Sending emails with emacs24 via smtp with gnutls and extra arguments

Question

I have a rather weird problem with using sending out emails from emacs24 with my posteo email account, but everything seems to work just fine with gmail and gmx. This is the relevant part of my current .emacs configuration (it feels like I permuted it a million times with always the same results):

(require 'smtpmail)
(require 'starttls)

(setq message-send-mail-function 'smtpmail-send-it)
(setq tls-program '("gnutls-cli --priority NORMAL:%COMPAT -p %p %h"))
(setq starttls-gnutls-program "gnutls-cli --priority NORMAL:%COMPAT")
(setq starttls-use-gnutls t)
(setq smtpmail-stream-type 'starttls)
(setq smtpmail-smtp-server "posteo.de")
(setq smtpmail-debug-info t)
(setq smtpmail-debug-verb t)
(setq smtpmail-smtp-service 587) ;;587(starttls) or 465(tls/ssl) or ?
(setq starttls-extra-arguments '("--priority NORMAL:%COMPAT"))

The output in my message buffer is:

Sending via mail...
235 2.7.0 Authentication successful
gnutls.c: [0] (Emacs) fatal error: A TLS fatal alert has been received.
gnutls.c: [0] (Emacs) Received alert:  Bad record MAC
smtpmail-send-command: Process smtpmail not running

and in my trace of SMTP to posteo.de buffer:

220 mail.posteo.de ESMTP Postfix
250-mail.posteo.de
250-PIPELINING
250-SIZE 76800000
250-VRFY
250-ETRN
250-STARTTLS
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
220 2.0.0 Ready to start TLS
250-mail.posteo.de
250-PIPELINING
250-SIZE 76800000
250-VRFY
250-ETRN
250-AUTH PLAIN LOGIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
AUTH PLAIN <omitted>
235 2.7.0 Authentication successful

Process smtpmail connection broken by remote peer
MAIL FROM:<c.bourjau@posteo.de> SIZE=281
QUIT

The problem seems to be a certificate which appears to have wrong "paddings" (I am not really sure what this is) http://gnutls.org/manual/html_node/On-Record-Padding.html. Another way to produce a similar error on the command line with this server is to do:

$ gnutls-cli --starttls -p 587 posteo.de
Resolving 'posteo.de'...
Connecting to '89.146.220.134:587'...

- Simple Client Mode:

220 mail.posteo.de ESMTP Postfix
*** Starting TLS handshake
*** Fatal error: An unexpected TLS packet was received.
*** Handshake has failed

This error is supposedly fixed if one adds the --priority NORMAL:%COMPAT to the gnutls argument which I tried to no avail (see .emacs).

So the question is: How does on treat certifcates throwing these kind of errors in emacs?

Thanks a lot in advance!

Answer 1

This post gave me the crucial hint: How to ask gnutls to use client certificate in emacs 24

emacs24 seems to ignore the starttls-gnutls-program variable if gnutls-available-p is not nil, which has to be force by overwriting the latter function.

My working configuration is now the following:

(require 'smtpmail)
(require 'starttls)

(setq message-send-mail-function 'smtpmail-send-it)
(defun gnutls-available-p ()
  "Function redefined in order not to use built-in GnuTLS support"
  nil)
(setq starttls-gnutls-program "gnutls-cli")
(setq starttls-use-gnutls t)
(setq smtpmail-stream-type 'starttls)
(setq smtpmail-smtp-server "posteo.de")
(setq smtpmail-smtp-service 587) ;;587(starttls) or 465(tls/ssl)
(setq starttls-extra-arguments '("--priority" "NORMAL:%COMPAT"))