Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 20 Oct 2023 15:11:56 +0000
From:      bugzilla-noreply@freebsd.org
To:        doc@FreeBSD.org
Subject:   [Bug 274609] Committers Guide: SMTP configuration incomplete/lack of details
Message-ID:  <bug-274609-9@https.bugs.freebsd.org/bugzilla/>

next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D274609

            Bug ID: 274609
           Summary: Committers Guide: SMTP configuration incomplete/lack
                    of details
           Product: Documentation
           Version: Latest
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Some People
          Priority: ---
         Component: Website
          Assignee: doc@FreeBSD.org
          Reporter: michaelo@FreeBSD.org

I started to set up my env at work for my FreeBSD cluster account. It turned
out that STARTTLS is actively blocked by ZScaler which I need to figure out
why:
> PS C:\deps-x64\openssl-3.0.11> .\openssl.exe s_client -connect smtp.FreeB=
SD.org:587 -starttls smtp  -brief
> write:errno=3D10060

Someone pointed me at work why I have not tried port 465 with TLS instead of
in-SMTP STARTTLS:
> PS C:\deps-x64\openssl-3.0.11> .\openssl.exe s_client -connect smtp.FreeB=
SD.org:465 -brief
> depth=3D2 C =3D US, O =3D Internet Security Research Group, CN =3D ISRG R=
oot X1
> verify error:num=3D20:unable to get local issuer certificate
> CONNECTION ESTABLISHED
> Protocol version: TLSv1.3
> Ciphersuite: TLS_AES_256_GCM_SHA384
> Requested Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:Ed=
25519:Ed448:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA-PSS+SHA256:RSA=
-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:EC=
DSA+SHA1:RSA+SHA224:RSA+SHA1
> Peer certificate: CN =3D smtp.freebsd.org
> Hash used: SHA256
> Signature type: RSA-PSS
> Verification error: unable to get local issuer certificate
> Server Temp Key: X25519, 253 bits
> 220 smtp.freebsd.org ESMTP Postfix
> HELO sdf
> 250 smtp.freebsd.org
> ehlo sdf
> 250-smtp.freebsd.org
> 250-PIPELINING
> 250-SIZE 10240000
> 250-VRFY
> 250-ETRN
> 250-AUTH PLAIN LOGIN
> 250-ENHANCEDSTATUSCODES
> 250-8BITMIME
> 250-DSN
> 250-SMTPUTF8
> 250 CHUNKING
> QUIT
> DONE

and this work while the other one is not (verified with Wireshark).

Please update the documentation that smtp.FreeBSD.org supports *both* START=
TLS
via 587 and TLS via 465. This might solve a similar issue for others as wel=
l.

--=20
You are receiving this mail because:
You are the assignee for the bug.=



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-274609-9>