msmtp unable to send mail with gnutls 3.6.5. TLS1.3 issue?
I've filed a report against msmtp, but msmtp devs think it's an issue with gnutls. Do you guys have an idea what's wrong here?
Below is a copy of the inital bug I filed with msmtp. In case you want to look at the original, it's here:
When trying to send mails to a postfix server with TLS 1.3 support the TLS connection dies after sending the second EHLO.
The only error I see in the msmtp --debug output is this:
msmtp: cannot read from TLS connection: the operation timed out
I see the problem on my Arch Linux client with msmtp 1.8.0-2 and gnutls 3.6.5-1. With gnutls 3.5.19-2 I do not see the issue. Sadly we don't have any versions in-between to test with. The server is also Arch Linux with postfix 3.3.1-4 and openssl 1.1.1-1.
Using gnutls-cli --starttls 587 $server
works just fine and I see the reply to the second EHLO, which is missing in the msmtp --debug
output. If you want to test it yourself, feel free to connect to
on port 587 with arbitrary credentials. It appears that the issue happens well before the login.
The output I get with GNUTLS_DEBUG_LEVEL=6 msmtp --debug
is rather long and I don't want to leak any private information. If you cannot reproduce the issue, please tell me what else you want to know. Here's the part at the end:
TLS certificate information:
Common Name:
Common Name: Let's Encrypt Authority X3
Organization: Let's Encrypt
Country: US
Activation time: Sat 27 Oct 2018 12:25:08 AM CEST
Expiration time: Thu 24 Jan 2019 11:25:08 PM CET
SHA256: 7B:76:B8:0A:FA:E4:AE:00:B6:8F:24:0E:59:3E:11:BB:67:8F:AC:89:F2:65:0E:4B:BB:4D:12:E4:CB:DD:64:FE
SHA1 (deprecated): BA:83:63:D4:47:65:88:62:1D:5A:5E:73:87:C0:E6:5C:D3:31:AC:D0
gnutls[5]: REC[0x5604f0be1070]: Preparing Packet Application Data(23) with length: 16 and min pad: 0
gnutls[5]: REC[0x5604f0be1070]: Sent Packet[1] Application Data(23) in epoch 2 and length: 38
--> EHLO localhost
gnutls[5]: REC[0x5604f0be1070]: SSL 3.3 Application Data packet received. Epoch 2, length: 250
gnutls[5]: REC[0x5604f0be1070]: Expected Packet Application Data(23)
gnutls[5]: REC[0x5604f0be1070]: Received Packet Application Data(23) with length: 250
gnutls[5]: REC[0x5604f0be1070]: Decrypted Packet[0] Handshake(22) with length: 233
gnutls[3]: ASSERT: buffers.c[get_last_packet]:1171
gnutls[4]: HSK[0x5604f0be1070]: NEW SESSION TICKET (4) was received. Length 229[229], frag offset 0, frag length: 229, sequence: 0
gnutls[3]: ASSERT: buffers.c[_gnutls_handshake_io_recv_int]:1431
gnutls[4]: HSK[0x5604f0be1070]: parsing session ticket message
gnutls[3]: ASSERT: record.c[_gnutls_recv_in_buffers]:1560
gnutls[3]: ASSERT: record.c[_gnutls_recv_int]:1759
gnutls[3]: ASSERT: buffers.c[_gnutls_io_write_flush]:696
gnutls[5]: REC: Sending Alert[1|0] - Close notify
gnutls[5]: REC[0x5604f0be1070]: Preparing Packet Alert(21) with length: 2 and min pad: 0
gnutls[5]: REC[0x5604f0be1070]: Sent Packet[2] Alert(21) in epoch 2 and length: 24
gnutls[5]: REC[0x5604f0be1070]: Start of epoch cleanup
gnutls[5]: REC[0x5604f0be1070]: End of epoch cleanup
gnutls[5]: REC[0x5604f0be1070]: Epoch #2 freed
msmtp: cannot read from TLS connection: the operation timed out
Also here's my msmtp config:
auth plain
tls on
tls_starttls on
tls_certcheck on
tls_trust_file /etc/ssl/certs/ca-certificates.crt
account flo
port 587
user mail-flo
passwordeval getpw-single msmtp3
account default : flo