I've tried quite a few variants that I've found on various web
sites to no avail.

At this point I'm wondering: is there something magical about
using gmail? Might there be some alternative system? At least
to debug whatever is happening? This is eating 'way too much
time...

[The Natural Philosopher]

well you can use your isps mail relay.

Id be more helpful but I don't use gmail. I run my own mail relay and
server on te big bad internet, and exim and postfix, not ssmtp

[Björn Lundin]

Looking in my Icedove on my desktop Debian, I see I have port 465 - not
587 - and SSL/TLS.


--
--
Björn

[Frank Miles]

I had tried the 465 port some iterations ago, to no avail. Something
must have been changed for the better since then, because testing it
once more with port 465 seemed "better". Sadly, still not really
working. With Debug=YES in ssmtp.conf I find in /var/log/mail.info:
Set MailHubs="smtp.gmail.com"
via SMTP Port Number="465"
Creating SSL connection to host

Unfortunately neither
echo "TEST" | sendmail -v me@host
nor
cat test-mail | ssmtp me@host
actually sends mail -- both commands hang. Ctrl-C and Ctrl-D do nothing,
it requires a Ctrl-Z with a 'kill -9 ...' to terminate the e-mail attempt.
Nothing is delivered to me@host.

If I wait a really long time I get a "ssmtp: Connection lost in middle of
processing.

This seems better than before, if not quite there.

[Toby Newman]

Some ISPs block outgoing email that isn't delivered through their own
mail servers. This can help prevent spam.

--
-Toby
Add the word afiduluminag to the subject to circumvent my email filters.

[The Natural Philosopher]

which makes your statement meaningless, or rather not helpful, sadly.

I still say that there is simply an issue of getting the right port.and
encryption format set up. That's all.

[Frank Miles]

I've finally got mail running - hurrah! However it isn't using ssmtp.
Nothing seemed to help with that. Instead I installed exim as
described very thoroughly in:
http://www.sbprojects.net/projects/raspberrypi/exim4.php

Initially restarting exim whined about no IPv6 (modprobe ipv6 fixes that).

Mail successfully sent to my intended target machine on the very first try.

Thanks to all for your thoughtful replies!

-F

[The Natural Philosopher]

yeah. I use exim here and its a bitch to set up, but runs flawlessly
once you have the right magic spells in place. Postfix is similar.

If Id known you are doing exim Id have posted my conf files..I use TLS
to send



> -F

[Frank Miles]

On Tue, 04 Aug 2015 18:45:11 +0100, The Natural Philosopher wrote:

> On 04/08/15 17:33, Frank Miles wrote:

[snip]

>> I've finally got mail running - hurrah! However it isn't using ssmtp.
>> Nothing seemed to help with that. Instead I installed exim as
>> described very thoroughly in:
>> http://www.sbprojects.net/projects/raspberrypi/exim4.php
>>
>> Initially restarting exim whined about no IPv6 (modprobe ipv6 fixes that).
>>
>> Mail successfully sent to my intended target machine on the very first try.
>>
>> Thanks to all for your thoughtful replies!
>>
>
> yeah. I use exim here and its a bitch to set up, but runs flawlessly
> once you have the right magic spells in place. Postfix is similar.
>
> If Id known you are doing exim Id have posted my conf files..I use TLS
> to send

Thanks. However I hadn't been using exim initially. Most of the
recommendations I'd found avoided it for the simpler ssmtp. But I
couldn't get ssmtp to work, and exim worked 1st time.

[Unknown]

The original RFCs for eg. email were nice and simple.
Then they introduced <sender authenticate> which wasn't a problem to
extend the code to handle. But this SSL?TLS is a whole extra dark-layer
and I can't find out how to test it decoupled/separate from the old
familiar code.

We DIY enthusiasts are getting squeezed out, by big commercial interests.
Everything seems to be going httpS !

[Joe Beanfish]

On Wed, 19 Aug 2015 03:55:09 +0000, Unknown wrote:
> The original RFCs for eg. email were nice and simple.
> Then they introduced <sender authenticate> which wasn't a problem to
> extend the code to handle. But this SSL?TLS is a whole extra dark-layer
> and I can't find out how to test it decoupled/separate from the old
> familiar code.
>
> We DIY enthusiasts are getting squeezed out, by big commercial
> interests.
> Everything seems to be going httpS !

Nope, not commercial interests, criminals. Just like in real life
the more criminals there are the more security is needed. More
security generally involves more inconvenience and expense for
the defenders. It's a never ending escalation on both sides which
makes it hard for the DIY to keep up.