cancel
Showing results for 
Search instead for 
Did you mean: 

Secure email - when can we use ssl with imap/pop3 and smtp email?

neils
Newbie
Posts: 2
Registered: ‎26-12-2010

Secure email - when can we use ssl with imap/pop3 and smtp email?

Secure email - when can we use ssl with imap/pop3 and smtp email?
Currently, while we can use smtp authentication for email (although limited to the primary account details and not individual accounts), email pickup or sending is not secure - I.e. It is not encrypted.  Embarrassed
When will Plusnet fix this significant deficiency? It makes remote pickup of email by the likes of iPhones, smart phones etc very insecure.
Regards
Neil
11 REPLIES
Community Gaffer
Community Gaffer
Posts: 13,553
Thanks: 1,243
Fixes: 102
Registered: ‎04-04-2007

Re: Secure email - when can we use ssl with imap/pop3 and smtp email?

Quote from: neils
Secure email - when can we use ssl with imap/pop3 and smtp email?

The last time I looked into this, the situation was as per the information in my post here. Having said that, there was a short period of time during which we had SSL enabled on the outbound servers. It was with a self-signed SSL cert though and IIRC caused more problems and confusion than it was worth.
Due to the number of listening daemons we have now, we'd need about 30 SSL certs in order to deliver what's being asked of the inbound platform. If I'm honest, I suspect the business will struggle to justify the benefit of doing this once all of the costs are considered Sad

Bob Pullen
Plusnet Product Team
If I've been helpful then please give thanks ⤵

sgtwilko
Newbie
Posts: 1
Registered: ‎01-10-2009

Re: Secure email - when can we use ssl with imap/pop3 and smtp email?

Hi Bob,
Quote from: Bob
Due to the number of listening daemons we have now, we'd need about 30 SSL certs in order to deliver what's being asked of the inbound platform. If I'm honest, I suspect the business will struggle to justify the benefit of doing this once all of the costs are considered Sad

This can't still be the case can it?
GoDaddy.co.uk are now offering unlimited sub-domain ssl certs at less than £120 a year or alternatively certs that cover 30 domains at less than £250.
As you said in the other thread, ssl/tls was turned on before for e-mail so the cost to the business of offering the service must have been evaluated then and been acceptable, so as the cost of the certs is now acceptable (and lets face it if £250 is a worry to a business then the customers of that business should be very worried) is there any reason for not offering this much requested service?
Regards,
Ian.
dratddestroyer
Grafter
Posts: 164
Registered: ‎27-09-2007

Re: Secure email - when can we use ssl with imap/pop3 and smtp email?

Quote from: Bob
Quote from: neils
Secure email - when can we use ssl with imap/pop3 and smtp email?

The last time I looked into this, the situation was as per the information in my post here. Having said that, there was a short period of time during which we had SSL enabled on the outbound servers. It was with a self-signed SSL cert though and IIRC caused more problems and confusion than it was worth.
Due to the number of listening daemons we have now, we'd need about 30 SSL certs in order to deliver what's being asked of the inbound platform. If I'm honest, I suspect the business will struggle to justify the benefit of doing this once all of the costs are considered Sad

Bob,
How about one SSL for say one box with an address secure.smtp.plus.net?
sl500
Dabbler
Posts: 12
Registered: ‎21-02-2008

Re: Secure email - when can we use ssl with imap/pop3 and smtp email?

I just upgraded from kmail version 1 to 2 and re-added all of my IMAP mail boxes. I clicked "Auto Detect" connection settings for imap.plus.net and got confronted with "No security is supported. It is not recommended to connect to this server."
It's the only mail server I connect to that doesn't have any security, even clear text authentication?
Superuser
Superuser
Posts: 9,888
Thanks: 1,252
Fixes: 71
Registered: ‎06-04-2007

Re: Secure email - when can we use ssl with imap/pop3 and smtp email?

The server does have - and require - clear text password authentication but I think kmail is telling you that is not "secure" (i.e. encrypted). Authenticating using clear text passwords is best avoided if connecting over a public link.
David
Community Veteran
Posts: 26,740
Thanks: 954
Fixes: 10
Registered: ‎10-04-2007

Re: Secure email - when can we use ssl with imap/pop3 and smtp email?

Quote from: sl500
It's the only mail server I connect to that doesn't have any security, even clear text authentication?

Try changing the password on one of your mailboxes and see what happens when you try to connect via IMAP - you'll either not get in or be prompted to enter the new password!
jelv (a.k.a Spoon Whittler)
   Why I have left Plusnet (warning: long post!)   
Broadband: Andrews & Arnold Home::1 (FTTC 80/20)
Line rental: Pulse 8 Home Line Rental (£13/month)
Mobile: iD mobile (£4/month)
sl500
Dabbler
Posts: 12
Registered: ‎21-02-2008

Re: Secure email - when can we use ssl with imap/pop3 and smtp email?

With all due respect I know what it means, the kmail warning message says it loud and clear. It's probably a good thing I've never used plus.net mail when I'm out or for anything private, it's bad enough having someone be able to sniff your emails let alone your login credentials going over a network in plain text.
Community Veteran
Posts: 26,740
Thanks: 954
Fixes: 10
Registered: ‎10-04-2007

Re: Secure email - when can we use ssl with imap/pop3 and smtp email?

So why did you post saying
Quote from: sl500
It's the only mail server I connect to that doesn't have any security, even clear text authentication?

All we were doing was pointing out that the Plusnet IMAP servers do require clear text authentication.
In the other direction, sending messages doesn't require any authentication - if you are connected to the Plusnet network. If you are connected via a different ISP or mobile network clear text authentication is required.
jelv (a.k.a Spoon Whittler)
   Why I have left Plusnet (warning: long post!)   
Broadband: Andrews & Arnold Home::1 (FTTC 80/20)
Line rental: Pulse 8 Home Line Rental (£13/month)
Mobile: iD mobile (£4/month)
druck
Dabbler
Posts: 24
Registered: ‎17-08-2007

Re: Secure email - when can we use ssl with imap/pop3 and smtp email?

This really isn't good enough when people are downloading email on mobile devices through potentially insecure WiFi access points.
PlusNet - Get it sorted.
PNet4um
Grafter
Posts: 29
Registered: ‎13-02-2010

Re: Secure email - when can we use ssl with imap/pop3 and smtp email?

Quote from: Bob
Quote from: neils
Secure email - when can we use ssl with imap/pop3 and smtp email?

The last time I looked into this, the situation was as per the information in my post here. Having said that, there was a short period of time during which we had SSL enabled on the outbound servers. It was with a self-signed SSL cert though and IIRC caused more problems and confusion than it was worth.
Due to the number of listening daemons we have now, we'd need about 30 SSL certs in order to deliver what's being asked of the inbound platform. If I'm honest, I suspect the business will struggle to justify the benefit of doing this once all of the costs are considered Sad

I was helping someone set-up their mail account on Plusnet as I had recommended them to you several years ago and BT are now forcing users who don't have BB with them to pay if they want to keep an address/account at their e-mail servers.
To my horror you *STILL* have not fixed the SSL / STARTTLS / etc. security issue, and you are reported as promising to do so here: http://www.theregister.co.uk/2007/05/24/plusnet_takes_blame years ago.
Do you not realise that there are simple tools which anyone can download to a laptop and capture Plusnet (and others - granted) e-mail account names and passwords at any WiFi hotspot and that is almost certainly contributed to the blacklisting of your mail servers from the posts about people's e-mail accounts being compromised. Bear in mind that the way your systems are set-up - those account names and passwords will almost certainly be the login details to your customer's Control Panels and account information at your server..
I was seriously embarrassed at having to explain the lack of security that you provide.
I didn't raise this as a new topic as part of the disgrace is how long this has been outstanding!...
Community Veteran
Posts: 26,740
Thanks: 954
Fixes: 10
Registered: ‎10-04-2007

Re: Secure email - when can we use ssl with imap/pop3 and smtp email?

Surprised you didn't point out this post (and it's date):
Quote from: Bob
Hi guys,
You'll be pleased to hear that SSL on the mail collection platform should be pretty easy to implement since we put new load balancers in front of the mail platform. Speaking to our Net-Ops Team the consensus is that we just need need to enable SSL on the load balancers and offload that to the mail collection servers.
Our engineers have endeavoured to take a look at this over the coming months when (if?) they have free time between project work. No guarantees as I know they've got a data centre migration to contend with during that time, but if we do get the opportunity then we'll certainly try our best to make some headway on this.
It's worth noting that we probably wouldn't be able to enable this for Madasafish POP3 at the moment as we still need to migrate the POP3 collection platform over onto the Plusnet network.
jelv (a.k.a Spoon Whittler)
   Why I have left Plusnet (warning: long post!)   
Broadband: Andrews & Arnold Home::1 (FTTC 80/20)
Line rental: Pulse 8 Home Line Rental (£13/month)
Mobile: iD mobile (£4/month)