Date: Sat, 30 Mar 2013 10:17:55 -0700 (PDT) From: Anton Shterenlikht <mexas@bristol.ac.uk> To: freebsd-questions@freebsd.org Subject: Re: Operation timed out with smtp.gmail.com - please help Message-ID: <201303301717.r2UHHrd2083177@mech-cluster241.men.bris.ac.uk> In-Reply-To: <20130330074919.7902b8c2@scorpio>
next in thread | previous in thread | raw e-mail | index | archive | help
Date: Sat, 30 Mar 2013 07:49:19 -0400 From: Jerry <jerry@seibercom.net> To: FreeBSD <freebsd-questions@freebsd.org> Subject: Re: Operation timed out with smtp.gmail.com - please help On Sat, 30 Mar 2013 10:49:45 +0000 Matthew Seaman articulated: > Given you're seeing that CONNECTED message there, it certainly does. > The problem with that openssl command seems to be the 'unable to get > local issuer certificate' part. That's possibly openssl being pickier > about verifying certs than sendmail would be, but that certificate > verification step is probably where you're coming adrift. You need to > have the intermediate certs used by Google in your cacert.pem file, so > sendmail will trust the smtp.gmail.com cert. Check the 'confCACERT' > setting in your sendmail.mc. I have a block of code like this: >=20 > define(`CERT_DIR', `MAIL_SETTINGS_DIR`'certs')dnl > define(`confCACERT_PATH', `CERT_DIR')dnl > define(`confCACERT', `CERT_DIR/cacert.pem')dnl > define(`confSERVER_CERT', `CERT_DIR/cert.pem')dnl > define(`confSERVER_KEY', `CERT_DIR/key.pem')dnl > define(`confCLIENT_CERT', `CERT_DIR/cert.pem')dnl > define(`confCLIENT_KEY', `CERT_DIR/key.pem')dnl >=20 > which allows me to put all the keys and certs in /etc/mail/certs/ If you really need the Gmail certs, you can use this to get them: openssl s_client -connect smtp.gmail.com:587 -starttls smtp -showcerts If you feel you really need the "Equifax Secure Certificate Authority" pem, go here <http://www.geotrust.com/resources/root-certificates/>; and download it. Again, how to set up Sendmail is a task I leave for the student. Jerry, Matthew, thank you I think I got it working. In addition to your advice, this guide was very helpful: http://www.phinesolutions.com/sendmail-gmail-smtp-relay-howto.html It seems these two options were required: define(`RELAY_MAILER_ARGS', `TCP $h 587') define(`ESMTP_MAILER_ARGS', `TCP $h 587') Thanks again Anton
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201303301717.r2UHHrd2083177>