Re: Connection timeout when trying to send email to gmail address

Fri, 19 Dec 2008 14:24:03 -0800 

On Fri, Dec 19, 2008 at 4:41 PM, Victor Duchovni
<victor.ducho...@morganstanley.com> wrote:
> On Fri, Dec 19, 2008 at 04:32:55PM -0500, Asif Iqbal wrote:
>
>> How do I test the SSL ?
>>
>> I go this with openssl
>>
>> iqb...@ghar:~$ openssl s_client -connect smtp.gmail.com:587
>
> You forgot "-starttls smtp". But gmail's SSL works, you don't really

Just for the sake of some troubleshooting tips really. I tried with
-starttls smtp

 (iqbala)@scrub:~$ openssl s_client -starttls smtp -connect smtp.gmail.com:587
CONNECTED(00000004)
14859:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown
protocol:../../../../common/openssl/ssl/s23_clnt.c:567:
(iqbala)@scrub:~$ openssl s_client -connect smtp.gmail.com:587
CONNECTED(00000004)
14862:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown
protocol:../../../../common/openssl/ssl/s23_clnt.c:567:
(iqbala)@scrub:~$ openssl s_client -connect smtp.gmail.com:587 -starttls smtp
CONNECTED(00000004)
14863:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown
protocol:../../../../common/openssl/ssl/s23_clnt.c:567:

And same result

> need to test it. Just set:
>
>        smtp_tls_security_level = encrypt

Thanks, I will put that in

>
> unless you want to check gmail's cert (prevent MITM), in which case
> you'll to set CAfile or CApath and have the right root CA certs there...
> That'll be the Thawte root CA based on the below (no the cert below is
> not the root CA cert, it is Gmail's cert):
>
> [ Sorry, smtp-finger(1) is not available to the public yet. Perhaps in 2.7 ]
>
> smtp-finger: Connected to smtp.gmail.com[74.125.45.111]:587
> smtp-finger: < 220 mx.google.com ESMTP 33sm11443776yxr.12
> smtp-finger: > EHLO amnesiac.ms.com
> smtp-finger: < 250-mx.google.com at your service, [192.0.2.1]
> smtp-finger: < 250-SIZE 35651584
> smtp-finger: < 250-8BITMIME
> smtp-finger: < 250-STARTTLS
> smtp-finger: < 250 ENHANCEDSTATUSCODES
> smtp-finger: > STARTTLS
> smtp-finger: < 220 2.0.0 Ready to start TLS
> smtp-finger: smtp.gmail.com[74.125.45.111]:587 Matched CommonName 
> smtp.gmail.com
> smtp-finger: smtp.gmail.com[74.125.45.111]:587: Matched 
> subject_CN=smtp.gmail.com, issuer_CN=Thawte Premium Server CA
> smtp-finger: smtp.gmail.com[74.125.45.111]:587 sha1 fingerprint 
> 5E:F7:E8:CE:1A:BE:D8:94:F2:77:45:5D:ED:38:46:4F:5D:D1:97:61
> smtp-finger: Verified TLS connection established to 
> smtp.gmail.com[74.125.45.111]:587: TLSv1 with cipher RC4-MD5 (128/128 bits)
> ---
> Certificate chain
>  0 s:/C=US/ST=California/L=Mountain View/O=Google Inc/CN=smtp.gmail.com
>   i:/C=ZA/ST=Western Cape/L=Cape Town/O=Thawte Consulting cc/OU=Certification 
> Services Division/CN=Thawte Premium Server 
> CA/emailaddress=premium-ser...@thawte.com
> -----BEGIN CERTIFICATE-----
> MIIDYzCCAsygAwIBAgIQUR2EgGT4+hGKEhCgLMX2sjANBgkqhkiG9w0BAQUFADCB
> zjELMAkGA1UEBhMCWkExFTATBgNVBAgTDFdlc3Rlcm4gQ2FwZTESMBAGA1UEBxMJ
> Q2FwZSBUb3duMR0wGwYDVQQKExRUaGF3dGUgQ29uc3VsdGluZyBjYzEoMCYGA1UE
> CxMfQ2VydGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjEhMB8GA1UEAxMYVGhh
> d3RlIFByZW1pdW0gU2VydmVyIENBMSgwJgYJKoZIhvcNAQkBFhlwcmVtaXVtLXNl
> cnZlckB0aGF3dGUuY29tMB4XDTA3MDczMDAwMDAwMFoXDTEwMDcyOTIzNTk1OVow
> aDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDU1v
> dW50YWluIFZpZXcxEzARBgNVBAoTCkdvb2dsZSBJbmMxFzAVBgNVBAMTDnNtdHAu
> Z21haWwuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQD+RiG+G3Mo9Q9C
> tcwDjpp6dJGifjiR5M2DbEbrsIOlth80nk5A7xstKCUfKobHkf/G9Y/DO24JP5yT
> s3hWep05ybyiCmOzGL5K0zy3jIq0vOWy+4pLv2GsDjYi9mQBhobAAx3z38tTrTL+
> WF4p0/Kl014+wnukIpj4MdF35rIkgQIDAQABo4GmMIGjMB0GA1UdJQQWMBQGCCsG
> AQUFBwMBBggrBgEFBQcDAjBABgNVHR8EOTA3MDWgM6Axhi9odHRwOi8vY3JsLnRo
> YXd0ZS5jb20vVGhhd3RlUHJlbWl1bVNlcnZlckNBLmNybDAyBggrBgEFBQcBAQQm
> MCQwIgYIKwYBBQUHMAGGFmh0dHA6Ly9vY3NwLnRoYXd0ZS5jb20wDAYDVR0TAQH/
> BAIwADANBgkqhkiG9w0BAQUFAAOBgQBeNYOZwMVQ7bd6b4sueAkgm57Cyv2p1Xv1
> 52e8bLnWqd03mWgn/+TQtrwbE1E6pVuQaZJY33ILpt8IfzwVf2TGQI+M5yazZ2fC
> xwArHo20iAss3MLQR8tDXWfBoH2Lk9BBsEKDRP4hp83yfpZgdY3pinHTCbqHpsiS
> v97epiiFBA==
> -----END CERTIFICATE-----
>
> --
>        Viktor.
>
> Disclaimer: off-list followups get on-list replies or get ignored.
> Please do not ignore the "Reply-To" header.
>
> To unsubscribe from the postfix-users list, visit
> http://www.postfix.org/lists.html or click the link below:
> <mailto:majord...@postfix.org?body=unsubscribe%20postfix-users>
>
> If my response solves your problem, the best way to thank me is to not
> send an "it worked, thanks" follow-up. If you must respond, please put
> "It worked, thanks" in the "Subject" so I can delete these quickly.
>



-- 
Asif Iqbal
PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu

Reply via email to