From: Grzegorz Adamiak <gadamiak@docucollab.com>
  To  : <masqmail@marmaro.de>
  Date: Tue, 26 May 2009 13:02:29 +0200

Re: [masqmail] Error: unexpected response from TLS/SSL wrapper

--- markus schnalke [2009-05-20 09:20]:
> Actually, there is an error returned that gets eaten by the stderr
> redirect. Normally the redirect should only remove additional
> information.
> 
> If I run the command without the redirect, I get:
> 
> 	$ /usr/bin/openssl s_client -connect smtp.gmail.com:587 -starttls
> 	smtp -quiet -CApath /etc/ssl/certs/ 
> 	26123:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown
> 	protocol:s23_clnt.c:567:
> 
> This looks like if you use a bad address or port, or gmail.com does
> not offer such service, or similar.

Actually, the above output is produced when "-starttls smpt" is not 
used. I guess this is due to a non-standard SMTP port being used. With 
"-starttls smtp" I get server certificate verification messages (the 
"depth=…" part) followed by 250 code:

	depth=1 /C=ZA/ST=Western Cape/L=Cape Town/O=Thawte Consulting 
cc/OU=Certification Services Division/CN=Thawte Premium Server 
CA/emailAddress=premium-server@thawte.com
	verify return:1
	depth=0 /C=US/ST=California/L=Mountain View/O=Google Inc/CN=smtp.gmail.com
	verify return:1
	250 PIPELINING

The connection is established and can be tested with EHLO command:

	250 PIPELINING
	ehlo
	250-mx.google.com at your service, [85.221.159.2]
	250-SIZE 35651584
	250-8BITMIME
	250-AUTH LOGIN PLAIN
	250-ENHANCEDSTATUSCODES
	250 PIPELINING

> It seems as if you probably want to connect to port 465:
> 
> 	$ /usr/bin/openssl s_client -quiet -connect smtp.gmail.com:465
> 	2>/dev/null
> 	220 mx.google.com ESMTP j10sm2177046mue.11
> 
> I hope this solves your problem.

It did. I took the 587 port from my account configuration and haven't 
even thought about trying standard ports. Anyway, it works now. Thanks 
for help.

-- Grzegorz