Date: Sat, 30 Mar 2013 10:14:44 GMT From: Anton Shterenlikht <mexas@bristol.ac.uk> To: freebsd-questions@freebsd.org Subject: Re: Operation timed out with smtp.gmail.com - please help Message-ID: <201303301014.r2UAEi1W081669@zzz.men.bris.ac.uk> In-Reply-To: <20130329153619.69c5b4dd@scorpio>
next in thread | previous in thread | raw e-mail | index | archive | help
Date: Fri, 29 Mar 2013 15:36:19 -0400
From: Jerry <jerry@seibercom.net>
To: FreeBSD <freebsd-questions@freebsd.org>
Subject: Re: Operation timed out with smtp.gmail.com - please help
On Fri, 29 Mar 2013 18:32:34 GMT
Anton Shterenlikht articulated:
> Please help debug sendmail / smtp.gmail config.
>
> My University just switched to gmail (dickheads)
> and I'm trying to figure out how to set it up.
>
> It used to work ok with the University smtp auth
> server. Now I get in /var/log/maillog:
>
> sm-mta[72300]: r2TI0vQc072134: to=<mexas@bris.ac.uk>,
> ctladdr=<mexas@xxxx.men.bris.ac.uk> (1001/1001),
> delay=00:20:01, xdelay=00:00:00, mailer=relay, pri=210424,
> relay=smtp.gmail.com, dsn=4.0.0,
> stat=Deferred: Operation timed out with smtp.gmail.com
>
> I switched the firewall off completely.
>
> I have:
>
> # cat /etc/mail/auth/client-info
> AuthInfo:smtp.gmail.com "U:root" "I:mexas@bristol.ac.uk" "P:xxxxx"
> #
>
> and this in /etc/mail/freebsd.mc:
>
> define(`confAUTH_MECHANISMS', `GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN')dnl
> define(`SMART_HOST', `smtp.gmail.com')dnl
>
> I rebuilt (run make under /etc/mail. This just
> renames freebsd.mc to <hostname>.mc, and freebsd.submit.mc
> to <hostname>.submit.mc) and restarted sendmail.
>
> I also use:
>
> MASQUERADE_AS(`bristol.ac.uk')
> MASQUERADE_DOMAIN(`bristol.ac.uk')
>
> to use the university domain instead of
> may xxxx.men.bris.ac.uk, which is not
> acceptable.
Try this at the command line:
openssl s_client -connect smtp.gmail.com:25 -starttls smtp
If it times out, change the port number to 587 and try it again. If you
cannot make a connect using either port number then you have a firewall
problem.
Thank you, I get:
$ openssl s_client -connect smtp.gmail.com:25 -starttls smtp
connect: Operation timed out
connect:errno=60
$
$ openssl s_client -connect smtp.gmail.com:587 -starttls smtp
CONNECTED(00000003)
depth=1 C = US, O = Google Inc, CN = Google Internet Authority
verify error:num=20:unable to get local issuer certificate
verify return:0
---
Certificate chain
0 s:/C=US/ST=California/L=Mountain View/O=Google Inc/CN=smtp.gmail.com
i:/C=US/O=Google Inc/CN=Google Internet Authority
1 s:/C=US/O=Google Inc/CN=Google Internet Authority
i:/C=US/O=Equifax/OU=Equifax Secure Certificate Authority
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIDgDCCAumgAwIBAgIKO3T/ewAAAABoqDANBgkqhkiG9w0BAQUFADBGMQswCQYD
VQQGEwJVUzETMBEGA1UEChMKR29vZ2xlIEluYzEiMCAGA1UEAxMZR29vZ2xlIElu
dGVybmV0IEF1dGhvcml0eTAeFw0xMjA5MTIxMTU3NTBaFw0xMzA2MDcxOTQzMjda
MGgxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1N
b3VudGFpbiBWaWV3MRMwEQYDVQQKEwpHb29nbGUgSW5jMRcwFQYDVQQDEw5zbXRw
LmdtYWlsLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAv0UvQmjW1y96
cOK6AdQVEYPRd3ZQ9UhxkKfuVaYS9riOESFkWxkz+b3Ts/EOA5SY8axkaJS7Qa/v
N7laztYY8tTkx9Ml+eCY4xh0fFq9z4/WWADGqTY5I0wvqjZr+jBuYGulK1fU4ZUS
QpuZMMO9x7Bmr5LVP9C5r2qnoqtMtJUCAwEAAaOCAVEwggFNMB0GA1UdJQQWMBQG
CCsGAQUFBwMBBggrBgEFBQcDAjAdBgNVHQ4EFgQUaCtARMZ9urIDfdpR6v1AkQsr
44owHwYDVR0jBBgwFoAUv8Aw6/VDET5nup6R+/xq2uNrEiQwWwYDVR0fBFQwUjBQ
oE6gTIZKaHR0cDovL3d3dy5nc3RhdGljLmNvbS9Hb29nbGVJbnRlcm5ldEF1dGhv
cml0eS9Hb29nbGVJbnRlcm5ldEF1dGhvcml0eS5jcmwwZgYIKwYBBQUHAQEEWjBY
MFYGCCsGAQUFBzAChkpodHRwOi8vd3d3LmdzdGF0aWMuY29tL0dvb2dsZUludGVy
bmV0QXV0aG9yaXR5L0dvb2dsZUludGVybmV0QXV0aG9yaXR5LmNydDAMBgNVHRMB
Af8EAjAAMBkGA1UdEQQSMBCCDnNtdHAuZ21haWwuY29tMA0GCSqGSIb3DQEBBQUA
A4GBADSkwmtEUhy/AhX2sIULT0Q5S9OlfKxbyE8hEc8nxls3jbk5yKZYd35Bzyy8
raoUPFuD3IH+zP/FGj5LPQirjnJLUvuFDsiM4eowPUthQad9SGWWdz6hCx8HpEUZ
1ssGnwb3HX34e9RH57v9LdtVUPdFYQsBJ36miGPylWk6r0xx
-----END CERTIFICATE-----
subject=/C=US/ST=California/L=Mountain View/O=Google Inc/CN=smtp.gmail.com
issuer=/C=US/O=Google Inc/CN=Google Internet Authority
---
No client certificate CA names sent
---
SSL handshake has read 2317 bytes and written 476 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-RC4-SHA
Server public key is 1024 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-RC4-SHA
Session-ID: 8CAF4204FADB72F58FA6334A62F65B7182EF06F3C9AD8042FD44B9F726E8C9D5
Session-ID-ctx:
Master-Key: 45312AE23341AAFA1414BDDD30740E4FB40655986FD410A606CD351206BBAC5E5496F77DDF4DBE32B0E9B7E7FFA1057
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 100800 (seconds)
TLS session ticket:
0000 - 63 53 11 b3 92 0d 59 63-15 90 58 10 84 f2 f7 6a cS....Yc..X....j
0010 - 7c 7c 62 96 c5 3d cb 52-ca 32 2d 97 de 51 10 6d ||b..=.R.2-..Q.m
0020 - d2 97 ca 69 f8 cf 3d 6e-c9 60 73 3a 49 3a 4a 74 ...i..=n.`s:I:Jt
0030 - 88 ee 2c b0 75 4d 5b 61-56 a4 fe e3 42 56 7c 2d ..,.uM[aV...BV|-
0040 - 70 db e2 d7 5d 84 bd 88-06 7c c2 96 19 53 d0 58 p...]....|...S.X
0050 - f9 6a fb dd 3a 7b 73 3e-f9 bc 6d b1 ac 6a 63 13 .j..:{s>..m..jc.
0060 - 64 b8 be 1f b8 fd 05 da-7d 87 63 a4 53 6e 3a 55 d.......}.c.Sn:U
0070 - fe 73 f6 05 63 9a c6 c9-da cb 6c 4e ce 1d 1f a1 .s..c.....lN....
0080 - 07 12 0b c7 d1 ce 71 5a-f1 2c b4 a9 20 32 e2 64 ......qZ.,.. 2.d
0090 - 49 fd 77 41 I.wA
Start Time: 1364638180
Timeout : 300 (sec)
Verify return code: 20 (unable to get local issuer certificate)
---
250 ENHANCEDSTATUSCODES
^C
$
The university IT support page:
http://www.bristol.ac.uk/it-services/applications/email/gmail/manual-config-gmail.html
actually says that port 465 SSL should be used,
so I also tried:
$ openssl s_client -connect smtp.gmail.com:465 -starttls smtp
CONNECTED(00000003)
^C
$
Not sure what to make of this.
Is the port set by sendmail config files?
Many thanks for your help
Anton
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201303301014.r2UAEi1W081669>