From owner-freebsd-questions@FreeBSD.ORG Sat Mar 30 11:34:10 2013 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.FreeBSD.org [8.8.178.115]) by hub.freebsd.org (Postfix) with ESMTP id BF98E32C for ; Sat, 30 Mar 2013 11:34:10 +0000 (UTC) (envelope-from jerry@seibercom.net) Received: from mail-ye0-f173.google.com (mail-ye0-f173.google.com [209.85.213.173]) by mx1.freebsd.org (Postfix) with ESMTP id 773EBDE9 for ; Sat, 30 Mar 2013 11:34:10 +0000 (UTC) Received: by mail-ye0-f173.google.com with SMTP id q5so131779yen.4 for ; Sat, 30 Mar 2013 04:34:09 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=seibercom.net; s=google; h=x-received:date:from:to:subject:message-id:in-reply-to:references :reply-to:organization:x-mailer:face:mime-version:content-type :content-transfer-encoding; bh=/WRrkWmt90Hs/XGgPN7pF+NmyZE4338Ue+wOL42X5v4=; b=FaQfAH8GoYrqRZQd6ojUa/qhUvGI94xT13xmOWJtEeTd+HRSsukP5Ro7W7nidMdfis QcCRz9bW0Z//Me1rR299ZmeTNRhzDj689LFN3KU7Qvx6lnXhn9YluOKTBPB47rqd/rqx bUIsz7p6bRluNJYIGnUdcpZjNoJybDXJmvPJ4= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=x-received:date:from:to:subject:message-id:in-reply-to:references :reply-to:organization:x-mailer:face:mime-version:content-type :content-transfer-encoding:x-gm-message-state; bh=/WRrkWmt90Hs/XGgPN7pF+NmyZE4338Ue+wOL42X5v4=; b=oOn+RRZVDeHXwTchUZQ5x+Qptm+RbJrMPFAR0ZfzXfkk7bvvqveU/o6jK28In4A9WR wFxcKl0QEwzg/ThlPIC/pJPjt5oeOXuF8F1oU/0mvd29oI2ryekZQyQ6Pb46iPw9b66J KOkqdyD+kl4uVP1ucxCh1gMelzywkThx6t5LfDotXVDYY56LQAwnc7tEX5yKzg/6tEKC 5cOfO8U9OLnskMQ9H2lLjhIgXTBIIN4W8iRW5t3zGJW4F3kTrsA2W7O7P4zu99WYdstB kJR6OFqUwmEJXcRNQxCyW08tmfRTemGj1wCLkh7KSWah27ne5dS+762m/sDKR6IC2V2v Vc6w== X-Received: by 10.236.16.115 with SMTP id g79mr3018601yhg.57.1364643249424; Sat, 30 Mar 2013 04:34:09 -0700 (PDT) Received: from scorpio.seibercom.net (cpe-076-182-104-150.nc.res.rr.com. [76.182.104.150]) by mx.google.com with ESMTPS id v48sm8852799yhi.26.2013.03.30.04.34.08 (version=TLSv1.2 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Sat, 30 Mar 2013 04:34:08 -0700 (PDT) Received: from scorpio (localhost [127.0.0.1]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) (Authenticated sender: jerry@seibercom.net) by scorpio.seibercom.net (Postfix) with ESMTPSA id 3ZdHlL6wfKz2CG4t for ; Sat, 30 Mar 2013 07:34:06 -0400 (EDT) Date: Sat, 30 Mar 2013 07:34:06 -0400 From: Jerry To: FreeBSD Subject: Re: Operation timed out with smtp.gmail.com - please help Message-ID: <20130330073406.45d5593e@scorpio> In-Reply-To: <201303301014.r2UAEi1W081669@zzz.men.bris.ac.uk> References: <20130329153619.69c5b4dd@scorpio> <201303301014.r2UAEi1W081669@zzz.men.bris.ac.uk> Organization: seibercom.net X-Mailer: Claws Mail 3.9.0 (GTK+ 2.24.17; amd64-portbld-freebsd8.3) Face: iVBORw0KGgoAAAANSUhEUgAAADAAAAAwBAMAAAClLOS0AAAAHlBMVEUAAABYRlwJCw4FAgAIBwKprDkBAQFQLR0BAgCir7VRttp8AAACAUlEQVQ4jZWUTYvbMBCGTVl8V2hX6Gg5G5FbWQdBj0lEfE7BhN4cyzi5Wt1E5L70roWy6N92xok/skkP+5IYrMcz78xIduDWpNM3vFzuA/jX5EY1AI6KHFwW/CzFuQAwqUBbV12p+CzIh6Awq7sg33pn5D64SQXAexffeuQlA/L35RrkaB551OjGfP/cAO8mCNaDcgvfky5ijoD0pAXlCQCnljiAjsJD9Ax05Ko5sZxbnLQcmM+dZg5IjREfZrWIHK0JuwU68pAGwHvfRxBundRzTxxz3r9dNUikPsEihjz2Dc4kjp1hKsJGuot4EDxaxzMoC7XqhxhOSfZrTS6gSX1JVdjp+o1PvWfekXgw3WL0g70nDEwA0H0HQsEZc8sTmFMTkWUfYWC/vdR1zQy3xLQgLwzu90QnlnFLjeiGWBjwhb4Sa42IqOg2qqS4O1/zhKokFUb1Q8Rj4Eb69WVflXEehJ35DgChVTE5n50eaGyMLOfH8AOodoSM4PVYAQgQdBulOa+knklYks3vAuQ+uX492lTl+A+e8qBV2AKoXalVKFfyuUp0pUp1ARaUHh82lv9MN+Ig7CZtgE6FNYvjlywT2VP2dMgOG46gTIWcqdfvuwyXNz0oMJNd/N5lh1YNiJt19ADTUo3VuFSNeQwVqRSrGjSCp53fk2g+Mvfk/gfoPxHeUS8MH9vRAAAAAElFTkSuQmCC Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Gm-Message-State: ALoCoQk+Odn4PcL9Kj9+m/+uDT4Y1DnVyKDPa6Z37YVdvqv4lM1RPtkSM/hf+pQhQeBisYlEnBY5 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list Reply-To: FreeBSD List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 30 Mar 2013 11:34:10 -0000 On Sat, 30 Mar 2013 10:14:44 GMT Anton Shterenlikht articulated: > Date: Fri, 29 Mar 2013 15:36:19 -0400 > From: Jerry > To: FreeBSD > Subject: Re: Operation timed out with smtp.gmail.com - please > help > > On Fri, 29 Mar 2013 18:32:34 GMT > Anton Shterenlikht articulated: > > > Please help debug sendmail / smtp.gmail config. > > > > My University just switched to gmail (dickheads) > > and I'm trying to figure out how to set it up. > > > > It used to work ok with the University smtp auth > > server. Now I get in /var/log/maillog: > > > > sm-mta[72300]: r2TI0vQc072134: to=, > > ctladdr= (1001/1001), > > delay=00:20:01, xdelay=00:00:00, mailer=relay, pri=210424, > > relay=smtp.gmail.com, dsn=4.0.0, > > stat=Deferred: Operation timed out with smtp.gmail.com > > > > I switched the firewall off completely. > > > > I have: > > > > # cat /etc/mail/auth/client-info > > AuthInfo:smtp.gmail.com "U:root" "I:mexas@bristol.ac.uk" > > "P:xxxxx" # > > > > and this in /etc/mail/freebsd.mc: > > > > define(`confAUTH_MECHANISMS', `GSSAPI DIGEST-MD5 CRAM-MD5 > > LOGIN')dnl define(`SMART_HOST', `smtp.gmail.com')dnl > > > > I rebuilt (run make under /etc/mail. This just > > renames freebsd.mc to .mc, and freebsd.submit.mc > > to .submit.mc) and restarted sendmail. > > > > I also use: > > > > MASQUERADE_AS(`bristol.ac.uk') > > MASQUERADE_DOMAIN(`bristol.ac.uk') > > > > to use the university domain instead of > > may xxxx.men.bris.ac.uk, which is not > > acceptable. > > Try this at the command line: > > openssl s_client -connect smtp.gmail.com:25 -starttls smtp > > If it times out, change the port number to 587 and try it > again. If you cannot make a connect using either port number then you > have a firewall problem. > > Thank you, I get: > > $ openssl s_client -connect smtp.gmail.com:25 -starttls smtp > connect: Operation timed out > connect:errno=60 > $ > > $ openssl s_client -connect smtp.gmail.com:587 -starttls smtp > CONNECTED(00000003) > depth=1 C = US, O = Google Inc, CN = Google Internet Authority > verify error:num=20:unable to get local issuer certificate > verify return:0 > --- > Certificate chain > 0 s:/C=US/ST=California/L=Mountain View/O=Google > Inc/CN=smtp.gmail.com i:/C=US/O=Google Inc/CN=Google Internet > Authority 1 s:/C=US/O=Google Inc/CN=Google Internet Authority > i:/C=US/O=Equifax/OU=Equifax Secure Certificate Authority > --- > Server certificate > -----BEGIN CERTIFICATE----- > MIIDgDCCAumgAwIBAgIKO3T/ewAAAABoqDANBgkqhkiG9w0BAQUFADBGMQswCQYD > VQQGEwJVUzETMBEGA1UEChMKR29vZ2xlIEluYzEiMCAGA1UEAxMZR29vZ2xlIElu > dGVybmV0IEF1dGhvcml0eTAeFw0xMjA5MTIxMTU3NTBaFw0xMzA2MDcxOTQzMjda > MGgxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1N > b3VudGFpbiBWaWV3MRMwEQYDVQQKEwpHb29nbGUgSW5jMRcwFQYDVQQDEw5zbXRw > LmdtYWlsLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAv0UvQmjW1y96 > cOK6AdQVEYPRd3ZQ9UhxkKfuVaYS9riOESFkWxkz+b3Ts/EOA5SY8axkaJS7Qa/v > N7laztYY8tTkx9Ml+eCY4xh0fFq9z4/WWADGqTY5I0wvqjZr+jBuYGulK1fU4ZUS > QpuZMMO9x7Bmr5LVP9C5r2qnoqtMtJUCAwEAAaOCAVEwggFNMB0GA1UdJQQWMBQG > CCsGAQUFBwMBBggrBgEFBQcDAjAdBgNVHQ4EFgQUaCtARMZ9urIDfdpR6v1AkQsr > 44owHwYDVR0jBBgwFoAUv8Aw6/VDET5nup6R+/xq2uNrEiQwWwYDVR0fBFQwUjBQ > oE6gTIZKaHR0cDovL3d3dy5nc3RhdGljLmNvbS9Hb29nbGVJbnRlcm5ldEF1dGhv > cml0eS9Hb29nbGVJbnRlcm5ldEF1dGhvcml0eS5jcmwwZgYIKwYBBQUHAQEEWjBY > MFYGCCsGAQUFBzAChkpodHRwOi8vd3d3LmdzdGF0aWMuY29tL0dvb2dsZUludGVy > bmV0QXV0aG9yaXR5L0dvb2dsZUludGVybmV0QXV0aG9yaXR5LmNydDAMBgNVHRMB > Af8EAjAAMBkGA1UdEQQSMBCCDnNtdHAuZ21haWwuY29tMA0GCSqGSIb3DQEBBQUA > A4GBADSkwmtEUhy/AhX2sIULT0Q5S9OlfKxbyE8hEc8nxls3jbk5yKZYd35Bzyy8 > raoUPFuD3IH+zP/FGj5LPQirjnJLUvuFDsiM4eowPUthQad9SGWWdz6hCx8HpEUZ > 1ssGnwb3HX34e9RH57v9LdtVUPdFYQsBJ36miGPylWk6r0xx > -----END CERTIFICATE----- > subject=/C=US/ST=California/L=Mountain View/O=Google > Inc/CN=smtp.gmail.com issuer=/C=US/O=Google Inc/CN=Google Internet > Authority --- > No client certificate CA names sent > --- > SSL handshake has read 2317 bytes and written 476 bytes > --- > New, TLSv1/SSLv3, Cipher is ECDHE-RSA-RC4-SHA > Server public key is 1024 bit > Secure Renegotiation IS supported > Compression: NONE > Expansion: NONE > SSL-Session: > Protocol : TLSv1.2 > Cipher : ECDHE-RSA-RC4-SHA > Session-ID: > 8CAF4204FADB72F58FA6334A62F65B7182EF06F3C9AD8042FD44B9F726E8C9D5 > Session-ID-ctx: Master-Key: > 45312AE23341AAFA1414BDDD30740E4FB40655986FD410A606CD351206BBAC5E5496F77DDF4DBE32B0E9B7E7FFA1057 > Key-Arg : None PSK identity: None > PSK identity hint: None > SRP username: None > TLS session ticket lifetime hint: 100800 (seconds) > TLS session ticket: > 0000 - 63 53 11 b3 92 0d 59 63-15 90 58 10 84 f2 f7 6a > cS....Yc..X....j 0010 - 7c 7c 62 96 c5 3d cb 52-ca 32 2d 97 de 51 10 > 6d ||b..=.R.2-..Q.m 0020 - d2 97 ca 69 f8 cf 3d 6e-c9 60 73 3a 49 > 3a 4a 74 ...i..=n.`s:I:Jt 0030 - 88 ee 2c b0 75 4d 5b 61-56 a4 fe > e3 42 56 7c 2d ..,.uM[aV...BV|- 0040 - 70 db e2 d7 5d 84 bd 88-06 > 7c c2 96 19 53 d0 58 p...]....|...S.X 0050 - f9 6a fb dd 3a 7b 73 > 3e-f9 bc 6d b1 ac 6a 63 13 .j..:{s>..m..jc. 0060 - 64 b8 be 1f b8 > fd 05 da-7d 87 63 a4 53 6e 3a 55 d.......}.c.Sn:U 0070 - fe 73 f6 > 05 63 9a c6 c9-da cb 6c 4e ce 1d 1f a1 .s..c.....lN.... 0080 - 07 > 12 0b c7 d1 ce 71 5a-f1 2c b4 a9 20 32 e2 64 ......qZ.,.. 2.d 0090 > - 49 fd 77 41 I.wA > > Start Time: 1364638180 > Timeout : 300 (sec) > Verify return code: 20 (unable to get local issuer certificate) > --- > 250 ENHANCEDSTATUSCODES > ^C > $ > > The university IT support page: > http://www.bristol.ac.uk/it-services/applications/email/gmail/manual-config-gmail.html > > actually says that port 465 SSL should be used, > so I also tried: > > $ openssl s_client -connect smtp.gmail.com:465 -starttls smtp > CONNECTED(00000003) > ^C > $ > > Not sure what to make of this. > > Is the port set by sendmail config files? > > Many thanks for your help It seems quite simple to me. A firewall (yours/university/whatever) is blocking port 25. Use port 587. I don't know who wrote that manual you referenced above, but they are on drugs. Gmail is perfectly workable with either port 25 or 587, assuming that the one you choose is not being blocked. GMAIL uses STATTTLS for its SMTP server. I use Postfix, and connect with Gmail on either port using TLS aka STARTTLS. By the way, "openssl s_client -connect smtp.gmail.com:465 -ssl3" will connect, but why use it. Your example using "-starttls" hangs after the connection because port 465 does not support "TLS". Port 465, is a depreciated method that was never supported via RFC. Only MS Outlook and early versions of Thunderbird supported it. It has been dead since at least 2003. Use port 587 and save yourself a lot of grief. You will need "TLS" on that port. How to configure Sendmail is beyond my pay scale. -- Jerry ♔ Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the Reply-To header. __________________________________________________________________