Date: Sat, 30 Mar 2013 07:49:19 -0400 From: Jerry <jerry@seibercom.net> To: FreeBSD <freebsd-questions@freebsd.org> Subject: Re: Operation timed out with smtp.gmail.com - please help Message-ID: <20130330074919.7902b8c2@scorpio> In-Reply-To: <5156C349.9010004@FreeBSD.org> References: <201303301014.r2UAEi1W081669@zzz.men.bris.ac.uk> <5156C349.9010004@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--Sig_/MU1rI9/nMOeeM0dQeh3wCld Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable On Sat, 30 Mar 2013 10:49:45 +0000 Matthew Seaman articulated: > Given you're seeing that CONNECTED message there, it certainly does. > The problem with that openssl command seems to be the 'unable to get > local issuer certificate' part. That's possibly openssl being pickier > about verifying certs than sendmail would be, but that certificate > verification step is probably where you're coming adrift. You need to > have the intermediate certs used by Google in your cacert.pem file, so > sendmail will trust the smtp.gmail.com cert. Check the 'confCACERT' > setting in your sendmail.mc. I have a block of code like this: >=20 > define(`CERT_DIR', `MAIL_SETTINGS_DIR`'certs')dnl > define(`confCACERT_PATH', `CERT_DIR')dnl > define(`confCACERT', `CERT_DIR/cacert.pem')dnl > define(`confSERVER_CERT', `CERT_DIR/cert.pem')dnl > define(`confSERVER_KEY', `CERT_DIR/key.pem')dnl > define(`confCLIENT_CERT', `CERT_DIR/cert.pem')dnl > define(`confCLIENT_KEY', `CERT_DIR/key.pem')dnl >=20 > which allows me to put all the keys and certs in /etc/mail/certs/ If you really need the Gmail certs, you can use this to get them: openssl s_client -connect smtp.gmail.com:587 -starttls smtp -showcerts If you feel you really need the "Equifax Secure Certificate Authority" pem, go here <http://www.geotrust.com/resources/root-certificates/>; and download it. Again, how to set up Sendmail is a task I leave for the student. --=20 Jerry =E2=99=94 Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the Reply-To header. __________________________________________________________________ --Sig_/MU1rI9/nMOeeM0dQeh3wCld Content-Type: application/pgp-signature; name=signature.asc Content-Disposition: attachment; filename=signature.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (FreeBSD) iQEcBAEBAgAGBQJRVtFKAAoJEF2rWD2do7dNzAIH/jVcpNtv2/rFedJlfMofpkO1 hsoL6oSJmjtCCS7uITe1W2a9qyfbG+FTndC9HVyKfgly4RoOnXnpP08Rjhp+aKce 00qybEQPbAvlgKhw98Bx0wCyWYvpIIqOQ2aZz9OlnoJWac4TJ1RxyrMEA13A9uKe p4Z53IitVVqfl2b/OzHJlut/xo02eg4StJ9ADEK1RUxrUbsFU5tSqsenjkii+ez4 a73EPGH/wpVNhQf+7gNribOdBIBdHdgOn2dwMHLPg7GzajV3SXsV8xsfsHjX7mk6 q7KfDHK68Xkc6BOuXCmyEZPCJz8fLIvwZv4/WKx/DODwmTFJg/IXN9xlfvPAC8w= =lL2v -----END PGP SIGNATURE----- --Sig_/MU1rI9/nMOeeM0dQeh3wCld--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20130330074919.7902b8c2>