[MlMt] Trouble connecting to iCloud (certificate validation)

Steven M. Bellovin smb at cs.columbia.edu
Tue Oct 20 18:06:31 EDT 2015

Previous message: [MlMt] Trouble connecting to iCloud (certificate validation)
Next message: [MlMt] visualize bundle still have issues with my mail ;)
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Running Version 1.9.2 (5141) on Yosemite and El Capitan, I virtually 
always see the problem if I'm using OpenVPN.

On 16 Sep 2015, at 4:52, Benny Kjær Nielsen wrote:

> On 21 Aug 2015, at 8:30, Benny Kjær Nielsen wrote:
>
>> On 21 Aug 2015, at 5:11, Bill Cole wrote:
>>
>>> Wait... What?! REALLY? There are servers answering on port 465 with 
>>> a plaintext SMTP banner? That is irredeemably broken. I could 
>>> understand trying to tighten up port 465 by disabling SSLv2 and 
>>> SSLv3 specifically (maybe even TLSv1.0) and weak ciphers, but 
>>> configuring it like it's port 587 is beyond the pale.
>>
>> Now you made me question my own sanity :-) With the help of MailMate 
>> I found the email thread which is the basis of my claim. A user 
>> couldn't make MailMate work with port 465 and I found out that his 
>> server used STARTTLS. I introduced code to handle this and then it 
>> worked for him. Unfortunately, this server is no longer responding 
>> (`mail.fbi.h-da.de`) so there is no smoking gun. (This was more than 
>> 4 years ago.)
>
> For the record (and my sanity), here is a smoking gun: 
> `west.exch022.serverdata.net` on port 465.
>
> ~~~
>> telnet  west.exch022.serverdata.net 465
> Trying 64.78.22.105...
> Connected to west.exch022.serverdata.net.
> Escape character is '^]'.
> 220 west.exch022.serverdata.net Microsoft ESMTP MAIL Service ready at 
> Wed, 16 Sep 2015 01:49:57 -0700
> ~~~
>
> ~~~
>> openssl s_client -connect west.exch022.serverdata.net:465
> CONNECTED(00000003)
> 8997:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown 
> protocol:/SourceCache/OpenSSL098/OpenSSL098-52.40.1/src/ssl/s23_clnt.c:618:
> ~~~
>
> In the next update of MailMate I've reintroduced (better) code for 
> automatically handling this special case.
>
> -- 
> Benny
> _______________________________________________
> mailmate mailing list
> mailmate at lists.freron.com
> http://lists.freron.com/listinfo/mailmate



         --Steve Bellovin, https://www.cs.columbia.edu/~smb

Previous message: [MlMt] Trouble connecting to iCloud (certificate validation)
Next message: [MlMt] visualize bundle still have issues with my mail ;)
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the mailmate mailing list