Re: [gentoo-user] [SOLVED] [OT] Anyone running mutt outbound smtp on port 587?

[Michael <confabulate@kintzios.com>]

[-- Attachment #1: Type: text/plain, Size: 2557 bytes --]

On Wednesday, 24 January 2024 02:19:29 GMT Walter Dnes wrote:
>   I'm back after several minutes backing up to two USB drives.
> 
> On Tue, Jan 23, 2024 at 09:41:16PM +0000, Michael wrote
> 
> > For SMTP server use:
> > 
> > set smtp_url = "smtp://Your_User_Name@www.cotse.net:465"
> 
>   Just one change... change "smtp://" to "smtps://", otherwise mutt
> won't connect...
> 
> set smtp_pass="cotse_password"
> set smtp_url="smtps://cotse_userID@www.cotse.net:465"

Yes, my bad.  The prefix smtps:// is needed to indicate an explicit TLS 
connection.


>   Sending a test message I got a prompt...
> 
> This certificate belongs to:
>    Sectigo RSA Domain Validation Secure Server CA
>    Sectigo Limited
> 
>    Salford  Greater Manchester  GB
> yada, yada, yada

This is the intermediate certificate the server's certificate is signed with:

$ openssl s_client -connect www.cotse.net\:465 -showcerts
CONNECTED(00000003)
depth=2 C = US, ST = New Jersey, L = Jersey City, O = The USERTRUST Network, 
CN = USERTrust RSA Certification Authority
verify return:1

depth=1 C = GB, ST = Greater Manchester, L = Salford, O = Sectigo Limited, CN 
= Sectigo RSA Domain Validation Secure Server CA
verify return:1

depth=0 CN = www.cotse.net
verify return:1

The "Sectigo RSA Domain Validation Secure Server CA" is an intermediate CA 
certificate and as it happens it is not available in the OS certificate store 
/etc/ssl/certs/ where trusted Root CAs reside.  Theoretically, mutt via gnutls 
should check the issuer of the intermediate certificate which is "USERTrust 
RSA Certification Authority", find this certificate in the OS' store of 
trusted Root CAs and consequently accept as trusted any certificates in the 
chain signed by this Root CA.

I don't know why this doesn't function as I describe above.  Practically it 
seems mutt may need to be directed to accept all certificates in a chain as 
trusted.

http://www.mutt.org/doc/manual/#certificate-file

You could try copying the "USERTrust RSA Certification Authority" in your 
local mutt certificates directory, or copying just the intermediate CA 
certificate "Sectigo RSA Domain Validation Secure Server CA".


>   It asked whether I wanted to (r)eject, accept (o)nce, accept (a)lways
> and I chose always.

Your 'accept (a)lways' command would have stored this certificate in your 
local mutt certificates directory.


>   This post is coming to you via port 587 via fibre and via cotse.net.
> Thank you very much.  I couldn't have done it without your deatailed help.

Glad you got it sorted.  :-)

[-- Attachment #2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 833 bytes --]