Re: Connection timeout when trying to send email to gmail address

Fri, 19 Dec 2008 15:37:19 -0800 

On Fri, Dec 19, 2008 at 6:06 PM, Noel Jones <njo...@megan.vbhcs.org> wrote:
> Asif Iqbal wrote:
>>
>> On Fri, Dec 19, 2008 at 4:41 PM, Victor Duchovni
>> <victor.ducho...@morganstanley.com> wrote:
>>>
>>> On Fri, Dec 19, 2008 at 04:32:55PM -0500, Asif Iqbal wrote:
>>>
>>>> How do I test the SSL ?
>>>>
>>>> I go this with openssl
>>>>
>>>> iqb...@ghar:~$ openssl s_client -connect smtp.gmail.com:587
>>>
>>> You forgot "-starttls smtp". But gmail's SSL works, you don't really
>>
>> Just for the sake of some troubleshooting tips really. I tried with
>> -starttls smtp
>>
>>  (iqbala)@scrub:~$ openssl s_client -starttls smtp -connect
>> smtp.gmail.com:587
>> CONNECTED(00000004)
>> 14859:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown
>> protocol:../../../../common/openssl/ssl/s23_clnt.c:567:
>> (iqbala)@scrub:~$ openssl s_client -connect smtp.gmail.com:587
>> CONNECTED(00000004)
>> 14862:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown
>> protocol:../../../../common/openssl/ssl/s23_clnt.c:567:
>> (iqbala)@scrub:~$ openssl s_client -connect smtp.gmail.com:587 -starttls
>> smtp
>> CONNECTED(00000004)
>> 14863:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown
>> protocol:../../../../common/openssl/ssl/s23_clnt.c:567:
>>
>> And same result
>
> I can cut-n-paste the command you show above and it works here.  Either your
> OpenSSL is broken or something (firewall, proxy, ...) is interfering with
> the TCP stream.

You are correct. However it is working just fine from my home computer
with is behind my ISP
iqb...@improvise:~$ openssl s_client -starttls smtp -connect smtp.gmail.com:587
CONNECTED(00000003)
depth=0 /C=US/ST=California/L=Mountain View/O=Google Inc/CN=smtp.gmail.com
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 /C=US/ST=California/L=Mountain View/O=Google Inc/CN=smtp.gmail.com
verify error:num=27:certificate not trusted
verify return:1
depth=0 /C=US/ST=California/L=Mountain View/O=Google Inc/CN=smtp.gmail.com
verify error:num=21:unable to verify the first certificate
verify return:1
---
Certificate chain
 0 s:/C=US/ST=California/L=Mountain View/O=Google Inc/CN=smtp.gmail.com
   i:/C=ZA/ST=Western Cape/L=Cape Town/O=Thawte Consulting
cc/OU=Certification Services Division/CN=Thawte Premium Server
CA/emailaddress=premium-ser...@thawte.com
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIDYzCCAsygAwIBAgIQUR2EgGT4+hGKEhCgLMX2sjANBgkqhkiG9w0BAQUFADCB
zjELMAkGA1UEBhMCWkExFTATBgNVBAgTDFdlc3Rlcm4gQ2FwZTESMBAGA1UEBxMJ
Q2FwZSBUb3duMR0wGwYDVQQKExRUaGF3dGUgQ29uc3VsdGluZyBjYzEoMCYGA1UE
CxMfQ2VydGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjEhMB8GA1UEAxMYVGhh
d3RlIFByZW1pdW0gU2VydmVyIENBMSgwJgYJKoZIhvcNAQkBFhlwcmVtaXVtLXNl
cnZlckB0aGF3dGUuY29tMB4XDTA3MDczMDAwMDAwMFoXDTEwMDcyOTIzNTk1OVow
aDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDU1v
dW50YWluIFZpZXcxEzARBgNVBAoTCkdvb2dsZSBJbmMxFzAVBgNVBAMTDnNtdHAu
Z21haWwuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQD+RiG+G3Mo9Q9C
tcwDjpp6dJGifjiR5M2DbEbrsIOlth80nk5A7xstKCUfKobHkf/G9Y/DO24JP5yT
s3hWep05ybyiCmOzGL5K0zy3jIq0vOWy+4pLv2GsDjYi9mQBhobAAx3z38tTrTL+
WF4p0/Kl014+wnukIpj4MdF35rIkgQIDAQABo4GmMIGjMB0GA1UdJQQWMBQGCCsG
AQUFBwMBBggrBgEFBQcDAjBABgNVHR8EOTA3MDWgM6Axhi9odHRwOi8vY3JsLnRo
YXd0ZS5jb20vVGhhd3RlUHJlbWl1bVNlcnZlckNBLmNybDAyBggrBgEFBQcBAQQm
MCQwIgYIKwYBBQUHMAGGFmh0dHA6Ly9vY3NwLnRoYXd0ZS5jb20wDAYDVR0TAQH/
BAIwADANBgkqhkiG9w0BAQUFAAOBgQBeNYOZwMVQ7bd6b4sueAkgm57Cyv2p1Xv1
52e8bLnWqd03mWgn/+TQtrwbE1E6pVuQaZJY33ILpt8IfzwVf2TGQI+M5yazZ2fC
xwArHo20iAss3MLQR8tDXWfBoH2Lk9BBsEKDRP4hp83yfpZgdY3pinHTCbqHpsiS
v97epiiFBA==
-----END CERTIFICATE-----
subject=/C=US/ST=California/L=Mountain View/O=Google Inc/CN=smtp.gmail.com
issuer=/C=ZA/ST=Western Cape/L=Cape Town/O=Thawte Consulting
cc/OU=Certification Services Division/CN=Thawte Premium Server
CA/emailaddress=premium-ser...@thawte.com
---
No client certificate CA names sent
---
SSL handshake has read 1213 bytes and written 335 bytes
---
New, TLSv1/SSLv3, Cipher is RC4-MD5
Server public key is 1024 bit
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : TLSv1
    Cipher    : RC4-MD5
    Session-ID: 2A295B08B3AAD9DD80DA03269DBA81FD10965C6B0569FC15FA4F3CE2C95BE3C4
    Session-ID-ctx:
    Master-Key:
C3BB17B35A63703F03F8CA773FA8876678B3DEA1F58C381E1703B00681B15EE6058E46DA97E958A8DE7D4235CC5A503E
    Key-Arg   : None
    Start Time: 1229729743
    Timeout   : 300 (sec)
    Verify return code: 21 (unable to verify the first certificate)
---
250 ENHANCEDSTATUSCODES


Sweet!!


>
> What if you
> telnet smtp.gmail.com 587
> and type  EHLO somename
>
> From here:
> $ # telnet smtp.gmail.com 587
> Trying 66.249.93.111...
> Connected to gmail-smtp-msa.l.google.com.
> Escape character is '^]'.
> 220 mx.google.com ESMTP i30sm4121152ugd.30
> ehlo testing
> 250-mx.google.com at your service, [65.83.58.34]
> 250-SIZE 35651584
> 250-8BITMIME
> 250-STARTTLS
> 250 ENHANCEDSTATUSCODES
> starttls
> 220 2.0.0 Ready to start TLS
>
> (after this nothing will work since you aren't speaking TLS - they will
> disconnect after several seconds.)
>
> Maybe a broken firewall is eating the EHLO command or STARTTLS.
>
>
> --
> Noel Jones
>



-- 
Asif Iqbal
PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu

Reply via email to