From mboxrd@z Thu Jan  1 00:00:00 1970
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
	ip-172-31-74-118.ec2.internal
X-Spam-Level: 
X-Spam-Status: No, score=-1.9 required=3.0 tests=BAYES_00 autolearn=ham
	autolearn_force=no version=3.4.6
Path: eternal-september.org!reader02.eternal-september.org!aioe.org!x6YkKUCkj2qHLwbKnVEeag.user.46.165.242.91.POSTED!not-for-mail
From: "Dmitry A. Kazakov" <mailbox@dmitry-kazakov.de>
Newsgroups: comp.lang.ada
Subject: Re: Attempt to send email using AWS results in Socket closed by peer
Date: Fri, 3 Sep 2021 23:13:38 +0200
Organization: Aioe.org NNTP Server
Message-ID: <sgu362$q1d$1@gioia.aioe.org>
References: <57c7ca69-cc99-45ae-b494-580536a99ef4n@googlegroups.com>
 <lywnnxcs8w.fsf@pushface.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 7bit
Injection-Info: gioia.aioe.org; logging-data="26669"; posting-host="x6YkKUCkj2qHLwbKnVEeag.user.gioia.aioe.org"; mail-complaints-to="abuse@aioe.org";
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101
 Thunderbird/78.13.0
X-Notice: Filtered by postfilter v. 0.9.2
Content-Language: en-US
Xref: reader02.eternal-september.org comp.lang.ada:62626
List-Id: <comp.lang.ada>

On 2021-09-03 22:35, Simon Wright wrote:
> Juan Rayas <juan.m.rayas@gmail.com> writes:
> 
>>        Isp :=
>>          SMTP.Client.Initialize
>>            ("smtp.gmail.com", Port => 465,
>>             Credential             => Auth'Unchecked_Access);
> 
> I succeed sending mail via gmail.com using port 587.
> 
> No useful further details on encryption - this was for the membership
> d/b for a small club, and it's in Python/sqlite.

GNUTLS and OpenSSL have ways to tell to use the system certificates. 
E.g. if your Python application uses GNUTLS it would call

    gnutls_certificate_set_x509_system_trust

and that should be enough to make successful handshaking afterwards.

>      self.server = smtplib.SMTP(host=self.server_details['host'],
>                                 port=self.server_details['port'])
>      self.server.ehlo()
>      self.server.starttls()

Here it switches transport to GNUTLS or OpenSSL and these perform TLS 
handshaking. The following commands run over encrypted channel.

But with the port 587 you should actually begin with TLS straight away. 
StartTLS is for servers which allow both secure and insecure 
connections. This is usually the port 465. If you are OK with no 
encryption you greet with HELO and then proceed with login. If you want 
a secure connection you greet with EHLO and then send StartTLS.

>      self.server.ehlo()
>      self.server.login\
>          (user=server_details['user'],
>           password=keyring.get_password\
>             ('u3a-email', server_details['user']))

This is very low-level. AWS design is far better, IMO.

-- 
Regards,
Dmitry A. Kazakov
http://www.dmitry-kazakov.de