Notices


Reply
Thread Tools
Posts: 168 | Thanked: 191 times | Joined on Mar 2013
#21
Sorry for late response but I had to go to work and just came back.

So, I tried with the following settings:

- hosting24.hostway.net for both smtp and imap

- IMAP Port 143 and SMTP Port 587

- Normale (TLS) for both smtp and imap

- Secure Authentication ticked

It works for receiving and sending mails on all 3 accounts BUT, how can I be sure that the connection is set securely, as Modest uses the ports that my provider indicates for non SSL/TLS? I just want to be sure that everything is encrypted.

Is there a command line to execute directly in N900 to get this information as I'm not very familiar to network sniffing tools?
 

The Following User Says Thank You to Malakai For This Useful Post:
Posts: 203 | Thanked: 445 times | Joined on Mar 2010
#22
try
Code:
openssl s_client -connect imap.domain.net:143 -starttls imap -tls1
and
Code:
openssl s_client -connect smtp.domain.net:25 -starttls smtp -tls1
(on one line, repsectively)
 

The Following 4 Users Say Thank You to foobar For This Useful Post:
Posts: 168 | Thanked: 191 times | Joined on Mar 2013
#23
When I try the first command with hosting24.hostway.net as address I get a bunch of text with:

Code:
Server certificate
-----BEGIN CERTIFICATE-----
....
-----END CERTIFICATE-----

No client certificate CA names sent
---
SSL handshake has read 4779 bytes and written 318 bytes
---
New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : TLSv1
    Cipher    : DHE-RSA-AES256-SHA
    Session-ID: ..........

Start Time: 1414650437
    Timeout   : 7200 (sec)
    Verify return code: 19 (self signed certificate in certificate chain)
---
. OK Pre-login capabilities listed, post-login capabilities have more.
The second command with hosting24.hostway.net gives me:

Code:
Server certificate
-----BEGIN CERTIFICATE-----
....
-----END CERTIFICATE-----

No client certificate CA names sent
---
SSL handshake has read 5304 bytes and written 455 bytes
---
New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : TLSv1
    Cipher    : DHE-RSA-AES256-SHA
    Session-ID: .....

Start Time: 1414650651
    Timeout   : 7200 (sec)
    Verify return code: 19 (self signed certificate in certificate chain)
And if I try the commands with mydomain.net as address I get the same responses as before, knowing that for mydomain.net I don't have any certificates installed.

Is it possible that my provider made a link between my domain and the domain of the server so the certificate would be on both domains?

I also tried the commands with the specified ports for the SSL/TLS configuration and in all cases I get the same text between BEGIN CERTIFICATE and END CERTIFICATE. No matter what the domain is (mydomain.net or hosting24.hostway.net) if I use the appropriate ports and appropriate protocol (-ssl3 or -tls1) for each domain I get the same certificate.

From what I understand of all this, my connection is secured the same way if I use:

- "SSL" with the address hosting24.hostway.net with ports 993 for imap and 465 for smtp (the old way that doesn't work anymore)

or

- "Normale (TLS)" with mydomain.net or hosting24.hostway.net with ports 143 for imap and 587 for smtp (the new way that works).

Is it correct?

Last edited by Malakai; 2014-10-30 at 06:59.
 

The Following User Says Thank You to Malakai For This Useful Post:
Posts: 1,782 | Thanked: 4,153 times | Joined on Feb 2011 @ Germany
#24
@Malakai,

Read https://www.fastmail.fm/help/technic...sstarttls.html for a very good introduction.

The question is whether Modest is enforcing TLS (or SSL) when connecting to the unsecured port (143). You either trust that it does, check the source code and trust that it does it correctly, or capture the traffic and check it (and trust that it does it correctly .
 

The Following 4 Users Say Thank You to reinob For This Useful Post:
Posts: 203 | Thanked: 445 times | Joined on Mar 2010
#25
From a first (shallow) dive into the code it seems like modest indeed wants to enforce STARTTLS if "Normal (TLS)" is selected.

Also, when creating a new account in modest, one can chose a port number other than 143 for "Normal (TLS)". Once the account is active, changing the port is no longer possible, apparently.
 

The Following 5 Users Say Thank You to foobar For This Useful Post:
Posts: 168 | Thanked: 191 times | Joined on Mar 2013
#26
You either trust that it does, check the source code and trust that it does it correctly, or capture the traffic and check it (and trust that it does it correctly .
Frankly, I'm just an average user of the n900 and I don't have the abilities to understand the source code.

From a first (shallow) dive into the code it seems like modest indeed wants to enforce STARTTLS if "Normal (TLS)" is selected.

Also, when creating a new account in modest, one can chose a port number other than 143 for "Normal (TLS)". Once the account is active, changing the port is no longer possible, apparently.
Thanks for the fact that you verified, but I will only use the mail client with an OpenVPN connection to my home router while on the go, maybe like this I could limit the risks.

I think it's time for me to donate to neo900 project as everyday something else "changes" on the n900 and doesn't work as it should.... just hope that the same issues won't appear with the neo900.

Thank you for your help and for your explanations.
 

The Following User Says Thank You to Malakai For This Useful Post:
peterleinchen's Avatar
Posts: 3,452 | Thanked: 6,607 times | Joined on Aug 2010 @ Ruhrgebiet, Germany
#27
@malakai
Do you mind I take over this thread?
Would you then please re-edit first post a d set it to [NOT yet solved].

My provider does not offer STARTTLS, neither on 993 or 143 nor on any other (but they do for smtp on 587 ). So it seems I cannot receive mails from that account on N900 anymore.
Thanks to one of the biggest telco providers (t-online.de).

Neo might have same prob (in case of using freEmantle). So we could just beg and hope freemangordon might find some time later on.
__________________
SIM-Switcher, automated SIM switching with a Double (Dual) SIM adapter
--
Thank you all for voting me into the Community Council 2014-2016!

Please consider your membership / supporting Maemo e.V. and help to spread this by following/copying this link to your TMO signature:
[MC eV] Maemo Community eV membership application, http://talk.maemo.org/showthread.php?t=94257

editsignature, http://talk.maemo.org/profile.php?do=editsignature

Last edited by peterleinchen; 2014-10-30 at 21:23.
 

The Following 2 Users Say Thank You to peterleinchen For This Useful Post:
peterleinchen's Avatar
Posts: 3,452 | Thanked: 6,607 times | Joined on Aug 2010 @ Ruhrgebiet, Germany
#28
Originally Posted by foobar View Post
Also, when creating a new account in modest, one can chose a port number other than 143 for "Normal (TLS)". Once the account is active, changing the port is no longer possible, apparently.
Yep, true.
You might change it later on via gconftool. But it is easier/better to delete and recreate as changing params via gconftool will not delete cached inboxes under /home/user/.modest and you have to do that also manually. Time consuming , but fun
__________________
SIM-Switcher, automated SIM switching with a Double (Dual) SIM adapter
--
Thank you all for voting me into the Community Council 2014-2016!

Please consider your membership / supporting Maemo e.V. and help to spread this by following/copying this link to your TMO signature:
[MC eV] Maemo Community eV membership application, http://talk.maemo.org/showthread.php?t=94257

editsignature, http://talk.maemo.org/profile.php?do=editsignature
 

The Following User Says Thank You to peterleinchen For This Useful Post:
Posts: 203 | Thanked: 445 times | Joined on Mar 2010
#29
Originally Posted by peterleinchen View Post
My provider does not offer STARTTLS, neither on 993 or 143 nor on any other. So it seems I cannot receive mails from that account on N900 anymore.
Thanks to one of the biggest telco providers (t-online.de).

Neo might have same prob (in case of using freEmantle). So we could just beg and hope freemangordon might find some time later on.
So the problem is that they require TLS for IMAP4S, and modest doesn't speak that?
 

The Following 3 Users Say Thank You to foobar For This Useful Post:
peterleinchen's Avatar
Posts: 3,452 | Thanked: 6,607 times | Joined on Aug 2010 @ Ruhrgebiet, Germany
#30
Originally Posted by foobar View Post
So the problem is that they require TLS for IMAP4S, and modest doesn't speak that?
Think so.
__________________
SIM-Switcher, automated SIM switching with a Double (Dual) SIM adapter
--
Thank you all for voting me into the Community Council 2014-2016!

Please consider your membership / supporting Maemo e.V. and help to spread this by following/copying this link to your TMO signature:
[MC eV] Maemo Community eV membership application, http://talk.maemo.org/showthread.php?t=94257

editsignature, http://talk.maemo.org/profile.php?do=editsignature
 

The Following User Says Thank You to peterleinchen For This Useful Post:
Reply

Tags
email, modest, send receive

Thread Tools

 
Forum Jump


All times are GMT. The time now is 06:13.