V2EX = way to explore
V2EX 是一个关于分享和探索的地方
现在注册
已注册用户请  登录
V2EX 提问指南
TheOtherBruce
V2EX  ›  问与答

利用 mailx 通过 QQ 邮箱 SMTP 发送邮件,出现问题,也许是证书原因,请大家指教

  •  
  •   TheOtherBruce · 2016-05-02 11:43:27 +08:00 · 20915 次点击
    这是一个创建于 3109 天前的主题,其中的信息可能已经有所发展或是发生改变。

    OS Centos 7

    ln -s /bin/mailx /bin/email /etc/mail.rc 里是这样设置的

    set smtp-use-starttls
    
    set ssl-verify=ignore
    
    set nss-config-dir=/root/.certs
    
    #set from
    set [email protected]
    
    # set smtp=smtp://smtp.server.tld:port_number
    set smtp=smtp.qq.com:465 ( or 587 )
    
    # set the user for SMTP
    # set [email protected]
    set [email protected]
    
    # set the password for authorisation
    set smtp-auth-password=XXXXXXX
    
    # tell mailx that it needs to authorise
    set smtp-auth=login
    

    465 端口测试 没反馈

    echo hello|email -v -s "test" [email protected]
    Resolving host smtp.qq.com . . . done.
    Connecting to 14.17.57.241:465 . . . connected.
    ^C
    

    587 端口测试

    echo hello|email -v -s "test" [email protected]
    Resolving host smtp.qq.com . . . done.
    Connecting to 14.17.57.241:587 . . . connected.
    220 smtp.qq.com Esmtp QQ Mail Server
    >>> EHLO XXXX.guest
    250-smtp.qq.com
    250-PIPELINING
    250-SIZE 73400320
    250-STARTTLS
    250-AUTH LOGIN PLAIN
    250-AUTH=LOGIN
    250-MAILCOMPRESS
    250 8BITMIME
    >>> STARTTLS
    220 Ready to start TLS
    Error initializing NSS: Unknown error -8015.
    "/root/dead.letter" 11/301
    . . . message not sent.
    

    查看腾讯的证书

    465 端口

    openssl s_client -showcerts -connect smtp.qq.com:465
    CONNECTED(00000003)
    depth=2 C = US, O = GeoTrust Inc., CN = GeoTrust Global CA
    verify return:1
    depth=1 C = US, O = GeoTrust Inc., CN = GeoTrust SSL CA - G3
    verify return:1
    depth=0 C = CN, ST = Guangdong, L = Shenzhen, O = Shenzhen Tencent Computer Systems Company Limited, OU = R&D, CN = pop.qq.com
    verify return:1
    ---
    Certificate chain
     0 s:/C=CN/ST=Guangdong/L=Shenzhen/O=Shenzhen Tencent Computer Systems Company Limited/OU=R&D/CN=pop.qq.com
       i:/C=US/O=GeoTrust Inc./CN=GeoTrust SSL CA - G3
    -----BEGIN CERTIFICATE-----
    MIIGbzCCBVegAwIBAgIQZlTnxqFc/rVo50RzuVnejDANBgkqhkiG9w0BAQsFADBE
    MQswCQYDVQQGEwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEdMBsGA1UEAxMU
    R2VvVHJ1c3QgU1NMIENBIC0gRzMwHhcNMTYwMTI3MDAwMDAwWhcNMTYxMDIzMjM1
    OTU5WjCBkzELMAkGA1UEBhMCQ04xEjAQBgNVBAgTCUd1YW5nZG9uZzERMA8GA1UE
    BxQIU2hlbnpoZW4xOjA4BgNVBAoUMVNoZW56aGVuIFRlbmNlbnQgQ29tcHV0ZXIg
    U3lzdGVtcyBDb21wYW55IExpbWl0ZWQxDDAKBgNVBAsUA1ImRDETMBEGA1UEAxQK
    cG9wLnFxLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALeSY7Vb
    60Cvv7P2O+zhaZnqlz/KFs//DH4It3xmyMPFOPUFopzN1h8n3/4FPqGBtqEEuWBE
    /o7soZT30E8bw30Tl07VOcYm/fPKi1pyro3hNEdLi5Wlta9fKxDAvw0U3clSq39R
    qihYIDAA3QrDuqI54gULa5IZnqM16A9VBULPfIDaXbdgaAIJ5Ak92nC13YcdQYuv
    egL6jOWSKzCRTqeRAg+6dWkfce1+gAOCuCUDgAso2EJ+k9nFe/LAMMGdGbe4KI9H
    CwpDCMo+2k2u4SQtXOmuYke7nNmRnpJeL3qZnGWsqT7l3N0mYCc/+3zcMfAcmyuo
    H90stoWF/G2T2rcCAwEAAaOCAwswggMHMIIBggYDVR0RBIIBeTCCAXWCCm14Mi5x
    cS5jb22CEmltYXAuZXhtYWlsLnFxLmNvbYISdXBsb2FkLm1haWwucXEuY29tgg90
    ZWwubWFpbC5xcS5jb22CFGh3c210cC5leG1haWwucXEuY29tgg9tb2IubWFpbC5x
    cS5jb22CEXJ0eC5leG1haWwucXEuY29tgg1teGJpejIucXEuY29tgg1teGJpejEu
    cXEuY29tgg5oay5tYWlsLnFxLmNvbYIOY2xvdWRteC5xcS5jb22CFGh3aW1hcC5l
    eG1haWwucXEuY29tggpteDEucXEuY29tghJzbXRwLmV4bWFpbC5xcS5jb22CEXBv
    cC5leG1haWwucXEuY29tghNod3BvcC5leG1haWwucXEuY29tggpteDMucXEuY29t
    ggtzbXRwLnFxLmNvbYIKZGF2LnFxLmNvbYIJZXgucXEuY29tgg9jbmMubWFpbC5x
    cS5jb22CC2ltYXAucXEuY29tggpwb3AucXEuY29tMAkGA1UdEwQCMAAwDgYDVR0P
    AQH/BAQDAgWgMCsGA1UdHwQkMCIwIKAeoByGGmh0dHA6Ly9nbi5zeW1jYi5jb20v
    Z24uY3JsMIGdBgNVHSAEgZUwgZIwgY8GBmeBDAECAjCBhDA/BggrBgEFBQcCARYz
    aHR0cHM6Ly93d3cuZ2VvdHJ1c3QuY29tL3Jlc291cmNlcy9yZXBvc2l0b3J5L2xl
    Z2FsMEEGCCsGAQUFBwICMDUMM2h0dHBzOi8vd3d3Lmdlb3RydXN0LmNvbS9yZXNv
    dXJjZXMvcmVwb3NpdG9yeS9sZWdhbDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYB
    BQUHAwIwHwYDVR0jBBgwFoAU0m/3lvSFP3I8MH0j2oV4m6N8WnwwVwYIKwYBBQUH
    AQEESzBJMB8GCCsGAQUFBzABhhNodHRwOi8vZ24uc3ltY2QuY29tMCYGCCsGAQUF
    BzAChhpodHRwOi8vZ24uc3ltY2IuY29tL2duLmNydDANBgkqhkiG9w0BAQsFAAOC
    AQEAvta4aGvK5qe31ZnLbmtblhgLD11dAdSom3sEnkF8UHtoi+gPiHBmHy1t39Du
    2w+5aeriqwsetdDNuAhh6ckKJhGjc9ochWw2lvyuHPko8sSDdBd/oUYBh60lREwB
    DoAi7x37QIjia4yprFCNs/+bV+bee+2nijeNYibgwLQ+5jZL89jC6BVXxLSTenVw
    B2bzQPauNo+DOsB6ubY/i5r9p2E1DHAO9AluN/epJZ1gwZhYlOey71s59341w/ql
    ZJImDrWch+Gj1ZgnXWnttgOSafqynPA6VtiFyYGF4zLboxIkNiyuwj+ZzuugV97z
    IurYVE9FA7vTlfeJhAkG2gIwsA==
    -----END CERTIFICATE-----
     1 s:/C=US/O=GeoTrust Inc./CN=GeoTrust SSL CA - G3
       i:/C=US/O=GeoTrust Inc./CN=GeoTrust Global CA
    -----BEGIN CERTIFICATE-----
    MIIETzCCAzegAwIBAgIDAjpvMA0GCSqGSIb3DQEBCwUAMEIxCzAJBgNVBAYTAlVT
    MRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW9UcnVzdCBHbG9i
    YWwgQ0EwHhcNMTMxMTA1MjEzNjUwWhcNMjIwNTIwMjEzNjUwWjBEMQswCQYDVQQG
    EwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEdMBsGA1UEAxMUR2VvVHJ1c3Qg
    U1NMIENBIC0gRzMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDjvn4K
    hqPPa209K6GXrUkkTdd3uTR5CKWeop7eRxKSPX7qGYax6E89X/fQp3eaWx8KA7UZ
    U9ulIZRpY51qTJEMEEe+EfpshiW3qwRoQjgJZfAU2hme+msLq2LvjafvY3AjqK+B
    89FuiGdT7BKkKXWKp/JXPaKDmJfyCn3U50NuMHhiIllZuHEnRaoPZsZVP/oyFysx
    j0ag+mkUfJ2fWuLrM04QprPtd2PYw5703d95mnrU7t7dmszDt6ldzBE6B7tvl6QB
    I0eVH6N3+liSxsfQvc+TGEK3fveeZerVO8rtrMVwof7UEJrwEgRErBpbeFBFV0xv
    vYDLgVwts7x2oR5lAgMBAAGjggFKMIIBRjAfBgNVHSMEGDAWgBTAephojYn7qwVk
    DBF9qn1luMrMTjAdBgNVHQ4EFgQU0m/3lvSFP3I8MH0j2oV4m6N8WnwwEgYDVR0T
    AQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8EBAMCAQYwNgYDVR0fBC8wLTAroCmgJ4Yl
    aHR0cDovL2cxLnN5bWNiLmNvbS9jcmxzL2d0Z2xvYmFsLmNybDAvBggrBgEFBQcB
    AQQjMCEwHwYIKwYBBQUHMAGGE2h0dHA6Ly9nMi5zeW1jYi5jb20wTAYDVR0gBEUw
    QzBBBgpghkgBhvhFAQc2MDMwMQYIKwYBBQUHAgEWJWh0dHA6Ly93d3cuZ2VvdHJ1
    c3QuY29tL3Jlc291cmNlcy9jcHMwKQYDVR0RBCIwIKQeMBwxGjAYBgNVBAMTEVN5
    bWFudGVjUEtJLTEtNTM5MA0GCSqGSIb3DQEBCwUAA4IBAQCg1Pcs+3QLf2TxzUNq
    n2JTHAJ8mJCi7k9o1CAacxI+d7NQ63K87oi+fxfqd4+DYZVPhKHLMk9sIb7SaZZ9
    Y73cK6gf0BOEcP72NZWJ+aZ3sEbIu7cT9clgadZM/tKO79NgwYCA4ef7i28heUrg
    3Kkbwbf7w0lZXLV3B0TUl/xJAIlvBk4BcBmsLxHA4uYPL4ZLjXvDuacu9PGsFj45
    SVGeF0tPEDpbpaiSb/361gsDTUdWVxnzy2v189bPsPX1oxHSIFMTNDcFLENaY9+N
    QNaFHlHpURceA1bJ8TCt55sRornQMYGbaLHZ6PPmlH7HrhMvh+3QJbBo+d4IWvMp
    zNSS
    -----END CERTIFICATE-----
    ---
    Server certificate
    subject=/C=CN/ST=Guangdong/L=Shenzhen/O=Shenzhen Tencent Computer Systems Company Limited/OU=R&D/CN=pop.qq.com
    issuer=/C=US/O=GeoTrust Inc./CN=GeoTrust SSL CA - G3
    ---
    No client certificate CA names sent
    ---
    SSL handshake has read 3114 bytes and written 605 bytes
    ---
    New, TLSv1/SSLv3, Cipher is AES256-SHA256
    Server public key is 2048 bit
    Secure Renegotiation IS supported
    Compression: NONE
    Expansion: NONE
    SSL-Session:
        Protocol  : TLSv1.2
        Cipher    : AES256-SHA256
        Session-ID: C5D491F61D5A9CCFB6D0994D4B98A70619ADDD7076202155F404DB903F575E03
        Session-ID-ctx: 
        Master-Key: 1E2ACE2B58E07911983F27223130B2D473ABCDAD749AC29796544912A57868656FB7E1BFAB33A9F54795C1FAF6E9BF88
        Key-Arg   : None
        Krb5 Principal: None
        PSK identity: None
        PSK identity hint: None
        TLS session ticket lifetime hint: 600 (seconds)
        TLS session ticket:
        0000 - 5e 3f 95 a3 57 86 66 bf-34 7e 95 43 7f 24 0a f8   ^?..W.f.4~.C.$..
        0010 - 79 6b fe 42 1b 26 d1 cb-b7 fb 8b 6c 27 7f 5e ab   yk.B.&.....l'.^.
        0020 - b6 0b f5 6b 6b b1 1e 7a-2e 65 68 84 3d d1 9a d0   ...kk..z.eh.=...
        0030 - 98 b0 56 fb dd 15 d4 f8-7d 9e 07 0e 33 86 22 06   ..V.....}...3.".
        0040 - 2f d3 ce 38 ae d4 2c 75-00 58 63 fa 9e 07 64 4b   /..8..,u.Xc...dK
        0050 - bc 0d ce a4 b0 71 d3 f3-ad 5f fa 15 60 5d 5a a6   .....q..._..`]Z.
        0060 - 0a 1b f5 72 cb 48 b1 f5-a9 e9 90 71 f4 d8 fc f9   ...r.H.....q....
        0070 - 8f 6e 9b 74 3f 9e 26 d8-e8 f6 eb c6 a6 09 db 0d   .n.t?.&.........
        0080 - 0a 06 63 14 84 eb 2e d5-d9 99 ac 53 5c 36 94 38   ..c........S\6.8
        0090 - 3c 38 1a ff 8b 53 c7 54-c4 70 3d 04 62 0d e8 a8   <8...S.T.p=.b...
    
        Start Time: 1462159866
        Timeout   : 300 (sec)
        Verify return code: 0 (ok)
    ---
    220 smtp.qq.com Esmtp QQ Mail Server
    ^C
    

    587 端口

    openssl s_client -showcerts -connect smtp.qq.com:587
    CONNECTED(00000003)
    139994642556832:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:s23_clnt.c:769:
    ---
    no peer certificate available
    ---
    No client certificate CA names sent
    ---
    SSL handshake has read 7 bytes and written 247 bytes
    ---
    New, (NONE), Cipher is (NONE)
    Secure Renegotiation IS NOT supported
    Compression: NONE
    Expansion: NONE
    ---
    

    我按照这两个文章

    http://serverfault.com/questions/498588/smtp-gmail-com-from-bash-gives-error-in-certificate-peers-certificate-issuer

    http://www.gabrielemerli.com/?p=2476

    第二篇中的这个命令无法运行

    certutil -A -n "Google Internet Authority" -t "TC,," -d certs -i google
    certutil:  unable to open "google" for reading (-5950, 2).
    

    最后竟然装了这个证书

    certutil -L -d certs
    
    Certificate Nickname                                         Trust Attributes
                                                                 SSL,S/MIME,JAR/XPI
    
    Google Internet Authority                                    CT,, 
    

    在寻找证书的过程中, GeoTrust SSL CA - G3 这个证书找不到下载地址。

    请问正确的设置应该是怎样的? 现在这里谢谢大家了

    第 1 条附言  ·  2016-05-02 16:28:42 +08:00

    参考

    http://www.51xpage.com/%E6%9C%8D%E5%8A%A1%E5%99%A8%E7%AE%A1%E7%90%86/2015/12/10/dao-ting-tu-shuo-linux-xi-lie-9-fa-song-wai-bu-you-jian

    http://whatizee.blogspot.jp/2013/12/installing-and-config-heirloom-mailx.html

    ~/.certs下有cert8.db key3.db secmod.db这三个文件,

    echo -n | openssl s_client -connect smtp.qq.com:465 | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > ~/.certs/qq.crt
    depth=2 C = US, O = GeoTrust Inc., CN = GeoTrust Global CA
    verify return:1
    depth=1 C = US, O = GeoTrust Inc., CN = GeoTrust SSL CA - G3
    verify return:1
    depth=0 C = CN, ST = Guangdong, L = Shenzhen, O = Shenzhen Tencent Computer Systems Company Limited, OU = R&D, CN = pop.qq.com
    verify return:1
    DONE
    

    我用cd /.certs,然后

    certutil -A -n "GeoTrust SSL CA" -t "C,," -d ~/.certs -i ~/.certs/qq.crt
    certutil -A -n "GeoTrust Global CA" -t "C,," -d ~/.certs -i ~/.certs/qq.crt
    

    报错

    certutil -L -d .certs
    certutil: function failed: SEC_ERROR_LEGACY_DATABASE: The certificate/key database is in an old, unsupported format.
    

    echo "内容" | mail -A Gmail -v -s " 标题" [email protected]

    或者

    ```echo "内容" | mail -A QQ -v -s " 标题" [email protected]````

    错误都是这个

    Error initializing NSS: Unknown error -8015.
    "/root/dead.letter" 11/321
    . . . message not sent.
    
    4 条回复    2016-05-10 23:24:02 +08:00
    ashoka
        1
    ashoka  
       2016-05-02 13:52:42 +08:00 via Android
    在 django 里 qq 好像要打开 ssl 才行
    TheOtherBruce
        2
    TheOtherBruce  
    OP
       2016-05-02 13:59:10 +08:00
    @ashoka 您好 能说的详细些吗? 这个 django 在哪?
    TheOtherBruce
        3
    TheOtherBruce  
    OP
       2016-05-05 16:54:04 +08:00
    有同志能帮忙吗?
    TheOtherBruce
        4
    TheOtherBruce  
    OP
       2016-05-10 23:24:02 +08:00
    我到现在还没解决 :(
    关于   ·   帮助文档   ·   博客   ·   API   ·   FAQ   ·   实用小工具   ·   1748 人在线   最高记录 6679   ·     Select Language
    创意工作者们的社区
    World is powered by solitude
    VERSION: 3.9.8.5 · 24ms · UTC 16:39 · PVG 00:39 · LAX 08:39 · JFK 11:39
    Developed with CodeLauncher
    ♥ Do have faith in what you're doing.