# sendmail/ssmtp: Cannot open smtp.gmail.com:587

## madjestic

Hey guys,

I am trying to set up sendmail/ssmtp to send simple notificaton/alert email from my laptop to my gmail account, but it seems to fail opening a connection:

```

$ echo -e 'Subject: test\n\nTesting ssmtp' | sendmail -v username@gmail.com

Use PrivateKey: Success

sendmail: Cannot open smtp.gmail.com:587

```

```

$ echo "test" | ssmtp -vvv username@gmail.com

Use PrivateKey: Success

ssmtp: Cannot open smtp.gmail.com:587

```

Here's my /etc/ssmtp/ssmtp.conf :

```

#

# /etc/ssmtp.conf -- a config file for sSMTP sendmail.

#

# The person who gets all mail for userids < MinUserId

# Make this empty to disable rewriting.

root=username@gmail.com

# All mail delivered to userid >= MinUserId goes to user, not root.

#MinUserId=1000

# The place where the mail goes. The actual machine name is required

# no MX records are consulted. Commonly mailhosts are named mail.domain.com

# The example will fit if you are in domain.com and your mailhub is so named.

mailhub=smtp.gmail.com:587

# Example for SMTP port number 2525

# mailhub=mail.your.domain:2525

# Example for SMTP port number 25 (Standard/RFC)

# mailhub=mail.your.domain        

# Example for SSL encrypted connection

# mailhub=mail.your.domain:465

# Where will the mail seem to come from?

rewriteDomain=gmail.com

# The full hostname

# Gentoo bug #47562

# Commenting the following line will force ssmtp to figure

# out the hostname itself.

hostname=nu

# Set this to never rewrite the "From:" line (unless not given) and to

# use that address in the "from line" of the envelope.

#FromLineOverride=YES

# Use SSL/TLS to send secure messages to server.

UseTLS=YES

# Use SSL/TLS certificate to authenticate against smtp host.

UseTLSCert=YES

UseSTARTTLS=YES

# Use this RSA certificate.

TLSCert=/etc/ssl/certs/ca-certificates.crt

# Get enhanced (*really* enhanced) debugging information in the logs

# If you want to have debugging of the config file parsing, move this option

# to the top of the config file and uncomment

#Debug=YES

AuthUser=username@gmail.com

AuthPass=xxxxxxxxx

AuthMethod=LOGIN

# Email 'From header's can override the default domain?

FromLineOverride=yes

```

```

 $ groups

... mail ... ssmtp ...

```

I've got a 2-step verification enabled on my gmail account and I generated the AuthPass using App passwords.

What could be wrong?

Thanks!Last edited by madjestic on Mon Jan 11, 2021 11:43 pm; edited 1 time in total

----------

## alamahant

Email will not be accepted if ithe origin is not 100% perfect in configuration and legitimacy.

MTA servers run from home are not the perfect candidates for such level of legitimacy....

One work arround is to let your gmail account or a newly-created gmail account specifically for that purpose act as a relay or a router to forward your mails around

This is called a "smart host" config in postfix.

You have to create a file like containing

```

[smtp.gmail.com]:587 <youur gmail-email>

```

in postfix directory.

and then 

create a binary from it using the "postmap" command

It goes without saying that your sasl auth and any certificate detail should be flawless.

You can use Letencrypt.

I do NOT know though how to do this in your setup.

----------

## madjestic

Thanks, @alamahant, I will try that if other methods fail  :Smile: 

After disabling UseTLSCert (following an advice I got on IRC), I am getting this now:

```

$ echo -e 'Subject: test\n\nTesting ssmtp' | sendmail -v username@gmail.com

[<-] 220 smtp.gmail.com ESMTP w17sm597164edu.90 - gsmtp

[->] EHLO nu

[<-] 250 SMTPUTF8

[->] STARTTLS

[<-] 220 2.0.0 Ready to start TLS

[->] EHLO nu

[<-] 250 SMTPUTF8

[->] AUTH LOGIN

[<-] 334 VXNlcm5hbWU6

[->] bWFkamVzdGljMTNAZ21haWwuY29t

[<-] 334 UGFzc3dvcmQ6

[<-] 535 5.7.8  https://support.google.com/mail/?p=BadCredentials w17sm597164edu.90 - gsmtp

sendmail: Authorization failed (535 5.7.8  https://support.google.com/mail/?p=BadCredentials w17sm597164edu.90 - gsmtp)

```

I did use the password generated with gmail App Password page for AuthPass=..., and the App Password page it looks like this for me: https://pasteboard.co/JJdu3oQ.png (sorry for the adds).

----------

## alamahant

When using port 587 or "submission" it mean you are using STARTTLS or encryption over HTTP

For that you definately need certificates either Letsencrypt etc or minimally selfsigned.

otherwise your email will be rejected.

----------

## madjestic

For now I solved it by creating a separate account and enabling less secure apps login.  That seems to work, thanks!

----------

## szatox

Lol, guys, what are you 2 talking about?

I have a gmail account (yet) and works fine with evolution. I don't have to be super-legitimate or provide my on certificate, all it takes is a user and password to an existing account. Pretty much what OP did in the end.

 *Quote:*   

> 
> 
> [<-] 334 VXNlcm5hbWU6
> 
> [->] bWFkamVzdGljMTNAZ21haWwuY29t
> ...

 

This mangled text is base64-encoded. I hope you haven't posted anything sensitive there.

Fortunately, your password is missing in the conversation, but you haven't stated whether you intentionally removed it or something went wrong.

----------

## Buffoon

The foolproof method is to relay thru your ISP mail server. Your box is legit sender for your ISP and your ISP mail server is legit for rest of the world with all anti-spam measures satisfied.

----------

