| === Hash is now known as EnchanterTim | ||
| BCB | I'm connecting from a server in the cloud to a server on the ground to send an email through port 587 | 01:13 |
|---|---|---|
| BCB | from the command line: openssl s_client -connect server.my-grounded-server.net:587 | 01:13 |
| BCB | the response is: 140185774434048:error:1408F10B:SSL routines:ssl3_get_record:wrong version number:../ssl/record/ssl3_record.c:332: | 01:13 |
| sarnold | try using s_client -tls1_1 .. -tls1_2 etc kinds of flags; search for -bugs in the s_client manpage for a few more ideas to try | 01:18 |
| BCB | I ran this: openssl s_client -tls1_1 -connect server.my-grounded-server.net:587 | 01:20 |
| BCB | and it returned:140117241747200:error:1408F10B:SSL routines:ssl3_get_record:wrong version number:../ssl/record/ssl3_record.c:332: | 01:20 |
| BCB | sarnold: any thoughts | 01:22 |
| sarnold | keep trying the various flags mentioned near -bugs in the manpage, one of them might work | 01:23 |
| BCB | copy | 01:23 |
| BCB | sarnold all of these flags are failing. Does the flag go after openssl OR s_client OR -connect ?? | 01:27 |
| sarnold | BCB: after s_client -- eg: openssl s_client -tls1_2 -connect irc.oftc.net:6697 | 01:32 |
| BCB | sarnold no chances. It is also reporting: no peer certificate available AND No client certificate CA names sent | 01:45 |
| sarnold | BCB: dang. I was hoping that one of those would just fix it for you :/ | 01:46 |
| BCB | *changes | 01:46 |
| BCB | me too! | 01:46 |
| sarnold | BCB: 'no peer certificate' makes sense, because the TLS session negotiation failed to agree on even the basic version of TLS to use | 01:47 |
| sarnold | BCB: 'no client certificate' makes sense, you didn't use -cert ... and -key ... to request one to be used | 01:47 |
| BCB | sarnold: the openssl connection works on port :443 but NOT on port :567 | 01:49 |
| BCB | *587 | 01:49 |
| BCB | sarnold let me check my certs on the grounded server | 01:50 |
| sarnold | BCB: ohh, promising | 01:50 |
| BCB | sarnold seem to be all good. that server got A+ on Qualys SSL Labs server test??? | 01:53 |
| BCB | sarnold so I ~don't~ think it's a certificate issue. | 01:54 |
| sarnold | BCB: hmm, strange, I thought qualys only checked HTTPS and didn't do anything for submission | 01:54 |
| BCB | my submission used my ssl cert for the site | 01:56 |
| BCB | *uses | 01:56 |
| sarnold | sure, but afaik qualys can't tell you if you've got your MTA configured correctly.. | 01:57 |
| BCB | sarnold mxtoolbox shows all good when I test my mailserver there. Maybe it is on the sending server. | 01:59 |
| sarnold | BCB: do your system logs show them testing port 587? or just 25? | 02:02 |
| BCB | sarnold what do you mean "testing" the mail server is set up to receive submissions on 587 | 02:09 |
| sarnold | BCB: whatever it is that mxtoolbox does | 02:09 |
| kenyon | BCB: usually you have to do -starttls with submission, it doesn't do TLS directly | 02:43 |
| kenyon | `-starttls smtp` | 02:44 |
| sarnold | OH MAN | 02:45 |
| sarnold | can't believe I forgot that :( | 02:45 |
| BCB | kenyon someone on #postfix just told me that! But why did the cmd with out '-starttls smtp' work previously ?? | 02:47 |
| BCB | kenyon I don't understand why it is failing now. | 02:47 |
| kenyon | BCB: maybe you weren't testing against an smtp server before | 02:48 |
| kenyon | or you were testing with smtps port 465 which does direct TLS | 02:48 |
| BCB | kenyon no it was on a production server that worked fine | 02:49 |
| BCB | nope port 587 for ever | 02:49 |
| BCB | ANYWAY I'm using phpmailer. Now how do I tell that use use '-starttls smtp' when making the connections?? | 02:49 |
| BCB | kenyon my emailserver supports STARTTLS https://pastbin.net/raw/untitled-404 | 02:53 |
| kenyon | BCB: looks like you do `$mail->SMTPSecure = PHPMailer::ENCRYPTION_STARTTLS;` | 02:53 |
| BCB | kenyon: thanks. let me try that | 02:53 |
| BCB | kenyon: did you get that from a link on the web??' | 02:53 |
| kenyon | BCB: just read the source | 02:54 |
| kenyon | https://github.com/PHPMailer/PHPMailer/blob/a69cfb1860c36f607d0822ee88d8a67da35fa5d8/src/PHPMailer.php and https://github.com/PHPMailer/PHPMailer/blob/master/examples/ssl_options.phps | 02:54 |
| BCB | kenyon yes I was poking around in there. Thank you! | 02:54 |
| BCB | kenyon those examples show '$mail->SMTPSecure = PHPMailer::ENCRYPTION_SMTPS;' NOT $mail->SMTPSecure = PHPMailer::ENCRYPTION_STARTLS;' | 02:58 |
| BCB | where did you see that cmd | 02:58 |
| kenyon | BCB: this is not really relevant to this channel now, but in the first link I gave, that constant is defined | 02:58 |
| BCB | kenyon Copy. Thank you! | 02:59 |
| === Unit193 is now known as JackFrost | ||
| eb3095_ | Hello, I'm from Vultr. We are having issues with the repos blocking our IP space. Can I get more information on this and how to get this resolved as quickly as possible? All our Ubuntu images are failing to deploy at this time because of this issue. | 17:19 |
| sdeziel | eb3095_: I'm not sure but I think #ubuntu-mirrors would be a better place to ask | 17:47 |
| eb3095_ | Great thanks, wasnt exactly sure | 17:49 |
Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!