Date: Sat, 30 Mar 2013 07:34:06 -0400 From: Jerry <jerry@seibercom.net> To: FreeBSD <freebsd-questions@freebsd.org> Subject: Re: Operation timed out with smtp.gmail.com - please help Message-ID: <20130330073406.45d5593e@scorpio> In-Reply-To: <201303301014.r2UAEi1W081669@zzz.men.bris.ac.uk> References: <20130329153619.69c5b4dd@scorpio> <201303301014.r2UAEi1W081669@zzz.men.bris.ac.uk>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, 30 Mar 2013 10:14:44 GMT
Anton Shterenlikht articulated:
> Date: Fri, 29 Mar 2013 15:36:19 -0400
> From: Jerry <jerry@seibercom.net>
> To: FreeBSD <freebsd-questions@freebsd.org>
> Subject: Re: Operation timed out with smtp.gmail.com - please
> help
>
> On Fri, 29 Mar 2013 18:32:34 GMT
> Anton Shterenlikht articulated:
>
> > Please help debug sendmail / smtp.gmail config.
> >
> > My University just switched to gmail (dickheads)
> > and I'm trying to figure out how to set it up.
> >
> > It used to work ok with the University smtp auth
> > server. Now I get in /var/log/maillog:
> >
> > sm-mta[72300]: r2TI0vQc072134: to=<mexas@bris.ac.uk>,
> > ctladdr=<mexas@xxxx.men.bris.ac.uk> (1001/1001),
> > delay=00:20:01, xdelay=00:00:00, mailer=relay, pri=210424,
> > relay=smtp.gmail.com, dsn=4.0.0,
> > stat=Deferred: Operation timed out with smtp.gmail.com
> >
> > I switched the firewall off completely.
> >
> > I have:
> >
> > # cat /etc/mail/auth/client-info
> > AuthInfo:smtp.gmail.com "U:root" "I:mexas@bristol.ac.uk"
> > "P:xxxxx" #
> >
> > and this in /etc/mail/freebsd.mc:
> >
> > define(`confAUTH_MECHANISMS', `GSSAPI DIGEST-MD5 CRAM-MD5
> > LOGIN')dnl define(`SMART_HOST', `smtp.gmail.com')dnl
> >
> > I rebuilt (run make under /etc/mail. This just
> > renames freebsd.mc to <hostname>.mc, and freebsd.submit.mc
> > to <hostname>.submit.mc) and restarted sendmail.
> >
> > I also use:
> >
> > MASQUERADE_AS(`bristol.ac.uk')
> > MASQUERADE_DOMAIN(`bristol.ac.uk')
> >
> > to use the university domain instead of
> > may xxxx.men.bris.ac.uk, which is not
> > acceptable.
>
> Try this at the command line:
>
> openssl s_client -connect smtp.gmail.com:25 -starttls smtp
>
> If it times out, change the port number to 587 and try it
> again. If you cannot make a connect using either port number then you
> have a firewall problem.
>
> Thank you, I get:
>
> $ openssl s_client -connect smtp.gmail.com:25 -starttls smtp
> connect: Operation timed out
> connect:errno=60
> $
>
> $ openssl s_client -connect smtp.gmail.com:587 -starttls smtp
> CONNECTED(00000003)
> depth=1 C = US, O = Google Inc, CN = Google Internet Authority
> verify error:num=20:unable to get local issuer certificate
> verify return:0
> ---
> Certificate chain
> 0 s:/C=US/ST=California/L=Mountain View/O=Google
> Inc/CN=smtp.gmail.com i:/C=US/O=Google Inc/CN=Google Internet
> Authority 1 s:/C=US/O=Google Inc/CN=Google Internet Authority
> i:/C=US/O=Equifax/OU=Equifax Secure Certificate Authority
> ---
> Server certificate
> -----BEGIN CERTIFICATE-----
> MIIDgDCCAumgAwIBAgIKO3T/ewAAAABoqDANBgkqhkiG9w0BAQUFADBGMQswCQYD
> VQQGEwJVUzETMBEGA1UEChMKR29vZ2xlIEluYzEiMCAGA1UEAxMZR29vZ2xlIElu
> dGVybmV0IEF1dGhvcml0eTAeFw0xMjA5MTIxMTU3NTBaFw0xMzA2MDcxOTQzMjda
> MGgxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1N
> b3VudGFpbiBWaWV3MRMwEQYDVQQKEwpHb29nbGUgSW5jMRcwFQYDVQQDEw5zbXRw
> LmdtYWlsLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAv0UvQmjW1y96
> cOK6AdQVEYPRd3ZQ9UhxkKfuVaYS9riOESFkWxkz+b3Ts/EOA5SY8axkaJS7Qa/v
> N7laztYY8tTkx9Ml+eCY4xh0fFq9z4/WWADGqTY5I0wvqjZr+jBuYGulK1fU4ZUS
> QpuZMMO9x7Bmr5LVP9C5r2qnoqtMtJUCAwEAAaOCAVEwggFNMB0GA1UdJQQWMBQG
> CCsGAQUFBwMBBggrBgEFBQcDAjAdBgNVHQ4EFgQUaCtARMZ9urIDfdpR6v1AkQsr
> 44owHwYDVR0jBBgwFoAUv8Aw6/VDET5nup6R+/xq2uNrEiQwWwYDVR0fBFQwUjBQ
> oE6gTIZKaHR0cDovL3d3dy5nc3RhdGljLmNvbS9Hb29nbGVJbnRlcm5ldEF1dGhv
> cml0eS9Hb29nbGVJbnRlcm5ldEF1dGhvcml0eS5jcmwwZgYIKwYBBQUHAQEEWjBY
> MFYGCCsGAQUFBzAChkpodHRwOi8vd3d3LmdzdGF0aWMuY29tL0dvb2dsZUludGVy
> bmV0QXV0aG9yaXR5L0dvb2dsZUludGVybmV0QXV0aG9yaXR5LmNydDAMBgNVHRMB
> Af8EAjAAMBkGA1UdEQQSMBCCDnNtdHAuZ21haWwuY29tMA0GCSqGSIb3DQEBBQUA
> A4GBADSkwmtEUhy/AhX2sIULT0Q5S9OlfKxbyE8hEc8nxls3jbk5yKZYd35Bzyy8
> raoUPFuD3IH+zP/FGj5LPQirjnJLUvuFDsiM4eowPUthQad9SGWWdz6hCx8HpEUZ
> 1ssGnwb3HX34e9RH57v9LdtVUPdFYQsBJ36miGPylWk6r0xx
> -----END CERTIFICATE-----
> subject=/C=US/ST=California/L=Mountain View/O=Google
> Inc/CN=smtp.gmail.com issuer=/C=US/O=Google Inc/CN=Google Internet
> Authority ---
> No client certificate CA names sent
> ---
> SSL handshake has read 2317 bytes and written 476 bytes
> ---
> New, TLSv1/SSLv3, Cipher is ECDHE-RSA-RC4-SHA
> Server public key is 1024 bit
> Secure Renegotiation IS supported
> Compression: NONE
> Expansion: NONE
> SSL-Session:
> Protocol : TLSv1.2
> Cipher : ECDHE-RSA-RC4-SHA
> Session-ID:
> 8CAF4204FADB72F58FA6334A62F65B7182EF06F3C9AD8042FD44B9F726E8C9D5
> Session-ID-ctx: Master-Key:
> 45312AE23341AAFA1414BDDD30740E4FB40655986FD410A606CD351206BBAC5E5496F77DDF4DBE32B0E9B7E7FFA1057
> Key-Arg : None PSK identity: None
> PSK identity hint: None
> SRP username: None
> TLS session ticket lifetime hint: 100800 (seconds)
> TLS session ticket:
> 0000 - 63 53 11 b3 92 0d 59 63-15 90 58 10 84 f2 f7 6a
> cS....Yc..X....j 0010 - 7c 7c 62 96 c5 3d cb 52-ca 32 2d 97 de 51 10
> 6d ||b..=.R.2-..Q.m 0020 - d2 97 ca 69 f8 cf 3d 6e-c9 60 73 3a 49
> 3a 4a 74 ...i..=n.`s:I:Jt 0030 - 88 ee 2c b0 75 4d 5b 61-56 a4 fe
> e3 42 56 7c 2d ..,.uM[aV...BV|- 0040 - 70 db e2 d7 5d 84 bd 88-06
> 7c c2 96 19 53 d0 58 p...]....|...S.X 0050 - f9 6a fb dd 3a 7b 73
> 3e-f9 bc 6d b1 ac 6a 63 13 .j..:{s>..m..jc. 0060 - 64 b8 be 1f b8
> fd 05 da-7d 87 63 a4 53 6e 3a 55 d.......}.c.Sn:U 0070 - fe 73 f6
> 05 63 9a c6 c9-da cb 6c 4e ce 1d 1f a1 .s..c.....lN.... 0080 - 07
> 12 0b c7 d1 ce 71 5a-f1 2c b4 a9 20 32 e2 64 ......qZ.,.. 2.d 0090
> - 49 fd 77 41 I.wA
>
> Start Time: 1364638180
> Timeout : 300 (sec)
> Verify return code: 20 (unable to get local issuer certificate)
> ---
> 250 ENHANCEDSTATUSCODES
> ^C
> $
>
> The university IT support page:
> http://www.bristol.ac.uk/it-services/applications/email/gmail/manual-config-gmail.html
>
> actually says that port 465 SSL should be used,
> so I also tried:
>
> $ openssl s_client -connect smtp.gmail.com:465 -starttls smtp
> CONNECTED(00000003)
> ^C
> $
>
> Not sure what to make of this.
>
> Is the port set by sendmail config files?
>
> Many thanks for your help
It seems quite simple to me. A firewall (yours/university/whatever) is
blocking port 25. Use port 587. I don't know who wrote that manual you
referenced above, but they are on drugs. Gmail is perfectly workable
with either port 25 or 587, assuming that the one you choose is not
being blocked. GMAIL uses STATTTLS for its SMTP server. I use Postfix,
and connect with Gmail on either port using TLS aka STARTTLS.
By the way, "openssl s_client -connect smtp.gmail.com:465 -ssl3" will
connect, but why use it. Your example using "-starttls" hangs after
the connection because port 465 does not support "TLS". Port 465, is a
depreciated method that was never supported via RFC. Only MS Outlook
and early versions of Thunderbird supported it. It has been dead since
at least 2003. Use port 587 and save yourself a lot of grief. You will
need "TLS" on that port. How to configure Sendmail is beyond my pay
scale.
--
Jerry ♔
Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the Reply-To header.
__________________________________________________________________
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20130330073406.45d5593e>