Date: Sat, 30 Mar 2013 07:49:19 -0400 From: Jerry <jerry@seibercom.net> To: FreeBSD <freebsd-questions@freebsd.org> Subject: Re: Operation timed out with smtp.gmail.com - please help Message-ID: <20130330074919.7902b8c2@scorpio> In-Reply-To: <5156C349.9010004@FreeBSD.org> References: <201303301014.r2UAEi1W081669@zzz.men.bris.ac.uk> <5156C349.9010004@FreeBSD.org>
index | next in thread | previous in thread | raw e-mail
[-- Attachment #1 --] On Sat, 30 Mar 2013 10:49:45 +0000 Matthew Seaman articulated: > Given you're seeing that CONNECTED message there, it certainly does. > The problem with that openssl command seems to be the 'unable to get > local issuer certificate' part. That's possibly openssl being pickier > about verifying certs than sendmail would be, but that certificate > verification step is probably where you're coming adrift. You need to > have the intermediate certs used by Google in your cacert.pem file, so > sendmail will trust the smtp.gmail.com cert. Check the 'confCACERT' > setting in your sendmail.mc. I have a block of code like this: > > define(`CERT_DIR', `MAIL_SETTINGS_DIR`'certs')dnl > define(`confCACERT_PATH', `CERT_DIR')dnl > define(`confCACERT', `CERT_DIR/cacert.pem')dnl > define(`confSERVER_CERT', `CERT_DIR/cert.pem')dnl > define(`confSERVER_KEY', `CERT_DIR/key.pem')dnl > define(`confCLIENT_CERT', `CERT_DIR/cert.pem')dnl > define(`confCLIENT_KEY', `CERT_DIR/key.pem')dnl > > which allows me to put all the keys and certs in /etc/mail/certs/ If you really need the Gmail certs, you can use this to get them: openssl s_client -connect smtp.gmail.com:587 -starttls smtp -showcerts If you feel you really need the "Equifax Secure Certificate Authority" pem, go here <http://www.geotrust.com/resources/root-certificates/>; and download it. Again, how to set up Sendmail is a task I leave for the student. -- Jerry ♔ Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the Reply-To header. __________________________________________________________________ [-- Attachment #2 --] -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (FreeBSD) iQEcBAEBAgAGBQJRVtFKAAoJEF2rWD2do7dNzAIH/jVcpNtv2/rFedJlfMofpkO1 hsoL6oSJmjtCCS7uITe1W2a9qyfbG+FTndC9HVyKfgly4RoOnXnpP08Rjhp+aKce 00qybEQPbAvlgKhw98Bx0wCyWYvpIIqOQ2aZz9OlnoJWac4TJ1RxyrMEA13A9uKe p4Z53IitVVqfl2b/OzHJlut/xo02eg4StJ9ADEK1RUxrUbsFU5tSqsenjkii+ez4 a73EPGH/wpVNhQf+7gNribOdBIBdHdgOn2dwMHLPg7GzajV3SXsV8xsfsHjX7mk6 q7KfDHK68Xkc6BOuXCmyEZPCJz8fLIvwZv4/WKx/DODwmTFJg/IXN9xlfvPAC8w= =lL2v -----END PGP SIGNATURE-----home | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20130330074919.7902b8c2>