linux ssmtp error Cannot open smtp.gmail.com:587

linux email tls ssmtp

22,026

Did you check if your selinux enabled?

Also, you may need this option:

TLS_CA_Dir
- A directory of trusted certificates for validating the server, if required.

Basically tell your system where your CA certs are so that it doesn't think Gmail has an invalid cert.

22,026

mackowiakp

Updated on September 18, 2022

Comments

mackowiakp almost 2 years
I can not route may emails vie gmail.com. I use ssmtp facility. My config files in /etc/ssmtp are
```
root:[email protected]:smtp.gmail.com:587
maciek:[email protected]:smtp.gmail.com:587
```
and ssmtp.conf:
```
rewriteDomain=gmail.com
[email protected]
[email protected]
[email protected]
UseTLS=YES
UseSTARTTLS=YES
[email protected]
AuthPass=MyPass
FromLineOverride=YES
```
So I try:
```
# mail [email protected]
Subject: ddd
ddd
.
EOT
# send-mail: Cannot open smtp.gmail.com:587
```
Nothing block the traffic to gmail server as shown below:
```
$ telnet smtp.gmail.com 587
Trying 173.194.70.108...
Connected to smtp.gmail.com.
Escape character is '^]'.
220 mx.google.com ESMTP n1sm56130900eep.20 - gsmtp
ehlo
250-mx.google.com at your service, [83.25.153.55]
250-SIZE 35882577
250-8BITMIME
250-STARTTLS
250-ENHANCEDSTATUSCODES
250 CHUNKING
quit
221 2.0.0 closing connection n1sm56130900eep.20 - gsmtp
Connection closed by foreign host.
```
Logs from my system journalctl:
```
Dec 11 22:45:55 piotr sSMTP[7571]:
Creating SSL connection to host Dec 11 22:45:55 piotr sSMTP[7571]:
SSL not working: certificate verify fail...0) Dec 11 22:45:55 piotr sSMTP[7571]:
Cannot open smtp.gmail.com:587
```
No other MTA agent is installed on this computer (like sendmail). So what I am configuring wrong?
- Wesley over 10 years
  
  Check /var/log for ssmtp logs and see what they say.
- mackowiakp over 10 years
  
  My system use journalctl. So You have: Dec 11 22:45:55 piotr sSMTP[7571]: Creating SSL connection to host Dec 11 22:45:55 piotr sSMTP[7571]: SSL not working: certificate verify fail...0) Dec 11 22:45:55 piotr sSMTP[7571]: Cannot open smtp.gmail.com:587
- Wesley over 10 years
  
  Okay, that could be of use. Add that to the question because in so doing, you'll bump it back up to the top of the question queue and get more eyeballs on it.
- Zulakis over 8 years
  
  ssmtp does NOT verify the SSL/TLS certificate of the remote server on the current debian, ubuntu and redhat releases and also does NOT verify the hostname of the certificate. This is a major issue, as this effectively renders the encryption useless and your password is being transmitted alike to being plaintext and anyone can sniff it. ssmtp has had no active development since atleast 2009. So, if you care about the security of the email account you use for your servers outgoing emails, do NOT use ssmtp, but postfix (or something else) instead: unix.stackexchange.com/a/118101/72087
mackowiakp over 10 years

OK. THX. You help me. It works! I just add the line: TLS_CA_File=/etc/pki/tls/certs/ca-bundle.crt
Læti almost 8 years

All email servers around the Internet wants the other servers sending mail to them respect the standards. This is what standards are for. Obviously, using an email address as a hostname is not standard compliant.
FooBee about 7 years

If you try to answer old questions, please check the other answers. Obviously, the problem was something else.
Jesus H over 3 years

This pointed me in the right direction. I uncommented the existing TLS_CA_File line, and it worked, no need to add TLS_CA_Dir in my case. I verified that ca-bundle.crt file already existed on my system.