E-mail notification: can't get it working

Discussion on setting up QNAP NAS products.
ad6922
Know my way around
Posts: 154
Joined: Mon Apr 12, 2010 4:57 am

E-mail notification: can't get it working

Post by ad6922 »

Spent last night on 2 qnap servers with two different e-mail addresses, but can't get it working.
I used the info from this forum a lot and for that reason I think that my e-mail set up is right.

That leaves:
1) right DNS settings
2) firewall settings

for DNS settings, I have attached a picture to this thread. To me it seems right but I could be mistaken.
Could anybody confirm this is setup in the right way?

For firewall settings, I have to do this in my ASUS RT-N66U. I can't follow the logic what to set here.

My firewall is on, but what kind of rule needs to be attached, i haven't got a clue.
You do not have the required permissions to view the files attached to this post.
Main NAS:
TS-459 Pro QTS Firmware 4.2.0 (20150925) - 4 * 4TB - WD Red - Raid5

Download NAS:
TS-121 QTS Firmware 4.2.0 (20150925) - 4TB WD Red
ad6922
Know my way around
Posts: 154
Joined: Mon Apr 12, 2010 4:57 am

E-mail notification: can't get it working

Post by ad6922 »

Spent last night on 2 qnap servers with two different e-mail addresses, but can't get it working.
I used the info from this forum a lot and for that reason I think that my e-mail set up is right.

That leaves:
1) right DNS settings
2) firewall settings

for DNS settings, I have attached a picture to this thread. To me it seems right but I could be mistaken.
Could anybody confirm this is setup in the right way?

For firewall settings, I have to do this in my ASUS RT-N66U. I can't follow the logic what to set here.

My firewall is on, but what kind of rule needs to be attached, i haven't got a clue.
Main NAS:
TS-459 Pro QTS Firmware 4.2.0 (20150925) - 4 * 4TB - WD Red - Raid5

Download NAS:
TS-121 QTS Firmware 4.2.0 (20150925) - 4TB WD Red
User avatar
doktornotor
Ask me anything
Posts: 7472
Joined: Tue Apr 24, 2012 5:44 am

Re: E-mail notification: can't get it working

Post by doktornotor »

These settings in the screenshot are completely unrelated to email notifications. Search the forum for hints on debugging SMTP issues.
I'm gone from this forum till QNAP stop wasting volunteers' time. Get help from QNAP helpdesk instead.
Warning: offensive signature and materials damaging QNAP reputation follow:
QNAP's FW security issues
QNAP's hardware compatibility list madness
QNAP's new logo competition
Dear QNAP, kindly fire your clueless incompetent forum "admin" And while at it, don't forget the webmaster!
ad6922
Know my way around
Posts: 154
Joined: Mon Apr 12, 2010 4:57 am

Re: E-mail notification: can't get it working

Post by ad6922 »

Hi doktornotor,

As i understand DNS settings were a possible issue, that's why I added that info in the screenprint.

How should I check then in another way if DNS is right or not? Because I spent already some time on searching the forum but for this part it wasn't clear to me hw to work that out.
Main NAS:
TS-459 Pro QTS Firmware 4.2.0 (20150925) - 4 * 4TB - WD Red - Raid5

Download NAS:
TS-121 QTS Firmware 4.2.0 (20150925) - 4TB WD Red
User avatar
doktornotor
Ask me anything
Posts: 7472
Joined: Tue Apr 24, 2012 5:44 am

Re: E-mail notification: can't get it working

Post by doktornotor »

Use the forum search feature. This has been debugged many times before. (As for you DNS, simply use nslookup from shell.)
I'm gone from this forum till QNAP stop wasting volunteers' time. Get help from QNAP helpdesk instead.
Warning: offensive signature and materials damaging QNAP reputation follow:
QNAP's FW security issues
QNAP's hardware compatibility list madness
QNAP's new logo competition
Dear QNAP, kindly fire your clueless incompetent forum "admin" And while at it, don't forget the webmaster!
User avatar
pwilson
Guru
Posts: 22533
Joined: Fri Mar 06, 2009 11:20 am
Location: Victoria, BC, Canada (UTC-08:00)

Re: E-mail notification: can't get it working

Post by pwilson »

ad6922 wrote:Spent last night on 2 qnap servers with two different e-mail addresses, but can't get it working.
I used the info from this forum a lot and for that reason I think that my e-mail set up is right.

That leaves:
1) right DNS settings
2) firewall settings

for DNS settings, I have attached a picture to this thread. To me it seems right but I could be mistaken.
Could anybody confirm this is setup in the right way?

For firewall settings, I have to do this in my ASUS RT-N66U. I can't follow the logic what to set here.

My firewall is on, but what kind of rule needs to be attached, i haven't got a clue.
To resolve this, you will need to provide more information. Please login to your NAS via SSH, login as "admin", and run the following command:

Code: Select all

cat /etc/config/ssmtp/ssmtp.conf
Please cut&paste the output of this command to this Forum. (Please edit (falsify) the "AuthUser" and "enAuthPass" fields before posting this to the Forum, in order to protect your privacy, and protect yourself from Spammers)

To check your DNS system please simply run my DNSReport script on your NAS, and cut&paste the output of the DNSReport back to this message thread. Please login to your NAS via SSH, login as "admin", and run the following commands:

Code: Select all

touch /tmp/dnsreport
chmod +x /tmp/dnsreport
cat <<EOF >>/tmp/dnsreport
#!/bin/sh
#
# DNS Report by Patrick Wilson
# see: http://forum.qnap.com/viewtopic.php?f=185&t=82260#p366188
#
#
echo "*********************"
echo "** QNAP DNS Report **"
echo "*********************"
echo " "
echo "NAS Model:      \$(getsysinfo model)"
echo "Firmware:       \$(getcfg system version) Build \$(getcfg system 'Build Number')"
echo "System Name:    \$(/bin/hostname)"
echo "Workgroup:      \$(getcfg system workgroup)"
echo "Base Directory: \$(dirname \$(getcfg -f /etc/config/smb.conf Public path))"
echo "NAS IP address: \$(ifconfig \$(getcfg network 'Default GW Device') | grep addr: | awk '{ print \$2 }' | cut -d: -f2)"
echo " " 
echo "Default Gateway Device: \$(getcfg network 'Default GW Device')" 
echo " "
ifconfig \$(getcfg network 'Default GW Device') | grep -v HWaddr
echo " "
echo -n "DNS Nameserver(s):" 
cat /etc/resolv.conf | grep nameserver | cut -d' ' -f2
echo " "
echo " "
echo "Check DNS for qnap.com:"
echo "nslookup qnap.com"
nslookup qnap.com
echo "Check DNS for qnap.com with \$(route -n | grep UG | grep 0.0.0.0 | awk '{print \$2}') as DNS Server"
echo "nslookup qnap.com \$(route -n | grep UG | grep 0.0.0.0 | awk '{print \$2}')"
nslookup qnap.com \$(route -n | grep UG | grep 0.0.0.0 | awk '{print \$2}')
echo " "
echo "Check DNS for \$(getcfg system 'Server Name'):"
echo "nslookup \$(getcfg system 'Server Name')"
nslookup \$(getcfg system 'Server Name')
echo "Check DNS for \$(getcfg system 'Server Name') with \$(route -n | grep UG | grep 0.0.0.0 | awk '{print \$2}') as DNS Server"
echo "nslookup \$(getcfg system 'Server Name') \$(route -n | grep UG | grep 0.0.0.0 | awk '{print \$2}')"
nslookup \$(getcfg system 'Server Name') \$(route -n | grep UG | grep 0.0.0.0 | awk '{print \$2}')
echo " "
echo "Routing Table:"
route -n
echo " "
echo "DNSReport completed on $(date +'%Y-%m-%d %T') ($0)"
EOF
sleep 2
clear
/tmp/dnsreport
#done 

With the output requested in this message, we may be able to help you further. Please cut&paste the output of the resulting DNSReport back to this Forum

Patrick M. Wilson
Victoria, BC Canada
QNAP TS-470 Pro w/ 4 * Western Digital WD30EFRX WD Reds (RAID5) - - Single 8.1TB Storage Pool FW: QTS 4.2.0 Build 20151023 - Kali Linux v1.06 (64bit)
Forums: View My Profile - Search My Posts - View My Photo - View My Location - Top Community Posters
QNAP: Turbo NAS User Manual - QNAP Wiki - QNAP Tutorials - QNAP FAQs

Please review: When you're asking a question, please include the following.
ad6922
Know my way around
Posts: 154
Joined: Mon Apr 12, 2010 4:57 am

Re: E-mail notification: can't get it working

Post by ad6922 »

Hi Patrick,

first of all I want to thank you for taking the time to look into my problem.
There are a number of active users that are very helpful, and you're definitely one of them.

I have run the actions on ssh and attached the results.
You do not have the required permissions to view the files attached to this post.
Main NAS:
TS-459 Pro QTS Firmware 4.2.0 (20150925) - 4 * 4TB - WD Red - Raid5

Download NAS:
TS-121 QTS Firmware 4.2.0 (20150925) - 4TB WD Red
User avatar
pwilson
Guru
Posts: 22533
Joined: Fri Mar 06, 2009 11:20 am
Location: Victoria, BC, Canada (UTC-08:00)

Re: E-mail notification: can't get it working

Post by pwilson »

ad6922 wrote:Hi Patrick,

first of all I want to thank you for taking the time to look into my problem.
There are a number of active users that are very helpful, and you're definitely one of them.

I have run the actions on ssh and attached the results.
Your understanding of "cut&paste" leads a lot to be desired. We can't quote from screenshots. You do however get credit for providing screenshots that were actually readable, but please use "cut&paste" when requested going forward. (Thanks for understanding).

Your DNS does seem to be working properly on the NAS. (Are you actually using ASUS provided firmware on your Router? I'm surprised that worked).

I reviewed your "SSMTP" settings, and I think you will find that it is using the wrong port for GMail. I believe GMail expects traffic to arrive on port 587/TCP. Try reconfiguring your "Notification" settings. BTW, it would have helped us to help you, if you had proactively told us you were attempting to use GMail for your notifications in your original message.

Code: Select all

#
# /etc/ssmtp.conf -- a config file for sSMTP sendmail.
#
mailhub = smtp.gmail.com:587
FromLineOverride=YES
UseTLS = YES
UseSTARTTLS = YES
AuthUser = XXXXXXX@gmail.com
enAuthPass = XXXXXXX
(The more information you provide in your initial message, the more help we can provide without asking questions first).

Patrick M. Wilson
Victoria, BC Canada
QNAP TS-470 Pro w/ 4 * Western Digital WD30EFRX WD Reds (RAID5) - - Single 8.1TB Storage Pool FW: QTS 4.2.0 Build 20151023 - Kali Linux v1.06 (64bit)
Forums: View My Profile - Search My Posts - View My Photo - View My Location - Top Community Posters
QNAP: Turbo NAS User Manual - QNAP Wiki - QNAP Tutorials - QNAP FAQs

Please review: When you're asking a question, please include the following.
User avatar
doktornotor
Ask me anything
Posts: 7472
Joined: Tue Apr 24, 2012 5:44 am

Re: E-mail notification: can't get it working

Post by doktornotor »

Actually Gmail can use both 465/SSL and 587/TLS - unless blocked by dumb ISP. Same config as posted above works just fine here. Either your traffic is blocked by ISP or you are using wrong credentials. (If you enabled two-factor authentication on Google, you need to use application-specific password, not the one for your email.)
I'm gone from this forum till QNAP stop wasting volunteers' time. Get help from QNAP helpdesk instead.
Warning: offensive signature and materials damaging QNAP reputation follow:
QNAP's FW security issues
QNAP's hardware compatibility list madness
QNAP's new logo competition
Dear QNAP, kindly fire your clueless incompetent forum "admin" And while at it, don't forget the webmaster!
ad6922
Know my way around
Posts: 154
Joined: Mon Apr 12, 2010 4:57 am

Re: E-mail notification: can't get it working

Post by ad6922 »

changed it to 587 and issue still occurs. I am not using two-factor authentication.
Main NAS:
TS-459 Pro QTS Firmware 4.2.0 (20150925) - 4 * 4TB - WD Red - Raid5

Download NAS:
TS-121 QTS Firmware 4.2.0 (20150925) - 4TB WD Red
User avatar
pwilson
Guru
Posts: 22533
Joined: Fri Mar 06, 2009 11:20 am
Location: Victoria, BC, Canada (UTC-08:00)

Re: E-mail notification: can't get it working

Post by pwilson »

doktornotor wrote:Actually Gmail can use both 465/SSL and 587/TLS - unless blocked by dumb ISP. Same config as posted above works just fine here. Either your traffic is blocked by ISP or you are using wrong credentials. (If you enabled two-factor authentication on Google, you need to use application-specific password, not the one for your email.)
If:

Code: Select all

UseTLS = YES
Port 587/TCP should be used, is my understanding.

Patrick M. Wilson
Victoria, BC Canada
QNAP TS-470 Pro w/ 4 * Western Digital WD30EFRX WD Reds (RAID5) - - Single 8.1TB Storage Pool FW: QTS 4.2.0 Build 20151023 - Kali Linux v1.06 (64bit)
Forums: View My Profile - Search My Posts - View My Photo - View My Location - Top Community Posters
QNAP: Turbo NAS User Manual - QNAP Wiki - QNAP Tutorials - QNAP FAQs

Please review: When you're asking a question, please include the following.
User avatar
pwilson
Guru
Posts: 22533
Joined: Fri Mar 06, 2009 11:20 am
Location: Victoria, BC, Canada (UTC-08:00)

Re: E-mail notification: can't get it working

Post by pwilson »

ad6922 wrote:changed it to 587 and issue still occurs. I am not using two-factor authentication.
Lets use "telnet" to troubleshoot further:

From your NAS via SSH, please run:

Code: Select all

telnet smtp.gmail.com 587
It should product output similar to the following:

Code: Select all

telnet smtp.gmail.com 587
Trying 74.125.25.108...
Connected to gmail-smtp-msa.l.google.com.
Escape character is '^]'.
220 mx.google.com ESMTP fp6sm6971747pdb.4 - gsmtp

Patrick M. Wilson
Victoria, BC Canada
QNAP TS-470 Pro w/ 4 * Western Digital WD30EFRX WD Reds (RAID5) - - Single 8.1TB Storage Pool FW: QTS 4.2.0 Build 20151023 - Kali Linux v1.06 (64bit)
Forums: View My Profile - Search My Posts - View My Photo - View My Location - Top Community Posters
QNAP: Turbo NAS User Manual - QNAP Wiki - QNAP Tutorials - QNAP FAQs

Please review: When you're asking a question, please include the following.
ad6922
Know my way around
Posts: 154
Joined: Mon Apr 12, 2010 4:57 am

Re: E-mail notification: can't get it working

Post by ad6922 »

Send a Facebook message to my ISP with the question if they block traffic. As it's 23:00 in the Netherlands it will take some hours before getting an answer.
Main NAS:
TS-459 Pro QTS Firmware 4.2.0 (20150925) - 4 * 4TB - WD Red - Raid5

Download NAS:
TS-121 QTS Firmware 4.2.0 (20150925) - 4TB WD Red
ad6922
Know my way around
Posts: 154
Joined: Mon Apr 12, 2010 4:57 am

Re: E-mail notification: can't get it working

Post by ad6922 »

Patrick, used the telnet command you provided.

This is the result:

[~] # telnet smtp.gmail.com 587
220 mx.google.com ESMTP dd1sm12913173wjc.35 - gsmtp
Main NAS:
TS-459 Pro QTS Firmware 4.2.0 (20150925) - 4 * 4TB - WD Red - Raid5

Download NAS:
TS-121 QTS Firmware 4.2.0 (20150925) - 4TB WD Red
User avatar
doktornotor
Ask me anything
Posts: 7472
Joined: Tue Apr 24, 2012 5:44 am

Re: E-mail notification: can't get it working

Post by doktornotor »

pwilson wrote:

Code: Select all

UseTLS = YES
Port 587/TCP should be used, is my understanding.
That's a misunderstanding. That line is for port 465 with encrypted connection, as in - from the very beginning (SSL/TLS whatever negotiated).

TLS:

Code: Select all

# openssl s_client -tls1 -connect smtp.gmail.com:465 -crlf -ign_eof
CONNECTED(00000003)
depth=2 C = US, O = GeoTrust Inc., CN = GeoTrust Global CA
verify error:num=20:unable to get local issuer certificate
verify return:0
---
Certificate chain
 0 s:/C=US/ST=California/L=Mountain View/O=Google Inc/CN=smtp.gmail.com
   i:/C=US/O=Google Inc/CN=Google Internet Authority G2
 1 s:/C=US/O=Google Inc/CN=Google Internet Authority G2
   i:/C=US/O=GeoTrust Inc./CN=GeoTrust Global CA
 2 s:/C=US/O=GeoTrust Inc./CN=GeoTrust Global CA
   i:/C=US/O=Equifax/OU=Equifax Secure Certificate Authority
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIEdjCCA16gAwIBAgIIGcMF7jeVMoAwDQYJKoZIhvcNAQEFBQAwSTELMAkGA1UE
BhMCVVMxEzARBgNVBAoTCkdvb2dsZSBJbmMxJTAjBgNVBAMTHEdvb2dsZSBJbnRl
cm5ldCBBdXRob3JpdHkgRzIwHhcNMTQwNzE1MDg0MDM4WhcNMTUwNDA0MTUxNTU1
WjBoMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwN
TW91bnRhaW4gVmlldzETMBEGA1UECgwKR29vZ2xlIEluYzEXMBUGA1UEAwwOc210
cC5nbWFpbC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCu4vOr
LgyNsHicxBORgO2OOfXKxEKb830NzNu6elubbf1T45GilB3fHgDQJELRydTRZilo
Efv75Ag7uRQM/M1tk+1h18wDpJZem+zFmJcs30ccBN21CnCvqsIEYJMyY3kcV4vD
x44bx6VvEAmJ9/kiFJ7xRUlCchu5YVOFoVkMaEax3UWb5Fti9pe8VgYdasuk53ae
8ZuIr4pFew9fraxOe/6LXEaPMSw622KSWpyK/GUbaAp07hV11c+LVgjlUDTgA+2k
nDigWrdb+yLL9Hv3WNLWjEAHFWhEce5QwV3SN8JLga3Rbw2N3lq9afkQtOnkJgdM
UG4xkUHGqscggMDJAgMBAAGjggFBMIIBPTAdBgNVHSUEFjAUBggrBgEFBQcDAQYI
KwYBBQUHAwIwGQYDVR0RBBIwEIIOc210cC5nbWFpbC5jb20waAYIKwYBBQUHAQEE
XDBaMCsGCCsGAQUFBzAChh9odHRwOi8vcGtpLmdvb2dsZS5jb20vR0lBRzIuY3J0
MCsGCCsGAQUFBzABhh9odHRwOi8vY2xpZW50czEuZ29vZ2xlLmNvbS9vY3NwMB0G
A1UdDgQWBBSanZBvY+Rnj0HquJmae9AJvwiCzTAMBgNVHRMBAf8EAjAAMB8GA1Ud
IwQYMBaAFErdBhYbvPZotXb1gba7Yhq6WoEvMBcGA1UdIAQQMA4wDAYKKwYBBAHW
eQIFATAwBgNVHR8EKTAnMCWgI6Ahhh9odHRwOi8vcGtpLmdvb2dsZS5jb20vR0lB
RzIuY3JsMA0GCSqGSIb3DQEBBQUAA4IBAQCVoGAOKZoil4sNAYvlb9uxNmWqQqyh
ql0D1bewbLxs3DSVWSe2DhPjjhdMHMTcMpB+jQzAbGxVYiuNLdqLl1Xcde7EUmo1
KJUGzTO046k+11LYVOxEXLBe5s3FF+niFJby7XFgmI3yMt4blHN5tHm/7JijL1Ip
vkcsynOnOwAEHehI1U12N0JEpkcoetM6MA8cGtn74EPTas4Npa+mTNo3seH8iY43
4L4hnsubXMhcQQ9IQMPtKuZYNUXklN/NS0f69Be+3HQRTOljtCxdpm/v/emHPjwg
/Cwu+58fZK+flQ1PQcY24Cgt7EF0R+uqo5Il3CGuCgrd4JxJNMuGcsGS
-----END CERTIFICATE-----
subject=/C=US/ST=California/L=Mountain View/O=Google Inc/CN=smtp.gmail.com
issuer=/C=US/O=Google Inc/CN=Google Internet Authority G2
---
No client certificate CA names sent
---
SSL handshake has read 3733 bytes and written 332 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-RC4-SHA
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : TLSv1
    Cipher    : ECDHE-RSA-RC4-SHA
    Session-ID: EFD77B5D8F6C41F318D27156F49484BF2991B449386673498A3520707CF21992
    Session-ID-ctx:
    Master-Key: D7A791CA79E125A1C7392DA60FBBBCB038D861CC4CE66F8BBD8A7C3F66C48069E5FE2AD81A860BE2639BC1DB2BBAB36D
    Key-Arg   : None
    PSK identity: None
    PSK identity hint: None
    TLS session ticket lifetime hint: 100800 (seconds)
    TLS session ticket:
    0000 - d7 15 b6 8e 84 c9 af 13-f0 5d 95 16 f3 99 1e b5   .........]......
    0010 - ab 83 46 a5 b6 74 18 f3-1d bb 4e 62 fd ec 2c 67   ..F..t....Nb..,g
    0020 - f7 bf 28 0c b2 b2 3e 71-bc d2 8f 23 80 37 ed 3c   ..(...>q...#.7.<
    0030 - 08 7d 5d 78 a2 15 c7 18-e4 5a f2 61 a5 93 6a f4   .}]x.....Z.a..j.
    0040 - 9d 63 5d 0a 80 6e 01 73-47 39 ce ce 6d b0 c5 dd   .c]..n.sG9..m...
    0050 - 9f 82 c5 e0 7d 2c 4f e2-5b c5 1c e3 e4 9e 6a ae   ....},O.[.....j.
    0060 - 9e 9a f8 9b 2d 17 eb ab-a9 46 21 30 e7 f0 1a 05   ....-....F!0....
    0070 - 8d 5b c2 5e 44 07 2a d8-da b4 4f ef a7 82 8a 71   .[.^D.*...O....q
    0080 - 06 ca 94 d2 2a 4a ac 47-a8 2c bf 4a 66 8b 69 14   ....*J.G.,.Jf.i.
    0090 - 17 d4 32 87 cc bd e0 2d-cc ec 39 e3 f0 e4 af 49   ..2....-..9....I
    00a0 - 8c a5 18 95                                       ....

    Start Time: 1409261854
    Timeout   : 7200 (sec)
    Verify return code: 20 (unable to get local issuer certificate)
---
220 mx.google.com ESMTP js10sm3150820lab.23 - gsmtp
SSL:

Code: Select all

# openssl s_client -ssl3 -connect smtp.gmail.com:465 -crlf -ign_eof
CONNECTED(00000003)
depth=2 C = US, O = GeoTrust Inc., CN = GeoTrust Global CA
verify error:num=20:unable to get local issuer certificate
verify return:0
---
Certificate chain
 0 s:/C=US/ST=California/L=Mountain View/O=Google Inc/CN=smtp.gmail.com
   i:/C=US/O=Google Inc/CN=Google Internet Authority G2
 1 s:/C=US/O=Google Inc/CN=Google Internet Authority G2
   i:/C=US/O=GeoTrust Inc./CN=GeoTrust Global CA
 2 s:/C=US/O=GeoTrust Inc./CN=GeoTrust Global CA
   i:/C=US/O=Equifax/OU=Equifax Secure Certificate Authority
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIEdjCCA16gAwIBAgIIGcMF7jeVMoAwDQYJKoZIhvcNAQEFBQAwSTELMAkGA1UE
BhMCVVMxEzARBgNVBAoTCkdvb2dsZSBJbmMxJTAjBgNVBAMTHEdvb2dsZSBJbnRl
cm5ldCBBdXRob3JpdHkgRzIwHhcNMTQwNzE1MDg0MDM4WhcNMTUwNDA0MTUxNTU1
WjBoMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwN
TW91bnRhaW4gVmlldzETMBEGA1UECgwKR29vZ2xlIEluYzEXMBUGA1UEAwwOc210
cC5nbWFpbC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCu4vOr
LgyNsHicxBORgO2OOfXKxEKb830NzNu6elubbf1T45GilB3fHgDQJELRydTRZilo
Efv75Ag7uRQM/M1tk+1h18wDpJZem+zFmJcs30ccBN21CnCvqsIEYJMyY3kcV4vD
x44bx6VvEAmJ9/kiFJ7xRUlCchu5YVOFoVkMaEax3UWb5Fti9pe8VgYdasuk53ae
8ZuIr4pFew9fraxOe/6LXEaPMSw622KSWpyK/GUbaAp07hV11c+LVgjlUDTgA+2k
nDigWrdb+yLL9Hv3WNLWjEAHFWhEce5QwV3SN8JLga3Rbw2N3lq9afkQtOnkJgdM
UG4xkUHGqscggMDJAgMBAAGjggFBMIIBPTAdBgNVHSUEFjAUBggrBgEFBQcDAQYI
KwYBBQUHAwIwGQYDVR0RBBIwEIIOc210cC5nbWFpbC5jb20waAYIKwYBBQUHAQEE
XDBaMCsGCCsGAQUFBzAChh9odHRwOi8vcGtpLmdvb2dsZS5jb20vR0lBRzIuY3J0
MCsGCCsGAQUFBzABhh9odHRwOi8vY2xpZW50czEuZ29vZ2xlLmNvbS9vY3NwMB0G
A1UdDgQWBBSanZBvY+Rnj0HquJmae9AJvwiCzTAMBgNVHRMBAf8EAjAAMB8GA1Ud
IwQYMBaAFErdBhYbvPZotXb1gba7Yhq6WoEvMBcGA1UdIAQQMA4wDAYKKwYBBAHW
eQIFATAwBgNVHR8EKTAnMCWgI6Ahhh9odHRwOi8vcGtpLmdvb2dsZS5jb20vR0lB
RzIuY3JsMA0GCSqGSIb3DQEBBQUAA4IBAQCVoGAOKZoil4sNAYvlb9uxNmWqQqyh
ql0D1bewbLxs3DSVWSe2DhPjjhdMHMTcMpB+jQzAbGxVYiuNLdqLl1Xcde7EUmo1
KJUGzTO046k+11LYVOxEXLBe5s3FF+niFJby7XFgmI3yMt4blHN5tHm/7JijL1Ip
vkcsynOnOwAEHehI1U12N0JEpkcoetM6MA8cGtn74EPTas4Npa+mTNo3seH8iY43
4L4hnsubXMhcQQ9IQMPtKuZYNUXklN/NS0f69Be+3HQRTOljtCxdpm/v/emHPjwg
/Cwu+58fZK+flQ1PQcY24Cgt7EF0R+uqo5Il3CGuCgrd4JxJNMuGcsGS
-----END CERTIFICATE-----
subject=/C=US/ST=California/L=Mountain View/O=Google Inc/CN=smtp.gmail.com
issuer=/C=US/O=Google Inc/CN=Google Internet Authority G2
---
No client certificate CA names sent
---
SSL handshake has read 3598 bytes and written 286 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-RC4-SHA
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : SSLv3
    Cipher    : ECDHE-RSA-RC4-SHA
    Session-ID: C3BC78A619BFBB70618237640A600690E6178DE7F807D65BE32FBB7D0BF6710E
    Session-ID-ctx:
    Master-Key: 162401624314FDD04A11C8715BB995D6FD25262E181318C61D8F0CDA5B6C53621196C114890C1FA7950D35C67879D654
    Key-Arg   : None
    PSK identity: None
    PSK identity hint: None
    Start Time: 1409262417
    Timeout   : 7200 (sec)
    Verify return code: 20 (unable to get local issuer certificate)
---
220 mx.google.com ESMTP xh2sm7901452lbb.7 - gsmtp
exit
502 5.5.1 Unrecognized command. xh2sm7901452lbb.7 - gsmtp
Note, the two above only differ in the negotiated SSL-Session Protocol: SSLv3 vs. TLSv1. Both of these are equal to UseTLS = YES in ssmtp.conf.

Now, with StartTLS (which is what requires UseSTARTTLS = YES in ssmtp.conf):

Code: Select all

# openssl s_client -starttls smtp -connect smtp.gmail.com:587 -crlf -ign_eof
CONNECTED(00000003)
depth=2 C = US, O = GeoTrust Inc., CN = GeoTrust Global CA
verify error:num=20:unable to get local issuer certificate
verify return:0
---
Certificate chain
 0 s:/C=US/ST=California/L=Mountain View/O=Google Inc/CN=smtp.gmail.com
   i:/C=US/O=Google Inc/CN=Google Internet Authority G2
 1 s:/C=US/O=Google Inc/CN=Google Internet Authority G2
   i:/C=US/O=GeoTrust Inc./CN=GeoTrust Global CA
 2 s:/C=US/O=GeoTrust Inc./CN=GeoTrust Global CA
   i:/C=US/O=Equifax/OU=Equifax Secure Certificate Authority
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIEdjCCA16gAwIBAgIIGcMF7jeVMoAwDQYJKoZIhvcNAQEFBQAwSTELMAkGA1UE
BhMCVVMxEzARBgNVBAoTCkdvb2dsZSBJbmMxJTAjBgNVBAMTHEdvb2dsZSBJbnRl
cm5ldCBBdXRob3JpdHkgRzIwHhcNMTQwNzE1MDg0MDM4WhcNMTUwNDA0MTUxNTU1
WjBoMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwN
TW91bnRhaW4gVmlldzETMBEGA1UECgwKR29vZ2xlIEluYzEXMBUGA1UEAwwOc210
cC5nbWFpbC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCu4vOr
LgyNsHicxBORgO2OOfXKxEKb830NzNu6elubbf1T45GilB3fHgDQJELRydTRZilo
Efv75Ag7uRQM/M1tk+1h18wDpJZem+zFmJcs30ccBN21CnCvqsIEYJMyY3kcV4vD
x44bx6VvEAmJ9/kiFJ7xRUlCchu5YVOFoVkMaEax3UWb5Fti9pe8VgYdasuk53ae
8ZuIr4pFew9fraxOe/6LXEaPMSw622KSWpyK/GUbaAp07hV11c+LVgjlUDTgA+2k
nDigWrdb+yLL9Hv3WNLWjEAHFWhEce5QwV3SN8JLga3Rbw2N3lq9afkQtOnkJgdM
UG4xkUHGqscggMDJAgMBAAGjggFBMIIBPTAdBgNVHSUEFjAUBggrBgEFBQcDAQYI
KwYBBQUHAwIwGQYDVR0RBBIwEIIOc210cC5nbWFpbC5jb20waAYIKwYBBQUHAQEE
XDBaMCsGCCsGAQUFBzAChh9odHRwOi8vcGtpLmdvb2dsZS5jb20vR0lBRzIuY3J0
MCsGCCsGAQUFBzABhh9odHRwOi8vY2xpZW50czEuZ29vZ2xlLmNvbS9vY3NwMB0G
A1UdDgQWBBSanZBvY+Rnj0HquJmae9AJvwiCzTAMBgNVHRMBAf8EAjAAMB8GA1Ud
IwQYMBaAFErdBhYbvPZotXb1gba7Yhq6WoEvMBcGA1UdIAQQMA4wDAYKKwYBBAHW
eQIFATAwBgNVHR8EKTAnMCWgI6Ahhh9odHRwOi8vcGtpLmdvb2dsZS5jb20vR0lB
RzIuY3JsMA0GCSqGSIb3DQEBBQUAA4IBAQCVoGAOKZoil4sNAYvlb9uxNmWqQqyh
ql0D1bewbLxs3DSVWSe2DhPjjhdMHMTcMpB+jQzAbGxVYiuNLdqLl1Xcde7EUmo1
KJUGzTO046k+11LYVOxEXLBe5s3FF+niFJby7XFgmI3yMt4blHN5tHm/7JijL1Ip
vkcsynOnOwAEHehI1U12N0JEpkcoetM6MA8cGtn74EPTas4Npa+mTNo3seH8iY43
4L4hnsubXMhcQQ9IQMPtKuZYNUXklN/NS0f69Be+3HQRTOljtCxdpm/v/emHPjwg
/Cwu+58fZK+flQ1PQcY24Cgt7EF0R+uqo5Il3CGuCgrd4JxJNMuGcsGS
-----END CERTIFICATE-----
subject=/C=US/ST=California/L=Mountain View/O=Google Inc/CN=smtp.gmail.com
issuer=/C=US/O=Google Inc/CN=Google Internet Authority G2
---
No client certificate CA names sent
---
SSL handshake has read 3981 bytes and written 367 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-RC4-SHA
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : TLSv1
    Cipher    : ECDHE-RSA-RC4-SHA
    Session-ID: EA3C899E38E2B0C98FF0696AAE4A216A16EF872A94A6076EAACE6616EED9C4C3
    Session-ID-ctx:
    Master-Key: E239BF22B6F42F2D828BB4122F3B1A4178F9F04A211E6DC32E3CF1C1AD07E00CF7E0F58E502B395174DFF6A2811A46D1
    Key-Arg   : None
    PSK identity: None
    PSK identity hint: None
    TLS session ticket lifetime hint: 100800 (seconds)
    TLS session ticket:
    0000 - d7 15 b6 8e 84 c9 af 13-f0 5d 95 16 f3 99 1e b5   .........]......
    0010 - ae ef f6 fb 02 8f ab 4c-a9 aa a9 41 22 92 4d 45   .......L...A".ME
    0020 - 87 f9 fa 11 38 cd 21 8c-b9 74 d0 91 ec 32 23 52   ....8.!..t...2#R
    0030 - b8 13 db 05 f1 0f ae b0-9e 37 18 56 68 f6 6a 3d   .........7.Vh.j=
    0040 - 52 73 69 ee a9 7a 23 81-dd 94 97 35 4a 58 aa 32   Rsi..z#....5JX.2
    0050 - 2f 30 69 f7 d4 83 ab b1-4d cb cb 7e 37 6d 9b b9   /0i.....M..~7m..
    0060 - ad 36 a0 bf 18 4b f6 16-59 5a af 77 16 d1 cd 13   .6...K..YZ.w....
    0070 - 77 ec f0 d1 3b a0 ad b4-3c 05 cd 5f ca 6e 6e 11   w...;...<.._.nn.
    0080 - 03 1e b5 de f6 90 73 f7-83 16 a9 1a 40 bc 50 de   ......s.....@.P.
    0090 - 82 1a b6 8e db 41 77 e7-58 1b ae 62 4f dc 30 94   .....Aw.X..bO.0.
    00a0 - 23 43 d3 13                                       #C..

    Start Time: 1409262566
    Timeout   : 300 (sec)
    Verify return code: 20 (unable to get local issuer certificate)
---
250 SMTPUTF8
Gmail with port 587 expects UseSTARTTLS = YES (to get encrypted authentication), the connection itself can be established unencrypted (as in using telnet).
I'm gone from this forum till QNAP stop wasting volunteers' time. Get help from QNAP helpdesk instead.
Warning: offensive signature and materials damaging QNAP reputation follow:
QNAP's FW security issues
QNAP's hardware compatibility list madness
QNAP's new logo competition
Dear QNAP, kindly fire your clueless incompetent forum "admin" And while at it, don't forget the webmaster!
Post Reply

Return to “Turbo Station Installation & Setup”