Date: Sat, 30 Mar 2013 10:14:44 GMT From: Anton Shterenlikht <mexas@bristol.ac.uk> To: freebsd-questions@freebsd.org Subject: Re: Operation timed out with smtp.gmail.com - please help Message-ID: <201303301014.r2UAEi1W081669@zzz.men.bris.ac.uk> In-Reply-To: <20130329153619.69c5b4dd@scorpio>
index | next in thread | previous in thread | raw e-mail
Date: Fri, 29 Mar 2013 15:36:19 -0400
From: Jerry <jerry@seibercom.net>
To: FreeBSD <freebsd-questions@freebsd.org>
Subject: Re: Operation timed out with smtp.gmail.com - please help
On Fri, 29 Mar 2013 18:32:34 GMT
Anton Shterenlikht articulated:
> Please help debug sendmail / smtp.gmail config.
>
> My University just switched to gmail (dickheads)
> and I'm trying to figure out how to set it up.
>
> It used to work ok with the University smtp auth
> server. Now I get in /var/log/maillog:
>
> sm-mta[72300]: r2TI0vQc072134: to=<mexas@bris.ac.uk>,
> ctladdr=<mexas@xxxx.men.bris.ac.uk> (1001/1001),
> delay=00:20:01, xdelay=00:00:00, mailer=relay, pri=210424,
> relay=smtp.gmail.com, dsn=4.0.0,
> stat=Deferred: Operation timed out with smtp.gmail.com
>
> I switched the firewall off completely.
>
> I have:
>
> # cat /etc/mail/auth/client-info
> AuthInfo:smtp.gmail.com "U:root" "I:mexas@bristol.ac.uk" "P:xxxxx"
> #
>
> and this in /etc/mail/freebsd.mc:
>
> define(`confAUTH_MECHANISMS', `GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN')dnl
> define(`SMART_HOST', `smtp.gmail.com')dnl
>
> I rebuilt (run make under /etc/mail. This just
> renames freebsd.mc to <hostname>.mc, and freebsd.submit.mc
> to <hostname>.submit.mc) and restarted sendmail.
>
> I also use:
>
> MASQUERADE_AS(`bristol.ac.uk')
> MASQUERADE_DOMAIN(`bristol.ac.uk')
>
> to use the university domain instead of
> may xxxx.men.bris.ac.uk, which is not
> acceptable.
Try this at the command line:
openssl s_client -connect smtp.gmail.com:25 -starttls smtp
If it times out, change the port number to 587 and try it again. If you
cannot make a connect using either port number then you have a firewall
problem.
Thank you, I get:
$ openssl s_client -connect smtp.gmail.com:25 -starttls smtp
connect: Operation timed out
connect:errno=60
$
$ openssl s_client -connect smtp.gmail.com:587 -starttls smtp
CONNECTED(00000003)
depth=1 C = US, O = Google Inc, CN = Google Internet Authority
verify error:num=20:unable to get local issuer certificate
verify return:0
---
Certificate chain
0 s:/C=US/ST=California/L=Mountain View/O=Google Inc/CN=smtp.gmail.com
i:/C=US/O=Google Inc/CN=Google Internet Authority
1 s:/C=US/O=Google Inc/CN=Google Internet Authority
i:/C=US/O=Equifax/OU=Equifax Secure Certificate Authority
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIDgDCCAumgAwIBAgIKO3T/ewAAAABoqDANBgkqhkiG9w0BAQUFADBGMQswCQYD
VQQGEwJVUzETMBEGA1UEChMKR29vZ2xlIEluYzEiMCAGA1UEAxMZR29vZ2xlIElu
dGVybmV0IEF1dGhvcml0eTAeFw0xMjA5MTIxMTU3NTBaFw0xMzA2MDcxOTQzMjda
MGgxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1N
b3VudGFpbiBWaWV3MRMwEQYDVQQKEwpHb29nbGUgSW5jMRcwFQYDVQQDEw5zbXRw
LmdtYWlsLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAv0UvQmjW1y96
cOK6AdQVEYPRd3ZQ9UhxkKfuVaYS9riOESFkWxkz+b3Ts/EOA5SY8axkaJS7Qa/v
N7laztYY8tTkx9Ml+eCY4xh0fFq9z4/WWADGqTY5I0wvqjZr+jBuYGulK1fU4ZUS
QpuZMMO9x7Bmr5LVP9C5r2qnoqtMtJUCAwEAAaOCAVEwggFNMB0GA1UdJQQWMBQG
CCsGAQUFBwMBBggrBgEFBQcDAjAdBgNVHQ4EFgQUaCtARMZ9urIDfdpR6v1AkQsr
44owHwYDVR0jBBgwFoAUv8Aw6/VDET5nup6R+/xq2uNrEiQwWwYDVR0fBFQwUjBQ
oE6gTIZKaHR0cDovL3d3dy5nc3RhdGljLmNvbS9Hb29nbGVJbnRlcm5ldEF1dGhv
cml0eS9Hb29nbGVJbnRlcm5ldEF1dGhvcml0eS5jcmwwZgYIKwYBBQUHAQEEWjBY
MFYGCCsGAQUFBzAChkpodHRwOi8vd3d3LmdzdGF0aWMuY29tL0dvb2dsZUludGVy
bmV0QXV0aG9yaXR5L0dvb2dsZUludGVybmV0QXV0aG9yaXR5LmNydDAMBgNVHRMB
Af8EAjAAMBkGA1UdEQQSMBCCDnNtdHAuZ21haWwuY29tMA0GCSqGSIb3DQEBBQUA
A4GBADSkwmtEUhy/AhX2sIULT0Q5S9OlfKxbyE8hEc8nxls3jbk5yKZYd35Bzyy8
raoUPFuD3IH+zP/FGj5LPQirjnJLUvuFDsiM4eowPUthQad9SGWWdz6hCx8HpEUZ
1ssGnwb3HX34e9RH57v9LdtVUPdFYQsBJ36miGPylWk6r0xx
-----END CERTIFICATE-----
subject=/C=US/ST=California/L=Mountain View/O=Google Inc/CN=smtp.gmail.com
issuer=/C=US/O=Google Inc/CN=Google Internet Authority
---
No client certificate CA names sent
---
SSL handshake has read 2317 bytes and written 476 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-RC4-SHA
Server public key is 1024 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-RC4-SHA
Session-ID: 8CAF4204FADB72F58FA6334A62F65B7182EF06F3C9AD8042FD44B9F726E8C9D5
Session-ID-ctx:
Master-Key: 45312AE23341AAFA1414BDDD30740E4FB40655986FD410A606CD351206BBAC5E5496F77DDF4DBE32B0E9B7E7FFA1057
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 100800 (seconds)
TLS session ticket:
0000 - 63 53 11 b3 92 0d 59 63-15 90 58 10 84 f2 f7 6a cS....Yc..X....j
0010 - 7c 7c 62 96 c5 3d cb 52-ca 32 2d 97 de 51 10 6d ||b..=.R.2-..Q.m
0020 - d2 97 ca 69 f8 cf 3d 6e-c9 60 73 3a 49 3a 4a 74 ...i..=n.`s:I:Jt
0030 - 88 ee 2c b0 75 4d 5b 61-56 a4 fe e3 42 56 7c 2d ..,.uM[aV...BV|-
0040 - 70 db e2 d7 5d 84 bd 88-06 7c c2 96 19 53 d0 58 p...]....|...S.X
0050 - f9 6a fb dd 3a 7b 73 3e-f9 bc 6d b1 ac 6a 63 13 .j..:{s>..m..jc.
0060 - 64 b8 be 1f b8 fd 05 da-7d 87 63 a4 53 6e 3a 55 d.......}.c.Sn:U
0070 - fe 73 f6 05 63 9a c6 c9-da cb 6c 4e ce 1d 1f a1 .s..c.....lN....
0080 - 07 12 0b c7 d1 ce 71 5a-f1 2c b4 a9 20 32 e2 64 ......qZ.,.. 2.d
0090 - 49 fd 77 41 I.wA
Start Time: 1364638180
Timeout : 300 (sec)
Verify return code: 20 (unable to get local issuer certificate)
---
250 ENHANCEDSTATUSCODES
^C
$
The university IT support page:
http://www.bristol.ac.uk/it-services/applications/email/gmail/manual-config-gmail.html
actually says that port 465 SSL should be used,
so I also tried:
$ openssl s_client -connect smtp.gmail.com:465 -starttls smtp
CONNECTED(00000003)
^C
$
Not sure what to make of this.
Is the port set by sendmail config files?
Many thanks for your help
Anton
help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201303301014.r2UAEi1W081669>