Index:
[thread]
[date]
[author]
[stats]
From: markus schnalke <meillo@marmaro.de>
To : <masqmail@marmaro.de>
Date: Wed, 20 May 2009 09:20:02 +0200
Re: [masqmail] Error: unexpected response from TLS/SSL wrapper
[2009-05-04 12:27] Grzegorz Adamiak <gadamiak@docucollab.com>
> Hi,
>
> I want to report a problem with using TLS/SSL wrapper with MasqMail.
Thanks for your email and sorry for my late response.
> It's similar to one reported by Pierre Frenkiel: MasqMail fails to
> connect with error "host=xxx got unexpected response: depth=x".
You probably read the solution to Pierre's problem: The stderr
redirect is important to preserve such errors.
> It looks like MasqMail fails to parse wrapper's output. I tried a few
> variants of wrapper call:
>
> * /usr/bin/openssl s client -connect smtp.gmail.com:587 -starttls
> smtp -quiet
>
> This results in error "unexpected response: depth=0" (the server
> certificate validation fails).
>
> * /usr/bin/openssl s client -connect smtp.gmail.com:587 -starttls
> smtp -quiet -CApath /etc/ssl/certs/
>
> This results in error "unexpected response: depth=2" (the server
> certificate validation is successful).
>
> * /usr/bin/openssl s client -connect smtp.gmail.com:587 -starttls
> smtp -CApath /etc/ssl/certs/ 2>/dev/null
>
> This results in error "unexpected response: CONNECT(00000003)"
> (notice no '-quiet').
>
> Each above variant of OpenSSL call returns the first line of wrapper
> output as error.
Correct. Masqmail does not expect such input, thus you have to use
`-quiet' and the stderr redirect.
> * /usr/bin/openssl s client -connect smtp.gmail.com:587 -starttls
> smtp -quiet -CApath /etc/ssl/certs/ 2>/dev/null
>
> This results in timeout error as nothing is returned by OpenSSL.
Actually, there is an error returned that gets eaten by the stderr
redirect. Normally the redirect should only remove additional
information.
If I run the command without the redirect, I get:
$ /usr/bin/openssl s client -connect smtp.gmail.com:587 -starttls
smtp -quiet -CApath /etc/ssl/certs/
26123:error:140770FC:SSL routines:SSL23 GET SERVER HELLO:unknown
protocol:s23 clnt.c:567:
This looks like if you use a bad address or port, or gmail.com does
not offer such service, or similar.
You can have a look at a good output by running following command
(from masqmail.route(5) ):
$ /usr/bin/openssl s client -quiet -connect pop.gmx.net:995
2>/dev/null
+OK GMX POP3 StreamProxy ready
It seems as if you probably want to connect to port 465:
$ /usr/bin/openssl s client -quiet -connect smtp.gmail.com:465
2>/dev/null
220 mx.google.com ESMTP j10sm2177046mue.11
I hope this solves your problem.
> MasqMail looks like a perfect MTA for my purpose -- I want to use it for�
> server machines which do have a permanent connection but do not run 24h. 011618�
> I need a light MTA with simple configuration to handle internal mail
> from services, which should be both: stored locally and forwarded to an
> external regular email account. I tried Exim, but it's to complicated
> and to heavy for me (I'm a beginner with Linux) and was looking at other
> alternatives I could find, but only MasqMail seems to work for my scenario.
Great to hear that masqmail is a valuable program for you. :-)
meillo
signature.asc
Index:
[thread]
[date]
[author]
[stats]