[MlMt] Trouble connecting to iCloud (certificate validation)

Benny Kjær Nielsen mailinglist at freron.com
Fri Aug 21 02:30:05 EDT 2015


On 21 Aug 2015, at 5:11, Bill Cole wrote:

> On 20 Aug 2015, at 11:46, Benny Kjær Nielsen wrote:
>
>> MailMate is bad at handling port 465 (even when it works), because 
>> some servers use it SSL style and some use it TLS style (as in port 
>> 993 vs 143 for IMAP).
>
> Wait... What?! REALLY? There are servers answering on port 465 with a 
> plaintext SMTP banner? That is irredeemably broken. I could understand 
> trying to tighten up port 465 by disabling SSLv2 and SSLv3 
> specifically (maybe even TLSv1.0) and weak ciphers, but configuring it 
> like it's port 587 is beyond the pale.

Now you made me question my own sanity :-) With the help of MailMate I 
found the email thread which is the basis of my claim. A user couldn't 
make MailMate work with port 465 and I found out that his server used 
STARTTLS. I introduced code to handle this and then it worked for him. 
Unfortunately, this server is no longer responding (`mail.fbi.h-da.de`) 
so there is no smoking gun. (This was more than 4 years ago.)

In other words, when I wrote “some use it TLS style” I should have 
written “at least 1 server uses it TLS style” :-)

It seems my code to handle this is not very robust and I'll look into 
disabling/changing it. Then we'll soon see if this was just a single 
misconfigured server.

-- 
Benny
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freron.com/pipermail/mailmate/attachments/20150821/3e89a59f/attachment.html>


More information about the mailmate mailing list