From owner-freebsd-questions@FreeBSD.ORG  Sat Mar 30 10:14:48 2013
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.FreeBSD.org [8.8.178.115])
 by hub.freebsd.org (Postfix) with ESMTP id 05932568
 for <freebsd-questions@freebsd.org>; Sat, 30 Mar 2013 10:14:48 +0000 (UTC)
 (envelope-from mexas@bristol.ac.uk)
Received: from dirg.bris.ac.uk (dirg.bris.ac.uk [137.222.10.102])
 by mx1.freebsd.org (Postfix) with ESMTP id C100FB0E
 for <freebsd-questions@freebsd.org>; Sat, 30 Mar 2013 10:14:47 +0000 (UTC)
Received: from ncsc.bris.ac.uk ([137.222.10.41])
 by dirg.bris.ac.uk with esmtp (Exim 4.72)
 (envelope-from <mexas@bristol.ac.uk>) id 1ULso9-00070z-PG
 for freebsd-questions@freebsd.org; Sat, 30 Mar 2013 10:14:45 +0000
Received: from cpc2-aztw9-0-0-cust169.18-1.cable.virginmedia.com
 ([77.97.103.170] helo=zzz.men.bris.ac.uk)
 by ncsc.bris.ac.uk with esmtpsa (TLSv1:AES256-SHA:256) (Exim 4.72)
 (envelope-from <mexas@bris.ac.uk>) id 1ULso9-0000FP-0k
 for freebsd-questions@freebsd.org; Sat, 30 Mar 2013 10:14:45 +0000
Received: from zzz.men.bris.ac.uk (localhost [127.0.0.1])
 by zzz.men.bris.ac.uk (8.14.6/8.14.6) with ESMTP id r2UAEiRa081672
 for <freebsd-questions@freebsd.org>; Sat, 30 Mar 2013 10:14:44 GMT
 (envelope-from mexas@zzz.men.bris.ac.uk)
Received: (from mexas@localhost)
 by zzz.men.bris.ac.uk (8.14.6/8.14.6/Submit) id r2UAEi1W081669
 for freebsd-questions@freebsd.org; Sat, 30 Mar 2013 10:14:44 GMT
 (envelope-from mexas)
Date: Sat, 30 Mar 2013 10:14:44 GMT
From: Anton Shterenlikht <mexas@bristol.ac.uk>
Message-Id: <201303301014.r2UAEi1W081669@zzz.men.bris.ac.uk>
To: freebsd-questions@freebsd.org
Subject: Re: Operation timed out with smtp.gmail.com - please help
In-Reply-To: <20130329153619.69c5b4dd@scorpio>
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.14
Precedence: list
Reply-To: mexas@bristol.ac.uk
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 30 Mar 2013 10:14:48 -0000

	Date: Fri, 29 Mar 2013 15:36:19 -0400
	From: Jerry <jerry@seibercom.net>
	To: FreeBSD <freebsd-questions@freebsd.org>
	Subject: Re: Operation timed out with smtp.gmail.com - please help

	On Fri, 29 Mar 2013 18:32:34 GMT
	Anton Shterenlikht articulated:

	> Please help debug sendmail / smtp.gmail config.
	> 
	> My University just switched to gmail (dickheads)
	> and I'm trying to figure out how to set it up.
	> 
	> It used to work ok with the University smtp auth
	> server. Now I get in /var/log/maillog:
	> 
	>  sm-mta[72300]: r2TI0vQc072134: to=<mexas@bris.ac.uk>,
	>  ctladdr=<mexas@xxxx.men.bris.ac.uk> (1001/1001),
	>  delay=00:20:01, xdelay=00:00:00, mailer=relay, pri=210424,
	>  relay=smtp.gmail.com, dsn=4.0.0,
	>  stat=Deferred: Operation timed out with smtp.gmail.com
	> 
	> I switched the firewall off completely.
	> 
	> I have:
	> 
	> # cat /etc/mail/auth/client-info
	> AuthInfo:smtp.gmail.com "U:root" "I:mexas@bristol.ac.uk" "P:xxxxx"
	> # 
	> 
	> and this in /etc/mail/freebsd.mc:
	> 
	> define(`confAUTH_MECHANISMS', `GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN')dnl
	> define(`SMART_HOST', `smtp.gmail.com')dnl
	> 
	> I rebuilt (run make under /etc/mail. This just
	> renames freebsd.mc to <hostname>.mc, and freebsd.submit.mc
	> to <hostname>.submit.mc) and restarted sendmail.
	> 
	> I also use:
	> 
	> MASQUERADE_AS(`bristol.ac.uk')
	> MASQUERADE_DOMAIN(`bristol.ac.uk')
	> 
	> to use the university domain instead of
	> may xxxx.men.bris.ac.uk, which is not
	> acceptable.

	Try this at the command line:

	openssl s_client -connect smtp.gmail.com:25 -starttls smtp

	If it times out, change the port number to 587 and try it again. If you
	cannot make a connect using either port number then you have a firewall
	problem.

Thank you, I get:

$ openssl s_client -connect smtp.gmail.com:25 -starttls smtp
connect: Operation timed out
connect:errno=60
$ 

$ openssl s_client -connect smtp.gmail.com:587 -starttls smtp
CONNECTED(00000003)
depth=1 C = US, O = Google Inc, CN = Google Internet Authority
verify error:num=20:unable to get local issuer certificate
verify return:0
---
Certificate chain
 0 s:/C=US/ST=California/L=Mountain View/O=Google Inc/CN=smtp.gmail.com
   i:/C=US/O=Google Inc/CN=Google Internet Authority
 1 s:/C=US/O=Google Inc/CN=Google Internet Authority
   i:/C=US/O=Equifax/OU=Equifax Secure Certificate Authority
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIDgDCCAumgAwIBAgIKO3T/ewAAAABoqDANBgkqhkiG9w0BAQUFADBGMQswCQYD
VQQGEwJVUzETMBEGA1UEChMKR29vZ2xlIEluYzEiMCAGA1UEAxMZR29vZ2xlIElu
dGVybmV0IEF1dGhvcml0eTAeFw0xMjA5MTIxMTU3NTBaFw0xMzA2MDcxOTQzMjda
MGgxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1N
b3VudGFpbiBWaWV3MRMwEQYDVQQKEwpHb29nbGUgSW5jMRcwFQYDVQQDEw5zbXRw
LmdtYWlsLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAv0UvQmjW1y96
cOK6AdQVEYPRd3ZQ9UhxkKfuVaYS9riOESFkWxkz+b3Ts/EOA5SY8axkaJS7Qa/v
N7laztYY8tTkx9Ml+eCY4xh0fFq9z4/WWADGqTY5I0wvqjZr+jBuYGulK1fU4ZUS
QpuZMMO9x7Bmr5LVP9C5r2qnoqtMtJUCAwEAAaOCAVEwggFNMB0GA1UdJQQWMBQG
CCsGAQUFBwMBBggrBgEFBQcDAjAdBgNVHQ4EFgQUaCtARMZ9urIDfdpR6v1AkQsr
44owHwYDVR0jBBgwFoAUv8Aw6/VDET5nup6R+/xq2uNrEiQwWwYDVR0fBFQwUjBQ
oE6gTIZKaHR0cDovL3d3dy5nc3RhdGljLmNvbS9Hb29nbGVJbnRlcm5ldEF1dGhv
cml0eS9Hb29nbGVJbnRlcm5ldEF1dGhvcml0eS5jcmwwZgYIKwYBBQUHAQEEWjBY
MFYGCCsGAQUFBzAChkpodHRwOi8vd3d3LmdzdGF0aWMuY29tL0dvb2dsZUludGVy
bmV0QXV0aG9yaXR5L0dvb2dsZUludGVybmV0QXV0aG9yaXR5LmNydDAMBgNVHRMB
Af8EAjAAMBkGA1UdEQQSMBCCDnNtdHAuZ21haWwuY29tMA0GCSqGSIb3DQEBBQUA
A4GBADSkwmtEUhy/AhX2sIULT0Q5S9OlfKxbyE8hEc8nxls3jbk5yKZYd35Bzyy8
raoUPFuD3IH+zP/FGj5LPQirjnJLUvuFDsiM4eowPUthQad9SGWWdz6hCx8HpEUZ
1ssGnwb3HX34e9RH57v9LdtVUPdFYQsBJ36miGPylWk6r0xx
-----END CERTIFICATE-----
subject=/C=US/ST=California/L=Mountain View/O=Google Inc/CN=smtp.gmail.com
issuer=/C=US/O=Google Inc/CN=Google Internet Authority
---
No client certificate CA names sent
---
SSL handshake has read 2317 bytes and written 476 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-RC4-SHA
Server public key is 1024 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : ECDHE-RSA-RC4-SHA
    Session-ID: 8CAF4204FADB72F58FA6334A62F65B7182EF06F3C9AD8042FD44B9F726E8C9D5
    Session-ID-ctx: 
    Master-Key: 45312AE23341AAFA1414BDDD30740E4FB40655986FD410A606CD351206BBAC5E5496F77DDF4DBE32B0E9B7E7FFA1057
    Key-Arg   : None
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    TLS session ticket lifetime hint: 100800 (seconds)
    TLS session ticket:
    0000 - 63 53 11 b3 92 0d 59 63-15 90 58 10 84 f2 f7 6a   cS....Yc..X....j
    0010 - 7c 7c 62 96 c5 3d cb 52-ca 32 2d 97 de 51 10 6d   ||b..=.R.2-..Q.m
    0020 - d2 97 ca 69 f8 cf 3d 6e-c9 60 73 3a 49 3a 4a 74   ...i..=n.`s:I:Jt
    0030 - 88 ee 2c b0 75 4d 5b 61-56 a4 fe e3 42 56 7c 2d   ..,.uM[aV...BV|-
    0040 - 70 db e2 d7 5d 84 bd 88-06 7c c2 96 19 53 d0 58   p...]....|...S.X
    0050 - f9 6a fb dd 3a 7b 73 3e-f9 bc 6d b1 ac 6a 63 13   .j..:{s>..m..jc.
    0060 - 64 b8 be 1f b8 fd 05 da-7d 87 63 a4 53 6e 3a 55   d.......}.c.Sn:U
    0070 - fe 73 f6 05 63 9a c6 c9-da cb 6c 4e ce 1d 1f a1   .s..c.....lN....
    0080 - 07 12 0b c7 d1 ce 71 5a-f1 2c b4 a9 20 32 e2 64   ......qZ.,.. 2.d
    0090 - 49 fd 77 41                                       I.wA

    Start Time: 1364638180
    Timeout   : 300 (sec)
    Verify return code: 20 (unable to get local issuer certificate)
---
250 ENHANCEDSTATUSCODES
^C
$

The university IT support page:
http://www.bristol.ac.uk/it-services/applications/email/gmail/manual-config-gmail.html

actually says that port 465 SSL should be used,
so I also tried:

$ openssl s_client -connect smtp.gmail.com:465 -starttls smtp
CONNECTED(00000003)
^C
$ 

Not sure what to make of this.

Is the port set by sendmail config files?

Many thanks for your help

Anton