msmtp and TLS issues, prime...not long enough

To: mutt-users@xxxxxxxx
Subject: msmtp and TLS issues, prime...not long enough
From: John Magolske <listmail@xxxxxxx>
Date: Mon, 6 Oct 2008 22:02:15 -0700
List-post: <mailto:mutt-users@mutt.org>
List-unsubscribe: send mail to majordomo@mutt.org, body only "unsubscribe mutt-users"
Sender: owner-mutt-users@xxxxxxxx
User-agent: Mutt/1.5.17 (2007-11-01)

I'm attempting to switch from using postfix to msmtp, which I can
get working with the following:

In ~/.muttrc :

    sendmail="/usr/bin/msmtp -a acct_1"

In ~/.msmtprc (setting 'auth plain' also works):

    account acct_1
    host mail.mydomain.net
    user me
    password ******
    auth login
    tls off

My understanding is that the above will send passwords as plaintext,
which doesn't seem like a good idea, particularly with public wifi.

When trying to use TLS like so:

    account acct_1
    host mail.mydomain.net
    user me
    password ******
    auth login
    tls on
    tls_trust_file  /etc/ssl/certs/Thawte_Premium_Server_CA.pem

There are these error messages:

    msmtp: TLS handshake failed: The Diffie Hellman prime sent by the
           server is not acceptable (not long enough).
    msmtp: could not send mail (account acct_1 from /home/me/.msmtprc)
    Error sending message, child exited 76 (Remote protocol error.).

There's this:

    ~ % msmtp --host=smtp.mydomain.net --serverinfo
    SMTP server at smtp.mydomain.net (mydomain.net [xx.xxx.xxx.xxx]),
    port 25:
        ss47.shared.server-system.net ESMTP Sendmail
        8.12.11.20060308/8.12.11; Sat, 4 Oct 2008 01:00:32 -0700
    Capabilities:
        SIZE 15000000:
            Maximum message size is 15000000 bytes = 14.31 MB
        PIPELINING:
            Support for command grouping for faster transmission
        ETRN:
            Support for RMQS (Remote Message Queue Starting)
        DSN:
            Support for Delivery Status Notifications
        STARTTLS:
            Support for TLS encryption via the STARTTLS command
        AUTH:
            Supported authentication methods:
            PLAIN LOGIN
    This server might advertise more or other capabilities when TLS
    is active.

And this:

    ~ % msmtp --serverinfo --host=smtp.mydomain.net --tls=on --tls-certcheck=off
    msmtp: TLS handshake failed: The Diffie Hellman prime sent by the
           server is not acceptable (not long enough).

Do I need to use the STARTTLS command in some way?
Or maybe a different tls_trust_file ?

I am able to send mail through my gmail account using msmtp & mutt with
this in ~/.msmtp :

    account me_gmail
    host smtp.gmail.com
    auth plain
    user me
    password ********
    tls
    tls_trust_file  /etc/ssl/certs/Thawte_Premium_Server_CA.pem


At this point I'm staying with using postfix, but would like to
understand how I could use msmtp, and whether it might offer
advantages in my situation, as this article leads me to believe:

http://promberger.info/linux/2008/04/11/mutt-with-msmtp-and-a-mail-queue/

    (re postfix): "...the stigma of originating from a non-fixed IP
     without a valid domain name if you use them on your laptop."

My machine is a ThinkPad running Debian Sid. I'd like to send and
recieve email on the go, through public wifi at cafés & so forth.

I'm also wondering if how I'm currently using postfix is sending
passwords encrypted. Some relevant lines in /etc/postfix/main.cf :

    smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
    smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
    smtpd_use_tls=yes
    smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
    smtp_sasl_auth_enable = yes

TIA for any suggestions,

John


-- 
John Magolske
http://B79.net/contact

Follow-Ups:
- Re: msmtp and TLS issues, prime...not long enough
  - From: Christian Ebert

Prev by Date: Re: selecting "from" when sending an email
Next by Date: Re: selecting "from" when sending an email
Previous by thread: Re: selecting "from" when sending an email
Next by thread: Re: msmtp and TLS issues, prime...not long enough
Index(es):
- Date
- Thread