Index:
[thread]
[date]
[author]
[stats]
From: markus schnalke <meillo@marmaro.de>
To : <masqmail@marmaro.de>
Date: Tue, 26 May 2009 21:13:34 +0200
Re: [masqmail] Error: unexpected response from TLS/SSL wrapper
[2009-05-26 20:25] Grzegorz Adamiak <gadamiak@docucollab.com>
> --- markus schnalke [2009-05-26 18:56]:
> >I was not able to reproduce this output. If I add ``-startls smtp'' I
> >still get the error I mention above. Can you please post the command
> >you run.
>
> Here is the command and output:
>
> $ openssl s client -connect smtp.gmail.com:587 -quiet -CApath
> /etc/ssl/certs/ -starttls smtp
> depth=1 /C=ZA/ST=Western Cape/L=Cape Town/O=Thawte Consulting
> cc/OU=Certification Services Division/CN=Thawte Premium Server
> CA/emailAddress=premium-server@thawte.com
> verify return:1
> depth=0 /C=US/ST=California/L=Mountain View/O=Google Inc/CN=smtp.gmail.com
> verify return:1
> 250 PIPELINING
> ehlo
> 250-mx.google.com at your service, [85.221.159.2]
> 250-SIZE 35651584
> 250-8BITMIME
> 250-AUTH LOGIN PLAIN
> 250-ENHANCEDSTATUSCODES
> 250 PIPELINING
> quit
> 221 2.0.0 closing connection j9sm1273128mue.21
> read:errno=0
Hmm, here (Debian Etch) it's:
$ openssl s client -connect smtp.gmail.com:587 -quiet -CApath
/etc/ssl/certs/ -starttls smtp
22332:error:140770FC:SSL routines:SSL23 GET SERVER HELLO:unknown
protocol:s23 clnt.c:567:
> >If you get this output, then it should work if you now only add the
> >stderr redirect (2>/dev/null), which removes the ``depth=...'' lines.
> >
> >Does it?
>
> No. Below the same command with stderr redirect:
>
> $ openssl s client -connect smtp.gmail.com:587 -quiet -CApath
> /etc/ssl/certs/ -starttls smtp 2>/dev/null
> ehlo
> 250-mx.google.com at your service, [85.221.159.2]
> 250-SIZE 35651584
> 250-8BITMIME
> 250-AUTH LOGIN PLAIN
> 250-ENHANCEDSTATUSCODES
> 250 PIPELINING
> quit
> 221 2.0.0 closing connection 7sm1397799mup.24
>
> In both cases I issued "ehlo" and "quit" from console.
What about the first ``250 PIPELINING'' line? Does it get removed my
the stderr redirect? Is it a copy'n'paste fault?
Normally, there should be a 220 greeting line. Maybe that gets read by
openssl before doing STARTTLS :-?
In your first message, you wrote:
> * /usr/bin/openssl s client -connect smtp.gmail.com:587 -starttls
> smtp -quiet -CApath /etc/ssl/certs/ 2>/dev/null
>
> This results in timeout error as nothing is returned by OpenSSL.
Seems as if Masqmail should try to say ``EHLO'' and see if a reply
comes then. (Because the greeting message was already read by openssl
and does not come to Masqmail.)
Unfortunately, I don't have deep knowledge in this field. It's all
just guessing :-/
> BTW, why the "Return-Path" header in messages from list points to your
> address instead of the list's one?
Don't know ;-) I changed something now ... we'll see.
meillo
signature.asc
Index:
[thread]
[date]
[author]
[stats]