[MlMt] Trouble connecting to iCloud (certificate validation)

[Benny Kjær Nielsen]

Note: This message is mainly for anyone (like myself) googling this 
thread in the future.

On 16 Sep 2015, at 10:52, Benny Kjær Nielsen wrote:

> On 21 Aug 2015, at 8:30, Benny Kjær Nielsen wrote:
>
>> On 21 Aug 2015, at 5:11, Bill Cole wrote:
>>
>>> Wait... What?! REALLY? There are servers answering on port 465 with 
>>> a plaintext SMTP banner? That is irredeemably broken. I could 
>>> understand trying to tighten up port 465 by disabling SSLv2 and 
>>> SSLv3 specifically (maybe even TLSv1.0) and weak ciphers, but 
>>> configuring it like it's port 587 is beyond the pale.
>>
>> Now you made me question my own sanity :-) With the help of MailMate 
>> I found the email thread which is the basis of my claim. A user 
>> couldn't make MailMate work with port 465 and I found out that his 
>> server used STARTTLS. I introduced code to handle this and then it 
>> worked for him. Unfortunately, this server is no longer responding 
>> (`mail.fbi.h-da.de`) so there is no smoking gun. (This was more than 
>> 4 years ago.)
>
> For the record (and my sanity), here is a smoking gun: 
> `west.exch022.serverdata.net` on port 465.
>
> [...]
>
> In the next update of MailMate I've reintroduced (better) code for 
> automatically handling this special case.

Based on an error report related to the latest release of MailMate I now 
know that I cannot even trust the standard ports. The following is an 
example of port 587 configured without plain text mode (STARTTLS style).

This doesn't work:

	telnet securemail.webnames.ca 587

But this does:

	openssl s_client -crlf -connect securemail.webnames.ca:587

-- 
Benny
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freron.com/pipermail/mailmate/attachments/20151001/ff09e841/attachment.html>