Problem with TLS when sending emails

Problem with TLS when sending emails

[Alessandro Bertulli]

Hi all.
I was trying to set up my Gmail configuration to send emails from
Emacs. However, I encounter a problem with TLS.

1) I set up a file ~/.authinfo.gpg, where I put

machine imap.gmail.com login alessandro.bertulli96@gmail.com password
-pswd- port 993
machine smtp.gmail.com login alessandro.bertulli96@gmail.com password
-pswd- port 587

Note that "-pswd-" is actually the 16 char long app password generated
by Gmail, required to use external clients.

2) My init file contains

(setq user-full-name "Alessandro Bertulli"
      user-mail-address "alessandro.bertulli96@gmail.com")
(setq smtpmail-smtp-server "smtp.gmail.com"
      smtpmail-smtp-service 587
      smtpmail-stream-type  'ssl
      smtpmail-debug-info t)
;; Configure the function to use for sending mail
(setq message-send-mail-function 'smtpmail-send-it)

I haven't any external package to deal with email (like mu4e, notmuch
etc). With these settings, when I try to compose an email (C-x m), I get
the following error in the *Messages* buffer:

Sending...
Sending via mail...
Decrypting /home/alessandro/.authinfo.gpg...done
gnutls.el: (err=[-15] An unexpected TLS packet was received.) boot:
(:priority NORMAL:%DUMBFW :hostname smtp.gmail.com :loglevel 0
:min-prime-bits nil :trustfiles (/etc/ssl/certs/ca-certificates.crt
/etc/ssl/cert.pem) :crlfiles nil :keylist nil :verify-flags nil
:verify-error nil :callbacks nil)
gnutls-negotiate: GnuTLS error: #<process smtpmail>, -15

What can it be? Is this the right way to send emails? Has any other had
problems with Gmail?
Thank you for your patience,
Alessandro Bertulli

Re: Problem with TLS when sending emails

[Robert Pluim]

>>>>> On Wed, 11 May 2022 15:28:18 +0200, Alessandro Bertulli <alessandro.bertulli96@gmail.com> said:

    Alessandro> Hi all.
    Alessandro> I was trying to set up my Gmail configuration to send emails from
    Alessandro> Emacs. However, I encounter a problem with TLS.

    Alessandro> 1) I set up a file ~/.authinfo.gpg, where I put

    Alessandro> machine imap.gmail.com login alessandro.bertulli96@gmail.com password
    Alessandro> -pswd- port 993
    Alessandro> machine smtp.gmail.com login alessandro.bertulli96@gmail.com password
    Alessandro> -pswd- port 587

    Alessandro> Note that "-pswd-" is actually the 16 char long app password generated
    Alessandro> by Gmail, required to use external clients.

    Alessandro> 2) My init file contains

    Alessandro> (setq user-full-name "Alessandro Bertulli"
    Alessandro>       user-mail-address "alessandro.bertulli96@gmail.com")
    Alessandro> (setq smtpmail-smtp-server "smtp.gmail.com"
    Alessandro>       smtpmail-smtp-service 587
                                            ^^^

This is the 'submission' port, which listens on TCP only. You want
'smtps', which is 465, and supports TLS.

    Alessandro> What can it be? Is this the right way to send emails? Has any other had
    Alessandro> problems with Gmail?

I use 465 with gmail with no problems.

Robert
-- 

Re: Problem with TLS when sending emails

[Leo Butler]

On Wed, May 11 2022, Alessandro Bertulli <alessandro.bertulli96@gmail.com> wrote:

> Hi all.
> I was trying to set up my Gmail configuration to send emails from
> Emacs. However, I encounter a problem with TLS.
>
> 1) I set up a file ~/.authinfo.gpg, where I put
>
> machine imap.gmail.com login alessandro.bertulli96@gmail.com password
> -pswd- port 993
> machine smtp.gmail.com login alessandro.bertulli96@gmail.com password
> -pswd- port 587
>
> Note that "-pswd-" is actually the 16 char long app password generated
> by Gmail, required to use external clients.
>
> 2) My init file contains
>
> (setq user-full-name "Alessandro Bertulli"
>       user-mail-address "alessandro.bertulli96@gmail.com")
> (setq smtpmail-smtp-server "smtp.gmail.com"
>       smtpmail-smtp-service 587
>       smtpmail-stream-type  'ssl
>       smtpmail-debug-info t)
> ;; Configure the function to use for sending mail
> (setq message-send-mail-function 'smtpmail-send-it)

I have exactly the same configuration for gmail, except
smtpmail-stream-type is nil (which according to the documentation, means
the connection is upgraded with starttls if possible). That works fine.
I have not tried Robert Pluim's suggestion to use port 465.

Note that you can use `gnus-posting-styles' to insert the correct
smtpmail information into your email, when mailing from Gnus (I have
never used C-x m outside of Gnus).

E.g. (assuming your nnimap server is named GoogleMail)

#+begin_src emacs-lisp
(setq gnus-posting-styles '(
                             ("GoogleMail:.+"
			     (address "SomeOne@gmail.com")
			     (X-Message-SMTP-Method "smtp smtp.gmail.com 587 SomeOne@gmail.com"))))
#+end_src

This is handy if you are managing multiple email accounts within Gnus.

Leo

Re: Problem with TLS when sending emails

[Robert Pluim]

>>>>> On Wed, 11 May 2022 15:34:12 +0000, Leo Butler <Leo.Butler@umanitoba.ca> said:

    Leo> I have exactly the same configuration for gmail, except
    Leo> smtpmail-stream-type is nil (which according to the documentation, means
    Leo> the connection is upgraded with starttls if possible). That works fine.
    Leo> I have not tried Robert Pluim's suggestion to use port 465.

That works as well. Whether you use it depends on how paranoid you are about
STARTTLS downgrade attacks :-)

Robert
-- 

Re: Problem with TLS when sending emails

[Alessandro Bertulli]

Thanks Robert! I changed my init code to

(setq smtpmail-smtp-server "smtp.gmail.com"
      smtpmail-smtp-service 465
      smtpmail-stream-type  'ssl
      smtpmail-debug-info t)

And now it works. A couple of fun facts: indicating as
smtpmail-smtp-service the string "smtps" actually doesn't work, because
my system is not able, apparently, to resolve it. So I had to put the
integer port. Moreover, I also had to add a new line to the
~/.authinfo.gpg file. However, now it properly works. Thank you really
much!

For Leo: thanks for your suggestion, but I'm trying to keep my system as
secure as it's reasonably possible. However, I'll investigate your
suggestion about using Gnus.

Thanks to both!

Re: Problem with TLS when sending emails

[Robert Pluim]

>>>>> On Wed, 11 May 2022 18:20:33 +0200, Alessandro Bertulli <alessandro.bertulli96@gmail.com> said:

    Alessandro> Thanks Robert! I changed my init code to
    Alessandro> (setq smtpmail-smtp-server "smtp.gmail.com"
    Alessandro>       smtpmail-smtp-service 465
    Alessandro>       smtpmail-stream-type  'ssl
    Alessandro>       smtpmail-debug-info t)

    Alessandro> And now it works. A couple of fun facts: indicating as
    Alessandro> smtpmail-smtp-service the string "smtps" actually doesn't work, because
    Alessandro> my system is not able, apparently, to resolve it. So I had to put the
    Alessandro> integer port. Moreover, I also had to add a new line to the
    Alessandro> ~/.authinfo.gpg file. However, now it properly works. Thank you really
    Alessandro> much!

Oh, on some systems 465 is spelled 'submissions', it appears (look in
/etc/services). Glad you got it working.

Robert
--