[Alpine-info] tls on arch linux and gmx/1und1

Markus Schlager m.slg at gmx.de
Fri Jun 3 14:28:40 PDT 2016


Hi all,

I'm using alpine 2.20 on manjaro, a derivative of arch linux, and mail
accounts at gmx.de and 1und1.de. I used to have the corresponding roles
configured with SMTP-settings like

SMTP=mail.gmx.de/ssl/novalidate-cert/user=MY_UID

Since June 1st both providers are enforcing tls-encryption, whence my
setup for sending mails fails.

Is there anybody using a similar setup with tls working? Any hints are
appreciated.

I changed my settings to

SMTP=mail.gmx.de/tls/novalidate-cert/user=MY_UID

and tried to follow https://www.madboa.com/geek/pine-ssl/ and hints at
https://www.madboa.com/geek/openssl/

'openssl version -d' returns OPENSSLDIR: "/etc/ssl"

Hence I copied all certificates of the CA-chain to
/etc/ca-certificates/extracted/cadir/, created their x506-hashes and
symlinked them to /etc/ssl/certs/CERTIFICATE.pem and /etc/ssl/certs/HASH.0
Unfortunately this doesn't work.

Is this the right place for the certificates? strace shows only that
alpine reads /etc/ssl/cert.pem. Which other certificates is alpine looking
for - and *where*?


On sending a mail I'm still encountering a timeout. .pine-debug looks like

---8x-----------------------
IMAP 22:25:27 6/3 mm_log babble: Trying IP address [212.227.17.168]
IMAP DEBUG 22:25:28 6/3: 220 gmx.com (mrgmx103) Nemesis ESMTP Service
ready
IMAP DEBUG 22:25:28 6/3: EHLO renfting.fritz.box
IMAP DEBUG 22:25:28 6/3: 250-gmx.com Hello renfting.fritz.box
[91.235.9.75]
IMAP DEBUG 22:25:28 6/3: 250-SIZE 69920427
IMAP DEBUG 22:25:28 6/3: 250-AUTH LOGIN PLAIN
IMAP DEBUG 22:25:28 6/3: 250 STARTTLS
IMAP DEBUG 22:25:28 6/3: STARTTLS
IMAP DEBUG 22:25:28 6/3: 220 OK
IMAP DEBUG 22:25:28 6/3: EHLO renfting.fritz.box
IMAP DEBUG 22:25:28 6/3: 250-gmx.com Hello renfting.fritz.box
[91.235.9.75]
IMAP DEBUG 22:25:28 6/3: 250-SIZE 69920427
IMAP DEBUG 22:25:28 6/3: 250 AUTH LOGIN PLAIN
IMAP DEBUG 22:25:28 6/3: AUTH PLAIN
tcptimeout: waited 15 seconds, server: mail.gmx.net
tcptimeout: waited 30 seconds, server: mail.gmx.net
tcptimeout: waited 45 seconds, server: mail.gmx.net
tcptimeout: waited 60 seconds, server: mail.gmx.net
tcptimeout: waited 82 seconds, server: mail.gmx.net
tcptimeout: waited 104 seconds, server: mail.gmx.net
IMAP DEBUG 22:27:28 6/3: 334 421 gmx.com Service closing transmission
channel - command timeout
IMAP 22:27:28 6/3 mm_log error: SMTP SERVER BUG (invalid challenge): 421
gmx.com Service closing transmission channel - command timeout
IMAP 22:27:28 6/3 mm_log error: Can not authenticate to SMTP server: 334
421 gmx.com Service closing transmission channel - command timeout
IMAP DEBUG 22:27:28 6/3: QUIT
call_mailer ERROR: Error sending: Can not authenticate to SMTP server: 334
421 gmx.com Service closing transmissio
Send failed, continuing
---x8-----------------------

I'm not using IMAP but POP3 with fetchmail. Hence I don't know whether
there's a problem with receiving mails as well.

fetchmail is working fine with ssl - as well as thunderbird and postfix.
Only alpine seems to fail. For the moment I configured alpine to use a
local postfix which is relaying the mails to mail.gmx.de or smtp.1und1.de.

I'd like to omit the local postfix for sending and may even use IMAP with
1und1. How?

Markus



More information about the Alpine-info mailing list