From: Michael <confabulate@kintzios.com>
To: gentoo-user@lists.gentoo.org
Subject: Re: [gentoo-user] [SOLVED] [OT] Anyone running mutt outbound smtp on port 587?
Date: Tue, 23 Jan 2024 16:12:05 +0000 [thread overview]
Message-ID: <1793754.VLH7GnMWUR@rogueboard> (raw)
In-Reply-To: <Za_e7JeM_5Pimhwd@waltdnes.org>
[-- Attachment #1: Type: text/plain, Size: 2693 bytes --]
On Tuesday, 23 January 2024 15:47:28 GMT Walter Dnes wrote:
> On Tue, Jan 23, 2024 at 09:36:13AM +0000, Michael wrote
>
> > Since gnutls is playing up with mutt, you can try setting USE="-gnutls"
> > and re-emerge mutt to see if it succeeds establishing a connection.
>
> If I emerge mutt with USE="-gnutls" and comment out
> "set ssl_starttls=no", email fails...
>
> [2024-01-23 09:38:07] Looking up smtp.ebox.ca...
> [2024-01-23 09:38:07] Connecting to smtp.ebox.ca...
> [2024-01-23 09:38:07] Connected to smtp.ebox.ca:587 on fd=4
> [2024-01-23 09:38:07] 4< 220 smtp.ebox.ca ESMTP Postfix (Debian/GNU)
> [2024-01-23 09:38:07] 4> EHLO waltdnes.org
> [2024-01-23 09:38:07] 4< 250-smtp.ebox.ca
> [2024-01-23 09:38:07] 4< 250-PIPELINING
> [2024-01-23 09:38:07] 4< 250-SIZE 20000000
> [2024-01-23 09:38:07] 4< 250-VRFY
> [2024-01-23 09:38:07] 4< 250-ETRN
> [2024-01-23 09:38:07] 4< 250-STARTTLS
> [2024-01-23 09:38:07] 4< 250-ENHANCEDSTATUSCODES
> [2024-01-23 09:38:07] 4< 250-8BITMIME
> [2024-01-23 09:38:07] 4< 250 DSN
> [2024-01-23 09:38:07] 4> STARTTLS
> [2024-01-23 09:38:07] 4< 220 2.0.0 Ready to start TLS
> [2024-01-23 09:38:07] ssl_load_certificates: loading trusted certificates
> [2024-01-23 09:38:07] mutt_ssl_starttls: Error loading trusted certificates
> [2024-01-23 09:38:07] SSL failed: error:0A000102:SSL routines::unsupported
> protocol [2024-01-23 09:38:08] Could not negotiate TLS connection
OpenSSL bails out just as gnutls did. I was hoping it could have been more
forgiving. :-(
> ssl_starttls (and ssl_force_tls) default to "yes" in muttrc. If
> ssl_starttls and ssl_force_tls are not explicitly set to "no", mutt
> *WILL* attempt a TLS connection if advertised. Whem mutt is built with
> USE="-gnutls" and attempts a TLS connection, let's just say "it does not
> end well".
Both OpenSSL and GnuTLS fail to negotiate an encrypted connection with the
server. From the logs you have shared we can safely guess this is because the
Root CA used by the server is still using a SHA1 hash.
> tldr;
>
> It's easier for me to build in gnutls support and then (un)comment one
> or two lines in ~/.mutt/muttrc as needed rather than...
>
> * pop up an xterm
> * su - (and enter password to root)
> * emerge mutt with appropriate flag(s)
> * exit to regular user
You can revert/keep mutt compiled with USE="gnutls". It makes no difference
in this case. You can also try to set deprecated TLS protocols in ~/.muttrc
to see if this will allow for a successful connection:
http://mutt.org/doc/manual/#ssl-use-tlsv1
You had a good crack at this, but TBH it would be easier and safer to find an
email hosting company who use up to date TLS certificates. ;-)
[-- Attachment #2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 833 bytes --]
next prev parent reply other threads:[~2024-01-23 16:12 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-01-09 19:01 [gentoo-user] [OT] Anyone running mutt outboung smtp on port 587? Walter Dnes
2024-01-09 19:54 ` Philip Webb
2024-01-10 4:59 ` Walter Dnes
2024-01-18 17:02 ` Walter Dnes
2024-01-18 18:42 ` Michael
2024-01-21 4:23 ` Walter Dnes
2024-01-21 12:05 ` Michael
2024-01-21 16:09 ` Walter Dnes
2024-01-21 16:29 ` Jack
2024-01-21 19:27 ` Michael
2024-01-22 20:24 ` Walter Dnes
2024-01-22 21:52 ` [gentoo-user] [SOLVED] " Walter Dnes
2024-01-22 22:08 ` Michael
2024-01-23 4:21 ` Walter Dnes
2024-01-23 9:36 ` Michael
2024-01-23 15:47 ` [gentoo-user] [SOLVED] [OT] Anyone running mutt outbound " Walter Dnes
2024-01-23 16:12 ` Michael [this message]
2024-01-23 19:09 ` Walter Dnes
2024-01-23 21:41 ` Michael
2024-01-24 2:19 ` Walter Dnes
2024-01-24 9:32 ` Michael
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1793754.VLH7GnMWUR@rogueboard \
--to=confabulate@kintzios.com \
--cc=gentoo-user@lists.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox