Skip to content

Instantly share code, notes, and snippets.

@andrewlkho

andrewlkho/gist:10643479

Created April 14, 2014 12:29
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save andrewlkho/10643479 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save andrewlkho/10643479 to your computer and use it in GitHub Desktop.
Download ZIP
Import SSL certificate for use in msmtp
Raw
gistfile1.md

With the recent heartbleed SSL vulnerability, FastMail have updated their SSL certificates. Here's how to download the certificate and convert it into PEM form.

Find out which certificate you need:

% msmtp -a fastmail --tls-certcheck=off --tls-trust-file= --serverinfo

Download the certificate:

% curl -O https://www.digicert.com/CACerts/DigiCertHighAssuranceCA-3.crt

Convert it into PEM format:

% openssl X509 \
> -inform DER -in DigiCertHighAssuranceCA-3.crt \
> -outform PEM -out DigiCertHighAssuranceCA-3.pem
@jezen
Copy link

jezen commented Dec 13, 2020

@jezen could you help provide more detail how to skip handling cert file and use the tls_fingerprint?
Thanks

@huynhtanloc2612 I run the following command to obtain a new TLS fingerprint:

msmtp -a personal --tls-certcheck=off --tls-trust-file= --serverinfo

…And I have a ~/.msmtprc file like this:

defaults
auth            on
protocol        smtp
tls             on

account         personal
user            [email protected]
from            [email protected]
passwordeval    gpg --use-agent --no-tty --decrypt ~/.mutt/personal_smtp.gpg
host            smtp.fastmail.com
port            465
tls_starttls    off
tls_fingerprint AF:01:8E:…

I have redacted my email address and TLS fingerprint for obvious reasons. You can use the above as an example, but you'll need to change it to suit your own setup.

@huynhtanloc2612
Copy link

huynhtanloc2612 commented Dec 14, 2020

Thanks @jezen, I tried your suggestions and it shows below message

msmtp: TLS handshake failed: An unexpected TLS packet was received.
msmtp: could not send mail (account default from /data/data/com.termux/files/home/.msmtprc)

Do you have any idea?

@jezen
Copy link

jezen commented Dec 14, 2020

@huynhtanloc2612 Sorry, I won't be able to help. You might be able to make progress by running msmtp in debug mode.

@huynhtanloc2612
Copy link

huynhtanloc2612 commented Dec 15, 2020

Thanks @jezen!
Finally I can use msmtp to send email successfully.
What I did:

  • Turn on tls_starttls in .msmtprc file.
    tls_starttls on
  • Turn on the second factor verification for my google account and then create an app password. Put the app password into .msmtprc file
    password <the app password>
  • Send an email with below command line
    printf "Subject: Test\nHello"|msmtp [email protected]
    And it worked :))

@jezen
Copy link

jezen commented Dec 16, 2020

@huynhtanloc2612 Excellent. Thanks for documenting your steps here 👍

@ProjectJYL
Copy link

ProjectJYL commented Jul 23, 2021

I was able to send mails following all the steps provided. Thanks guys for your contribution!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment