|
[SOLVED] Modest cannot receive/send via SSL/TLS
Hello,
I'm having trouble to send & receive mails with modest on my N900 since a few days. When I hit the send & receive button, nothing happens and the mails are not updated. I removed everything in the folder /home/user/.modest/cache/mail/imap/ (it was somewhere in the forum as a solution to this) but it didn't work. I've seen here in the forum users complaining about modest not running correctly with a big inbox, but I don't think I have that much mails as they are separated in folders by the server (filtered based on the sender). I have maybe about 1000 mails in 3 inbox. I don't know how to debug this further, as I really need mails while on the go. ---------------------------------------------- For the fix see : CSSU posted by foobar http://talk.maemo.org/showpost.php?p...6&postcount=37 non-CSSU posted by peterleinchen (all credits to foobar) http://talk.maemo.org/showpost.php?p...8&postcount=44 |
Re: Modest send & receive problem
I really liked the simplicity of Modest, so I would like to continue using it, but right know I really need access to my mails on the go, so if somebody doesn't know how to fix this but knows a good mail client for the n900 that is in the repos and is easy to use (no command line, weird or small interface), it will do until the problem will be fixed.
Thanks. |
Re: Modest send & receive problem
A bit more information would be nice!
Which mail provider (in the first place)? Is it 't-online.de'? Is that the only account? Since when? IMAP/POP/MfE? Port numbers? and so on |
Re: Modest send & receive problem
Sorry, I should have given more informations.
It is a web hosting provider that gives me also access to mails (Thunderbird on my PC has no problem with the mails in this right moment). I have 3 accounts in the form adress1@domain.net, adress2@domain.net, adress3@domain.net, so all for the same domain. It is not working since the 22 October 2014 so a couple of days ago. IMAPS for the 3 accounts, so the port 993 is used. No modifications were brought to the settings for at least 6 months and everything worked perfectly until a few days. When this occurred I was in another country than my own and I was connected through OpenVPN to my home router with the traffic being redirected. I firstly thought that it wasn't updating the mails because of a bad connection but once back home and without the OpenVPN client active the updated didn't work either. I can't really understand what happened and I don't really know how to debug this. |
Re: Modest send & receive problem
Then it may be that your provider has closed SSL support, too.
This is what T-ONLINE.de did. On 23/24th October. My modest does not receive mails anymore from that provider. All other working fine. Same account on N9 (and PC) works. We need to use TLS, instead of SSL (poodle security breach). |
Re: Modest send & receive problem
Quote:
What does the setting in modest "Normal (TLS)" really mean? Is modest able to handle only TLS? Even with that setting I cannot get it working. But it should. |
Re: Modest send & receive problem
We tested this recently on #maemo-ssu and it seems that "Normal(TLS)" is the equivalent of STARTTLS, meaning forcing a TLS connection on port 143 rather that talking to an imap4s server on port 993 and then checking if TLS is supported by the server.
|
Re: Modest send & receive problem
Quote:
|
Re: Modest send & receive problem
That is what I would have expected.
But for a TLS connection to secureimap.t-online.de:993 this is not working, hence my question! :( t-online.de uses now TLS only on port 993 Quote:
to http://mg.pov.lt/maemo-ssu-irclog/%2...-10-24T01:16:0 This I can confirm now. So that means no emails from t-online.de as they have open TLS connection only on port 993 but modest only allows TLS for port 143! :( Any chance for a change in (ccsu-devel) tinymail? I tried to debug it with export CAMEL_DEBUG=all maemo-summoner usr/bin/modest.launch -s to no avail. Could not see the connection requests... |
Re: Modest send & receive problem
Quote:
Thunderbird will try TLS after SSL failed. All newer clients will do so. Even fenix on N9 does so and is still working. You should visit your provider help forum or support and ask there. |
Re: Modest send & receive problem
Will try to see if this is the problem, but frankly I doubt it is.
|
Re: Modest send & receive problem
I am pretty sure.
Else it may be a certificate problem, which I could exclude in my case. Try openssl s_client -connect imap.domain.net:993 or openssl s_client -connect imap.domain.net:993 -ssl3 (should or better may fail) openssl s_client -connect imap.domain.net:993 -tls1 (should work) |
Re: Modest send & receive problem
Quote:
Re. "a port is just a port". STARTTLS is not just TLS over port 143. It is actually normal IMAP on 143 and then (when already "inside") switching to an encrypted channel (via TLS). So you could not just hack Modest to to STARTTLS on 993 and hope it will work. (in case this was somehow implicitly being suggested). I guess Fremantle is slowly becoming obsolete.. |
Re: Modest send & receive problem
Quote:
Code:
CONNECTED(00000003)Code:
OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE NAMESPACE AUTH=PLAIN AUTH=LOGIN] Dovecot ready.But now how to use my account in modest? Should I put "Normal (TLS)". Will it be secured that way? In the configuration page of my hosting provider I have some settings : Code:
SSL / TLS (Recommended)Code:
Non-SSL Settings (Not recommended)How to configure modest knowing those informations to have a secure connection to my mail accounts? |
Re: Modest send & receive problem
Damn. :mad:
Looks like you are doomed, too. Try TLS on 143 for incoming and TLS 587 on outgoing. This should be safe (if working). But one thing I did never understand about STARTTLS (which is used as setting "Normal (TLS)") is when it connects normally and only after connection established switches to TLS how do I know that I have a secured connection and not a normal one? So take above 'secure' with a grain of salt! t-online does not provide port 143, even more :mad: |
Re: Modest send & receive problem
Thanks for the suggestion, will try and post feedback.
Quote:
|
Re: Modest send & receive problem
That is what the tick marker 'Secure Authentication' is for?
|
Re: Modest send & receive problem
And I do not believe we will be succesful with our modest STARTTLS anymore, as this implies a connection request without securing.
And the German providers started a campaign about secure mails in April about that, so I guess they will also not support STARTTLS anymore. Will ask in the German forum.telekom.de but do not believe they will do so for a handful of guys/nerds/fanatics. So is my last hope is freemangordon but he is overwhelmed at the moment. So this might take some time. -- uh, wait. Quoting myself Quote:
|
Re: Modest send & receive problem
Quote:
|
Re: Modest send & receive problem
STARTTLS does TLS before sending credentials. That's the point. :)
"Secure Authentication" probably is something like CRAM-MD5 or, ie. credentials are not sent in the clear (but not necessarily 'secure' by today's standards either) even if STARTTLS isn't supported. Malakai: Have you tried "Normal (TLS)", ie. STARTTLS on port 143 (plus "Secure Authentication")? |
Re: Modest send & receive problem
Sorry for late response but I had to go to work and just came back.
So, I tried with the following settings: - hosting24.hostway.net for both smtp and imap - IMAP Port 143 and SMTP Port 587 - Normale (TLS) for both smtp and imap - Secure Authentication ticked It works for receiving and sending mails on all 3 accounts BUT, how can I be sure that the connection is set securely, as Modest uses the ports that my provider indicates for non SSL/TLS? I just want to be sure that everything is encrypted. Is there a command line to execute directly in N900 to get this information as I'm not very familiar to network sniffing tools? |
Re: Modest send & receive problem
try
Code:
openssl s_client -connect imap.domain.net:143 -starttls imap -tls1Code:
openssl s_client -connect smtp.domain.net:25 -starttls smtp -tls1 |
Re: Modest send & receive problem
When I try the first command with hosting24.hostway.net as address I get a bunch of text with:
Code:
Server certificateCode:
Server certificateIs it possible that my provider made a link between my domain and the domain of the server so the certificate would be on both domains? I also tried the commands with the specified ports for the SSL/TLS configuration and in all cases I get the same text between BEGIN CERTIFICATE and END CERTIFICATE. No matter what the domain is (mydomain.net or hosting24.hostway.net) if I use the appropriate ports and appropriate protocol (-ssl3 or -tls1) for each domain I get the same certificate. From what I understand of all this, my connection is secured the same way if I use: - "SSL" with the address hosting24.hostway.net with ports 993 for imap and 465 for smtp (the old way that doesn't work anymore) or - "Normale (TLS)" with mydomain.net or hosting24.hostway.net with ports 143 for imap and 587 for smtp (the new way that works). Is it correct? |
Re: Modest send & receive problem
@Malakai,
Read https://www.fastmail.fm/help/technic...sstarttls.html for a very good introduction. The question is whether Modest is enforcing TLS (or SSL) when connecting to the unsecured port (143). You either trust that it does, check the source code and trust that it does it correctly, or capture the traffic and check it (and trust that it does it correctly :). |
Re: Modest send & receive problem
From a first (shallow) dive into the code it seems like modest indeed wants to enforce STARTTLS if "Normal (TLS)" is selected.
Also, when creating a new account in modest, one can chose a port number other than 143 for "Normal (TLS)". Once the account is active, changing the port is no longer possible, apparently. |
Re: Modest send & receive problem
Quote:
Quote:
I think it's time for me to donate to neo900 project as everyday something else "changes" on the n900 and doesn't work as it should.... just hope that the same issues won't appear with the neo900. Thank you for your help and for your explanations. |
Re: [Solved] Modest send & receive problem
@malakai
Do you mind I take over this thread? Would you then please re-edit first post a d set it to [NOT yet solved]. My provider does not offer STARTTLS, neither on 993 or 143 nor on any other (but they do for smtp on 587 :cool:). So it seems I cannot receive mails from that account on N900 anymore. Thanks to one of the biggest telco providers (t-online.de). :( Neo might have same prob (in case of using freEmantle). So we could just beg and hope freemangordon might find some time later on. |
Re: Modest send & receive problem
Quote:
You might change it later on via gconftool. But it is easier/better to delete and recreate as changing params via gconftool will not delete cached inboxes under /home/user/.modest and you have to do that also manually. Time consuming :(, but fun :) |
Re: [Solved] Modest send & receive problem
Quote:
|
Re: [Solved] Modest send & receive problem
Quote:
|
Re: [Solved] Modest send & receive problem
I just fixed this in modest/tinymail (made it speak TLS), now I just have to figure out how to get it into the repos. Bear with me. :)
|
Re: [Not yet solved] Modest send & receive problem
@foobar
That would be excellent! :D What did you change? How is connection negotiated now? I.e. for real TLS I need to set what? SSL and if fails it switches to TLS? (That is the way also N9 handles: if I set TLS it does not connect, if I set SSL it connects, but openssl clearly states on that secureimap.t-online.de:993 is only TLS activated (no SSL no STARTTLS) :eek:) Did you change (and what) on gitorious? (I guess/hope only on local branch?) Please ping freemangordon for repo part! [this should not distract him too much from ongoing RE'ing tasks? BIG kudos to him!] |
Re: [Not yet solved] Modest send & receive problem
I've basically allowed TLS (the protocol) on SSL (the modest setting), which previously only allowed SSL2 & SSL3.*
Merge request in git is pending and I'll poke freemangordon on IRC. :) [*] We should probably remove SSL2 there. |
Re: [Not yet solved] Modest send & receive problem
Quick reply...
Thank you! Unfortunately, gitorious does not even display this merge request... https://gitorious.org/modest/modest/merge_requests Best wishes. Thank you. ~~~~~~~~~~~~~~~~~ Per aspera ad astra... |
Re: [Not yet solved] Modest send & receive problem
It does show.
https://gitorious.org/community-ssu/...ts?status=Open @foobar that was all? :cool: then I really wonder why Nokians left that out :confused: did you already test? |
Re: [Not yet solved] Modest send & receive problem
Yepp, that's it. Finding the place obviously took more time than the actual patching. :)
My wild guess is they left it out deliberately, thinking "SSL wrapped" means SSL, not TLS. Anyway, I tested it with secureimap.t-online.de:993, and even though I don't have an account there, it complained about wrong user/password with the patch (which was "can't connect" before). |
Re: [Not yet solved] Modest send & receive problem
I'm not sure what the release plans are for CSSU, so here is a link to a build of the relevant part of tinymail:
https://storage.camaya.net/public.ph...28f08b025811e1 Besides the change discussed above, it also has SSL2 disabled. It is built from this git repo: https://gitorious.org/community-ssu/kolps-tinymail and with CSSU stuff in scratchbox, so there might be some issues if installed on a non-CSSU device (I haven't checked). Anyway, beware, third party-supplied binary, take note of your currently installed version, etc. |
Re: [Not yet solved] Modest send & receive problem
Also thought of renaming "SSL" to "SSL/TLS" at UI level?
|
Re: Modest send & receive problem
Quote:
https://gitorious.org/tinymail/agxs-...1a590a53c8f879 allows it to connect again (on port 993). I haven't had a chance to test this on fremantle. Anybody around that can test this on freemantle? The idea came from evolution's libcamel which has the same issue: https://bazaar.launchpad.net/~ubuntu...-for-ssl.patch |
Re: [Not yet solved] Modest send & receive problem
Quote:
https://gitorious.org/tinymail/agxs-...1a590a53c8f879 |
| All times are GMT. The time now is 23:06. |
vBulletin® Version 3.8.8