| View previous topic :: View next topic |
| Author |
Message |
madjestic
n00b
Joined: 10 Oct 2013
Posts: 53
|
 Posted: Mon Jan 11, 2021 11:18 pm Post subject: sendmail/ssmtp: Cannot open smtp.gmail.com:587 |
 |
|
Hey guys,
I am trying to set up sendmail/ssmtp to send simple notificaton/alert email from my laptop to my gmail account, but it seems to fail opening a connection:
| Code: |
$ echo -e 'Subject: test\n\nTesting ssmtp' | sendmail -v username@gmail.com
Use PrivateKey: Success
sendmail: Cannot open smtp.gmail.com:587
|
| Code: |
$ echo "test" | ssmtp -vvv username@gmail.com
Use PrivateKey: Success
ssmtp: Cannot open smtp.gmail.com:587
|
Here's my /etc/ssmtp/ssmtp.conf :
| Code: |
#
# /etc/ssmtp.conf -- a config file for sSMTP sendmail.
#
# The person who gets all mail for userids < MinUserId
# Make this empty to disable rewriting.
root=username@gmail.com
# All mail delivered to userid >= MinUserId goes to user, not root.
#MinUserId=1000
# The place where the mail goes. The actual machine name is required
# no MX records are consulted. Commonly mailhosts are named mail.domain.com
# The example will fit if you are in domain.com and your mailhub is so named.
mailhub=smtp.gmail.com:587
# Example for SMTP port number 2525
# mailhub=mail.your.domain:2525
# Example for SMTP port number 25 (Standard/RFC)
# mailhub=mail.your.domain
# Example for SSL encrypted connection
# mailhub=mail.your.domain:465
# Where will the mail seem to come from?
rewriteDomain=gmail.com
# The full hostname
# Gentoo bug #47562
# Commenting the following line will force ssmtp to figure
# out the hostname itself.
hostname=nu
# Set this to never rewrite the "From:" line (unless not given) and to
# use that address in the "from line" of the envelope.
#FromLineOverride=YES
# Use SSL/TLS to send secure messages to server.
UseTLS=YES
# Use SSL/TLS certificate to authenticate against smtp host.
UseTLSCert=YES
UseSTARTTLS=YES
# Use this RSA certificate.
TLSCert=/etc/ssl/certs/ca-certificates.crt
# Get enhanced (*really* enhanced) debugging information in the logs
# If you want to have debugging of the config file parsing, move this option
# to the top of the config file and uncomment
#Debug=YES
AuthUser=username@gmail.com
AuthPass=xxxxxxxxx
AuthMethod=LOGIN
# Email 'From header's can override the default domain?
FromLineOverride=yes
|
| Code: |
$ groups
... mail ... ssmtp ...
|
I've got a 2-step verification enabled on my gmail account and I generated the AuthPass using App passwords.
What could be wrong?
Thanks!
Last edited by madjestic on Mon Jan 11, 2021 11:43 pm; edited 1 time in total |
|
| Back to top |
|
 |
alamahant
Advocate
Joined: 23 Mar 2019
Posts: 3948
|
| Posted: Mon Jan 11, 2021 11:30 pm Post subject: |
|
|
Email will not be accepted if ithe origin is not 100% perfect in configuration and legitimacy.
MTA servers run from home are not the perfect candidates for such level of legitimacy....
One work arround is to let your gmail account or a newly-created gmail account specifically for that purpose act as a relay or a router to forward your mails around
This is called a "smart host" config in postfix.
You have to create a file like containing
| Code: |
[smtp.gmail.com]:587 <youur gmail-email>
|
in postfix directory.
and then
create a binary from it using the "postmap" command
It goes without saying that your sasl auth and any certificate detail should be flawless.
You can use Letencrypt.
I do NOT know though how to do this in your setup.
_________________
Last edited by alamahant on Tue Jan 12, 2021 8:47 am; edited 1 time in total |
|
| Back to top |
|
|
madjestic
n00b
Joined: 10 Oct 2013
Posts: 53
|
| Posted: Tue Jan 12, 2021 12:10 am Post subject: |
|
|
Thanks, @alamahant, I will try that if other methods fail
After disabling UseTLSCert (following an advice I got on IRC), I am getting this now:
| Code: |
$ echo -e 'Subject: test\n\nTesting ssmtp' | sendmail -v username@gmail.com
[<-] 220 smtp.gmail.com ESMTP w17sm597164edu.90 - gsmtp
[->] EHLO nu
[<-] 250 SMTPUTF8
[->] STARTTLS
[<-] 220 2.0.0 Ready to start TLS
[->] EHLO nu
[<-] 250 SMTPUTF8
[->] AUTH LOGIN
[<-] 334 VXNlcm5hbWU6
[->] bWFkamVzdGljMTNAZ21haWwuY29t
[<-] 334 UGFzc3dvcmQ6
[<-] 535 5.7.8 https://support.google.com/mail/?p=BadCredentials w17sm597164edu.90 - gsmtp
sendmail: Authorization failed (535 5.7.8 https://support.google.com/mail/?p=BadCredentials w17sm597164edu.90 - gsmtp)
|
I did use the password generated with gmail App Password page for AuthPass=..., and the App Password page it looks like this for me: https://pasteboard.co/JJdu3oQ.png (sorry for the adds). |
|
| Back to top |
|
|
alamahant
Advocate
Joined: 23 Mar 2019
Posts: 3948
|
| Posted: Tue Jan 12, 2021 12:20 am Post subject: |
|
|
When using port 587 or "submission" it mean you are using STARTTLS or encryption over HTTP
For that you definately need certificates either Letsencrypt etc or minimally selfsigned.
otherwise your email will be rejected.
_________________
|
|
| Back to top |
|
|
madjestic
n00b
Joined: 10 Oct 2013
Posts: 53
|
| Posted: Tue Jan 12, 2021 8:02 am Post subject: |
|
|
| For now I solved it by creating a separate account and enabling less secure apps login. That seems to work, thanks! |
|
| Back to top |
|
|
szatox
Advocate
Joined: 27 Aug 2013
Posts: 3489
|
| Posted: Tue Jan 12, 2021 9:21 pm Post subject: |
|
|
Lol, guys, what are you 2 talking about?
I have a gmail account (yet) and works fine with evolution. I don't have to be super-legitimate or provide my on certificate, all it takes is a user and password to an existing account. Pretty much what OP did in the end.
This mangled text is base64-encoded. I hope you haven't posted anything sensitive there.
Fortunately, your password is missing in the conversation, but you haven't stated whether you intentionally removed it or something went wrong. |
|
| Back to top |
|
|
Buffoon
Veteran
Joined: 17 Jun 2015
Posts: 1369
Location: EU or US
|
| Posted: Tue Jan 12, 2021 10:19 pm Post subject: |
|
|
| The foolproof method is to relay thru your ISP mail server. Your box is legit sender for your ISP and your ISP mail server is legit for rest of the world with all anti-spam measures satisfied. |
|
| Back to top |
|
|
|
Networking & Security
