Topic: Use of ssl SMTP external ISP

[SchulzStefan]

My ISP is changing to ssl only. The settings have to match

Postausgang (SMTP):    smtp.strato.de
SMTP (SSL/TLS):    465

# config show smtp-auth-proxy
smtp-auth-proxy=service
    Debug=disabled
    Passwd=XXX
    Userid=XXX@xxx.de
    status=enabled

Question: do I have to change anything in my server settings? And yes, I searched the forum for this questions, but I couldn't find the (easy) answer.

Thank's for any reply.

[mmccarn]

I found a note about this at http://wiki.contribs.org/DB_Variables_Configuration#Miscellaneous_Other_DB_Variables -

Code: [Select]

config setprop smtp-auth-proxy PeerPort 465; signal-event email-update
SMTPSmartHost communications is managed by //usr/local/sbin/smtp-auth-proxy.pl, which includes a custom section for ssl if PeerPort == 465.

It looks as though if your ISP supports STARTTLS then (according to another section within //usr/local/sbin/smtp-auth-proxy.pl) you should end up with ssl encryption on port 25, too.

[SchulzStefan]

mmccarn

thank you for your reply. I'll try the settings, when the ISP finally changes to ssl. I'll report about the result.

stefan

[SchulzStefan]

I'm not able so sent emails anymore. Unfortunately that did not work.

Posted by: mmccarn
« on: January 29, 2014, 02:45:02 PM »

    Insert Quote


I found a note about this at http://wiki.contribs.org/DB_Variables_Configuration#Miscellaneous_Other_DB_Variables -

Code: [Select]

config setprop smtp-auth-proxy PeerPort 465; signal-event email-update


SMTPSmartHost communications is managed by //usr/local/sbin/smtp-auth-proxy.pl, which includes a custom section for ssl if PeerPort == 465.

It looks as though if your ISP supports STARTTLS then (according to another section within //usr/local/sbin/smtp-auth-proxy.pl) you should end up with ssl encryption on port 25, too.

From /var/log/smtp-auth-proxy/current before I changed the port:

after I changed the port:

2014-02-12 08:32:19.928674500 2014/02/12-08:32:19 esmith::SMTPAuthProxy (type Net::Server::Fork) starting! pid(11882)
2014-02-12 08:32:20.028421500 Using default listen value of 128
2014-02-12 08:32:20.028423500 Binding to TCP port 26 on host localhost
2014-02-12 08:32:20.028424500 Setting gid to "99 99"
2014-02-12 08:32:20.028424500 Setting uid to "99"
2014-02-12 08:32:32.386960500 No SMTP connection to server smtp.strato.de on port 465
2014-02-12 08:34:26.250992500 No SMTP connection to server smtp.strato.de on port 465
2014-02-12 08:36:25.903174500 No SMTP connection to server smtp.strato.de on port 465
2014-02-12 08:41:07.998567500 No SMTP connection to server smtp.strato.de on port 465

From /var/log/messages:

Feb 12 08:59:08 saturn esmith::event[12390]: generic_template_expand=action|Event|email-update|Action|generic_template_expand|Start|1392191944 389374|End|1392191948 422398|Elapsed|4.033024
Feb 12 08:59:08 saturn esmith::event[12390]: Running event handler: /etc/e-smith/events/email-update/S20qmail-update-user
Feb 12 08:59:08 saturn esmith::event[12390]: WARNING: Invalid group: michael, defaulting to 'root' group (0). 
Feb 12 08:59:08 saturn esmith::event[12390]:  at /etc/e-smith/events/email-update/S20qmail-update-user line 60

From /var/log/qmail/current:

2014-02-12 08:41:07.904263500 starting delivery 285: msg 230001330 to remote XXX@kabelbw.de
2014-02-12 08:41:07.904365500 status: local 0/20 remote 1/20
2014-02-12 08:41:07.998762500 delivery 285: deferral: Connected_to_127.0.0.1_but_greeting_failed./Remote_host_said:_451_Upstream_SMTP_server_not_available/
2014-02-12 08:41:07.998768500 status: local 0/20 remote 0/20

I changed the port back to 25:

[root@saturn ~]# config setprop smtp-auth-proxy PeerPort 25; signal-event email-update
[root@saturn ~]# config show smtp-auth-proxy
             
smtp-auth-proxy=service
    Debug=disabled
    Passwd=XXX
    PeerPort=25
    Userid=XXX@XXX.de
    status=enabled

/var/log/smtp-auth-proxy/current:

2014-02-10 07:41:22.203743500 2014/02/10-07:41:22 esmith::SMTPAuthProxy (type Net::Server::Fork) starting! pid(1692)
2014-02-10 07:41:22.205559500 Using default listen value of 128
2014-02-10 07:41:22.205594500 Binding to TCP port 26 on host localhost
2014-02-10 07:41:22.311578500 Setting gid to "99 99"
2014-02-10 07:41:22.311580500 Setting uid to "99"
2014-02-12 09:01:06.486311500 No SASL mechanism found
2014-02-12 09:01:06.486312500  at /usr/lib/perl5/vendor_perl/5.8.8/Authen/SASL.pm line 77
2014-02-12 09:01:06.486313500  at /usr/lib/perl5/5.8.8/Net/SMTP.pm line 137

I read bug 6993, but this is beyond my knowledge.

Could anybody advise please?

[SchulzStefan]

Here's more information from my ISP (Strato in Germany):

Postausgangsserver (SMTP SSL/TLS)    smtp.strato.de (Port: 465)
Für alle E-Mail Programme gilt das  SMTP AUTH Verfahren.

means:

All email-clients must use SMTP AUTH (what we already do afaik)

[SchulzStefan]

[root@saturn ~]# config setprop smtp-auth-proxy PeerPort 465
[root@saturn ~]# signal-event email-update
[root@saturn ~]# tail -f /var/log/smtp-auth-proxy/current
@4000000052fb3df82aaed394 Setting uid to "99"
@4000000052fb3ed724058114 No SASL mechanism found
@4000000052fb3ed7240584fc  at /usr/lib/perl5/vendor_perl/5.8.8/Authen/SASL.pm line 77
@4000000052fb3ed7240588e4  at /usr/lib/perl5/5.8.8/Net/SMTP.pm line 137
@4000000052fb3eda1ac9b05c 2014/02/12-10:28:48 Server closing!
@4000000052fb3eda31c61e6c 2014/02/12-10:28:48 esmith::SMTPAuthProxy (type Net::Server::Fork) starting! pid(14421)
@4000000052fb3eda31c6263c Using default listen value of 128
@4000000052fb3eda31c62a24 Binding to TCP port 26 on host localhost
@4000000052fb3eda31c62a24 Setting gid to "99 99"
@4000000052fb3eda31c62e0c Setting uid to "99"
@4000000052fb3f0f0a998a04 No SMTP connection to server smtp.strato.de on port 465


[root@saturn ~]# config setprop smtp-auth-proxy Blacklist DIGEST-MD5
[root@saturn ~]# signal-event email-update
[root@saturn ~]# tail -f /var/log/smtp-auth-proxy/current
@4000000052fb3eda31c62a24 Binding to TCP port 26 on host localhost
@4000000052fb3eda31c62a24 Setting gid to "99 99"
@4000000052fb3eda31c62e0c Setting uid to "99"
@4000000052fb3f0f0a998a04 No SMTP connection to server smtp.strato.de on port 465
@4000000052fb3fa6182eba2c 2014/02/12-10:32:11 Server closing!
@4000000052fb3fa6182ec1fc 2014/02/12-10:32:12 esmith::SMTPAuthProxy (type Net::Server::Fork) starting! pid(14743)
@4000000052fb3fa6182ec5e4 Using default listen value of 128
@4000000052fb3fa6182ec5e4 Binding to TCP port 26 on host localhost
@4000000052fb3fa6182ec9cc Setting gid to "99 99"
@4000000052fb3fa6182ec9cc Setting uid to "99"
@4000000052fb40892c775e94 No SMTP connection to server smtp.strato.de on port 465

[SchulzStefan]

I made a test setup with sylpheed email-client. I think, it could be done with any other email-client also.

I had to accept the strato cert while connecting to the smtp.strato.de.

smtp server: smtp.strato.de
user: xxx@xxx.de
passw: xxx
use ssl: yes
ssl port: 465
smtp auth: user and pwd, method: auto (there's a choice between auto, plain, login and cram-md5. digest-md5 is greyed out.

Works like a charm.

WHAT'S THE PROBLEM WITH THE SMESERVER?
AND IS THERE A SOLUTION?
MAYBE INSTALLING THE CERT?

[Stefano]

I made a test setup with sylpheed email-client. I think, it could be done with any other email-client also.

smtp server: smtp.strato.de
user: xxx@xxx.de
passw: xxx
use ssl: yes
ssl port: 465
smtp auth: user and pwd, method: auto (there's a choice between auto, plain, login and cram-md5. digest-md5 is greyed out.

Works like a charm.

WHAT'S THE PROBLEM WITH THE SMESERVER?
AND IS THERE A SOLUTION?

is SME your gateway?

log says that there's no smtp connection to the destination server on 465..
can you detail your lan configuration?

P.S.: if anything isn't working properly, you should go to bugzilla...

[SchulzStefan]

Stefano, thank you for your reply.

Server is configured as server only behind a firewall. Emails are coming in, but we are not able to send.

Maybe it depends on the strato cert...

[Stefano]

Stefano, thank you for your reply.

Server is configured as server only behind a firewall. Emails are coming in, but we are not able to send.

Maybe it depends on the strato cert...

maybe it depends on firewall too, that doesn't allow SME to exit toward port tcp 465....

[SchulzStefan]

P.S.: if anything isn't working properly, you should go to bugzilla...

IMHO it's aleady reported as BUG 6993 and maybe 8060.

But again, this is beyond my knowledge. And what I need is a solution to send emails to my customers.

[SchulzStefan]

maybe it depends on firewall too, that doesn't allow SME to exit toward port tcp 465....

The port is open. From the IPCop:

TCP    DEFAULT IP : 465(URD)    =>    192.168.1.10 : 465(URD)     SMTP Strato    

Server IP is 192.169.1.10
   
[root@saturn ~]# telnet localhost 26
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
451 Upstream SMTP server not available
Connection closed by foreign host.


/var/log/qmail/current:

2014-02-12 12:13:16.156524500 starting delivery 460: msg 230001233 to remote xxx@xxx.de
2014-02-12 12:13:16.156526500 status: local 0/20 remote 1/20
2014-02-12 12:13:16.575341500 delivery 460: deferral: Connected_to_127.0.0.1_but_connection_died._(#4.4.2)/
2014-02-12 12:13:16.575343500 status: local 0/20 remote 0/20
2014-02-12 12:16:16.648214500 starting delivery 461: msg 230001447 to remote xxx@xxx.de
2014-02-12 12:16:16.648216500 status: local 0/20 remote 1/20
2014-02-12 12:16:16.711065500 delivery 461: deferral: Connected_to_127.0.0.1_but_greeting_failed./Remote_host_said:_451_Upstream_SMTP_server_not_available/
2014-02-12 12:16:16.711067500 status: local 0/20 remote 0/20

[SchulzStefan]

o.k. let's start from the standard:

# config show smtp-auth-proxy
smtp-auth-proxy=service
    Debug=disabled
    Passwd=xxx
    Userid=xxx@xxx.de
    status=enabled


LOG says:

# tail -f /var/log/smtp-auth-proxy/current
@4000000052fb5b612af5a47c Using default listen value of 128
@4000000052fb5b612af5a864 Binding to TCP port 26 on host localhost
@4000000052fb5b612af5a864 Setting gid to "99 99"
@4000000052fb5b612af5ac4c Setting uid to "99"
@4000000052fb5bb42af6dcfc No SASL mechanism found
@4000000052fb5bb42af6e4cc  at /usr/lib/perl5/vendor_perl/5.8.8/Authen/SASL.pm line 77
@4000000052fb5bb42af6e4cc  at /usr/lib/perl5/5.8.8/Net/SMTP.pm line 137
@4000000052fb5c3708c8aa34 No SASL mechanism found

Now change the port and disable digest-md5:

config setprop smtp-auth-proxy PeerPort 465
signal-event email-update

and:

config setprop smtp-auth-proxy Blacklist DIGEST-MD5
sv t /service/smtp-auth-proxy

# config show smtp-auth-proxy
smtp-auth-proxy=service
    Blacklist=DIGEST-MD5
    Debug=disabled
    Passwd=xxx
    PeerPort=465
    Userid=xxx@xxx.de
    status=enabled

# tail -f /var/log/smtp-auth-proxy/current
@4000000052fb5d5d258775c4 Binding to TCP port 26 on host localhost
@4000000052fb5d5d259106fc Setting gid to "99 99"
@4000000052fb5d5d2592280c Setting uid to "99"
@4000000052fb5d671fe4ecb4 2014/02/12-12:39:09 Server closing!
@4000000052fb5d672c404134 2014/02/12-12:39:09 esmith::SMTPAuthProxy (type Net::Server::Fork) starting! pid(21597)
@4000000052fb5d672c404904 Using default listen value of 128
@4000000052fb5d672c404904 Binding to TCP port 26 on host localhost
@4000000052fb5d672c404cec Setting gid to "99 99"
@4000000052fb5d672c404cec Setting uid to "99"
@4000000052fb5d6f0f780794 No SMTP connection to server smtp.strato.de on port 465

/var/log/maillog:
Feb 12 12:40:01 saturn fetchmail[21669]: Fehler bei Server-Zertifikat-Überprüfung: unable to get local issuer certificate
Feb 12 12:40:01 saturn fetchmail[21669]: Fehler bei Server-Zertifikat-Überprüfung: certificate not trusted

MAYBE THIS IS THE REASON? HOW CAN IT BE SOLVED?

[mmccarn]

Please run this command on your SME server and confirm that you get the same (or very similar) results.  If your firewall is redirecting SSL traffic to a different destination you will get different results (and your SME would not be able to send email through smtp.strato.de).

Code: (openssl command to connect to SMTP with SSL) [Select]

# openssl s_client -connect smtp.strato.de:465


Code: (results from my SME 8 server) [Select]

CONNECTED(00000003)
depth=1 /C=DE/O=T-Systems International GmbH/OU=T-Systems Trust Center/ST=NRW/postalCode=57250/L=Netphen/streetAddress=Untere Industriestr. 20/CN=TeleSec ServerPass DE-1
verify error:num=20:unable to get local issuer certificate
verify return:0
---
Certificate chain
 0 s:/C=DE/O=Strato AG/OU=Rechenzentrum/ST=Berlin/L=Berlin/CN=smtp.strato.de
   i:/C=DE/O=T-Systems International GmbH/OU=T-Systems Trust Center/ST=NRW/postalCode=57250/L=Netphen/streetAddress=Untere Industriestr. 20/CN=TeleSec ServerPass DE-1
 1 s:/C=DE/O=T-Systems International GmbH/OU=T-Systems Trust Center/ST=NRW/postalCode=57250/L=Netphen/streetAddress=Untere Industriestr. 20/CN=TeleSec ServerPass DE-1
   i:/C=DE/O=Deutsche Telekom AG/OU=T-TeleSec Trust Center/CN=Deutsche Telekom Root CA 2
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIHHDCCBgSgAwIBAgIJALSt9IYF7Oy8MA0GCSqGSIb3DQEBBQUAMIHJMQswCQYD
VQQGEwJERTElMCMGA1UEChMcVC1TeXN0ZW1zIEludGVybmF0aW9uYWwgR21iSDEf
MB0GA1UECxMWVC1TeXN0ZW1zIFRydXN0IENlbnRlcjEMMAoGA1UECBMDTlJXMQ4w
DAYDVQQREwU1NzI1MDEQMA4GA1UEBxMHTmV0cGhlbjEgMB4GA1UECRMXVW50ZXJl
IEluZHVzdHJpZXN0ci4gMjAxIDAeBgNVBAMTF1RlbGVTZWMgU2VydmVyUGFzcyBE
RS0xMB4XDTEzMDgwNjE0MDY1MVoXDTE0MDgxMTIzNTk1OVowdDELMAkGA1UEBhMC
REUxEjAQBgNVBAoTCVN0cmF0byBBRzEWMBQGA1UECxMNUmVjaGVuemVudHJ1bTEP
MA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xFzAVBgNVBAMTDnNtdHAu
c3RyYXRvLmRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6wue3CaB
HRYO5dvClpUuVvoA5fWfSQk9UcKRQR9/8IEIr6kPcoS4jjH2BcY76JayEXh2Sokk
RU/dp4mf3rPf9u7J7EoAsm5q5PeBf9myyZ7OZ1VYi12FCw3kuBwrApmnr1kTbG57
fhApTdY7Qsv233GSEWAG/EKsGVGfFYffmCDBHOSWC1tWmnW1eY34atB1OaodFZM0
116pYki6Q5ZF/5txJYhtYO2kUhRN7y/CABVmYmZiwv+ro6LUxZqGjweQqZ7VDiD1
d9pd6xnwubw5zptRV3OhRM4crLIbaoNaIxR4+z3BF9WH6N7hdi1sQFVpFSEag+QI
rY755v5O659FdQIDAQABo4IDWTCCA1UwHwYDVR0jBBgwFoAUYk8TzjZnhM0Z/KBP
GYvvFVQBMhwwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggr
BgEFBQcDATAdBgNVHQ4EFgQUk7xRNKGOZTjd0ndqVWijChlhe2MwWQYDVR0gBFIw
UDBEBgkrBgEEAb1HDQIwNzA1BggrBgEFBQcCARYpaHR0cDovL3d3dy50ZWxlc2Vj
LmRlL3NlcnZlcnBhc3MvY3BzLmh0bWwwCAYGZ4EMAQICMIIBIQYDVR0fBIIBGDCC
ARQwRaBDoEGGP2h0dHA6Ly9jcmwuc2VydmVycGFzcy50ZWxlc2VjLmRlL3JsL1Rl
bGVTZWNfU2VydmVyUGFzc19ERS0xLmNybDCByqCBx6CBxIaBwWxkYXA6Ly9sZGFw
LnNlcnZlcnBhc3MudGVsZXNlYy5kZS9jbj1UZWxlU2VjJTIwU2VydmVyUGFzcyUy
MERFLTEsb3U9VC1TeXN0ZW1zJTIwVHJ1c3QlMjBDZW50ZXIsbz1ULVN5c3RlbXMl
MjBJbnRlcm5hdGlvbmFsJTIwR21iSCxjPWRlP2NlcnRpZmljYXRlUmV2b2NhdGlv
bmxpc3Q/YmFzZT9jZXJ0aWZpY2F0ZVJldm9jYXRpb25saXN0PSowggE5BggrBgEF
BQcBAQSCASswggEnMDMGCCsGAQUFBzABhidodHRwOi8vb2NzcC5zZXJ2ZXJwYXNz
LnRlbGVzZWMuZGUvb2NzcHIwTAYIKwYBBQUHMAKGQGh0dHA6Ly9jcmwuc2VydmVy
cGFzcy50ZWxlc2VjLmRlL2NydC9UZWxlU2VjX1NlcnZlclBhc3NfREUtMS5jZXIw
gaEGCCsGAQUFBzAChoGUbGRhcDovL2xkYXAuc2VydmVycGFzcy50ZWxlc2VjLmRl
L2NuPVRlbGVTZWMlMjBTZXJ2ZXJQYXNzJTIwREUtMSxvdT1ULVN5c3RlbXMlMjBU
cnVzdCUyMENlbnRlcixvPVQtU3lzdGVtcyUyMEludGVybmF0aW9uYWwlMjBHbWJI
LGM9ZGU/Y0FDZXJ0aWZpY2F0ZTAMBgNVHRMBAf8EAjAAMBkGA1UdEQQSMBCCDnNt
dHAuc3RyYXRvLmRlMA0GCSqGSIb3DQEBBQUAA4IBAQCBG1rPwe4DARApgiAboMoH
x31T3JXCFVV1wpuJLatyrHPVlhI3613OK/RTpbMMMWGfHTOLCVpDVazYkSf1HngD
hMNL+2r4Iz/2hOeF/HsnHYgYRe9Um2VX7h1psWeQG71EQ/GTPi/2qSflAyQ6phKb
D1IbzoOoT0rTCYeJdLUcZ3J83CNaekgKhOydhGD4D3V2+n4UgfdashPjJcazLvDq
M5rtgiauZivSD3LSIDi23gxNxNoU/n2VNqTzRxOsKP5xgo79kY1yZuorNrQ500Jl
LOMpW5hN+rff9JhMflXO8q8FkumB0WIrEkTavOiBFZZ4rK91uG4zb9HenFKulgUa
-----END CERTIFICATE-----
subject=/C=DE/O=Strato AG/OU=Rechenzentrum/ST=Berlin/L=Berlin/CN=smtp.strato.de
issuer=/C=DE/O=T-Systems International GmbH/OU=T-Systems Trust Center/ST=NRW/postalCode=57250/L=Netphen/streetAddress=Untere Industriestr. 20/CN=TeleSec ServerPass DE-1
---
No client certificate CA names sent
---
SSL handshake has read 4189 bytes and written 319 bytes
---
New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : TLSv1
    Cipher    : DHE-RSA-AES256-SHA
    Session-ID:
    Session-ID-ctx:
    Master-Key: 51B0E3DE6A7D9459B6958CF15DD9AC9D99ABD0FE75D0DB518973128C204CA08EA98138EA3E070CAC5DF634875957DC1B
    Key-Arg   : None
    Krb5 Principal: None
    Start Time: 1392211558
    Timeout   : 300 (sec)
    Verify return code: 20 (unable to get local issuer certificate)
---
220 smtp.strato.de ESMTP RZmta 32.26 ready (mo25) TLS=TLSv1:DHE-RSA-AES256-SHA


[SchulzStefan]

mmccarn, thank you for joining the thread.

Here's the result of:

# openssl s_client -connect smtp.strato.de:465
CONNECTED(00000003)
depth=1 /C=DE/O=T-Systems International GmbH/OU=T-Systems Trust Center/ST=NRW/postalCode=57250/L=Netphen/streetAddress=Untere Industriestr. 20/CN=TeleSec ServerPass DE-1
verify error:num=20:unable to get local issuer certificate
verify return:0
---
Certificate chain
 0 s:/C=DE/O=Strato AG/OU=Rechenzentrum/ST=Berlin/L=Berlin/CN=smtp.strato.de
   i:/C=DE/O=T-Systems International GmbH/OU=T-Systems Trust Center/ST=NRW/postalCode=57250/L=Netphen/streetAddress=Untere Industriestr. 20/CN=TeleSec ServerPass DE-1
 1 s:/C=DE/O=T-Systems International GmbH/OU=T-Systems Trust Center/ST=NRW/postalCode=57250/L=Netphen/streetAddress=Untere Industriestr. 20/CN=TeleSec ServerPass DE-1
   i:/C=DE/O=Deutsche Telekom AG/OU=T-TeleSec Trust Center/CN=Deutsche Telekom Root CA 2
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIHHDCCBgSgAwIBAgIJALSt9IYF7Oy8MA0GCSqGSIb3DQEBBQUAMIHJMQswCQYD
VQQGEwJERTElMCMGA1UEChMcVC1TeXN0ZW1zIEludGVybmF0aW9uYWwgR21iSDEf
MB0GA1UECxMWVC1TeXN0ZW1zIFRydXN0IENlbnRlcjEMMAoGA1UECBMDTlJXMQ4w
DAYDVQQREwU1NzI1MDEQMA4GA1UEBxMHTmV0cGhlbjEgMB4GA1UECRMXVW50ZXJl
IEluZHVzdHJpZXN0ci4gMjAxIDAeBgNVBAMTF1RlbGVTZWMgU2VydmVyUGFzcyBE
RS0xMB4XDTEzMDgwNjE0MDY1MVoXDTE0MDgxMTIzNTk1OVowdDELMAkGA1UEBhMC
REUxEjAQBgNVBAoTCVN0cmF0byBBRzEWMBQGA1UECxMNUmVjaGVuemVudHJ1bTEP
MA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xFzAVBgNVBAMTDnNtdHAu
c3RyYXRvLmRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6wue3CaB
HRYO5dvClpUuVvoA5fWfSQk9UcKRQR9/8IEIr6kPcoS4jjH2BcY76JayEXh2Sokk
RU/dp4mf3rPf9u7J7EoAsm5q5PeBf9myyZ7OZ1VYi12FCw3kuBwrApmnr1kTbG57
fhApTdY7Qsv233GSEWAG/EKsGVGfFYffmCDBHOSWC1tWmnW1eY34atB1OaodFZM0
116pYki6Q5ZF/5txJYhtYO2kUhRN7y/CABVmYmZiwv+ro6LUxZqGjweQqZ7VDiD1
d9pd6xnwubw5zptRV3OhRM4crLIbaoNaIxR4+z3BF9WH6N7hdi1sQFVpFSEag+QI
rY755v5O659FdQIDAQABo4IDWTCCA1UwHwYDVR0jBBgwFoAUYk8TzjZnhM0Z/KBP
GYvvFVQBMhwwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggr
BgEFBQcDATAdBgNVHQ4EFgQUk7xRNKGOZTjd0ndqVWijChlhe2MwWQYDVR0gBFIw
UDBEBgkrBgEEAb1HDQIwNzA1BggrBgEFBQcCARYpaHR0cDovL3d3dy50ZWxlc2Vj
LmRlL3NlcnZlcnBhc3MvY3BzLmh0bWwwCAYGZ4EMAQICMIIBIQYDVR0fBIIBGDCC
ARQwRaBDoEGGP2h0dHA6Ly9jcmwuc2VydmVycGFzcy50ZWxlc2VjLmRlL3JsL1Rl
bGVTZWNfU2VydmVyUGFzc19ERS0xLmNybDCByqCBx6CBxIaBwWxkYXA6Ly9sZGFw
LnNlcnZlcnBhc3MudGVsZXNlYy5kZS9jbj1UZWxlU2VjJTIwU2VydmVyUGFzcyUy
MERFLTEsb3U9VC1TeXN0ZW1zJTIwVHJ1c3QlMjBDZW50ZXIsbz1ULVN5c3RlbXMl
MjBJbnRlcm5hdGlvbmFsJTIwR21iSCxjPWRlP2NlcnRpZmljYXRlUmV2b2NhdGlv
bmxpc3Q/YmFzZT9jZXJ0aWZpY2F0ZVJldm9jYXRpb25saXN0PSowggE5BggrBgEF
BQcBAQSCASswggEnMDMGCCsGAQUFBzABhidodHRwOi8vb2NzcC5zZXJ2ZXJwYXNz
LnRlbGVzZWMuZGUvb2NzcHIwTAYIKwYBBQUHMAKGQGh0dHA6Ly9jcmwuc2VydmVy
cGFzcy50ZWxlc2VjLmRlL2NydC9UZWxlU2VjX1NlcnZlclBhc3NfREUtMS5jZXIw
gaEGCCsGAQUFBzAChoGUbGRhcDovL2xkYXAuc2VydmVycGFzcy50ZWxlc2VjLmRl
L2NuPVRlbGVTZWMlMjBTZXJ2ZXJQYXNzJTIwREUtMSxvdT1ULVN5c3RlbXMlMjBU
cnVzdCUyMENlbnRlcixvPVQtU3lzdGVtcyUyMEludGVybmF0aW9uYWwlMjBHbWJI
LGM9ZGU/Y0FDZXJ0aWZpY2F0ZTAMBgNVHRMBAf8EAjAAMBkGA1UdEQQSMBCCDnNt
dHAuc3RyYXRvLmRlMA0GCSqGSIb3DQEBBQUAA4IBAQCBG1rPwe4DARApgiAboMoH
x31T3JXCFVV1wpuJLatyrHPVlhI3613OK/RTpbMMMWGfHTOLCVpDVazYkSf1HngD
hMNL+2r4Iz/2hOeF/HsnHYgYRe9Um2VX7h1psWeQG71EQ/GTPi/2qSflAyQ6phKb
D1IbzoOoT0rTCYeJdLUcZ3J83CNaekgKhOydhGD4D3V2+n4UgfdashPjJcazLvDq
M5rtgiauZivSD3LSIDi23gxNxNoU/n2VNqTzRxOsKP5xgo79kY1yZuorNrQ500Jl
LOMpW5hN+rff9JhMflXO8q8FkumB0WIrEkTavOiBFZZ4rK91uG4zb9HenFKulgUa
-----END CERTIFICATE-----
subject=/C=DE/O=Strato AG/OU=Rechenzentrum/ST=Berlin/L=Berlin/CN=smtp.strato.de
issuer=/C=DE/O=T-Systems International GmbH/OU=T-Systems Trust Center/ST=NRW/postalCode=57250/L=Netphen/streetAddress=Untere Industriestr. 20/CN=TeleSec ServerPass DE-1
---
No client certificate CA names sent
---
SSL handshake has read 4189 bytes and written 319 bytes
---
New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : TLSv1
    Cipher    : DHE-RSA-AES256-SHA
    Session-ID:
    Session-ID-ctx:
    Master-Key: 65D6B189A1D5F5B55D659F96C655EF2960A51A5CFD349C5805698A79209E24D309BBDD83DC8A0A6A263DE0AE82195284
    Key-Arg   : None
    Krb5 Principal: None
    Start Time: 1392216830
    Timeout   : 300 (sec)
    Verify return code: 20 (unable to get local issuer certificate)
---
220 smtp.strato.de ESMTP RZmta 32.26 ready (mo33) TLS=TLSv1:DHE-RSA-AES256-SHA
closed