cancel
Showing results for 
Search instead for 
Did you mean: 

SSL on IMAP/POP3/SMTP

Townman
Superuser
Superuser
Posts: 22,922
Thanks: 9,538
Fixes: 158
Registered: ‎22-08-2007

Re: SSL on IMAP/POP3/SMTP

@Bob,
Has the security certificate on the trial been changed, or has something else been changed in the configuration recently?
When attempting to send an email on my trial configured mail box, I got a certification verification warning "The target principle name is incorrect... see images attached.
NB: As discussed previously, to avoid issues with still working SMPT configurations with relay.plus.net for my test account, I have defined my target service in hosts as ssl.plus.net - is this the source of my issue?
Are we now in a position such that we can work with relay.plus.net not being directed to a specific IP address and be capable of supporting SSL and non-SSL connections?
Cheers,
Kevin

Superusers are not staff, but they do have a direct line of communication into the business in order to raise issues, concerns and feedback from the community.

matthews
Rising Star
Posts: 145
Thanks: 8
Fixes: 1
Registered: ‎13-08-2014

Re: SSL on IMAP/POP3/SMTP

@Townman, Yes that is the source of your issue. If you have a look at the certificate you can see it's issued to relay.plus.net so that's the only address that your mail client will connect to.
Townman
Superuser
Superuser
Posts: 22,922
Thanks: 9,538
Fixes: 158
Registered: ‎22-08-2007

Re: SSL on IMAP/POP3/SMTP

@Matthews,
Thank you for the reminder - looking back at old correspondence I now recall that this was covered with Bob.
The key question here is has anything changed?  This was working as configured; on inspection I can only identify one sent email on that mailbox since joining the trial.  I'm guessing that the CERT must have been updated since 29/12/2014?
...looks like I am going to have to reconfigure all email boxes using relay.plus.net unless the target IP address for the trial service can now support both SSL and non-SSL connections?
Kevin

Superusers are not staff, but they do have a direct line of communication into the business in order to raise issues, concerns and feedback from the community.

bobpullen
Community Gaffer
Community Gaffer
Posts: 16,869
Thanks: 4,950
Fixes: 315
Registered: ‎04-04-2007

Re: SSL on IMAP/POP3/SMTP

I'm not aware of any changes to the certs and If your hosts entry is for ssl.plus.net then you can expect a cert mismatch error (until you add an exception for it).

Bob Pullen
Plusnet Product Team
If I've been helpful then please give thanks ⤵

asdfghjkl
Grafter
Posts: 68
Thanks: 1
Registered: ‎12-09-2014

Re: SSL on IMAP/POP3/SMTP

Quote from: Bob
Quote from: jelv
From that I think we can safely take it that we won't see it for at least a year.

Ye of little faith Wink

Six months later, do you still think jelv is of little faith?
I'm staggered by this, honestly.  Offering email without SSL in the year 2015 isn't just bad, it's scandalous.   I'd say that most of your users would assume their Plusnet email is secure, but if they're using it on their phones, with Windows 8 mail or any other POP/IMAP reader, they would probably be horrified to learn that it isn't secure at all.  As most domestic users aren't very technical minded, it wouldn't be so bad if Plusnet pointed out the implications of unticking SSL on pages like this.
The implications being that the username, password and all mail associated with a Plusnet email account are vulnerable to man in the middle attacks.  They are really not safe to use on any shared internet connection.  Even at home, family members or housemates can intercept your email.  Crazy.  If Gmail was like this, then Google would be scandalised across global media.
bobpullen
Community Gaffer
Community Gaffer
Posts: 16,869
Thanks: 4,950
Fixes: 315
Registered: ‎04-04-2007

Re: SSL on IMAP/POP3/SMTP

Quote from: Den
Quote from: Bob
Quote from: jelv
From that I think we can safely take it that we won't see it for at least a year.

Ye of little faith Wink

Six months later, do you still think jelv is of little faith?

I've a slice of humble pie on standby just in case Wink
It's taking longer than I'd hoped, although I have been testing some of the inbound stuff this week so things are moving in the right direction.

Bob Pullen
Plusnet Product Team
If I've been helpful then please give thanks ⤵

asdfghjkl
Grafter
Posts: 68
Thanks: 1
Registered: ‎12-09-2014

Re: SSL on IMAP/POP3/SMTP

Well, thank you for what you're doing anyway.
asdfghjkl
Grafter
Posts: 68
Thanks: 1
Registered: ‎12-09-2014

Re: SSL on IMAP/POP3/SMTP

By the way, is it wise to expose an email account's username via the XAUTH header?
Having a username that is different from the email address is like an extra layer of security.  It's harder for someone to hack an email account if they don't have the username... but you go and expose it in the email headers.  Seems a bit daft.
Townman
Superuser
Superuser
Posts: 22,922
Thanks: 9,538
Fixes: 158
Registered: ‎22-08-2007

Re: SSL on IMAP/POP3/SMTP

If you mean that the DEFAULT account email address is...
username@username.plus.net
This is a generic concern which has been debated for years.  It is the way that PN services are configured and is to be found across a number of ISPs, though some do have alternative approaches.
Personally I exclusively use / publish email addresses which use my own domain name, thereby avoid exposing my PN user name in email addresses.

Superusers are not staff, but they do have a direct line of communication into the business in order to raise issues, concerns and feedback from the community.

bobpullen
Community Gaffer
Community Gaffer
Posts: 16,869
Thanks: 4,950
Fixes: 315
Registered: ‎04-04-2007

Re: SSL on IMAP/POP3/SMTP

Quote from: Den
By the way, is it wise to expose an email account's username via the XAUTH header?

I was wondering when somebody was going to comment on this Wink
I actually noticed it when testing the outbound SSL stuff. Wasn't until I looked into it that I realised it's the same for emails sent using plain auth too. I agree, we should probably obfuscate the information, however it's unlikely it will be done as part of the SSL stuff.
I'll do my best to ensure it ends up on somebody's radar though.

Bob Pullen
Plusnet Product Team
If I've been helpful then please give thanks ⤵

timmytoad
Grafter
Posts: 110
Registered: ‎18-08-2011

Re: SSL on IMAP/POP3/SMTP

Hi all, and in particular Bob Pullen 🙂
It is only recently that i have been made aware of this SSL stuff,  i keep getting error messages from my MacBookPro whenever i switch on the Mail App, until recently it has been sufficient to DISABLE SSL !!!!
But this week there was an Update made available to users of Yosemite (OS 10.10.2) and i have now had to ENABLE a very NEGATIVE security feature  "ALLOW INSECURE AUTHENTICATION"
And i began to realise that this whole thing is going backwards !!!, all my other email accounts are rock solid secure, so why is Plus Net choosing to be different Huh
It was then that i came across this Thread in the Community Forum i have read every Post therein and therefore i have to ask Bob Pullen what is going ON ? is there a light at the end of the tunnel ????Huh
Tim
spraxyt
Resting Legend
Posts: 10,063
Thanks: 674
Fixes: 75
Registered: ‎06-04-2007

Re: SSL on IMAP/POP3/SMTP

I think there is light at the end of the tunnel, though the tunnel seems to be an extraordinarily long one.
David
David
Townman
Superuser
Superuser
Posts: 22,922
Thanks: 9,538
Fixes: 158
Registered: ‎22-08-2007

Re: SSL on IMAP/POP3/SMTP

@Tim,
It seems that Apple are being somewhat mischievous in creating a bit of a storm over what has been an accepted (even if not ideal) connection standard for decades.  Unilaterally changing configured items without asking the user during an upgrade is extremely poor behaviour.
Users should have been asked if they wanted to make such changes and advised to check with their service providers to confirm that the enhanced facilities were supported.
Kevin

Superusers are not staff, but they do have a direct line of communication into the business in order to raise issues, concerns and feedback from the community.

asdfghjkl
Grafter
Posts: 68
Thanks: 1
Registered: ‎12-09-2014

Re: SSL on IMAP/POP3/SMTP

Quote from: Bob
I'll do my best to ensure it ends up on somebody's radar though.

Just responding to say thank you.
I feel like I'm being antagonising every time I open my mouth in this thread... only when I go back and re-read my posts though.  Crazy
VivvieF
Newbie
Posts: 1
Registered: ‎17-03-2015

Re: SSL on IMAP/POP3/SMTP

Quote from: timmytoad
Hi all, and in particular Bob Pullen 🙂
It is only recently that i have been made aware of this SSL stuff,  i keep getting error messages from my MacBookPro whenever i switch on the Mail App, until recently it has been sufficient to DISABLE SSL !!!!
But this week there was an Update made available to users of Yosemite (OS 10.10.2) and i have now had to ENABLE a very NEGATIVE security feature  "ALLOW INSECURE AUTHENTICATION"
And i began to realise that this whole thing is going backwards !!!, all my other email accounts are rock solid secure, so why is Plus Net choosing to be different Huh
It was then that i came across this Thread in the Community Forum i have read every Post therein and therefore i have to ask Bob Pullen what is going ON ? is there a light at the end of the tunnel ????Huh
Tim

I have just had the same problem with my email account, and have resolved the problem by doing what you said above 'allowing insecure authentication'. If it hadn't been for this thread I would still be waiting on the phone for the support team!
Thankyou