starttls issue for gmail (3601 Views)
Reply
Super Advisor
zxcv
Posts: 226
Registered: ‎04-09-2010
Message 1 of 13 (3,601 Views)

starttls issue for gmail

Hi guys ,

am trying to configure smtp.gmail.com to enable to send mails to our corporate google apps mail id.

am getting the following error ;

 

 

050 530 5.7.0 Must issue a STARTTLS command first.

 

Please suggest what to do ?

hpux 11i v2

 

root #/ >sendmail -v tejas.chaudhari@xxx.in.
test from 29
tejas.chaudhari@xxx.in.... Connecting to [127.0.0.1] via relay...
220 xxx-dr.xxx.in ESMTP Sendmail @(#)Sendmail version 8.13.3 - Revision 1.007 - 3 February 2010/8.13.3; Sat, 28 Apr 2012 10:53:01 +0530 (IST)
>>> EHLO xxx-dr.xxx.in
250-xxx-dr.xxx.in Hello smmsp@localhost [127.0.0.1], pleased to meet you
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-EXPN
250-VERB
250-8BITMIME
250-SIZE
250-DSN
250-ETRN
250-DELIVERBY
250 HELP
>>> VERB
250 2.0.0 Verbose mode
>>> MAIL From:<tejas@xxx-dr.xxx.in> SIZE=13
250 2.1.0 <tejas@xxx-dr.xxx.in>... Sender ok
>>> RCPT To:<tejas.chaudhari@xxx.in>
>>> DATA
250 2.1.5 <tejas.chaudhari@xxx.in>... Recipient ok
354 Enter mail, end with "." on a line by itself
>>> .
050 <tejas.chaudhari@xxx.in>... Connecting to smtp.gmail.com via relay...
050 220 mx.google.com ESMTP qd3sm835490pbb.13
050 >>> EHLO xxx-dr.xxx.in
050 250-mx.google.com at your service, [180.179.66.213]
050 250-SIZE 35882577
050 250-8BITMIME
050 250-STARTTLS
050 250 ENHANCEDSTATUSCODES
050 >>> MAIL From:<tejas@xxx-dr.xxxdns.in> SIZE=387
050 530 5.7.0 Must issue a STARTTLS command first. qd3sm835490pbb.13
050 <tejas@xxx-dr.xxx.in>... Connecting to local...
050 <tejas@xxx-dr.xxx.in>... Sent
250 2.0.0 q3S5N1bX022612 Message accepted for delivery
tejas.chaudhari@xxx.in.... Sent (q3S5N1bX022612 Message accepted for delivery)
Closing connection to [127.0.0.1]
>>> QUIT
221 2.0.0 xxx-dr.xxx.in closing connection

 

=================================================

root #/etc/mail >grep "DS" sendmail.cf
# Relay all non-local mail to the "Smart" relay host (DS) via smtp: #
# to a smart relay via SMTP just set macro S (DS) to the name of the #
# Relay all non-local mail to the "Smart" relay host (DS) via UUCP: #
# make two chnages to this file. First, set macro S (DS) to the name #
DSsmtp.gmail.com
# noreceipts Don't return success DSN's
# Return-Receipt-To: header implies DSN request
# DHParameters (only required if DSA/DH is used)

 

Acclaimed Contributor
Dennis Handly
Posts: 25,283
Registered: ‎03-06-2006
Message 2 of 13 (3,599 Views)

Re: starttls issue for gmail

Perhaps it was sent anyway?

250 2.0.0 q3S5N1bX022612 Message accepted for delivery

Super Advisor
zxcv
Posts: 226
Registered: ‎04-09-2010
Message 3 of 13 (3,597 Views)

Re: starttls issue for gmail

Hi Dennis ,
But i didnt get in my mailbox
Honored Contributor
Steven Schweda
Posts: 9,096
Registered: ‎02-23-2005
Message 4 of 13 (3,590 Views)

Re: starttls issue for gmail

Super Advisor
zxcv
Posts: 226
Registered: ‎04-09-2010
Message 5 of 13 (3,567 Views)

Re: starttls issue for gmail

Hi Steven ,

 

Afetr heavy follow up on google i managed a ppt attached herewith.

Even afetr following the same am still not able to send mails to outside world i.e our corporate googleapps accnt zxcv@test.in

 

m gettng following error ;

 

root #/etc/mail >echo "Subject: test starttls"| sendmail -v -oL99 zxcv@test.in.
zxcv@test.in.... Connecting to smtp.gmail.com via relay...
220 mx.google.com ESMTP nv2sm7446510pbb.6
>>> EHLO cedge-dr.cedge.in
250-mx.google.com at your service, [180.179.66.213]
250-SIZE 35882577
250-8BITMIME
250-STARTTLS
250 ENHANCEDSTATUSCODES
>>> MAIL From:<ted@cedge-dr.cedge.in> SIZE=23
530 5.7.0 Must issue a STARTTLS command first. nv2sm7446510pbb.6
tejas... Connecting to [127.0.0.1] via relay...
220 cedge-dr.cedge.in ESMTP Sendmail @(#)Sendmail version 8.13.3 - Revision 1.007 - 3 February 2010/8.13.3; Fri, 4 May 2012 10:09:13 +0530 (IST)
>>> EHLO cedge-dr.cedge.in
250-cedge-dr.cedge.in Hello smmsp@localhost [127.0.0.1], pleased to meet you
250 ENHANCEDSTATUSCODES
>>> MAIL From:<>
451 4.3.0 Temporary system failure. Please try again later.
tejas... Deferred: 451 4.3.0 Temporary system failure. Please try again later.
Closing connection to [127.0.0.1]
>>> QUIT
221 2.0.0 cedge-dr.cedge.in closing connection
Closing connection to smtp.gmail.com
>>> QUIT
221 2.0.0 closing connection nv2sm7446510pbb.6

 

Why is it relaying through local host and not through smart relay..?

 

root #/etc/mail >grep "DS" sendmail.cf
# Relay all non-local mail to the "Smart" relay host (DS) via smtp:            #
#      to a smart relay via SMTP just set macro S (DS) to the name of the      #
# Relay all non-local mail to the "Smart" relay host (DS) via UUCP:            #
#      make two chnages to this file. First, set macro S (DS) to the name      #
DSsmtp.gmail.com
# noreceipts    Don't return success DSN's
# Return-Receipt-To: header implies DSN request
# DHParameters (only required if DSA/DH is used)

 

root #/etc/mail >grep "cert" sendmail.cf
# o CERT_DIR : The directory for storing sendmail certificates.                  #
# o confCACERT_PATH : The path that stores the certificates of all the           #
# o confCACERT : The file containing the certificate of the Certificate          #
#       Authority that issued this sendmail server's certificate.                #
#       certificate, the server's certificate used when acting as a              #
#       sendmail server's certificates.                                          #
O CACertPath=/etc/mail/certs
O CACertFile=/etc/mail/certs/CA/cacert.pem
O ServerCertFile=/etc/mail/certs/cert.pem
O ServerKeyFile=/etc/mail/certs/key.pem
O ClientCertFile=/etc/mail/certs/cert.pem
O ClientKeyFile=/etc/mail/certs/key.pem
# File containing certificate revocation lists
R<CS:$&{cert_subject}> $* $| <$+>       $@ $>"TLS_req" $1 $| <$2>
R<CS:$+> $* $| <$-:$+>  $#error $@ $4 $: $3 " Cert Subject " $&{cert_subject} " does not match " $1
R<CI:$&{cert_issuer}> $* $| <$+>        $@ $>"TLS_req" $1 $| <$2>
R<CI:$+> $* $| <$-:$+>  $#error $@ $4 $: $3 " Cert Issuer " $&{cert_issuer} " does not match " $1
R$*                     $: $&{cert_issuer}
RSUBJECT                $: <@> $&{cert_subject}


Super Advisor
zxcv
Posts: 226
Registered: ‎04-09-2010
Message 6 of 13 (3,553 Views)

Re: starttls issue for gmail

Hi ,

 

I have been trying for a while ,

 

root #/etc/mail >sendmail -v tejas.chaudhari@cedge.in.
test
tejas.chaudhari@cedge.in.... Connecting to [127.0.0.1] via relay...
220 cedge22.cedge.in ESMTP Sendmail @(#)Sendmail version 8.13.3 - Revision 1.007 - 3 February 2010/8.13.3; Mon, 7 May 2012 19:29:11 +0530 (IST)
>>> EHLO cedge22.cedge.in
250-cedge22.cedge.in Hello smmsp@localhost [127.0.0.1], pleased to meet you
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-EXPN
250-VERB
250-8BITMIME
250-SIZE
250-DSN
250-ETRN
250-STARTTLS
250-DELIVERBY
250 HELP
>>> VERB
250 2.0.0 Verbose mode
>>> MAIL From:<tejas@cedge22.cedge.in> SIZE=5
250 2.1.0 <tejas@cedge22.cedge.in>... Sender ok
>>> RCPT To:<tejas.chaudhari@cedge.in>
>>> DATA
250 2.1.5 <tejas.chaudhari@cedge.in>... Recipient ok
354 Enter mail, end with "." on a line by itself
>>> .
050 <tejas.chaudhari@cedge.in>... Connecting to smtp.gmail.com via relay...
050 220 mx.google.com ESMTP py6sm18287465pbc.13
050 >>> EHLO cedge22.cedge.in
050 250-mx.google.com at your service, [180.179.66.213]
050 250-SIZE 35882577
050 250-8BITMIME
050 250-STARTTLS
050 250 ENHANCEDSTATUSCODES
050 >>> STARTTLS
050 220 2.0.0 Ready to start TLS
050 >>> EHLO cedge22.cedge.in
050 250-mx.google.com at your service, [180.179.66.213]
050 250-SIZE 35882577
050 250-8BITMIME
050 250-AUTH LOGIN PLAIN XOAUTH
050 250 ENHANCEDSTATUSCODES
050 >>> MAIL From:<tejas@cedge22.cedge.in> SIZE=369
050 530-5.5.1 Authentication Required. Learn more at
050 530 5.5.1 http://support.google.com/mail/bin/answer.py?answer=14257 py6sm18287465pbc.13
050 <tejas@cedge22.cedge.in>... Connecting to local...
050 <tejas@cedge22.cedge.in>... Sent
250 2.0.0 q47DxBgF025388 Message accepted for delivery
tejas.chaudhari@cedge.in.... Sent (q47DxBgF025388 Message accepted for delivery)
Closing connection to [127.0.0.1]
>>> QUIT
221 2.0.0 cedge22.cedge.in closing connection

 

thanks in advance

Honored Contributor
Matti_Kurkela
Posts: 6,271
Registered: ‎12-02-2001
Message 7 of 13 (3,547 Views)

Re: starttls issue for gmail

Apparently the Google SMTP server has two requirements:

1.) You must use TLS encryption. According to the log of your latest attempt, you've managed to solve this. Good.

 

2.) You must present an username and password to the Google server before it allows you to send mail through it. This is why your latest attempt is failing.

 

Google is actually trying to help you:

050 530-5.5.1 Authentication Required. Learn more at
050 530 5.5.1 http://support.google.com/mail/bin/answer.py?answer=14257

 Unfortunately, the advice is written mainly for desktop users, and is not too useful for configuring Sendmail.

 

The standard documentation for Sendmail is the O'Reilly book Sendmail. For version 8.13.3, you'll want the 4th edition of the book (or if a newer edition exists, that might be even better). I really recommend this book for anyone who needs to really understand Sendmail.

 

(It's a very big book, but don't worry - more than half of the book is configuration item reference: use the first chapters and the Table of Contents to find the configuration items you need and ignore the rest.)

 

Chapter 5.1.5 of Sendmail, 4th edition is about SMTP AUTH, which is the authentication mechanism Google wants you to use. It says the username and password should be stored in either /etc/mail/access or /etc/mail/authinfo depending on the options chosen when building the Sendmail configuration file (= whether FEATURE(`authinfo') was included in the .mc that controls the building of the configuration file or not).

 

The necessary configuration line would be like:

AuthInfo:smtp.gmail.com "U:GoogleUser" "P:GooglePassword"

 Of course, you must replace "GoogleUser" and "GooglePassword" with the actual username & password you use to access Google with.

 

 

Both /etc/mail/access and /etc/mail/authinfo are source files for creating the actual access database or authinfo database: just editing the files (or creating them if they don't already exist) is probably not enough. You must also create the actual database file using the makemap command.

 

To create/update the access.db file, you should do this:

cd /etc/mail
makemap hash access.db < access

 Likewise, to create the authinfo.db file (if configured), you should do this:

cd /etc/mail
makemap hash authinfo.db < authinfo

 

You should first try putting the AuthInfo line to /etc/mail/access (create it if it does not already exist) and creating the access.db file; then restart Sendmail and try to send some messages.

 

If it does not work, remove the AuthInfo line from /etc/mail/access and put it into /etc/mail/authinfo, then create the authinfo.db file and try again.

 

Your previous test messages are probably stored into the local email queue directory on your server (/var/spool/mqueue): run mailq to display the mail queue in a more readable form. Once you get the authentication to work, all the queued test messages may be sent to smtp.google.com... so you might want to clear the /var/spool/mqueue directory first, to avoid flooding your mailbox.

MK
Super Advisor
zxcv
Posts: 226
Registered: ‎04-09-2010
Message 8 of 13 (3,544 Views)

Re: starttls issue for gmail

Hi Matti ,

 

After much R&D we have found that we can use aspmx.l.google.com in DS to send mails to our corporate google apps id.

But now we are facing one problem we have one application which has a config file asking for pop3 server details , when we put pop.gamil.com and we sent a mail to this id , in log we are getting pop.gamil.com timeout error.

 

Kindly guide us.

Super Advisor
zxcv
Posts: 226
Registered: ‎04-09-2010
Message 9 of 13 (3,538 Views)

Re: starttls issue for gmail

Hi Matti ,
My requirement is that i have a box which has a perl script which receives/accepts a mail and in turn processes the application.

It requires following inputs,
<POP3SVRIP>gmail-pop.l.google.com</POP3SVRIP>
<POP3SVRPORT>995</POP3SVRPORT>
<SMTPSVRIP>smtp.gmail.com</SMTPSVRIP>
<SMTPSVRPORT>587</SMTPSVRPORT>
<SMTPAUTH>SMTPAUTHNONE</SMTPAUTH>

Are my entries correct ?
there is no pop3 entry in my /etc/inetd.conf file
before this we were using this application with no issues.
Since we have shifted to google apps am having torrid time.
Super Advisor
zxcv
Posts: 226
Registered: ‎04-09-2010
Message 10 of 13 (3,530 Views)

Re: starttls issue for gmail

Hi Matti ,

 

I have a user id say xyz@cedge.in

if any1 sends a test mail to this id i must be able to download the same on a hp box ..which will be captured by my perl script running on that box.

Super Advisor
zxcv
Posts: 226
Registered: ‎04-09-2010
Message 11 of 13 (3,524 Views)

Re: starttls issue for gmail

Hi Matti ,

 

Tried ur auth options but still am getng the same error :(

 

root #/etc/mail >sendmail -v tejas.chaudhari@cedge.in.
test
tejas.chaudhari@cedge.in.... Connecting to [127.0.0.1] via relay...
220 vinayak.cedge.in ESMTP Sendmail @(#)Sendmail version 8.13.3 - Revision 1.007 - 3 February 2010/8.13.3; Tue, 8 May 2012 20:18:45 +0530 (IST)
>>> EHLO vinayak.cedge.in
250-vinayak.cedge.in Hello smmsp@localhost [127.0.0.1], pleased to meet you
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-EXPN
250-VERB
250-8BITMIME
250-SIZE
250-DSN
250-ETRN
250-STARTTLS
250-DELIVERBY
250 HELP
>>> VERB
250 2.0.0 Verbose mode
>>> STARTTLS
220 2.0.0 Ready to start TLS
>>> EHLO vinayak.cedge.in
250-vinayak.cedge.in Hello smmsp@localhost [127.0.0.1], pleased to meet you
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-EXPN
250-VERB
250-8BITMIME
250-SIZE
250-DSN
250-ETRN
250-DELIVERBY
250 HELP
>>> VERB
250 2.0.0 Verbose mode
>>> MAIL From:<tejas@vinayak.cedge.in> SIZE=5
250 2.1.0 <tejas@vinayak.cedge.in>... Sender ok
>>> RCPT To:<tejas.chaudhari@cedge.in>
>>> DATA
250 2.1.5 <tejas.chaudhari@cedge.in>... Recipient ok
354 Enter mail, end with "." on a line by itself
>>> .
050 <tejas.chaudhari@cedge.in>... Connecting to smtp.gmail.com via relay...
050 220 mx.google.com ESMTP qq5sm2596271pbc.40
050 >>> EHLO vinayak.cedge.in
050 250-mx.google.com at your service, [203.124.23.222]
050 250-SIZE 35882577
050 250-8BITMIME
050 250-STARTTLS
050 250-ENHANCEDSTATUSCODES
050 250 PIPELINING
050 >>> STARTTLS
050 220 2.0.0 Ready to start TLS
050 >>> EHLO vinayak.cedge.in
050 250-mx.google.com at your service, [203.124.23.222]
050 250-SIZE 35882577
050 250-8BITMIME
050 250-AUTH LOGIN PLAIN XOAUTH
050 250-ENHANCEDSTATUSCODES
050 250 PIPELINING
050 >>> MAIL From:<tejas@vinayak.cedge.in> SIZE=356
050 530-5.5.1 Authentication Required. Learn more at
050 530 5.5.1 http://support.google.com/mail/bin/answer.py?answer=14257 qq5sm2596271pbc.40
050 <tejas@vinayak.cedge.in>... Connecting to local...
050 <tejas@vinayak.cedge.in>... Sent
250 2.0.0 q48Emj00023354 Message accepted for delivery
tejas.chaudhari@cedge.in.... Sent (q48Emj00023354 Message accepted for delivery)
Closing connection to [127.0.0.1]
>>> QUIT
221 2.0.0 vinayak.cedge.in closing connection

 

Am gettng the following in my mail.log

 

May  8 20:20:01 vinayak sm-mta[29777]: q48Eo1Xi029752: q48Eo1Xh029777: DSN: Insufficient permission
May  8 20:20:01 vinayak sm-mta[29777]: q48Eo1Xh029777: to=<root@vinayak.cedge.in>, delay=00:00:00, xdelay=00:00:00, mailer=local, pri=32044, dsn=2.0.0, stat=Sent

Honored Contributor
Matti_Kurkela
Posts: 6,271
Registered: ‎12-02-2001
Message 12 of 13 (3,503 Views)

Re: starttls issue for gmail

<POP3SVRIP>gmail-pop.l.google.com</POP3SVRIP>
<POP3SVRPORT>995</POP3SVRPORT>
<SMTPSVRIP>smtp.gmail.com</SMTPSVRIP>
<SMTPSVRPORT>587</SMTPSVRPORT>
<SMTPAUTH>SMTPAUTHNONE</SMTPAUTH>

 That configuration input seems to suggest that the Perl script communicates with the POP3/SMTP servers directly, so Sendmail might not be involved at all. If you can make it connect the Google POP3 server directly, maybe you won't need a local POP3 server in your /etc/inetd.conf at all. It might still be useful to configure the local Sendmail to send messages through the Google servers, but if the script/application can process the mails directly, it might not be absolutely necessary.

 

Time-out errors often mean network communication problems. More specifically, it often (but not always) means there is a network firewall that has not been configured to accept the connection. If your network contains firewalls, contact your firewall administrator and continue troubleshooting with him/her.

 

Without knowing more about the Perl script, I cannot suggest very much about it. But since the Google server requires authentication, I strongly suspect that "SMTPAUTHNONE" (which seems to mean "no SMTP authentication") is not the right choice. You would need to find some documentation for the Perl script that would describe the correct syntax for specifying the username and password (or any other authentication details) required by Google.

 

Are you sure the Perl script includes support for SSL/TLS-encrypted POP3 and SMTP (also known as pop3s and smtps)? If Google requires you to use the encrypted versions for security, and the script only supports the non-encrypted protocols, the script will fail.

 

If the Perl script has no SSL support, the "stunnel" application might be a possible workaround. You might configure stunnel in client mode as an inetd-based service on your local host (using whatever port number is free). The script would then be configured to connect to the stunnel service instead of the real Google POP3 server: the stunnel application would receive the connection, and forward it with SSL encryption to the Google server. A similar configuration is probably possible for SMTP too (although you will need the "protocol=smtp" option to enable special processing for STARTTLS).

 

For HP-UX 11.23 and newer, Stunnel is available for free from HP as part of the Internet Express package:

https://h20392.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber=HPUXIEXP1123

https://h20392.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber=HPUXIEXP1131

 

Stunnel documentation and examples are available here:

http://www.stunnel.org/?page=docs

 

Sorry about the late answer...

MK
Occasional Visitor
Advanced
Posts: 1
Registered: ‎11-26-2013
Message 13 of 13 (2,974 Views)

Re: starttls issue for gmail

I worked around this same issue with SIM using stunnel, which allows using the same system as a gateway listening on port 25 for local requests and gmail's 465 for the responses from gmail.

The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation.