Operation timed out with smtp.gmail.com - please help
mexas at bristol.ac.uk
Sat Mar 30 17:23:45 UTC 2013
Date: Sat, 30 Mar 2013 07:49:19 -0400
From: Jerry <jerry at seibercom.net>
To: FreeBSD <freebsd-questions at freebsd.org>
Subject: Re: Operation timed out with smtp.gmail.com - please help
On Sat, 30 Mar 2013 10:49:45 +0000
Matthew Seaman articulated:
> Given you're seeing that CONNECTED message there, it certainly does.
> The problem with that openssl command seems to be the 'unable to get
> local issuer certificate' part. That's possibly openssl being pickier
> about verifying certs than sendmail would be, but that certificate
> verification step is probably where you're coming adrift. You need to
> have the intermediate certs used by Google in your cacert.pem file, so
> sendmail will trust the smtp.gmail.com cert. Check the 'confCACERT'
> setting in your sendmail.mc. I have a block of code like this:
> define(`CERT_DIR', `MAIL_SETTINGS_DIR`'certs')dnl
> define(`confCACERT_PATH', `CERT_DIR')dnl
> define(`confCACERT', `CERT_DIR/cacert.pem')dnl
> define(`confSERVER_CERT', `CERT_DIR/cert.pem')dnl
> define(`confSERVER_KEY', `CERT_DIR/key.pem')dnl
> define(`confCLIENT_CERT', `CERT_DIR/cert.pem')dnl
> define(`confCLIENT_KEY', `CERT_DIR/key.pem')dnl
> which allows me to put all the keys and certs in /etc/mail/certs/
If you really need the Gmail certs, you can use this to get them:
openssl s_client -connect smtp.gmail.com:587 -starttls smtp -showcerts
If you feel you really need the "Equifax Secure Certificate Authority"
pem, go here <http://www.geotrust.com/resources/root-certificates/> and
Again, how to set up Sendmail is a task I leave for the student.
Jerry, Matthew, thank you
I think I got it working.
In addition to your advice, this guide was very helpful:
It seems these two options were required:
define(`RELAY_MAILER_ARGS', `TCP $h 587')
define(`ESMTP_MAILER_ARGS', `TCP $h 587')
More information about the freebsd-questions