Date: Fri, 20 Oct 2023 15:11:56 +0000 From: bugzilla-noreply@freebsd.org To: doc@FreeBSD.org Subject: [Bug 274609] Committers Guide: SMTP configuration incomplete/lack of details Message-ID: <bug-274609-9@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D274609 Bug ID: 274609 Summary: Committers Guide: SMTP configuration incomplete/lack of details Product: Documentation Version: Latest Hardware: Any OS: Any Status: New Severity: Affects Some People Priority: --- Component: Website Assignee: doc@FreeBSD.org Reporter: michaelo@FreeBSD.org I started to set up my env at work for my FreeBSD cluster account. It turned out that STARTTLS is actively blocked by ZScaler which I need to figure out why: > PS C:\deps-x64\openssl-3.0.11> .\openssl.exe s_client -connect smtp.FreeB= SD.org:587 -starttls smtp -brief > write:errno=3D10060 Someone pointed me at work why I have not tried port 465 with TLS instead of in-SMTP STARTTLS: > PS C:\deps-x64\openssl-3.0.11> .\openssl.exe s_client -connect smtp.FreeB= SD.org:465 -brief > depth=3D2 C =3D US, O =3D Internet Security Research Group, CN =3D ISRG R= oot X1 > verify error:num=3D20:unable to get local issuer certificate > CONNECTION ESTABLISHED > Protocol version: TLSv1.3 > Ciphersuite: TLS_AES_256_GCM_SHA384 > Requested Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:Ed= 25519:Ed448:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA-PSS+SHA256:RSA= -PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:EC= DSA+SHA1:RSA+SHA224:RSA+SHA1 > Peer certificate: CN =3D smtp.freebsd.org > Hash used: SHA256 > Signature type: RSA-PSS > Verification error: unable to get local issuer certificate > Server Temp Key: X25519, 253 bits > 220 smtp.freebsd.org ESMTP Postfix > HELO sdf > 250 smtp.freebsd.org > ehlo sdf > 250-smtp.freebsd.org > 250-PIPELINING > 250-SIZE 10240000 > 250-VRFY > 250-ETRN > 250-AUTH PLAIN LOGIN > 250-ENHANCEDSTATUSCODES > 250-8BITMIME > 250-DSN > 250-SMTPUTF8 > 250 CHUNKING > QUIT > DONE and this work while the other one is not (verified with Wireshark). Please update the documentation that smtp.FreeBSD.org supports *both* START= TLS via 587 and TLS via 465. This might solve a similar issue for others as wel= l. --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-274609-9>