Re: [gentoo-user] [OT] Anyone running mutt outboung smtp on port 587?

[Michael <confabulate@kintzios.com>]

[-- Attachment #1: Type: text/plain, Size: 2714 bytes --]

On Thursday, 18 January 2024 17:02:44 GMT Walter Dnes wrote:
>   I haven't been switched over to fibre yet due to config problems, but
> I'm trying to test port 587 using your settings.  I recompiled mutt
> adding USE="debug gnutls".  With "mutt -d 2" I get the a lot of debug
> output, including the following.  To further complicate things, when I
> switch back to the old muttrc, I get something about "no From:"  I had
> to rebuild without gnutls to get it working again.  What do the last 2
> lines imply?
> 
> [2024-01-18 11:36:00] Sending message...
> [2024-01-18 11:36:00] Looking up smtp.ebox.ca...
> [2024-01-18 11:36:00] Connecting to smtp.ebox.ca...
> [2024-01-18 11:36:00] Connected to smtp.ebox.ca:587 on fd=4
> [2024-01-18 11:36:00] 4< 220 smtp.ebox.ca ESMTP Postfix (Debian/GNU)
> [2024-01-18 11:36:00] 4> EHLO waltdnes.org
> [2024-01-18 11:36:00] 4< 250-smtp.ebox.ca
> [2024-01-18 11:36:00] 4< 250-PIPELINING
> [2024-01-18 11:36:00] 4< 250-SIZE 20000000
> [2024-01-18 11:36:00] 4< 250-VRFY
> [2024-01-18 11:36:00] 4< 250-ETRN
> [2024-01-18 11:36:00] 4< 250-STARTTLS
> [2024-01-18 11:36:00] 4< 250-ENHANCEDSTATUSCODES
> [2024-01-18 11:36:00] 4< 250-8BITMIME
> [2024-01-18 11:36:00] 4< 250 DSN
> [2024-01-18 11:36:00] 4> STARTTLS
> [2024-01-18 11:36:00] 4< 220 2.0.0 Ready to start TLS
> [2024-01-18 11:36:00] gnutls_handshake: A packet with illegal or unsupported
> version was received. 
> [2024-01-18 11:36:02] Could not negotiate TLS connection

The "no From:" complaint could be fixed by specifying in your muttrc:

set from = "waltdnes@waltdnes.org"

The gnutls error is more cryptic.  You'll have to check what certificate is 
sent by the server to deduce what causes the gnutls message.  You can try 
connecting to the server with the openssl s_client:

openssl s_client -connect smtp.ebox.ca\:587 -starttls smtp -showcerts

or with gnutls-cli:

gnutls-cli --starttls-proto smtp smtp.ebox.ca -p 587

then try to negotiate a connection:

ehlo there
...
Ctrl+D

Gnutls should run starttls and when you enter "Ctrl+D" it will print out what 
in particular it has a problem with.

The openssl attempt will show the certificates and you can check the whole 
chain, in case you missing a certificate.  As long as the CA certificate is in 
your /etc/ssl/certs/ there shouldn't be a problem.

Alternatively, add the server certificate(s) in '~/.mutt/certificates' and 
specify this path by setting 'set certificate_file' in your muttrc.  The first 
time you try to connect to your server mutt should warn you if there is a 
mismatch between the server's certificate and your SMTP server domain CN 
field, or anything else.  It will ask you to accept it and allow you to 
proceed with the connection.

[-- Attachment #2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 833 bytes --]