maemo.org - Talk

maemo.org - Talk (https://talk.maemo.org/index.php)
-   Maemo 5 / Fremantle (https://talk.maemo.org/forumdisplay.php?f=40)
-   -   Modest Email - is the connection fully encrypted? (https://talk.maemo.org/showthread.php?t=100941)

nonsuch 2020-01-22 20:09
Modest Email - is the connection fully encrypted?
 
Modest is at version 3.90.7-13.5 (apparently the same in testing and devel), libtinymail-camel-1.0-0 is at 1.1.92+1cssu7 (apparently the same in testing and devel, and recommended to fix some ssl/tls issues)

After some fiddling I managed to get the connection work like this:
- Incoming mail server (IMAP) with TLS using port 143
- Outgoing mail server (SMTP) with TLS using port 587

According to my mail provider this means that the connection is actually STARTTLS and not TLS/SSL because of the ports I'm using.

Using the ports for full TLS/SSL encryption I get errors, it does not work with either TLS or SSL setting in Modest's account preferences.

I wonder what that means. Why can it start unencrypted and then switch to an encrypted connection, but can not start an encrypted connection straight away? This is how my desktop clients are set up for the same provider.
I can see on the linked page that "The connection to Posteo is always encrypted (STARTTLS, TLS or SSL)" but it makes me wonder nevertheless.
Can I check this somehow? Full error messages?

Does Modest have settings/config/log files somewhere?
Could not 'find' anything.

On a side note, is there another good mail client?

Halftux 2020-01-22 21:28
Re: Modest Email - is the connection fully encrypted?
 
Modest uses the microb-engine and the microb-engine uses libnss3.

You could try install modest, microb-engine, libnss3, libnss3-certs, and maybe other packages from cssu-devel.

But make a backup first.

http://maemo.merlin1991.at/cssu/comm...microb-engine/

http://maemo.merlin1991.at/cssu/comm...free/m/modest/

Source codes:

https://github.com/community-ssu/microb-engine

https://github.com/community-ssu/modest

Update I think in progress..
https://github.com/jonwil/microb-engine-ff24/

To debug:
[1]
Quote:
There are some DBUS methods available for debugging.

run-standalone.sh dbus-send --print-reply --dest=com.nokia.modest /com/nokia/modest com.nokia.modest.DumpOperationQueue

(instead of DumpOperationQueue, you can also use DumpSendQueues or
DumpAccounts)

These methods will print a list of the current mail operation queue,
send queues or the accounts. If you don't know what that means, then
this problably not for you :)

[2]
Quote:
"showui"
To actually start with the UI, you have to provide the 'showui' parameter to
modest. Reason for this not being the default is to allow for DBUS-activation
of various services without showing the UI.

"MODEST_DEBUG"
The MODEST_DEBUG environment may contain any number of ':'-separated strings
to trigger certain debugging features:


"abort-on-warning"
Abort the program when any Gtk/Glib warning or error occurs. This can be useful when running inside a debugger.

"debug-code"
Run various pieces of debug-only code in modest

"log-actions"
Log actions to the log file (not available yet)

"debug-objects"
Debug GObject usage (G_TYPE_DEBUG_OBJECTS)

"debug-signals"
Debug GSignal usage (G_TYPE_DEBUG_SIGNALS)

"factory-settings"
Return all the user-settings to the 'factory defaults'
[1] https://github.com/community-ssu/mod...master/HACKING
[2] https://github.com/community-ssu/mod...r/man/modest.1

nonsuch 2020-01-23 07:09
Re: Modest Email - is the connection fully encrypted?
 
Thanks a lot.
I will make a backup, then hopefully generate some output from modest.

What would you recommend:
Make these experimental changes, or use a different mail client (which)?

Halftux 2020-01-23 13:39
Re: Modest Email - is the connection fully encrypted?
 
There is claws-mail and mutt (console), but these need work to get it compiled with latest openssl version.

And there is qmfmail and trojita which maybe also need a fix and recompilation for use with latest libqt4-network.

I will look into qmfmail.

nonsuch 2020-01-24 08:03
Re: Modest Email - is the connection fully encrypted?
 
Quote:
Originally Posted by Halftux (Post 1564665)
Modest uses the microb-engine and the microb-engine uses libnss3.

You could try install modest, microb-engine, libnss3, libnss3-certs, and maybe other packages from cssu-devel.
Sorry to be obnoxious about it, but do you have reason to think this will give me something, like the ability to use a fully SSL or TLS encrypted connection?

Modest does work atm, and since my mail provider clearly states that it does not allow unencrypted connections, I have to assume that STARTTLS works (initially unencrypted contact to kick off an encrypted connection).

But fully encrypted would be safer.

On a side note, would upgrading these packages also somehow improve the browser?

The debugging unfortunately did not help much; the dbus method gives very little information.
Same for the command line method (with MODEST_DEBUG=debug-code:log-actions:debug-objects:debug-signals).
None of it pertaining to connection protocols and such. :(
I could show you, but it would be pointless.
Back to non-descript error messages and trial & error.

Halftux 2020-01-24 11:36
Re: Modest Email - is the connection fully encrypted?
 
Quote:
Originally Posted by nonsuch (Post 1564699)
Sorry to be obnoxious about it, but do you have reason to think this will give me something, like the ability to use a fully SSL or TLS encrypted connection?
Sorry I can't tell you but the chance that it will work is very low. It is something what I would try.
So in the past a fully encrypted connection was possible. So I guess the handshake will fail. Probably you need to update microb-engine to succeed, and the smaller fixes which are in the repository are not enough. So have a look what Jonwil did.

Better would be to work on leste to make it useable, instead of working with the nearly dead maemo5. So when you working with qmf it could be also useful for leste, because the mer-core also has qmf which is used by sailfish os.

Personally I don't use internet direct on N900 anymore, I am using the N900 as modem or to forward internet to my laptop. E-mail and browsing will be done on the laptop. The N900 is technically not secure, maybe only a bit due to its rareness.

nonsuch 2020-01-24 19:53
Re: Modest Email - is the connection fully encrypted?
 
Quote:
Originally Posted by Halftux (Post 1564709)
Sorry I can't tell you but the chance that it will work is very low. It is something what I would try.
OK, thanks anyhow.
On re-thinking, I consider my E-Mail situation on N900 largely secure (please correct me if you think I'm grossly wrong there).

As I said before elsewhere, web browsing is something I ruled out early on for this device. If I can get it to work with SSL and without javascript, good, but it's not a dealmaker or -breaker for me.

Quote:
Better would be to work on leste to make it useable, instead of working with the nearly dead maemo5. So when you working with qmf it could be also useful for leste, because the mer-core also has qmf which is used by sailfish os.
I fully agree.
What is this QMF?


All times are GMT. The time now is 20:30.

vBulletin® Version 3.8.8