Timeline for Mailx SSL/TLS handshake failed: Unknown error -5938
Current License: CC BY-SA 3.0
22 events
| when toggle format | what | by | license | comment | |
|---|---|---|---|---|---|
| Apr 13, 2017 at 12:37 | history | edited | CommunityBot | replaced http://unix.stackexchange.com/ with https://unix.stackexchange.com/ | |
| Jan 5, 2017 at 3:59 | vote | accept | JeremyCanfield | ||
| Jan 4, 2017 at 2:29 | answer | added | Jeff Schaller♦ | timeline score: 1 | |
| Dec 19, 2016 at 19:30 | comment | added | Jeff Schaller♦ | @dave_thompson_085 would you like to write up your comment as an Answer? | |
| Nov 26, 2016 at 16:14 | comment | added | JeremyCanfield | Thank you very much for your explanation. I made the changes you recommended, and the problem is solved. The SSL/TLS handshake is successful, and I am able to connect to Postfix using mailx. If you would like to post your comment as the answer, I would love to accept your answer. | |
| Nov 26, 2016 at 16:01 | comment | added | dave_thompson_085 | smtps: means to initially connect with SSL/TLS, which 587 does not support. You want to connect then start SSL/TLS, which is generically called starttls. Use smtp=server:587 (no smtps:) and smtp-use-starttls (not commented). | |
| Nov 26, 2016 at 6:30 | comment | added | JeremyCanfield | Thanks Julie. I updated my question with my complete /etc/mail.rc file and contents of my /etc/pki/nssdb directory. | |
| Nov 26, 2016 at 6:29 | history | edited | JeremyCanfield | CC BY-SA 3.0 | added 864 characters in body |
| Nov 26, 2016 at 6:17 | comment | added | Julie Pelletier | Please show me your full command line. | |
| Nov 26, 2016 at 6:16 | comment | added | JeremyCanfield | Thanks Julie. I tried ssl-verify=ignore, and still error 5938 appears. | |
| Nov 26, 2016 at 6:10 | comment | added | Julie Pelletier | It will probably work if you add the -S ssl-verify=ignore arg to your mailx command. It could probably be put in your mail.rc but I can't test it. | |
| Nov 26, 2016 at 5:53 | comment | added | JeremyCanfield | Yes, the certificate is self-signed. I created the certificate and private key using OpenSSL. | |
| Nov 26, 2016 at 5:50 | comment | added | Julie Pelletier | Is it a self-signed certificate? | |
| Nov 26, 2016 at 5:48 | comment | added | JeremyCanfield | Thanks Julie. I tried on port 465, but this failed. I've Postfix configured to use port 587, and other applications, such as OpenSSL and Thunderbird are able to connect on 587. I'll double check my /etc/mail.rc configuration, comparing the configuration to OpenSSL and Thunderbird. Thanks for sharing your thoughts! | |
| Nov 26, 2016 at 5:42 | comment | added | Julie Pelletier | Then you must look for the difference in settings. Did you try port 465? | |
| Nov 26, 2016 at 5:38 | comment | added | JeremyCanfield | Thanks Julie. This is where things get very interesting. On the Samba server, I am able to connect to the Postfix server using OpenSSL. Also, using a Windows machine in the network, I can connect to the Postfix server using OpenSSL. On other Windows and Linux machines in the network, I am able to connect to the Postfix server using Thunderbird. In short, it is only when using Mailx that I am not able to connect to the Postfix server. | |
| Nov 26, 2016 at 5:35 | comment | added | Julie Pelletier | Can you try replicating the issue from a different email client such as Thunderbird (or many others) to see what type of error they would give? A simple certificate warning would be a likely answer. | |
| Nov 26, 2016 at 5:04 | comment | added | JeremyCanfield | Thank you very much for the tips Julie! I updated my question, adding the -v (verbose) option to the mailx command. I also updated the certutil command to show that the certificate being used is valid. I also commented out starttls, and the same problem occurs. Thank you very much for sharing your thoughts. | |
| Nov 26, 2016 at 5:02 | history | edited | JeremyCanfield | CC BY-SA 3.0 | deleted 11 characters in body |
| Nov 26, 2016 at 3:28 | comment | added | Julie Pelletier | There are lots of possibilities here but you should start by running mailx in verbose mode (-v parm). It appears to me that smtps should normally use port 465 and no starttls, so that may be your only/main problem. Of course, the certificate validity (whether self-signed or not) could cause problems. | |
| Nov 26, 2016 at 1:39 | review | First posts | |||
| Nov 26, 2016 at 1:42 | |||||
| Nov 26, 2016 at 1:38 | history | asked | JeremyCanfield | CC BY-SA 3.0 |