1. Home
  2. Raspberry Pi Group
  3. Why can't RPi email?

Why can't RPi email?

I've been struggling - trying to get my RPi to send me an e-mail. This is on a wifi connection. Having configured ssmtp.conf and revaliases (as per

formatting link
it's still not working. I can login to gmail.com with the browser, have relaxed the checking. When I try: echo "TEST" | sendmail -v snipped-for-privacy@mydest.edu I get a series of lines that shows the dialog between google and the RPi. All seems well - the ELHO looks good, it starts using TLS, then attempts AUTH LOGIN. After a few lines of gibberish it gives the dreaded Authorization Failed error message with a reference to the google support message 14257.

I've checked and rechecked the AuthUser and AuthPass data, and they appear correct. I've logged into gmail.com with those same values - on the RPi - and it works.

This is on a new RPi-2 with a Edimax (realtek) wifi device. Raspbian with all updates.

The one possible questionable message is in /var/log/mail.info, it has lines indicating that SSL connection is attempting to use RSA_ARCFOUR_SHA1. Is that what it should be using?

Any hints on how I might diagnose this problem would be appreciated!

TIA!

Reply to
Frank Miles
Loading thread data ...

Probably not SSL/TLS probably.

formatting link

its TLS you need

formatting link 

--
New Socialism consists essentially in being seen to have your heart in  
the right place whilst your head is in the clouds and your hand is in  
someone else's pocket.
Reply to
The Natural Philosopher

Is the RPi sending a "from" address that is different to the gmail address? If so, as will as relaxing the User Agent checking, you also have to enter all the foreign "from" addresses you might want to use somewhere in the Gmail web site. It's a damn nuisance in my case.

--

Graham. 

%Profound_observation%
Reply to
Graham.

More here

formatting link

and here

formatting link

looks like START TLS and port 587 is the magic combo add these to the conf file

UseTLS=YES UseSTARTTLS=YES mailhub=smtp.gmail.com:587

--
New Socialism consists essentially in being seen to have your heart in  
the right place whilst your head is in the clouds and your hand is in  
someone else's pocket.
Reply to
The Natural Philosopher

When was your last update?

A number of SSL encryption standards have recently been deprecated recently because they're fundamentally broken and, as a result, are being removed. This is why you may have also seen HTTPS connection refusals if you're using the latest Firefox version: its the same thing.

If you, as the client end (still using a deprecated cypher), try to open an encrypted connection to a server that no longer supports that cypher, then you'll get the connection request refused with that type of rejection.

Unless you're an SSL maven about all you can do is update your RPi and, if the problem is still there, raise a bug with the the RPi sendmail maintainers.

The same thing can also bite you the other way round: I had a problem last week when Firefox 39.0, which no longer supports the deprecated cypher, got its https connection refused by a government server[1] which

*only* supported the deprecated cypher. I fired up an old version of Opera (12.16), guessing that used the deprecated cypher. It did, and I was able to use it to do the job. I also raised a bug with the server admins, who are on the case and seemed happy to get the heads-up, but are taking their time to get the change made (probably due to the bureaucratic faff that impacts any changes made to a government or banking server). [1] a helpful bunch of sysadmins, so no names, no pack drill except to say it isn't a UK Government server 
--
martin@   | Martin Gregorie 
gregorie. | Essex, UK 
org       |
Reply to
Martin Gregorie

Thanks, tnp (and Martin and Graham). So far no improvement. I UseSTARTTLS setting, tried UseTLS on and absent. Still nothing. I've tried quite a few variants that I've found on various web sites to no avail.

At this point I'm wondering: is there something magical about using gmail? Might there be some alternative system? At least to debug whatever is happening? This is eating 'way too much time...

Reply to
Frank Miles

well you can use your isps mail relay.

Id be more helpful but I don't use gmail. I run my own mail relay and server on te big bad internet, and exim and postfix, not ssmtp

--
New Socialism consists essentially in being seen to have your heart in  
the right place whilst your head is in the clouds and your hand is in  
someone else's pocket.
Reply to
The Natural Philosopher

Looking in my Icedove on my desktop Debian, I see I have port 465 - not

587 - and SSL/TLS. 
--
--
Reply to
Björn Lundin

I had tried the 465 port some iterations ago, to no avail. Something must have been changed for the better since then, because testing it once more with port 465 seemed "better". Sadly, still not really working. With Debug=YES in ssmtp.conf I find in /var/log/mail.info: Set MailHubs="smtp.gmail.com" via SMTP Port Number="465" Creating SSL connection to host

Unfortunately neither echo "TEST" | sendmail -v me@host nor cat test-mail | ssmtp me@host actually sends mail -- both commands hang. Ctrl-C and Ctrl-D do nothing, it requires a Ctrl-Z with a 'kill -9 ...' to terminate the e-mail attempt. Nothing is delivered to me@host.

If I wait a really long time I get a "ssmtp: Connection lost in middle of processing.

This seems better than before, if not quite there.

Reply to
Frank Miles

Some ISPs block outgoing email that isn't delivered through their own mail servers. This can help prevent spam.

--
-Toby 
Add the word afiduluminag to the subject to circumvent my email filters.
Reply to
Toby Newman

" I've logged into gmail.com with those same values - on the RPi - and it works."

which makes your statement meaningless, or rather not helpful, sadly.

I still say that there is simply an issue of getting the right port.and encryption format set up. That's all.

--
New Socialism consists essentially in being seen to have your heart in  
the right place whilst your head is in the clouds and your hand is in  
someone else's pocket.
Reply to
The Natural Philosopher

I've finally got mail running - hurrah! However it isn't using ssmtp. Nothing seemed to help with that. Instead I installed exim as described very thoroughly in:

formatting link

Initially restarting exim whined about no IPv6 (modprobe ipv6 fixes that).

Mail successfully sent to my intended target machine on the very first try.

Thanks to all for your thoughtful replies! -F

Reply to
Frank Miles

yeah. I use exim here and its a bitch to set up, but runs flawlessly once you have the right magic spells in place. Postfix is similar.

If Id known you are doing exim Id have posted my conf files..I use TLS to send

--
New Socialism consists essentially in being seen to have your heart in  
the right place whilst your head is in the clouds and your hand is in  
someone else's pocket.
Reply to
The Natural Philosopher

Thanks. However I hadn't been using exim initially. Most of the recommendations I'd found avoided it for the simpler ssmtp. But I couldn't get ssmtp to work, and exim worked 1st time.

Reply to
Frank Miles

The original RFCs for eg. email were nice and simple. Then they introduced which wasn't a problem to extend the code to handle. But this SSL?TLS is a whole extra dark-layer and I can't find out how to test it decoupled/separate from the old familiar code.

We DIY enthusiasts are getting squeezed out, by big commercial interests. Everything seems to be going httpS !

Reply to
Unknown

Nope, not commercial interests, criminals. Just like in real life the more criminals there are the more security is needed. More security generally involves more inconvenience and expense for the defenders. It's a never ending escalation on both sides which makes it hard for the DIY to keep up.

Reply to
Joe Beanfish

I think its just a Gmail issue, they implemented new security measures. I had a problem with T-Bird on Windoze.

Have a look here:

formatting link

Posted August 16th, 2015, 12:05 PM : tanstaafl

formatting link
describes the settings that should be used for Gmail.

[...] That popup is probably due to OAuth2 being used as the default authentication method for Gmail, and something went wrong when they tried to display a popup to ask permission to create a token. Try setting it to "normal password". There is a button, I forget it if its called Manual or Advanced that lets you see and edit all of the settings used by the new account wizard. I suggest you log into
formatting link
using a browser and select ?Allow? to let less secure apps access your Google account before you do that, to avoid Gmail blocking your sign-in attempt if it does a security check. Afterwards you can change your account to use OAuth2 if you want. [...] 
--

They who can give up essential liberty to obtain a little temporary safety, 
 deserve neither liberty nor safety. - Ben Franklin
Reply to
G. Morgan

ElectronDepot website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.