From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 40C1215838C for ; Sun, 21 Jan 2024 16:30:26 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id C919EE29B3; Sun, 21 Jan 2024 16:30:20 +0000 (UTC) Received: from mail-ot1-f45.google.com (mail-ot1-f45.google.com [209.85.210.45]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 7D699E29AE for ; Sun, 21 Jan 2024 16:30:20 +0000 (UTC) Received: by mail-ot1-f45.google.com with SMTP id 46e09a7af769-6ddf73f0799so299364a34.1 for ; Sun, 21 Jan 2024 08:30:20 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1705854619; x=1706459419; h=content-transfer-encoding:in-reply-to:reply-to:from:references:to :content-language:subject:user-agent:mime-version:date:message-id :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=U2sYrtnj+TGzGNkDj0RYY9DGinPvCiCAdy+fw/0yg1s=; b=FW3T18pC5vpgK/RkWe2dW2zTn9uVWIajptMZaepMl49WsjqsXCNGkX0NHq9mumgZs4 oJDNa/5lr6XAfqsvZpZEfMtwOuE11MR6BrHsTvW3SEwGcOq092pjrsujbhp61OUGlcue Knzm4GJJSOJxjPqd6cICQydFurasDThU08KmIYhHqqoLCV2Oki0y7kMogNGAmvPVmqp+ 8QwDovtejZHtzHDm26pvj0p3jY2MsiofTiXFRI1mvmZkXgxfrfTtL5EqOEAa9B9XWhpi /z5BfvUfGyZDoGJDu/yYIXhN6yAfjHai0FSj+fwSkIZ8TyELe2kanOVuAfRHXpxYljNA zeEA== X-Gm-Message-State: AOJu0YxgPxh+h40+tOUIK2enHoyqqu95zNjN5qoWtXZhRcjlnmDa/U/X ga5xQGmyoENSz9Q6RYpaCoGXZUsqaMKAbnTDL724ffQzd+T58AWcO7nKeLBu2TsjRmPJQUe9wSE o X-Google-Smtp-Source: AGHT+IEsqZqh9LwNJLzwNspkj8sEsH2kRxveZkXFhuHxCSLZ6L+Q+vjSJeqbMmCbTh7kauZCEZbH0w== X-Received: by 2002:a4a:d744:0:b0:598:e709:7620 with SMTP id h4-20020a4ad744000000b00598e7097620mr4370224oot.1.1705854619497; Sun, 21 Jan 2024 08:30:19 -0800 (PST) Received: from [192.168.1.18] (c-73-238-129-126.hsd1.ct.comcast.net. [73.238.129.126]) by smtp.gmail.com with ESMTPSA id a4-20020a0ccdc4000000b00684225ef3a0sm1610665qvn.93.2024.01.21.08.30.18 for (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Sun, 21 Jan 2024 08:30:18 -0800 (PST) Message-ID: <274659ab-9880-43bf-972e-e8d374ff62e5@users.sourceforge.net> Date: Sun, 21 Jan 2024 11:29:16 -0500 Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: [gentoo-user] [OT] Anyone running mutt outboung smtp on port 587? Content-Language: en-US-large To: gentoo-user@lists.gentoo.org References: <2792672.BEx9A2HvPv@rogueboard> <4324200.ejJDZkT8p0@rogueboard> From: Jack In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit X-Archives-Salt: 5ce138ee-4e63-4d54-92d7-680662cf6802 X-Archives-Hash: 405e52d3a5ec97ba08ee3fa736ed15eb On 1/21/24 11:09, Walter Dnes wrote: > On Sun, Jan 21, 2024 at 12:05:45PM +0000, Michael wrote >> Anyway, to take you forward you can: >> >> 1. Keyword the latest gnutls package in case the gnutls verification criteria >> have been loosened. >> >> 2. Copy the Root CA into the users ~/ and point muttrc to it: >> >> set certificate_file = "~/.mutt/certificates" >> >> 3. If everything else fails, having verified yourself the server's >> Root CA and child certificates are all legit you can set: >> >> unset ssl_verify_host >> >> Obviously this would not be satisfactory from a security perspective. > Nothing above works, and I wonder if it's something at my end. I keep > getting the same message... > >> gnutls_handshake: A packet with illegal or unsupported version was received. > The current net-libs/gnutls-3.8.0 ebuild (and 3.8.1 and 3.8.2) has > sslv2 and sslv3 enabled in IUSE ...but... "emerge -pv gnutls" shows > them hard-masked. Is my system forcing sslv1 and the server rejecting me??? > > [ebuild R ] net-libs/gnutls-3.8.0:0/30.30::gentoo USE="cxx idn nls openssl seccomp tls-heartbeat tools zlib -brotli -dane -doc -examples -pkcs11 (-sslv2) (-sslv3) -static-libs -test (-test-full) -verify-sig -zstd" 0 KiB I'm no expert, but I think you are mixing versions of SSL and versions of TLS.  It seems both sslv2 and sslv3 have been deprecated, and my weak memory says they were replaced by TLS.  Now it looks like you are having problems trying to use an older TLS which has been replaced by a newer TLS, although there are no direct use flags for that. > > Do you get the same? Do I have to set something in... > > make menuconfig > -*- Cryptographic API ---> > > "emerge -pv mutt" > > [ebuild R ] mail-client/mutt-2.2.12::gentoo USE="debug gnutls gpgme hcache imap lmdb mbox nls pop sasl smtp ssl -autocrypt -berkdb -doc -gdbm -gsasl -idn -kerberos -pgp-classic (-prefix) -qdbm (-selinux) -slang -smime-classic -tokyocabinet -vanilla" 0 KiB > > I copied certificates from x.txt to .mutt/certificates (see > attachment). Is this correct? And how do I securely pass credentials? >