From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id A58BA15838C for ; Wed, 24 Jan 2024 09:32:49 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 267C7E2AD7; Wed, 24 Jan 2024 09:32:44 +0000 (UTC) Received: from buffalo.tulip.relay.mailchannels.net (buffalo.tulip.relay.mailchannels.net [23.83.218.24]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 8DF99E2AD2 for ; Wed, 24 Jan 2024 09:32:43 +0000 (UTC) X-Sender-Id: thundermail|x-authsender|confabulate@kintzios.com Received: from relay.mailchannels.net (localhost [127.0.0.1]) by relay.mailchannels.net (Postfix) with ESMTP id 489F8800EA7 for ; Wed, 24 Jan 2024 09:32:42 +0000 (UTC) ARC-Seal: i=1; s=arc-2022; d=mailchannels.net; t=1706088761; a=rsa-sha256; cv=none; b=HQ+e2Z+hnBwzgaW4Gn6lDy0imGuIYma21aFcRtP3963v800V7xJpFgnkg1XYZ2OX8JSTq2 AbvDgSqdowhRrbd93Oy8aoaU7eGkoe+d+P+F053Bp3DbWqPi+4hCANsbYPw3cVW7pevaOB AYdIzQP3+OOIB/uA3NW/R81Kjza2TgeKy408mz1h8OepG/9PtTVPBUpIaAGz8FRhk/WJch st9rst2BqcQgyzHeDTYU1kah3/IFTaGhFxWeGiSamzrItTUlIRbxdctZlHrQkxidHkpYwl 9iwAZs//Y89bsk9LWbHWf29m7hHKHua8QN+Yc0MQM52HkoqJW4FNn/mOA9gJ4g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=mailchannels.net; s=arc-2022; t=1706088761; h=from:from:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type:in-reply-to:in-reply-to: references:references:dkim-signature; bh=AUXXywGGPqp2ZTIBKIE8WHbbPXqHvNh8LOGWjUPx6cc=; b=cQXpEDmjIUvdYQlyh71k84oJSejPb/VEWVXvPxNZmkG0djk0NYhsJf79BxfcEDbtOaH6kU Nmvx5JXDblYt6iRTG9y3QVYFcJMNtvwOxv4+eyqdkwOn8f1A7N3UCDM0A4sgo+30cjnXCn 8eJGOZw8UsU2E6U3DMzcAsuupuP0g8cUQgHPXhpMYMfEPJITdtZ6WkxxaZjMeIwazjHCC/ lBLi4bw0BWnhPQ9IrsHZnKMfONKtGs1kpgdyYij/Ca6nTGAPLtfmYTMQ1UBEltQ4k5tk5K grxJ6BAzRdFMtPVkOWTTKB+NYQES8hfVczzk2g81+8/isM75SLZokBOusuCIyA== ARC-Authentication-Results: i=1; rspamd-76cc9994fd-jkvv9; auth=pass smtp.auth=thundermail smtp.mailfrom=confabulate@kintzios.com X-Sender-Id: thundermail|x-authsender|confabulate@kintzios.com X-MC-Relay: Neutral X-MailChannels-SenderId: thundermail|x-authsender|confabulate@kintzios.com X-MailChannels-Auth-Id: thundermail X-Trouble-Invention: 209dc46d21831ff1_1706088761924_1812307071 X-MC-Loop-Signature: 1706088761924:1524651136 X-MC-Ingress-Time: 1706088761924 Received: from mailclean11.thundermail.uk (mailclean11.thundermail.uk [149.255.60.66]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384) by 100.102.32.72 (trex/6.9.2); Wed, 24 Jan 2024 09:32:41 +0000 Received: from cloud220.unlimitedwebhosting.co.uk (cloud220.unlimitedwebhosting.co.uk [149.255.60.183]) by mailclean11.thundermail.uk (Postfix) with ESMTPS id 42E374049F for ; Wed, 24 Jan 2024 09:32:36 +0000 (GMT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=kintzios.com; s=default; t=1706088756; bh=AUXXywGGPqp2ZTIBKIE8WHbbPXqHvNh8LOGWjUPx6cc=; h=From:To:Subject; b=Ylqwg/CY2/yybvYQu2IxxRttPI/FeSv8QGdrx5drtTISrwolg2R6eLd/lau/ZH5Vo AekW+qJ54kTzWuH1ZB9ywcfGnwBeoQ+DphEOUT6zdj+bu58v6HKLWo5BLytemlfUcn LTF3QISQBAvQpdmoEEP6NDIRcihw5ij6U5Y8o5EE= From: Michael To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] [SOLVED] [OT] Anyone running mutt outbound smtp on port 587? Date: Wed, 24 Jan 2024 09:32:16 +0000 Message-ID: <10410253.nUPlyArG6x@rogueboard> In-Reply-To: References: <1955193.PYKUYFuaPT@rogueboard> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart2258049.iZASKD2KPV"; micalg="pgp-sha256"; protocol="application/pgp-signature" X-PPP-Message-ID: <170608875655.4178092.13804224055729877975@cloud220.unlimitedwebhosting.co.uk> X-PPP-Vhost: kintzios.com X-Rspamd-Queue-Id: 42E374049F X-Rspamd-Server: mailclean11 X-Spamd-Result: default: False [-0.61 / 999.00]; SIGNED_PGP(-2.00)[]; SUBJECT_ENDS_QUESTION(1.00)[]; MID_RHS_NOT_FQDN(0.50)[]; MIME_GOOD(-0.20)[multipart/signed,text/plain]; ONCE_RECEIVED(0.10)[]; MX_GOOD(-0.01)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; DMARC_POLICY_ALLOW(0.00)[kintzios.com,none]; FROM_HAS_DN(0.00)[]; R_DKIM_ALLOW(0.00)[kintzios.com:s=default]; ARC_NA(0.00)[]; RCVD_TLS_ALL(0.00)[]; RCPT_COUNT_ONE(0.00)[1]; FUZZY_BLOCKED(0.00)[rspamd.com]; DKIM_TRACE(0.00)[kintzios.com:+]; RCVD_COUNT_ONE(0.00)[1]; MIME_TRACE(0.00)[0:+,1:+,2:~]; TO_DN_NONE(0.00)[]; REPLYTO_ADDR_EQ_FROM(0.00)[]; FROM_EQ_ENVFROM(0.00)[]; MISSING_XM_UA(0.00)[]; PREVIOUSLY_DELIVERED(0.00)[gentoo-user@lists.gentoo.org]; R_SPF_ALLOW(0.00)[+mx]; NEURAL_HAM(-0.00)[-1.000]; ASN(0.00)[asn:34931, ipnet:149.255.60.0/22, country:GB]; RCVD_VIA_SMTP_AUTH(0.00)[]; HAS_REPLYTO(0.00)[confabulate@kintzios.com] X-Rspamd-Action: no action X-Archives-Salt: 4d24befc-4cc4-4ab3-a8e5-3bd4065798a0 X-Archives-Hash: 97bb6e45641c8f99cf31789c326a035c --nextPart2258049.iZASKD2KPV Content-Transfer-Encoding: 7Bit Content-Type: text/plain; charset="UTF-8"; protected-headers="v1" From: Michael To: gentoo-user@lists.gentoo.org Reply-To: confabulate@kintzios.com Date: Wed, 24 Jan 2024 09:32:16 +0000 Message-ID: <10410253.nUPlyArG6x@rogueboard> In-Reply-To: MIME-Version: 1.0 On Wednesday, 24 January 2024 02:19:29 GMT Walter Dnes wrote: > I'm back after several minutes backing up to two USB drives. > > On Tue, Jan 23, 2024 at 09:41:16PM +0000, Michael wrote > > > For SMTP server use: > > > > set smtp_url = "smtp://Your_User_Name@www.cotse.net:465" > > Just one change... change "smtp://" to "smtps://", otherwise mutt > won't connect... > > set smtp_pass="cotse_password" > set smtp_url="smtps://cotse_userID@www.cotse.net:465" Yes, my bad. The prefix smtps:// is needed to indicate an explicit TLS connection. > Sending a test message I got a prompt... > > This certificate belongs to: > Sectigo RSA Domain Validation Secure Server CA > Sectigo Limited > > Salford Greater Manchester GB > yada, yada, yada This is the intermediate certificate the server's certificate is signed with: $ openssl s_client -connect www.cotse.net\:465 -showcerts CONNECTED(00000003) depth=2 C = US, ST = New Jersey, L = Jersey City, O = The USERTRUST Network, CN = USERTrust RSA Certification Authority verify return:1 depth=1 C = GB, ST = Greater Manchester, L = Salford, O = Sectigo Limited, CN = Sectigo RSA Domain Validation Secure Server CA verify return:1 depth=0 CN = www.cotse.net verify return:1 The "Sectigo RSA Domain Validation Secure Server CA" is an intermediate CA certificate and as it happens it is not available in the OS certificate store /etc/ssl/certs/ where trusted Root CAs reside. Theoretically, mutt via gnutls should check the issuer of the intermediate certificate which is "USERTrust RSA Certification Authority", find this certificate in the OS' store of trusted Root CAs and consequently accept as trusted any certificates in the chain signed by this Root CA. I don't know why this doesn't function as I describe above. Practically it seems mutt may need to be directed to accept all certificates in a chain as trusted. http://www.mutt.org/doc/manual/#certificate-file You could try copying the "USERTrust RSA Certification Authority" in your local mutt certificates directory, or copying just the intermediate CA certificate "Sectigo RSA Domain Validation Secure Server CA". > It asked whether I wanted to (r)eject, accept (o)nce, accept (a)lways > and I chose always. Your 'accept (a)lways' command would have stored this certificate in your local mutt certificates directory. > This post is coming to you via port 587 via fibre and via cotse.net. > Thank you very much. I couldn't have done it without your deatailed help. Glad you got it sorted. :-) --nextPart2258049.iZASKD2KPV Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part. Content-Transfer-Encoding: 7Bit -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEXqhvaVh2ERicA8Ceseqq9sKVZxkFAmWw2SAACgkQseqq9sKV ZxmJWA/9GvswWqWJXv4C/YYKbzk5EDk0fxdT5gdLun8MVVnZwE5zneMeIwThH6GZ Pue66JgdEoPsa0+H6Sa2IGD4LCxmfFIHHZcxiJKfYf4wH8ccD/vUliCBO+hMl6Wj gzu6sv0mcemf5J40fkVNK68vazjoFmbHv5Ms/ld/eycwEiQdLHppvfC7EH3WYrI8 cpCwu6vPjgySEW8hEBWnrvRZo6vTDcwHLLBufMkEFZG1R6Z69O/Y1DbC3xb8NDJi sGSXoXXuB/KSbdpA2v5JOzwW3JDqhZn/CDGy4AJlRLGF8WDYua+FlJNN+acaSdyr ITK8e8ay4NsWB7XIyYJFJMoeJh/9Hi1H6N6GhFn/wqekiwNiywRPJIF2XHhYocjm cv3Nn0ZpMxWtzX2m71N9xtLYLctk9Mtj8JuzptrE3GmaJjumMSIHVY16hKUIxQu0 BQV2qG3hJK20m/novNhIbTGiNa9lPDEbOF7URa0yVtIR35tGhR5+zclCqyqQB7qh 4IbI7c2nQntY/widT+ivYgky9bJ4IKnIB60d2Qw6Gn8bJTdgEVAzENmNcnXDlgPx TEQjJ03YaWuJPxeT+8Te1q1VrFpVMbK3S3aFzavxWuYOQwjVTlGfJa6A1b7Otvpw HDfE8Yu4l1oG7/ugeS0ohoLvRl+cTDIWHJKhzqsFUG0FloHoW4Y= =MEU+ -----END PGP SIGNATURE----- --nextPart2258049.iZASKD2KPV--