I've been struggling - trying to get my RPi to send me an e-mail. This is on a wifi connection. Having configured ssmtp.conf and revaliases (as per
formatting link
it's still not working. I can login to gmail.com with the browser, have relaxed the checking. When I try: echo "TEST" | sendmail -v snipped-for-privacy@mydest.edu I get a series of lines that shows the dialog between google and the RPi. All seems well - the ELHO looks good, it starts using TLS, then attempts AUTH LOGIN. After a few lines of gibberish it gives the dreaded Authorization Failed error message with a reference to the google support message 14257.
I've checked and rechecked the AuthUser and AuthPass data, and they appear correct. I've logged into gmail.com with those same values - on the RPi - and it works.
This is on a new RPi-2 with a Edimax (realtek) wifi device. Raspbian with all updates.
The one possible questionable message is in /var/log/mail.info, it has lines indicating that SSL connection is attempting to use RSA_ARCFOUR_SHA1. Is that what it should be using?
Any hints on how I might diagnose this problem would be appreciated!
--
New Socialism consists essentially in being seen to have your heart in
the right place whilst your head is in the clouds and your hand is in
someone else's pocket.
Is the RPi sending a "from" address that is different to the gmail address? If so, as will as relaxing the User Agent checking, you also have to enter all the foreign "from" addresses you might want to use somewhere in the Gmail web site. It's a damn nuisance in my case.
--
New Socialism consists essentially in being seen to have your heart in
the right place whilst your head is in the clouds and your hand is in
someone else's pocket.
A number of SSL encryption standards have recently been deprecated recently because they're fundamentally broken and, as a result, are being removed. This is why you may have also seen HTTPS connection refusals if you're using the latest Firefox version: its the same thing.
If you, as the client end (still using a deprecated cypher), try to open an encrypted connection to a server that no longer supports that cypher, then you'll get the connection request refused with that type of rejection.
Unless you're an SSL maven about all you can do is update your RPi and, if the problem is still there, raise a bug with the the RPi sendmail maintainers.
The same thing can also bite you the other way round: I had a problem last week when Firefox 39.0, which no longer supports the deprecated cypher, got its https connection refused by a government server[1] which
*only* supported the deprecated cypher. I fired up an old version of Opera (12.16), guessing that used the deprecated cypher. It did, and I was able to use it to do the job. I also raised a bug with the server admins, who are on the case and seemed happy to get the heads-up, but are taking their time to get the change made (probably due to the bureaucratic faff that impacts any changes made to a government or banking server).
[1] a helpful bunch of sysadmins, so no names, no pack drill except to say it isn't a UK Government server
--
martin@ | Martin Gregorie
gregorie. | Essex, UK
org |
Thanks, tnp (and Martin and Graham). So far no improvement. I UseSTARTTLS setting, tried UseTLS on and absent. Still nothing. I've tried quite a few variants that I've found on various web sites to no avail.
At this point I'm wondering: is there something magical about using gmail? Might there be some alternative system? At least to debug whatever is happening? This is eating 'way too much time...
Id be more helpful but I don't use gmail. I run my own mail relay and server on te big bad internet, and exim and postfix, not ssmtp
--
New Socialism consists essentially in being seen to have your heart in
the right place whilst your head is in the clouds and your hand is in
someone else's pocket.
I had tried the 465 port some iterations ago, to no avail. Something must have been changed for the better since then, because testing it once more with port 465 seemed "better". Sadly, still not really working. With Debug=YES in ssmtp.conf I find in /var/log/mail.info: Set MailHubs="smtp.gmail.com" via SMTP Port Number="465" Creating SSL connection to host
Unfortunately neither echo "TEST" | sendmail -v me@host nor cat test-mail | ssmtp me@host actually sends mail -- both commands hang. Ctrl-C and Ctrl-D do nothing, it requires a Ctrl-Z with a 'kill -9 ...' to terminate the e-mail attempt. Nothing is delivered to me@host.
If I wait a really long time I get a "ssmtp: Connection lost in middle of processing.
This seems better than before, if not quite there.
" I've logged into gmail.com with those same values - on the RPi - and it works."
which makes your statement meaningless, or rather not helpful, sadly.
I still say that there is simply an issue of getting the right port.and encryption format set up. That's all.
--
New Socialism consists essentially in being seen to have your heart in
the right place whilst your head is in the clouds and your hand is in
someone else's pocket.
I've finally got mail running - hurrah! However it isn't using ssmtp. Nothing seemed to help with that. Instead I installed exim as described very thoroughly in:
formatting link
Initially restarting exim whined about no IPv6 (modprobe ipv6 fixes that).
Mail successfully sent to my intended target machine on the very first try.
yeah. I use exim here and its a bitch to set up, but runs flawlessly once you have the right magic spells in place. Postfix is similar.
If Id known you are doing exim Id have posted my conf files..I use TLS to send
--
New Socialism consists essentially in being seen to have your heart in
the right place whilst your head is in the clouds and your hand is in
someone else's pocket.
Thanks. However I hadn't been using exim initially. Most of the recommendations I'd found avoided it for the simpler ssmtp. But I couldn't get ssmtp to work, and exim worked 1st time.
The original RFCs for eg. email were nice and simple. Then they introduced which wasn't a problem to extend the code to handle. But this SSL?TLS is a whole extra dark-layer and I can't find out how to test it decoupled/separate from the old familiar code.
We DIY enthusiasts are getting squeezed out, by big commercial interests. Everything seems to be going httpS !
Nope, not commercial interests, criminals. Just like in real life the more criminals there are the more security is needed. More security generally involves more inconvenience and expense for the defenders. It's a never ending escalation on both sides which makes it hard for the DIY to keep up.
I think its just a Gmail issue, they implemented new security measures. I had a problem with T-Bird on Windoze.
Have a look here:
formatting link
Posted August 16th, 2015, 12:05 PM : tanstaafl
formatting link
describes the settings that should be used for Gmail.
[...] That popup is probably due to OAuth2 being used as the default authentication method for Gmail, and something went wrong when they tried to display a popup to ask permission to create a token. Try setting it to "normal password". There is a button, I forget it if its called Manual or Advanced that lets you see and edit all of the settings used by the new account wizard. I suggest you log into
formatting link
using a browser and select ?Allow? to let less secure apps access your Google account before you do that, to avoid Gmail blocking your sign-in attempt if it does a security check. Afterwards you can change your account to use OAuth2 if you want.
[...]
--
They who can give up essential liberty to obtain a little temporary safety,
deserve neither liberty nor safety. - Ben Franklin
ElectronDepot website is not affiliated with any of the manufacturers or service providers discussed here.
All logos and trade names are the property of their respective owners.