# Who use msmtp and gmail, show me your current .msmtprc.



## fender0107401 (Sep 27, 2011)

Here is mine:

```
# set default values
defaults
tls on
tls_starttls on
tls_trust_file /usr/local/share/certs/ca-root-nss.crt
logfile /home/fender/Mail/.msmtp.log
# set my first account
account fender0107401
host smtp.gmail.com
port 587
from fender0107401@gmail.com
auth on
user fender0107401
password 123456
# set a default account
account default : fender0107401
```
It doesn't work. 

When I send email, the log show me this:


```
Sep 27 14:50:43 host=smtp.gmail.com tls=on auth=on user=fender0107401 from=fender0107401@gmail.com
 recipients=test_test_test@gmail.com errormsg='TLS handshake failed: error:140943FC:SSL
 routines:SSL3_READ_BYTES:sslv3 alert bad record mac' exitcode=EX_IOERR
```


----------



## fender0107401 (Sep 27, 2011)

See the following parts of the manpage of msmtp:


```
tls_trust_file [file]
              This command activates strict server certificate verification.
              The filename must be the absolute path name of  a  file  in  PEM
              format containing one or more certificates of trusted Certifica-
              tion Authorities (CAs).
              On Debian based systems, you  can  install  the  ca-certificates
              package and use the file /etc/ssl/certs/ca-certificates.crt.
              On   FreeBSD   based   systems,   you   can  install  the  secu-
              rity/ca_root_nss      port      and      +use      the      file
              /usr/local/share/certs/ca-root-nss.crt. Please note that if +you
              are installing msmtp from ports with OpenSSL or gnutls  support,
              +the security/ca_root_nss port will be installed automaticly.
```


----------



## fender0107401 (Oct 1, 2011)

I am so sorry, I forgot to add TLS support.

Now it works! :e


```
> cd /usr/ports/mail/msmtp
> make showconfig
===> The following configuration options are available for msmtp-1.4.24_1:
     [B]GNUTLS=on "Adds GnuTLS support"[/B]
     OPENSSL=on "Adds support for SSL (Secure Socket Layer)"
     GSASL=off "Adds GSASL support"
     NLS=on "Native Language Support via gettext utilities"
     IDN=off "Enable Internationalized Domain Names"
     GNOME_KEYRING=off "Build with GNOME Keyring auth support"
===> Use 'make config' to modify these settings
```


----------

