[rt-users] msmtp setup woes (continued)

Stephen J Alexander sjalexander at mpbx.com
Sun May 13 11:22:17 EDT 2012


Actually now that I reread your email it's evident that you can specify the
root cert in the msmtp config file. Looks like your mail server's cert does
not have a chain back to the equifax certificate you're using. So, get the
right certificate then specify the filename in the msmtp config. You can
verify it with openssl just as you attempted to do above.

Regards,

Stephen J Alexander
MPBX, LLC
http://mpbx.com
832-713-6729


On Sun, May 13, 2012 at 10:17 AM, Stephen J Alexander
<sjalexander at mpbx.com>wrote:

> Port 465 is not open, or it's firewalled, so you can't use it. But it
> looks like 587 or 25 might work. The error messages indicate that you're
> getting a certificate from both those ports. But you don't have their
> proper root certificate for your server's cert in your certificate store;
> you will need to install it.
>
> If this is a self-signed cert or if you explicitly trust it you can put
> the server's own certificate into your cert store. How to do this will
> depend on the specific implementation of SSL for msmtp: I don't know
> anything about msmtp specifically so I don't know whether it uses openssl
> or something else; you'll need to attend the documentation to determine
> where to put the certs, how to put them there, and how to configure the
> software to read and recognize them.
>
> You're right; you're almost there - just need to sort out the SSL
> situation.
>
> Regards,
>
> Stephen J Alexander
> MPBX, LLC
> http://mpbx.com
> 832-713-6729
>
>
>
> On Sun, May 13, 2012 at 9:21 AM, Scott Sjodin <scott.sjodin at gmail.com>wrote:
>
>> So I've got my msmtp setup (almost). It's running. I can telnet in to
>> smtp.mydomain.com 587 and 25 and send over the creds (but not with 465)
>> successfully. I can run openssl, with 465 I get the following:
>>
>>
>> openssl s_client -CApath /etc/ssl/certs/Equifax_Secure_Certificate_Authority.cer -connect smtp.mydomain.com:465
>>
>> Verify return code: 20 (unable to get local issuer certificate)
>>
>> When testing msmtp -a default username at domain.com I get the following
>> results (with port numbers corresponding to changes in the msmtprc file)
>>
>>
>> When I change up the port number to 587:
>>
>> msmtp: TLS certificate verification failed: the certificate is not trusted
>> When I change up the port number to 25:
>> msmtp: TLS certificate verification failed: the certificate is not trusted
>> When I change up the port number to 465:
>> msmtp: network read error: Connection reset by peer.
>>
>> My msmtprc file is listed below:
>>
>> defaults
>> tls on
>> tls_starttls on
>> tls_trust_file /etc/ssl/certs/Equifax_Secure_Certificate_Authority.cer
>>
>> #this was downloaded direct from GeoTrust's website -
>> #http://www.geotrust.com/resources/root-certificates/index.html
>>
>> logfile /var/log/msmtp.log
>> account default
>> host smtp.mydomain.com
>> port 465
>>
>> # have also tried 587 and 25 with results varying
>>
>> auth on
>> user support at mydomain.com
>> password suparsekrat
>> from support at mydomain.com
>> password suparsekrat
>> auto_from off
>> timeout 120
>>
>> Thoughts? I feel like I am so close!
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.bestpractical.com/pipermail/rt-users/attachments/20120513/e6c56d97/attachment.htm>


More information about the rt-users mailing list