Quoting Thomas Schmitt (scdbac...@gmx.net): > David Wright wrote: > > Port 465 should be encrypted straightaway, > > I get a connection to the SMTP server directly by this line > in ~/.pinerc: > smtp-server=mail.gmx.net/ssl/user=my_user...@gmx.net
I assume that you're telling me that this does not work, right? (Otherwise you wouldn't have posted the original problem.) > or via stunnel to mail.gmx.net:465 at port NNN by > smtp-server=localhost:NNN/user=my_user...@gmx.net > The stunnel port works fine with my own SMTP client which > i need for dealing with some local network and permission > peculiarities. > So encryption is not the problem. I'm not certain what you mean by your own "SMTP client". And what does "works fine" mean? How do I know what's doing any encryption that *might* be done in this case. You don't appear to have told alpine to do any. > I now tried TLS as proposed by > http://www.cs.duke.edu/csl/security/smtp-auth/pine: > smtp-server=mail.gmx.net/tls/user=th.schm...@gmx.net I don't see anything on this website about alpine, only pine. > and also > mail.gmx.net:587/tls/user=th.schm...@gmx.net > (587 is proposed by https://hilfe.gmx.net/sicherheit/ssl.html) I don't know enough German to understand *exactly* what this means, particularly "verschlüsselte": 'Wenn Ihr Programm die Verschlüsselungsprotokolle SSL und StartTLS nicht ausdrücklich anbietet, genügt es oft auch, einfach eine "verschlüsselte" Verbindung zu aktivieren. Das Protokoll wird in diesem Fall automatisch ausgewählt.' It seems to suggest some sort of fallback, but how it works I don't know. > No change in behavior. "Bad sequence of commands", obviously > error 503 sent by the GMX server. > > alpine and gmx.net are at odds with the (E)SMTP service. I can't find any evidence that alpine knows anything about starttls. You probably know a lot more about alpine than I do, but I looked at http://www.washington.edu/alpine/tech-notes/config-notes.html and I can't see starttls mentioned: TLS Normally, when a new connection is made an attempt is made to negotiate a secure (encrypted) session using Transport Layer Security (TLS). If that fails then a non-encrypted connection will be attempted instead. This is a unary parameter indicating communication with the server must take place over a TLS connection. If the attempt to use TLS fails then this parameter will cause the connection to fail instead of falling back to an unsecure connection. /tls Doesn't the last sentence explain what is happening to your connection? Have you tried using mail.gmx.net:465/tls/user=th.schm...@gmx.net Mind you, I'm not convinced you'll have any joy but I'd be interested to know. It looked to me as if it wants to see a certificate to let you connect, and I see no provision in alpine for that either. (Only for signing emails etc.) So I still think you need to turn on the logging. Cheers, David. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20150727034240.GA21924@alum
