0

I can not route may emails vie gmail.com. I use ssmtp facility. My config files in /etc/ssmtp are

root:yyyyy@gmail.com:smtp.gmail.com:587
maciek:yyyyy@gmail.com:smtp.gmail.com:587

and ssmtp.conf:

rewriteDomain=gmail.com
root=yyyyy@op.pl
maciek=yyyyy@op.pl
hostname=yyyyyy@gmail.com
UseTLS=YES
UseSTARTTLS=YES
AuthUser=yyyyy@gmail.com
AuthPass=MyPass
FromLineOverride=YES

So I try:

# mail yyyyy@orange.pl
Subject: ddd
ddd
.
EOT
# send-mail: Cannot open smtp.gmail.com:587

Nothing block the traffic to gmail server as shown below:

$ telnet smtp.gmail.com 587
Trying 173.194.70.108...
Connected to smtp.gmail.com.
Escape character is '^]'.
220 mx.google.com ESMTP n1sm56130900eep.20 - gsmtp
ehlo
250-mx.google.com at your service, [83.25.153.55]
250-SIZE 35882577
250-8BITMIME
250-STARTTLS
250-ENHANCEDSTATUSCODES
250 CHUNKING
quit
221 2.0.0 closing connection n1sm56130900eep.20 - gsmtp
Connection closed by foreign host.

Logs from my system journalctl:

Dec 11 22:45:55 piotr sSMTP[7571]:
Creating SSL connection to host Dec 11 22:45:55 piotr sSMTP[7571]:
SSL not working: certificate verify fail...0) Dec 11 22:45:55 piotr sSMTP[7571]:
Cannot open smtp.gmail.com:587

No other MTA agent is installed on this computer (like sendmail). So what I am configuring wrong?

mackowiakp
  • 259
  • 2
  • 3
  • 10
  • Check `/var/log` for `ssmtp` logs and see what they say. – Wesley Dec 11 '13 at 18:01
  • My system use journalctl. So You have: Dec 11 22:45:55 piotr sSMTP[7571]: Creating SSL connection to host Dec 11 22:45:55 piotr sSMTP[7571]: SSL not working: certificate verify fail...0) Dec 11 22:45:55 piotr sSMTP[7571]: Cannot open smtp.gmail.com:587 – mackowiakp Dec 11 '13 at 21:46
  • Okay, that could be of use. Add that to the question because in so doing, you'll bump it back up to the top of the question queue and get more eyeballs on it. – Wesley Dec 11 '13 at 21:48
  • 1
    ssmtp does NOT verify the SSL/TLS certificate of the remote server on the current debian, ubuntu and redhat releases and also does NOT verify the hostname of the certificate. This is a major issue, as this effectively renders the encryption useless and your password is being transmitted alike to being plaintext and anyone can sniff it. ssmtp has had no active development since atleast 2009. So, if you care about the security of the email account you use for your servers outgoing emails, do NOT use ssmtp, but postfix (or something else) instead: unix.stackexchange.com/a/118101/72087 – Zulakis Feb 24 '16 at 10:33

3 Answers3

6

Did you check if your selinux enabled?

Also, you may need this option:

  • TLS_CA_Dir
    • A directory of trusted certificates for validating the server, if required.

Basically tell your system where your CA certs are so that it doesn't think Gmail has an invalid cert.

Rico
  • 2,185
  • 18
  • 19
  • 2
    OK. THX. You help me. It works! I just add the line: TLS_CA_File=/etc/pki/tls/certs/ca-bundle.crt – mackowiakp Dec 12 '13 at 08:11
  • This pointed me in the right direction. I uncommented the existing TLS_CA_File line, and it worked, no need to add TLS_CA_Dir in my case. I verified that ca-bundle.crt file already existed on my system. – Jesus H Oct 23 '20 at 15:16
-1
AuthMethod=LOGIN

You need to add the above config in /etc/ssmtp/ssmtp.conf

rbdharnia
  • 1
  • 1
    If you try to answer old questions, please check the other answers. Obviously, the problem was something else. – Sven Apr 27 '17 at 10:24
-2

hostname=yyyyyy@gmail.com

I changed this to the local IP of my rasberry, and suddenly it worked. Appears the gmail server want you to be both polite and respect the standards, so an email does not suffice in this field.

Anders Rosnes
  • 1
  • All email servers around the Internet wants the other servers sending mail to them respect the standards. This is what standards are for. Obviously, using an email address as a hostname is not standard compliant. – Læti Sep 05 '16 at 09:52