linux ssmtp error Cannot open smtp.gmail.com:587
22,026
Did you check if your selinux enabled?
Also, you may need this option:
- TLS_CA_Dir
- A directory of trusted certificates for validating the server, if required.
Basically tell your system where your CA certs are so that it doesn't think Gmail has an invalid cert.
Related videos on Youtube
![mackowiakp](https://i.stack.imgur.com/ohtAH.jpg?s=256&g=1)
Author by
mackowiakp
Updated on September 18, 2022Comments
-
mackowiakp almost 2 years
I can not route may emails vie gmail.com. I use ssmtp facility. My config files in /etc/ssmtp are
root:[email protected]:smtp.gmail.com:587 maciek:[email protected]:smtp.gmail.com:587
and ssmtp.conf:
rewriteDomain=gmail.com [email protected] [email protected] [email protected] UseTLS=YES UseSTARTTLS=YES [email protected] AuthPass=MyPass FromLineOverride=YES
So I try:
# mail [email protected] Subject: ddd ddd . EOT # send-mail: Cannot open smtp.gmail.com:587
Nothing block the traffic to gmail server as shown below:
$ telnet smtp.gmail.com 587 Trying 173.194.70.108... Connected to smtp.gmail.com. Escape character is '^]'. 220 mx.google.com ESMTP n1sm56130900eep.20 - gsmtp ehlo 250-mx.google.com at your service, [83.25.153.55] 250-SIZE 35882577 250-8BITMIME 250-STARTTLS 250-ENHANCEDSTATUSCODES 250 CHUNKING quit 221 2.0.0 closing connection n1sm56130900eep.20 - gsmtp Connection closed by foreign host.
Logs from my system journalctl:
Dec 11 22:45:55 piotr sSMTP[7571]: Creating SSL connection to host Dec 11 22:45:55 piotr sSMTP[7571]: SSL not working: certificate verify fail...0) Dec 11 22:45:55 piotr sSMTP[7571]: Cannot open smtp.gmail.com:587
No other MTA agent is installed on this computer (like sendmail). So what I am configuring wrong?
-
Wesley over 10 yearsCheck
/var/log
forssmtp
logs and see what they say. -
mackowiakp over 10 yearsMy system use journalctl. So You have: Dec 11 22:45:55 piotr sSMTP[7571]: Creating SSL connection to host Dec 11 22:45:55 piotr sSMTP[7571]: SSL not working: certificate verify fail...0) Dec 11 22:45:55 piotr sSMTP[7571]: Cannot open smtp.gmail.com:587
-
Wesley over 10 yearsOkay, that could be of use. Add that to the question because in so doing, you'll bump it back up to the top of the question queue and get more eyeballs on it.
-
Zulakis over 8 yearsssmtp does NOT verify the SSL/TLS certificate of the remote server on the current debian, ubuntu and redhat releases and also does NOT verify the hostname of the certificate. This is a major issue, as this effectively renders the encryption useless and your password is being transmitted alike to being plaintext and anyone can sniff it. ssmtp has had no active development since atleast 2009. So, if you care about the security of the email account you use for your servers outgoing emails, do NOT use ssmtp, but postfix (or something else) instead: unix.stackexchange.com/a/118101/72087
-
-
mackowiakp over 10 yearsOK. THX. You help me. It works! I just add the line: TLS_CA_File=/etc/pki/tls/certs/ca-bundle.crt
-
Læti almost 8 yearsAll email servers around the Internet wants the other servers sending mail to them respect the standards. This is what standards are for. Obviously, using an email address as a hostname is not standard compliant.
-
FooBee about 7 yearsIf you try to answer old questions, please check the other answers. Obviously, the problem was something else.
-
Jesus H over 3 yearsThis pointed me in the right direction. I uncommented the existing TLS_CA_File line, and it worked, no need to add TLS_CA_Dir in my case. I verified that ca-bundle.crt file already existed on my system.