Operation timed out with smtp.gmail.com - please help

[Jerry]

On Sat, 30 Mar 2013 10:49:45 +0000
Matthew Seaman articulated:

> Given you're seeing that CONNECTED message there, it certainly does.
> The problem with that openssl command seems to be the 'unable to get
> local issuer certificate' part.  That's possibly openssl being pickier
> about verifying certs than sendmail would be, but that certificate
> verification step is probably where you're coming adrift.  You need to
> have the intermediate certs used by Google in your cacert.pem file, so
> sendmail will trust the smtp.gmail.com cert.  Check the 'confCACERT'
> setting in your sendmail.mc.  I have a block of code like this:
> 
> define(`CERT_DIR', `MAIL_SETTINGS_DIR`'certs')dnl
> define(`confCACERT_PATH', `CERT_DIR')dnl
> define(`confCACERT', `CERT_DIR/cacert.pem')dnl
> define(`confSERVER_CERT', `CERT_DIR/cert.pem')dnl
> define(`confSERVER_KEY', `CERT_DIR/key.pem')dnl
> define(`confCLIENT_CERT', `CERT_DIR/cert.pem')dnl
> define(`confCLIENT_KEY', `CERT_DIR/key.pem')dnl
> 
> which allows me to put all the keys and certs in /etc/mail/certs/

If you really need the Gmail certs, you can use this to get them:

openssl s_client -connect smtp.gmail.com:587 -starttls smtp -showcerts

If you feel you really need the "Equifax Secure Certificate Authority"
pem, go here <http://www.geotrust.com/resources/root-certificates/> and
download it.

Again, how to set up Sendmail is a task I leave for the student.

-- 
Jerry ♔

Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the Reply-To header.
__________________________________________________________________

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: not available
URL: <http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20130330/7c5c0cbb/attachment.sig>