What linux clients do gmail:smtp TLS/SSL

Discussion in 'Linux Networking' started by Avoid9Pdf, Feb 7, 2013.

  1. Avoid9Pdf

    Avoid9Pdf Guest

    smtp is rather simple, but what's all this TLS/SSL about ?

    I really don't want to know about `sendmail` if it makes
    such a drama about plain smtp.

    It would be nice if the smtp-client was integrated with
    a pop/imap client too.

    http: gmail is becoming unbearable, even with `links`.

    == TIA.
    Avoid9Pdf, Feb 7, 2013
    1. Advertisements

  2. smtps is an smtp session encrypted with an ssl key, similar
    to https. Similar for pop3s
    Gmail's implementation of imap is rather broken. I use
    a pop3 connection, to get/send email with my gmail account.

    Login to the web interface, then go to the account settings,
    and enable pop3/smtp.

    I'm currently using opera for web browsing, usenet, and email.
    Most email clients support pop3s and smtps.

    For my gmail account ...
    Incoming Servername=pop.gmail.com, port 995 (tls on)
    Outgoing Servername=smtp.gmail.com, port 465 (tls on)

    Regards, Dave Hodgins
    David W. Hodgins, Feb 7, 2013
    1. Advertisements

  3. Avoid9Pdf

    Ivan Shmakov Guest

    [Cross-posting to news:comp.internet.services.google.]

    FWIW, I use Gnus/Emacs on my GNU/Linux system for both Usenet
    and email, including sending via Google Mail's :587 (RFC 6409.)
    My guess is that both Alpine and Mutt are capable of securely
    interfacing Google Mail, too.
    Not quite. ESMTPS, as used by Google Mail's :587, begins just
    like a plain SMTP session, which then proceeds to EHLO (thus
    becoming ESMTP), and STARTTLS, which finally enables TLS/SSL.

    Consider, for instance, the following example session:

    $ gnutls-cli --starttls --port=submission -- smtp.gmail.com
    |<1>| Note that the security level of the Diffie-Hellman key exchange has been lowered to 512 bits and this may allow decryption of the session data
    Processed 152 CA certificate(s).
    Resolving 'smtp.gmail.com'...
    Connecting to '2a00:1450:4010:c04::6d:587'...

    - Simple Client Mode:

    220 mx.google.com ESMTP pz15sm16403877lab.3 - gsmtp
    250-mx.google.com at your service, [2XXX:XXXX:XXXX:XXXX:XXXX:XXXX:XXXX:XXXX]
    250-SIZE 35882577
    220 2.0.0 Ready to start TLS

    [There, one sends EOF (C-d) for gnutls-cli(1) to start TLS.]

    *** Starting TLS handshake
    - Peer's certificate is trusted
    - The hostname in the certificate matches 'smtp.gmail.com'.
    - Session ID: 28:0B:94:74:7F:4A:5D:B7:72:DA:C6:EA:50:63:B8:6B:B9:C7:F7:02:61:60:8B:0E:81:63:45:CE:24:31:9C:30
    Could you please elaborate on that? I never had an issue with
    it (though I wasn't pushing IMAP to the extremes.)
    Last time I've checked (which was probably c. 2002) POP3 had
    multiple issues, including that should the connection be lost
    during the session, there was no easy way /not/ to download the
    messages already received for a second time. (Which was a major
    inconvenience for dial-up Internet users back in the day.)

    Ultimately, however, IMAP allows for rather comprehensive set of
    mailbox operations, to the point that one may even think of IMAP
    as of a generic "file transfer protocol." Which, in particular,
    makes two-way synchronization possible.

    Ivan Shmakov, Feb 8, 2013
  4. Avoid9Pdf

    David Brown Guest

    I use imap and smtp over TSL/SSL to access my gmail account. It works
    fine with Thunderbird.
    David Brown, Feb 8, 2013
  5. Avoid9Pdf

    David Brown Guest

    Most imap servers are "broken" - there are very few that actually
    implement imap 4 without flaws. And even if the server follows the
    standard correctly, the clients often have issues. So both servers and
    clients usually have work-arounds in place. To my knowledge, gmail is
    less broken than Exchange server - I have no problem using it with

    Pop3 is a terrible choice for most email accounts. It can make sense
    for some specialised uses, but for a normal account you should /always/
    prefer imap - especially if you consider your emails at all valuable to
    David Brown, Feb 8, 2013
  6. Avoid9Pdf

    Avoid9Pdf Guest

    Jees, I try to design a 'Subject' so that people can know what I'm
    asking, but I forgot that many consider their monster-browser as
    a smtp-client; which I supose it is.
    OTOH I *did* write:
    ===snip from here, but file for reference: TLS-explanation & trace ===
    OK, that looks interesting. Perhaps I'll try it. Previously I'd used gnus
    for news. But probably gnus, passes the MTA job to sendmail,
    and I don't want to SEE sendmail.

    Every thing seems to have degenerated since the 90s.
    My proper system: ETHOberon did:
    1 klik to fetch the pop-dir [of articles at the ISP]
    1 klik to select any dir-article & 1 klik to fetch it
    1 klik to select a dir-article & 1 klik to delete it @ ISP
    1 klik to select a dir-article & 1 klik to deleteALL following
    1 klik to select a TextFrame-written-email & 1 klik to Send it

    Later they introduced TxAuthenticate, so I extended it.
    Yet later the ISP became unreliable and I switched gmail.
    Now I started up `mutt` again, which I had previously setup
    for gmail. But after I go off-line, I can't scroll through the dir.
    I vaguely remember that it assumes you're on line all the time.
    I.e. the amerikan dream of infinite-frontier and unlimited resources.
    IIRC mutt needs sendmail setup, to reply. And `pine` would too.

    How can you people tolerate this crap?
    If I use [eg. links], to http:fetch the article-dir, I can only fetch
    ONE article from the article-dir, next time I go on-line.
    Or do you open <a new page/screen> for each fetch and
    keep the article-dir in its own page/screen?

    Have you even noticed that the ratio of envelope to contents
    of emails, has changed from 40:60 to 95:5 since the 90s?
    All packaging and no contents.

    How would I find if/where I've got TLS facilities ?
    `man s_client` is good
    `which s_client` is empty

    == TIA.
    Avoid9Pdf, Feb 8, 2013
  7. Avoid9Pdf

    Ivan Shmakov Guest

    Gnus (or, rather, its message.el part) is capable of passing
    outgoing mail to smtpmail.el, which is a stand-alone and
    ESMTP-capable Message Submission Agent (MSA.)

    Using either gnutls-cli(1) or openssl(1) as a helper, it's
    capable of ESMTPS, too.

    An example set up would be as follows:

    --cut: ~/.emacs --
    (setq smtpmail-auth-credentials "~/.smtpauthinfo"
    smtpmail-starttls-credentials '(("smtp.gmail.com" "587" nil nil))
    smtpmail-smtp-server "smtp.gmail.com"
    smtpmail-smtp-service "25")
    --cut: ~/.emacs --

    --cut: ~/.smtpauthinfo --
    machine smtp.gmail.com login YOUR-LOGIN-HERE
    --cut: ~/.smtpauthinfo --

    I'd assume that by now, both Alpine and Mutt have gained an
    ability to interface ESMTPS message submission servers, too.

    Try also $ man openssl and $ which openssl.
    Ivan Shmakov, Feb 8, 2013
  8. Avoid9Pdf

    Whiskers Guest

    Encryption of all packets between the computers concerned, so that no-one
    else can read your login details or messages.
    I don't know of any graphical email user agents for Unix/Linux that can't
    handle TLS/SSL and integrate IMAP POP SMTP and local "folders". I use
    Claws-Mail, but I don't use a gmail account so I can't comment on that.

    Use "stunnel" if your preferred user agent can't handle TLS/SSL for itself.

    "msmtp" is a small easily configured SMTP server, as an alternative to
    "sendmail" for basic functions.

    "Alpine" and "Mutt" are popular text-interface mail user agents.
    Whiskers, Feb 8, 2013
  9. Avoid9Pdf

    Whiskers Guest

    There are simpler smaller alternatives to "Sendmail"; "msmtp" seems to work
    OK. "Alpine" (the current version of Pine) is said to be simpler than

    "OfflineIMAP" provides off-line facilities for IMAP.
    I suspect very few of "us people" do; we use current Linux distros and
    their package repositories to get sensible software to do what we want to
    Using a text-only web browser to access the Google webmail pages? I'm
    surprised anything works at all!
    I think you must be looking at Google's webmail HTML etc, which is nothing
    to do with POP IMAP or SMTP.
    You don't know what software is available to you? Ask your system
    administrator! (s_client seems to be rather old and cranky; "stunnel" is
    pretty easy to use if your Mail User Agent or Mail Transfer Agent can't
    handle TLS/SSL for itself).
    Whiskers, Feb 8, 2013
  10. Avoid9Pdf

    Ivan Shmakov Guest

    FWIW, I use Lynx for the Google Mail's Web interface for years.

    As it seems, contrary to their plans for Google Groups, they
    aren't planning to drop support for the "minor" browsers there.

    Ivan Shmakov, Feb 9, 2013
  11. Avoid9Pdf

    Unknown Guest

    --> stunnel -help == ....
    OMG it's got a zillion options !!
    Why couldn't they just LEAVE the system as it was WORKING in the 90s ?!
    --> which msmtp == which: no msmtp in PATH
    As previously stated `mutt` seems to need permanent-on-line to scroll
    in the directory-of-headers. Plus that doesn't solve the TLS problem.
    Unknown, Feb 9, 2013
  12. Avoid9Pdf

    Ivan Shmakov Guest

    [Cross-posting to news:comp.security.misc.]

    Because no one anymore believes that all the corporate network
    operators, all the ISP's, and all the transit network operators,
    would under no circumstances monitor and record one's network
    traffic, just in the case it would later be requested by the
    authorities (or by the company's own management)?

    And it wasn't the 90'ies, actually. I saw a few students at a
    local university getting the passwords send unencrypted over the
    network as recently as in 2005. (Quite an easy task, I'd say,
    given the availability of tcpdump(8), and the similar
    unfamiliarity with TLS/SSL of the university's staff.)

    Ivan Shmakov, Feb 9, 2013
  13. I use thunderbird / pop3 for my gmail, hardly ever log on to the website.
    Denis McMahon, Feb 10, 2013
  14. Avoid9Pdf

    telsar Guest

    I use thunderbird with imap on gmail. Its the default so ...
    telsar, Feb 11, 2013
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.