sending mail using tls using Emacs under Windows

[Will Parsons]

I'd like to be able to send mail using Emacs 24.2.1 under Windows and
am having difficulties. With the following in my .emacs file:

(setq
send-mail-function 'smtpmail-send-it
smtpmail-smtp-server "smtp.gmail.com"
smtpmail-smtp-service 587)

and a suitable entry in .authinfo:

machine smtp.gmail.com login xx...@gmail.com port 587 password xxxxx

attempting to send a message using the default method "Gnus Message"
results in:

smtpmail-send-it: Sending failed: 530 5.7.0 Must issue a STARTTLS
command first. y142sm1414876iod.25 - gsmtp

Looking under Options => Packages, I see that gnutls is built-in, but
running gnutls-available-p returns nil.

Am I missing something?

--
Will

[Eli Zaretskii]

> From: Will Parsons <va...@nodomain.invalid>
> Date: 23 Mar 2015 21:55:52 GMT

I'm guessing you didn't install the GnuTLS library. Your Emacs was
built with it, but it looks for it at run time and doesn't find it.

Try installing from here:

http://sourceforge.net/projects/ezwinports/files/gnutls-3.3.11-w32-bin.zip/download

[Will Parsons]

OK - I kind of assumed that if gnutls was "built-in" it was already
available, but I guess that's not what "built-in" means?

Anyway, I downloaded it and installed it under c:\ezwinports, and then
added c:\ezwinports\bin to the Windows path.

Now running gnutls-available-p returns t, but I still get the "Must
issue a STARTTLS command first" message when I try to send mail. Is
there something else I have to configure?

--
Will

[Eli Zaretskii]

> From: Will Parsons <oud...@nodomain.invalid>
> Date: 24 Mar 2015 18:42:43 GMT

>
> > I'm guessing you didn't install the GnuTLS library. Your Emacs was
> > built with it, but it looks for it at run time and doesn't find it.
> >
> > Try installing from here:
> >
> > http://sourceforge.net/projects/ezwinports/files/gnutls-3.3.11-w32-bin.zip/download
>
>
> OK - I kind of assumed that if gnutls was "built-in" it was already
> available, but I guess that's not what "built-in" means?

On Windows, we don't want to force people to install additional
libraries they don't want or don't need. So those libraries are
loaded at run time when and if requested.

> Anyway, I downloaded it and installed it under c:\ezwinports, and then
> added c:\ezwinports\bin to the Windows path.
>
> Now running gnutls-available-p returns t, but I still get the "Must
> issue a STARTTLS command first" message when I try to send mail. Is
> there something else I have to configure?

Did you try to follow the advice here:

http://www.emacswiki.org/emacs/GnusGmail

[Will Parsons]

Eli Zaretskii wrote:
>> From: Will Parsons <oud...@nodomain.invalid>
>> Date: 24 Mar 2015 18:42:43 GMT
>>
>> > I'm guessing you didn't install the GnuTLS library. Your Emacs was
>> > built with it, but it looks for it at run time and doesn't find it.
>> >
>> > Try installing from here:
>> >
>> > http://sourceforge.net/projects/ezwinports/files/gnutls-3.3.11-w32-bin.zip/download
>>

>> Anyway, I downloaded it and installed it under c:\ezwinports, and then
>> added c:\ezwinports\bin to the Windows path.
>>
>> Now running gnutls-available-p returns t, but I still get the "Must
>> issue a STARTTLS command first" message when I try to send mail. Is
>> there something else I have to configure?
>
> Did you try to follow the advice here:
>
> http://www.emacswiki.org/emacs/GnusGmail

Are you referring to any specific advice on that page? A lot of the
stuff on that page doesn't apply to what I'm trying to do, but I did
try to adding settings for smtpmail-starttls-credentials and
smtpmail-auth-credentials (although I think these are probably
superfluous), but with no change.

--
Will

[Eli Zaretskii]

> From: Will Parsons <oud...@nodomain.invalid>
> Date: 24 Mar 2015 19:45:29 GMT

>
> > http://www.emacswiki.org/emacs/GnusGmail
>
> Are you referring to any specific advice on that page?

No, because I use neither Gnus nor gmail.

[Sivaram Neelakantan]

On Tue, Mar 24 2015,Will Parsons wrote:


[snipped 28 lines]



(setq smtpmail-stream-type 'ssl)
(setq smtpmail-smtp-server "smtp.gmail.com")
(setq smtpmail-smtp-service 465)
(setq smtpmail-debug-info t) ; only to debug problems set to t if needed
(setq smtpmail-debug-verb t)

with the usual entries in .authinfo works for me with Eli's gnutls
binaries for GNU Emacs 24.4.1 (i686-pc-mingw32) of 2014-10-24 on LEG570

sivaram
--

[Will Parsons]

Thanks for the suggestion, but including those settings result in
Emacs crashing, with a Windows pop-up message: "GNU Emacs: The
extensible self-documenting text editor has stopped working".

--
Will

[Eli Zaretskii]

> From: Will Parsons <va...@nodomain.invalid>
> Date: 25 Mar 2015 21:12:40 GMT

In what version of Emacs? If that's 24.4, please report the crash as
a bug with all the relevant details. If that's an older version, I
suggest to install 24.4 (or 24.5, to be released in a few days).

[Q1999]

for imap I have the following in my .emacs which seems to work. However it does not work until you tell google not to block less secure log in attempts. First time use, you get a gmail from google with instructions on how to do that.

;; Start GNUS
(require 'gnus)
(add-to-list 'load-path
"~/starttls-0.10")
(require 'starttls)
(add-to-list 'gnus-secondary-select-methods '(nnimap "gmail"
(nnimap-address "imap.gmail.com")
(nnimap-server-port 993)
(nnimap-stream ssl)))

(setq message-send-mail-function 'smtpmail-send-it
smtpmail-starttls-credentials '(("smtp.gmail.com" 25 nil nil))
smtpmail-auth-credentials '(("smtp.gmail.com" 25 "yourEmai...@gmail.com" nil))
smtpmail-default-smtp-server "smtp.gmail.com"
smtpmail-smtp-server "smtp.gmail.com"
smtpmail-smtp-service 25
smtpmail-local-domain "yourcompany.com")
;; End GNUS

[Will Parsons]

It was 24.2. I've now installed 24.4.1 and retried with the result
that emacs doesn't crash but it doesn't work either, this time with
the following messages in the Messages buffer:

Sending via mail...
gnutls.el: (err=[-64] Error while reading file.) boot: (:priority
NORMAL :hostname smtp.gmail.com :loglevel 0 :min-prime-bits 256
:trustfiles (/usr/ssl/certs/ca-bundle.crt) :crlfiles nil :keylist nil
:verify-flags nil :verify-error nil :callbacks nil)
gnutls-negotiate: GnuTLS error: #<process smtpmail>, -64


Well, that 'Error while reading file' message looks suspicious, but
both gnutls.el and gnutls.elc seem to exist and be readable.


Trying with the original configuration (basically, without the
setq smtpmail-stream-type 'ssl
and using
setq smtpmail-smtp-service 587)
the following appears in the Messages buffer:

Sending via mail...
gnutls.el: (err=[-64] Error while reading file.) boot: (:priority
NORMAL :hostname smtp.gmail.com :loglevel 0 :min-prime-bits 256
:trustfiles (/usr/ssl/certs/ca-bundle.crt) :crlfiles nil :keylist nil
:verify-flags nil :verify-error nil :callbacks nil)
530 5.7.0 Must issue a STARTTLS command first. 9sm4204471qgo.38 -
gsmtp
221 2.0.0 closing connection 9sm4204471qgo.38 - gsmtp
smtpmail-send-it: Sending failed: 530 5.7.0 Must issue a STARTTLS
command first. 9sm4204471qgo.38 - gsmtp


So it looks like there's a problem with gnutls.el, but I don't know
what.

--
Will

[Sivaram Neelakantan]

On Thu, Mar 26 2015,Will Parsons wrote:


[snipped 29 lines]

> Sending via mail...
> gnutls.el: (err=[-64] Error while reading file.) boot: (:priority
> NORMAL :hostname smtp.gmail.com :loglevel 0 :min-prime-bits 256
> :trustfiles (/usr/ssl/certs/ca-bundle.crt) :crlfiles nil :keylist nil
> :verify-flags nil :verify-error nil :callbacks nil)
> gnutls-negotiate: GnuTLS error: #<process smtpmail>, -64
>
>

[snipped 10 lines]

> Sending via mail...
> gnutls.el: (err=[-64] Error while reading file.) boot: (:priority
> NORMAL :hostname smtp.gmail.com :loglevel 0 :min-prime-bits 256
> :trustfiles (/usr/ssl/certs/ca-bundle.crt) :crlfiles nil :keylist nil
> :verify-flags nil :verify-error nil :callbacks nil)
> 530 5.7.0 Must issue a STARTTLS command first. 9sm4204471qgo.38 -
> gsmtp
> 221 2.0.0 closing connection 9sm4204471qgo.38 - gsmtp
> smtpmail-send-it: Sending failed: 530 5.7.0 Must issue a STARTTLS
> command first. 9sm4204471qgo.38 - gsmtp
>
>
> So it looks like there's a problem with gnutls.el, but I don't know
> what.

I have this too that I missed as part of my configuration lines that
I sent.

(setq gnutls-trustfiles '("c:/cygwin/usr/ssl/certs/ca-bundle.trust.crt" "c:/cygwin/usr/ssl/certs/ca-bundle.crt"))

Does setting this explicitly work?

sivaram
--

[Eli Zaretskii]

> From: Will Parsons <va...@nodomain.invalid>
> Date: 26 Mar 2015 20:57:48 GMT

>
> Sending via mail...
> gnutls.el: (err=[-64] Error while reading file.) boot: (:priority
> NORMAL :hostname smtp.gmail.com :loglevel 0 :min-prime-bits 256
> :trustfiles (/usr/ssl/certs/ca-bundle.crt) :crlfiles nil :keylist nil
> :verify-flags nil :verify-error nil :callbacks nil)
> gnutls-negotiate: GnuTLS error: #<process smtpmail>, -64

Do you have a certificate bundle in /usr/ssl/certs/ca-bundle.crt?

[Will Parsons]

Yes it does!

--
Will

[Will Parsons]

Since this is a native Windows Emacs, no such path exists.

In a separate reply, Sivaram suggested the setting:

(setq gnutls-trustfiles '("c:/cygwin/usr/ssl/certs/ca-bundle.trust.crt"
"c:/cygwin/usr/ssl/certs/ca-bundle.crt"))

This works (thank you Sivaram), but of course it works because it
depends on having Cygwin installed. That's not a problem for me,
since I have Cygwin installed anyway, but I think there must be part
of the puzzle missing if one is using only native Emacs and gnutls.

--
Will

[Eli Zaretskii]

> From: Will Parsons <va...@nodomain.invalid>
> Date: 27 Mar 2015 17:40:25 GMT

>
> Eli Zaretskii wrote:
> >> From: Will Parsons <va...@nodomain.invalid>
> >> Date: 26 Mar 2015 20:57:48 GMT
> >>
> >> Sending via mail...
> >> gnutls.el: (err=[-64] Error while reading file.) boot: (:priority
> >> NORMAL :hostname smtp.gmail.com :loglevel 0 :min-prime-bits 256
> >> :trustfiles (/usr/ssl/certs/ca-bundle.crt) :crlfiles nil :keylist nil
> >> :verify-flags nil :verify-error nil :callbacks nil)
> >> gnutls-negotiate: GnuTLS error: #<process smtpmail>, -64
> >
> > Do you have a certificate bundle in /usr/ssl/certs/ca-bundle.crt?
>
> Since this is a native Windows Emacs, no such path exists.

Then you need to point GnuTLS to the correct file name on your system.

> In a separate reply, Sivaram suggested the setting:
>
> (setq gnutls-trustfiles '("c:/cygwin/usr/ssl/certs/ca-bundle.trust.crt"
> "c:/cygwin/usr/ssl/certs/ca-bundle.crt"))
>
> This works (thank you Sivaram), but of course it works because it
> depends on having Cygwin installed.

The bundle has nothing to do with Cygwin, you can install it
separately.

> That's not a problem for me, since I have Cygwin installed anyway,
> but I think there must be part of the puzzle missing if one is using
> only native Emacs and gnutls.

The development version of Emacs instructs GnuTLS to use the
certificates stored by Windows, so the separate bundle will no longer
be needed with that version.

[Will Parsons]

Eli Zaretskii wrote:
>> From: Will Parsons <va...@nodomain.invalid>
>> Date: 27 Mar 2015 17:40:25 GMT
>>
>> Eli Zaretskii wrote:
>> >> From: Will Parsons <va...@nodomain.invalid>
>> >> Date: 26 Mar 2015 20:57:48 GMT
>> >>
>> >> Sending via mail...
>> >> gnutls.el: (err=[-64] Error while reading file.) boot: (:priority
>> >> NORMAL :hostname smtp.gmail.com :loglevel 0 :min-prime-bits 256
>> >> :trustfiles (/usr/ssl/certs/ca-bundle.crt) :crlfiles nil :keylist nil
>> >> :verify-flags nil :verify-error nil :callbacks nil)
>> >> gnutls-negotiate: GnuTLS error: #<process smtpmail>, -64
>> >
>> > Do you have a certificate bundle in /usr/ssl/certs/ca-bundle.crt?
>>
>> Since this is a native Windows Emacs, no such path exists.
>
> Then you need to point GnuTLS to the correct file name on your system.
>
>> In a separate reply, Sivaram suggested the setting:
>>
>> (setq gnutls-trustfiles '("c:/cygwin/usr/ssl/certs/ca-bundle.trust.crt"
>> "c:/cygwin/usr/ssl/certs/ca-bundle.crt"))
>>
>> This works (thank you Sivaram), but of course it works because it
>> depends on having Cygwin installed.
>
> The bundle has nothing to do with Cygwin, you can install it
> separately.

Fair enough, but it's not exactly clear what I need to install, or
from where. (If I've missed some documentation describing this, I
apologize.)

>> That's not a problem for me, since I have Cygwin installed anyway,
>> but I think there must be part of the puzzle missing if one is using
>> only native Emacs and gnutls.
>
> The development version of Emacs instructs GnuTLS to use the
> certificates stored by Windows, so the separate bundle will no longer
> be needed with that version.

So this will be case for the coming 24.5? Great. (In any case, I'm
happy for now with the current solution.)

Thanks to you and Sivaram for helping me solve this problem.


--
Will

[Eli Zaretskii]

> From: Will Parsons <va...@nodomain.invalid>
> Date: 27 Mar 2015 19:37:34 GMT

I don't think you missed something. One place where you can find
instructions for how to download and create a bundle is here:

http://www.linuxfromscratch.org/blfs/view/svn/postlfs/cacerts.html

> > The development version of Emacs instructs GnuTLS to use the
> > certificates stored by Windows, so the separate bundle will no longer
> > be needed with that version.
>
> So this will be case for the coming 24.5?

Unfortunately, no. It will be only available in Emacs 25. Emacs 24.5
is a bug-fix release with no major new features.