Results 1 to 1 of 1

Thread: msmtp and TLS auth not working anymore...

  1. #1
    Join Date
    Sep 2006
    Beans
    152

    Unhappy BUG in libgnutls26-2.4.1-1ubuntu0.1 : msmtp and TLS broken after update !

    Hi, I have this very strange problem, so here is another message that I'm sure I will not have any answer at all...

    Edit: so I found the answer by myself - AND IT WASN'T FUNNY.


    I had a TLS problem with mutt and msmtp. Here it is:

    msmtp: TLS certificate verification failed: the certificate is not trusted
    msmtp: could not send mail (account default from /home/asbesto/.msmtprc)
    Obviously, I have all certs, as I have them from some days, and I had no problem in these days. they are not changed, the md5sums for them are correct.

    Manually launching msmtp for debugging give me this:


    asbesto@gemini:~/.ssl/certs$ msmtp -d --serverinfo --host=mail.xxx.org --tls=on --tls-certcheck=on --tls-trust-file=./xxxmsmtp.pem
    host = mail.xxx.org
    port = 25
    timeout = off
    protocol = smtp
    domain = localhost
    auth = none
    user = (not set)
    password = (not set)
    ntlmdomain = (not set)
    tls = on
    tls_starttls = on
    tls_trust_file = ./xxxmsmtp.pem
    tls_key_file = (not set)
    tls_cert_file = (not set)
    tls_certcheck = on
    tls_force_sslv3 = off
    <-- 220 xxx.org ESMTP Postfix (Debian/GNU)
    --> EHLO localhost
    <-- 250-xxx.org
    <-- 250-PIPELINING
    <-- 250-SIZE 10240000
    <-- 250-VRFY
    <-- 250-ETRN
    <-- 250-STARTTLS
    <-- 250-ENHANCEDSTATUSCODES
    <-- 250-8BITMIME
    <-- 250 DSN
    --> STARTTLS
    <-- 220 2.0.0 Ready to start TLS
    msmtp: TLS certificate verification failed: the certificate is not trusted
    asbesto@gemini:~/.ssl/certs$
    my msmtprc:


    asbesto@gemini:~$ cat .msmtprc
    account default
    host mail.xxx.org
    port 25
    from asbesto@xxx.org
    auth on
    user asbesto@xxx.org
    password eatmyshorts
    tls on
    tls_certcheck on
    tls_starttls on
    tls_trust_file /home/asbesto/.ssl/certs/xxxmsmtp.pem
    logfile ~/.msmtp_log
    asbesto@gemini:~$

    and in my muttrc I have these lines:


    set certificate_file="/home/asbesto/.ssl/certs/ca-freaknetdyne.cer"
    set sendmail ="/usr/bin/msmtp -d"
    the -d is for debugging, and it gave me this output when sending mail from mutt:


    msmtp: TLS certificate verification failed: the certificate is not trusted
    msmtp: could not send mail (account default from /home/asbesto/.msmtprc)
    ignoring system configuration file /etc/msmtprc: No such file or directory
    loaded user configuration file /home/asbesto/.msmtprc
    using account default from /home/asbesto/.msmtprc
    host = mail.xxx.org
    port = 25
    timeout = off
    protocol = smtp
    domain = localhost
    auth = choose
    user = asbesto@xxx.org
    password = *
    ntlmdomain = (not set)
    tls = on
    tls_starttls = on
    tls_trust_file = /home/asbesto/.ssl/certs/xxxmsmtp.pem
    tls_key_file = (not set)
    tls_cert_file = (not set)
    tls_certcheck = on
    tls_force_sslv3 = off
    auto_from = off
    maildomain = (not set)
    from = asbesto@xxx.org
    dsn_notify = (not set)
    dsn_return = (not set)
    keepbcc = off
    logfile = /home/asbesto/.msmtp_log
    syslog = (not set)
    reading recipients from the command line
    <-- 220 xxx.org ESMTP Postfix (Debian/GNU)^M
    --> EHLO localhost^M
    <-- 250-xxx.org^M
    <-- 250-PIPELINING^M
    <-- 250-SIZE 10240000^M
    <-- 250-VRFY^M
    <-- 250-ETRN^M
    <-- 250-STARTTLS^M
    <-- 250-ENHANCEDSTATUSCODES^M
    <-- 250-8BITMIME^M
    <-- 250 DSN^M
    --> STARTTLS^M
    <-- 220 2.0.0 Ready to start TLS^M
    Output of the delivery process
    Bottom of message is shown.


    I also tried to re-create the tls certs, as I used to do every time, in this way:



    mkdir -p ~/.ssl/certs

    cd ~/.ssl/certs

    wget http://www.xxx.org/ca-xxx.cer

    openssl x509 -in ca-xxx.cer -out xxxmsmtp.pem

    I'm really going NUTS for this!

    Yesterday at 18:00 I was able to send emails.
    this morning, NO MORE:


    Nov 28 15:09:22 host=mail.xxx.org tls=on auth=on user=asbesto@freaknet.org from=asbesto@xxx.org recipients=corto@lalala.org mailsize=1527 exitcode=EX_OK

    Nov 29 11:43:06 host=mail.xxx.org tls=on auth=on user=asbesto@xxx.org from=asbesto@xxx.org recipients=corto@lalala.org errormsg='TLS certificate verification failed: the certificate is not trusted' exitcode=EX_UNAVAILABLE
    I upgraded some packages in my ubuntu, in particular, from my /var/log/apt/term.log I see:


    Preparing to replace libgnutls26 2.4.1-1build1 (using .../libgnutls26_2.4.1-1ubuntu0.1_i386.deb) ...
    Unpacking replacement libgnutls26 ...

    Setting up libgnutls26 (2.4.1-1ubuntu0.1) ...
    Maybe some BUG in this new libgnutls26 library?

    Can anyone help me ?

    I'm GONE NUTS.

    Downgrading from libgnutls26-2.4.1-1ubuntu0.1 to libgnutls26-build1 SOLVED THE PROBLEM.

    Now, some info:

    http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=505279

    It seem that this was a well common bug in Debian since November 11.

    PLEASE, when upgrading a package, PLEASE DO THE BEST YOU CAN AS A DEVELOPER, BECAUSE USERS CAN GET VERY ANGRY! (please remember the infaust firefox 3 BETA included in a default ubuntu installation, what an HORROR)
    Last edited by jpeddicord; November 30th, 2008 at 02:14 AM.

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •