[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
TLS smpt encryption
|
From: |
Phillip Lord |
|
Subject: |
TLS smpt encryption |
|
Date: |
Mon, 04 Sep 2006 11:41:37 +0100 |
|
User-agent: |
Gnus/5.11 (Gnus v5.11) Emacs/22.0.50 (windows-nt) |
I've been having problems getting tls working with SMTP. I think that
there are failings into both the code base and the documentation for
the code base that are making this problem much harder.
First, the defaults. To use TLS, you have to reconfigure things like
the ports manually, and have to do so in multiple places. So, for
example, from the smtpmail documentation.....
;;(setq send-mail-function 'smtpmail-send-it) ; if you use `mail'
;;(setq message-send-mail-function 'smtpmail-send-it) ; if you use message/Gnus
;;(setq smtpmail-default-smtp-server "YOUR SMTP HOST")
;;(setq smtpmail-local-domain "YOUR DOMAIN NAME")
;;(setq smtpmail-sendto-domain "YOUR DOMAIN NAME")
;;(setq smtpmail-debug-info t) ; only to debug problems
;;(setq smtpmail-auth-credentials ; or use ~/.authinfo
;; '(("YOUR SMTP HOST" 25 "username" "password")))
;;(setq smtpmail-starttls-credentials
;; '(("YOUR SMTP HOST" 25 "~/.my_smtp_tls.key" "~/.my_smtp_tls.cert")))
Now authentication mail often uses a different port. So you have to
change this. But this is done in smtpmail-smtp-service. The 25's in
auth-credentials are only used to determine which credentials should
be used. Confusing. I don't know what the standards are, but most mail
readers you just click "SSL/TLS encryption" and the ports get set, or
guessed, automatically.
Second, the documentation. Take...
;;(setq smtpmail-starttls-credentials
;; '(("YOUR SMTP HOST" 25 "~/.my_smtp_tls.key" "~/.my_smtp_tls.cert")))
So, whats .my_smtp_tls.key then? Where does it come from? How do I get
it? Can I use gnutls to generate it? I have no idea at all. Further
investigation suggests that actually you can leave this blank, and it
should still work.
Third, it would be nice if the documentation made clear that "TLS"
appears to be the same thing as "SSL" -- at least in the context of
SMTP servers. I was under the impression for a number of months that I
could not use encryption for SMTP as our local server requires SSL,
which smtpmail doesn't do. Actually, it uses TLS. Some documentation
saying "if you are required to use SSL, this is probably what you
want".
Finally, it doesn't seem to work on windows. I spent three hours with
a debugger a couple of days ago -- I figured this was the only way to
see if I had the configuration right. It appears that starttls.el uses
Unix specific process handling, so won't work with NTEmacs. I've been
told that you can get this working with cygwin by calling out to
kill.exe which works around the problem. Bit ugly! I realise that
fixing this properly may take some time, but updating the
documentation would be relatively quick!
At the moment, I have access to a non TLS based stream, but this isn't
going to last for ever. I suspect that many people are in the same
boat.
Thanks for your time!
Phil
- TLS smpt encryption,
Phillip Lord <=