[Bug 274609] Committers Guide: SMTP configuration incomplete/lack of details

Reply: bugzilla-noreply_a_freebsd.org: "[Bug 274609] Committers Guide: SMTP configuration incomplete/lack of details"
Reply: bugzilla-noreply_a_freebsd.org: "[Bug 274609] Committers Guide: SMTP configuration incomplete/lack of details"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: <bugzilla-noreply_at_freebsd.org>
Date: Fri, 20 Oct 2023 15:11:56 UTC

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=274609

            Bug ID: 274609
           Summary: Committers Guide: SMTP configuration incomplete/lack
                    of details
           Product: Documentation
           Version: Latest
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Some People
          Priority: ---
         Component: Website
          Assignee: doc@FreeBSD.org
          Reporter: michaelo@FreeBSD.org

I started to set up my env at work for my FreeBSD cluster account. It turned
out that STARTTLS is actively blocked by ZScaler which I need to figure out
why:
> PS C:\deps-x64\openssl-3.0.11> .\openssl.exe s_client -connect smtp.FreeBSD.org:587 -starttls smtp  -brief
> write:errno=10060

Someone pointed me at work why I have not tried port 465 with TLS instead of
in-SMTP STARTTLS:
> PS C:\deps-x64\openssl-3.0.11> .\openssl.exe s_client -connect smtp.FreeBSD.org:465 -brief
> depth=2 C = US, O = Internet Security Research Group, CN = ISRG Root X1
> verify error:num=20:unable to get local issuer certificate
> CONNECTION ESTABLISHED
> Protocol version: TLSv1.3
> Ciphersuite: TLS_AES_256_GCM_SHA384
> Requested Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:Ed25519:Ed448:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:ECDSA+SHA1:RSA+SHA224:RSA+SHA1
> Peer certificate: CN = smtp.freebsd.org
> Hash used: SHA256
> Signature type: RSA-PSS
> Verification error: unable to get local issuer certificate
> Server Temp Key: X25519, 253 bits
> 220 smtp.freebsd.org ESMTP Postfix
> HELO sdf
> 250 smtp.freebsd.org
> ehlo sdf
> 250-smtp.freebsd.org
> 250-PIPELINING
> 250-SIZE 10240000
> 250-VRFY
> 250-ETRN
> 250-AUTH PLAIN LOGIN
> 250-ENHANCEDSTATUSCODES
> 250-8BITMIME
> 250-DSN
> 250-SMTPUTF8
> 250 CHUNKING
> QUIT
> DONE

and this work while the other one is not (verified with Wireshark).

Please update the documentation that smtp.FreeBSD.org supports *both* STARTTLS
via 587 and TLS via 465. This might solve a similar issue for others as well.

-- 
You are receiving this mail because:
You are the assignee for the bug.