[MlMt] Trouble connecting to iCloud (certificate validation)
Benny Kjær Nielsen
mailinglist at freron.com
Thu Oct 1 06:03:35 EDT 2015
Note: This message is mainly for anyone (like myself) googling this
thread in the future.
On 16 Sep 2015, at 10:52, Benny Kjær Nielsen wrote:
> On 21 Aug 2015, at 8:30, Benny Kjær Nielsen wrote:
>
>> On 21 Aug 2015, at 5:11, Bill Cole wrote:
>>
>>> Wait... What?! REALLY? There are servers answering on port 465 with
>>> a plaintext SMTP banner? That is irredeemably broken. I could
>>> understand trying to tighten up port 465 by disabling SSLv2 and
>>> SSLv3 specifically (maybe even TLSv1.0) and weak ciphers, but
>>> configuring it like it's port 587 is beyond the pale.
>>
>> Now you made me question my own sanity :-) With the help of MailMate
>> I found the email thread which is the basis of my claim. A user
>> couldn't make MailMate work with port 465 and I found out that his
>> server used STARTTLS. I introduced code to handle this and then it
>> worked for him. Unfortunately, this server is no longer responding
>> (`mail.fbi.h-da.de`) so there is no smoking gun. (This was more than
>> 4 years ago.)
>
> For the record (and my sanity), here is a smoking gun:
> `west.exch022.serverdata.net` on port 465.
>
> [...]
>
> In the next update of MailMate I've reintroduced (better) code for
> automatically handling this special case.
Based on an error report related to the latest release of MailMate I now
know that I cannot even trust the standard ports. The following is an
example of port 587 configured without plain text mode (STARTTLS style).
This doesn't work:
telnet securemail.webnames.ca 587
But this does:
openssl s_client -crlf -connect securemail.webnames.ca:587
--
Benny
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freron.com/pipermail/mailmate/attachments/20151001/ff09e841/attachment.html>
More information about the mailmate
mailing list