Notices


Reply
Thread Tools
Posts: 168 | Thanked: 191 times | Joined on Mar 2013
#11
Will try to see if this is the problem, but frankly I doubt it is.
 

The Following User Says Thank You to Malakai For This Useful Post:
peterleinchen's Avatar
Posts: 3,449 | Thanked: 6,595 times | Joined on Aug 2010 @ Ruhrgebiet, Germany
#12
I am pretty sure.

Else it may be a certificate problem, which I could exclude in my case.
Try
openssl s_client -connect imap.domain.net:993
or
openssl s_client -connect imap.domain.net:993 -ssl3
(should or better may fail)
openssl s_client -connect imap.domain.net:993 -tls1
(should work)
__________________
SIM-Switcher, automated SIM switching with a Double (Dual) SIM adapter
--
Thank you all for voting me into the Community Council 2014-2016!

Please consider your membership / supporting Maemo e.V. and help to spread this by following/copying this link to your TMO signature:
[MC eV] Maemo Community eV membership application, http://talk.maemo.org/showthread.php?t=94257

editsignature, http://talk.maemo.org/profile.php?do=editsignature
 

The Following 2 Users Say Thank You to peterleinchen For This Useful Post:
Posts: 1,782 | Thanked: 4,153 times | Joined on Feb 2011 @ Germany
#13
Originally Posted by peterleinchen View Post
A port is just a port.
Thunderbird will try TLS after SSL failed.
I hope it tries TLS first (1.2, 1.1, 1.0) *and then* SSL.

Re. "a port is just a port". STARTTLS is not just TLS over port 143. It is actually normal IMAP on 143 and then (when already "inside") switching to an encrypted channel (via TLS).

So you could not just hack Modest to to STARTTLS on 993 and hope it will work. (in case this was somehow implicitly being suggested).

I guess Fremantle is slowly becoming obsolete..
 

The Following 7 Users Say Thank You to reinob For This Useful Post:
Posts: 168 | Thanked: 191 times | Joined on Mar 2013
#14
Originally Posted by peterleinchen View Post
I am pretty sure.

Else it may be a certificate problem, which I could exclude in my case.
Try
openssl s_client -connect imap.domain.net:993
or
openssl s_client -connect imap.domain.net:993 -ssl3
(should or better may fail)
openssl s_client -connect imap.domain.net:993 -tls1
(should work)
So, when I execute openssl s_client -connect imap.domain.net:993 -ssl3, I get :

Code:
CONNECTED(00000003)
17589:error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure:s3_pkt.c:1099:SSL alert number 40
17589:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake failure:s3_pkt.c:536:
And when I execute openssl s_client -connect imap.domain.net:993 -tls1, I get a bunch of things and at the end I have a message that says :

Code:
OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE NAMESPACE AUTH=PLAIN AUTH=LOGIN] Dovecot ready.
So, if I understand correctly it is exactly what you said.

But now how to use my account in modest? Should I put "Normal (TLS)". Will it be secured that way? In the configuration page of my hosting provider I have some settings :


Code:
SSL / TLS (Recommended)
User name : adress@domain.net
Password : your password
Server in : hosting24.hostway.net

    IMAP Port: 993
    POP3 Port: 995

Server out : hosting24.hostway.net

    SMTP Port: 465

The authentication is required for IMAP, POP3 and SMTP.
Code:
Non-SSL Settings (Not recommended)
User name : adress@domain.net
Password : your password
Server in : mail.domain.net

    IMAP Port: 143
    POP3 Port: 110

Server out : mail.domain.net

    SMTP Port: 587

The authentication is required for IMAP, POP3 and SMTP.
And for what I understand it will not be secured if I use IMAP on port 143 as it will not use SSL / TLS, and in modest settings if I put "Normale (TLS)", it will use port 143, and port 25 for SMTP (which is not available for my provider : 465 or 587).

How to configure modest knowing those informations to have a secure connection to my mail accounts?
 

The Following User Says Thank You to Malakai For This Useful Post:
peterleinchen's Avatar
Posts: 3,449 | Thanked: 6,595 times | Joined on Aug 2010 @ Ruhrgebiet, Germany
#15
Damn.
Looks like you are doomed, too.

Try TLS on 143 for incoming
and TLS 587 on outgoing.

This should be safe (if working).
But one thing I did never understand about STARTTLS (which is used as setting "Normal (TLS)") is when it connects normally and only after connection established switches to TLS how do I know that I have a secured connection and not a normal one?
So take above 'secure' with a grain of salt!

t-online does not provide port 143, even more
__________________
SIM-Switcher, automated SIM switching with a Double (Dual) SIM adapter
--
Thank you all for voting me into the Community Council 2014-2016!

Please consider your membership / supporting Maemo e.V. and help to spread this by following/copying this link to your TMO signature:
[MC eV] Maemo Community eV membership application, http://talk.maemo.org/showthread.php?t=94257

editsignature, http://talk.maemo.org/profile.php?do=editsignature

Last edited by peterleinchen; 2014-10-28 at 21:18.
 

The Following 4 Users Say Thank You to peterleinchen For This Useful Post:
Posts: 168 | Thanked: 191 times | Joined on Mar 2013
#16
Thanks for the suggestion, will try and post feedback.

But one thing I did never understand about STARTTLS (which is used as setting "Normal (TLS)") is when it connects normally and only after connection established switches to TLS how do I know that I have a secured connection and not a normal one?
But if it connects normally this means that my username and password goes without encryption, so how does this help me if afterwards the connection gets encrypted, knowing that somebody sniffing the network would get my credentials. This in addition to what you said.
 

The Following User Says Thank You to Malakai For This Useful Post:
peterleinchen's Avatar
Posts: 3,449 | Thanked: 6,595 times | Joined on Aug 2010 @ Ruhrgebiet, Germany
#17
That is what the tick marker 'Secure Authentication' is for?
__________________
SIM-Switcher, automated SIM switching with a Double (Dual) SIM adapter
--
Thank you all for voting me into the Community Council 2014-2016!

Please consider your membership / supporting Maemo e.V. and help to spread this by following/copying this link to your TMO signature:
[MC eV] Maemo Community eV membership application, http://talk.maemo.org/showthread.php?t=94257

editsignature, http://talk.maemo.org/profile.php?do=editsignature
 

The Following User Says Thank You to peterleinchen For This Useful Post:
peterleinchen's Avatar
Posts: 3,449 | Thanked: 6,595 times | Joined on Aug 2010 @ Ruhrgebiet, Germany
#18
And I do not believe we will be succesful with our modest STARTTLS anymore, as this implies a connection request without securing.
And the German providers started a campaign about secure mails in April about that, so I guess they will also not support STARTTLS anymore. Will ask in the German forum.telekom.de but do not believe they will do so for a handful of guys/nerds/fanatics.

So is my last hope is freemangordon but he is overwhelmed at the moment. So this might take some time.

--
uh, wait. Quoting myself
so I guess they will also not support STARTTLS anymore
But that is exactly what I use for securesmtp.t-online.de:587 (with TLS). And I can send mails. So maybe asking for port 143 ...
__________________
SIM-Switcher, automated SIM switching with a Double (Dual) SIM adapter
--
Thank you all for voting me into the Community Council 2014-2016!

Please consider your membership / supporting Maemo e.V. and help to spread this by following/copying this link to your TMO signature:
[MC eV] Maemo Community eV membership application, http://talk.maemo.org/showthread.php?t=94257

editsignature, http://talk.maemo.org/profile.php?do=editsignature

Last edited by peterleinchen; 2014-10-28 at 21:50.
 

The Following User Says Thank You to peterleinchen For This Useful Post:
Posts: 2,076 | Thanked: 3,262 times | Joined on Feb 2011
#19
Originally Posted by reinob View Post
I hope it tries TLS first (1.2, 1.1, 1.0) *and then* SSL.

Re. "a port is just a port". STARTTLS is not just TLS over port 143. It is actually normal IMAP on 143 and then (when already "inside") switching to an encrypted channel (via TLS).

So you could not just hack Modest to to STARTTLS on 993 and hope it will work. (in case this was somehow implicitly being suggested).

I guess Fremantle is slowly becoming obsolete..
Slowly? Sadly even latest compilations of cli only programs for rpi fail on n900(frozen depths is a good example, too new glibc etc), without upgrading the whole stack... yeah, with hwkb jolla does seem like the true successor n950 could have been, sorry for OT
 

The Following User Says Thank You to szopin For This Useful Post:
Posts: 203 | Thanked: 445 times | Joined on Mar 2010
#20
STARTTLS does TLS before sending credentials. That's the point.
"Secure Authentication" probably is something like CRAM-MD5 or, ie. credentials are not sent in the clear (but not necessarily 'secure' by today's standards either) even if STARTTLS isn't supported.

Malakai: Have you tried "Normal (TLS)", ie. STARTTLS on port 143 (plus "Secure Authentication")?

Last edited by foobar; 2014-10-29 at 00:56.
 

The Following 5 Users Say Thank You to foobar For This Useful Post:
Reply

Tags
email, modest, send receive

Thread Tools

 
Forum Jump


All times are GMT. The time now is 23:20.