XPost: sci.electronics.design

I'm still not ready to give up my Eudora email program. But it's proving to
be a bit intractable at the moment. I recently switched to a new hosting service and had a great deal of problems setting it up for the new servers. Seems TLS is broken in Eudora, at least with modern servers. I was finally able to get the bloody thing to work after playing with it for some days.

Now the provider has switched servers and Eudora will no longer send emails.
Downloading emails is fine, but on sending either it times out or gives errors regarding authentication depending on the port number used. I ran wireshark but I can't say I understand the results. Only a half dozen
messages are sent or received and there is 100 second wait between them. So
it looks like something is timing out.

Any suggestions on how to debug this? How do email clients authenticate if
TLS isn't used?

--

Rick C
--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: sci.electronics.design

On Thu, 3 Aug 2017 13:51:47 -0400, rickman <gnuarm@gmail.com> wrote:

Any suggestions on how to debug this? How do email clients authenticate if >TLS isn't used?

Who's the ISP? I want to check what protocols they support and
expect. If you don't want to disclose this information, try the
following as a starting template for an SMTP session using telnet: <https://technet.microsoft.com/en-us/library/aa995718(v=exchg.65).aspx>
Use this to encrypt your password:
<https://www.base64encode.org>
If you still have access to your old ISP account that worked, try the
same session and compare results between the old and new ISP.

Good luck.

--
Jeff Liebermann jeffl@cruzio.com
150 Felker St #D http://www.LearnByDestroying.com
Santa Cruz CA 95060 http://802.11junk.com
Skype: JeffLiebermann AE6KS 831-336-2558
--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: sci.electronics.design

On Thu, 03 Aug 2017 12:51:08 -0700, Jeff Liebermann <jeffl@cruzio.com>
wrote:

On Thu, 3 Aug 2017 13:51:47 -0400, rickman <gnuarm@gmail.com> wrote:

Any suggestions on how to debug this? How do email clients authenticate if >>TLS isn't used?

Who's the ISP? I want to check what protocols they support and
expect. If you don't want to disclose this information, try the
following as a starting template for an SMTP session using telnet: ><https://technet.microsoft.com/en-us/library/aa995718(v=exchg.65).aspx>
Use this to encrypt your password:
<https://www.base64encode.org>
If you still have access to your old ISP account that worked, try the
same session and compare results between the old and new ISP.

Good luck.

OLM.net supports Eudora ;-)

...Jim Thompson
--
| James E.Thompson | mens |
| Analog Innovations | et |
| Analog/Mixed-Signal ASIC's and Discrete Systems | manus |
| STV, Queen Creek, AZ 85142 Skype: skypeanalog | |
| Voice:(480)460-2350 Fax: Available upon request | Brass Rat |
| E-mail Icon at http://www.analog-innovations.com | 1962 |

I'm looking for work... see my website.

Thinking outside the box...producing elegant & economic solutions.
--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

rickman wrote:

NOTE: The following newsgroup omitted in my reply as it appears an
unrelated newsgroup to the issue and to the other cross-posted
newsgroup:

sci.electronics.design

This topic is not really an issue with networking, either. A more
appropriate newsgroup to discuss newsreaders (NNTP clients) is:

news.software.readers

I'm still not ready to give up my Eudora email program. But it's proving to be a bit intractable at the moment. I recently switched to a new hosting service and had a great deal of problems setting it up for the new servers. Seems TLS is broken in Eudora, at least with modern servers. I was finally able to get the bloody thing to work after playing with it for some days.

Now the provider has switched servers and Eudora will no longer send emails.
Downloading emails is fine, but on sending either it times out or gives errors regarding authentication depending on the port number used. I ran wireshark but I can't say I understand the results. Only a half dozen messages are sent or received and there is 100 second wait between them. So it looks like something is timing out.

Any suggestions on how to debug this? How do email clients authenticate if TLS isn't used?

Eudora was abandoned long ago. Eudora OSE (based on Mozilla's
Thunderbird) ensued but it also got abandoned; however, Eudroa OSE in
having TB's code up to that point was still supported after the big push
away from SSL 3.0 when it was found vulnerable. TLS 1.0 is just a
renamed version of SSL 3.0; i.e., to bring that spec under the "TLS"
umbrella. Could be the new servers demand TLS 1.1, or later.

https://en.wikipedia.org/wiki/Eudora_(email_client)
"Development of the open-source version stopped in 2010 and was
officially deprecated in 2013, with users advised to switch to the
current version of Thunderbird."

https://en.wikipedia.org/wiki/Eudora_OSE
"On June 28, 2013, the Mozilla website indicated that Eudora OSE is
based on an out-of-date version of Thunderbird and that, to Mozilla's knowledge, Qualcomm has no plans to update or support it. Mozilla
recommends current users consider switching to Thunderbird."

https://wiki.mozilla.org/Eudora_OSE
"it is Mozilla's understanding that Qualcomm is no longer developing
Eudora OSE and its community support forum no longer exists"

https://threatpost.com/ietf-officially-deprecates-sslv3/113503/
"IETF OFFICIALLY DEPRECATES SSLV3"

I was using MS Outlook 2003 to connect to my Hotmail account and wanted
to continue using that old e-mail client; however, back around Feb 2014 Microsoft demanded TLS be used to connect to their servers and OL2003
didn't support TLS. I was forced to move to a later e-mail client that
had the minimally required encryption standard for secure connections.

Although the old Eudora [OSE] product might provide an option to use
TLS, if it is TLS 1.0 then it is no different than SSL 3.0. I don't
which versions of TLS that Eudora [OSE] supports. Go into the account
defined within Eudora to see what, if any, TLS options there are.

Since Eudora OSE is just [an old version of] Thunderbird in disguise,
maybe it's time to go to Thunderbird, emClient, or some other newer and supported local e-mail client or resolve yourself to being stuck with
their webmail client.
--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: sci.electronics.design

On Thu, 03 Aug 2017 12:56:38 -0700, Jim Thompson <To-Email-Use-The-Envelope-Icon@On-My-Web-Site.com> wrote:

On Thu, 03 Aug 2017 12:51:08 -0700, Jeff Liebermann <jeffl@cruzio.com>
wrote:

On Thu, 3 Aug 2017 13:51:47 -0400, rickman <gnuarm@gmail.com> wrote:

Any suggestions on how to debug this? How do email clients authenticate if >>>TLS isn't used?

Who's the ISP? I want to check what protocols they support and
expect. If you don't want to disclose this information, try the
following as a starting template for an SMTP session using telnet: >><https://technet.microsoft.com/en-us/library/aa995718(v=exchg.65).aspx>
Use this to encrypt your password:
<https://www.base64encode.org>
If you still have access to your old ISP account that worked, try the
same session and compare results between the old and new ISP.

Good luck.

OLM.net supports Eudora ;-)

...Jim Thompson

Just realized, after my response, that this was an S.E.D post.

There is a Eudora-specific group: comp.mail.eudora.ms-windows

...Jim Thompson
--
| James E.Thompson | mens |
| Analog Innovations | et |
| Analog/Mixed-Signal ASIC's and Discrete Systems | manus |
| STV, Queen Creek, AZ 85142 Skype: skypeanalog | |
| Voice:(480)460-2350 Fax: Available upon request | Brass Rat |
| E-mail Icon at http://www.analog-innovations.com | 1962 |

I'm looking for work... see my website.

Thinking outside the box...producing elegant & economic solutions.
--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: sci.electronics.design

Jeff Liebermann wrote on 8/3/2017 3:51 PM:

On Thu, 3 Aug 2017 13:51:47 -0400, rickman <gnuarm@gmail.com> wrote:

Any suggestions on how to debug this? How do email clients authenticate if >> TLS isn't used?

Who's the ISP? I want to check what protocols they support and
expect. If you don't want to disclose this information, try the
following as a starting template for an SMTP session using telnet: <https://technet.microsoft.com/en-us/library/aa995718(v=exchg.65).aspx>
Use this to encrypt your password:
<https://www.base64encode.org>
If you still have access to your old ISP account that worked, try the
same session and compare results between the old and new ISP.

The web hosting provider is Mightyweb.net. I don't think my ISP has any
email support. I tried contacting them yesterday and never heard back. I looked up the possibility of using gmail or Yahoo mail and both seem to use
TLS which I know Eudora does not work with.

Mightyweb says using no authentication exposes the password which sounds
like a bad idea. I'm not sure using authentication actually encrypts the password. I've always used authentication, just not TLS. How then does
that work?

--

Rick C
--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: sci.electronics.design

Jim Thompson wrote on 8/3/2017 3:56 PM:

On Thu, 03 Aug 2017 12:51:08 -0700, Jeff Liebermann <jeffl@cruzio.com>
wrote:

On Thu, 3 Aug 2017 13:51:47 -0400, rickman <gnuarm@gmail.com> wrote:

Any suggestions on how to debug this? How do email clients authenticate if >>> TLS isn't used?

Who's the ISP? I want to check what protocols they support and
expect. If you don't want to disclose this information, try the
following as a starting template for an SMTP session using telnet:
<https://technet.microsoft.com/en-us/library/aa995718(v=exchg.65).aspx>
Use this to encrypt your password:
<https://www.base64encode.org>
If you still have access to your old ISP account that worked, try the
same session and compare results between the old and new ISP.

Good luck.

OLM.net supports Eudora ;-)

Talk about your spartan web pages. They don't even talk about the control panel or if you can support reseller accounts. I have several people using
my account to host their web pages and they need separate logins. I sent
them a question about it.

--

Rick C
--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: sci.electronics.design

In article <om04nj$24e$1@dont-email.me>, rickman <gnuarm@gmail.com> wrote: >Jeff Liebermann wrote on 8/3/2017 3:51 PM:

Mightyweb says using no authentication exposes the password which sounds
like a bad idea. I'm not sure using authentication actually encrypts the >password. I've always used authentication, just not TLS. How then does
that work?

There are several different forms of authentication which can work
over a non-encrypted connection. The really insecure ones transmit
the password in cleartext, and these can (as noted) expose your
password on the net, and also require that the ISP store the password
itself.

There are hash-based authentication systems which can be reasonably
secure even if an encrypted connection is not used. In these, neither
system ever transmits the password itself. Instead, the server says
(in effect) "Here, append this randomly-chosen string to your
password, compute an MD5/SHA-1/SHA-256 hash of the result, and send me
back the hash." This allows your client software to "prove" that it
has the password.

With this approach you still have the concern that the email itself is
flowing over a non-encrypted connection and is open to being
wiretapped, even if the password is not.

Not all ISPs, server packages, and client packages support all of
these authentication methods such as MD5AUTH. You can still end up a
situation in which "plain text" is the only method the two ends can
agree upon... not good, especially in shared-public-network situations.

You can use any of these authentication methods over an encrypted
connection (SSL or TLS), so that both the password phase and the
actual email exchange is secured.
--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: sci.electronics.design

Dave Platt wrote on 8/3/2017 6:32 PM:

In article <om04nj$24e$1@dont-email.me>, rickman <gnuarm@gmail.com> wrote:

Jeff Liebermann wrote on 8/3/2017 3:51 PM:

Mightyweb says using no authentication exposes the password which sounds
like a bad idea. I'm not sure using authentication actually encrypts the
password. I've always used authentication, just not TLS. How then does
that work?

There are several different forms of authentication which can work
over a non-encrypted connection. The really insecure ones transmit
the password in cleartext, and these can (as noted) expose your
password on the net, and also require that the ISP store the password
itself.

There are hash-based authentication systems which can be reasonably
secure even if an encrypted connection is not used. In these, neither
system ever transmits the password itself. Instead, the server says
(in effect) "Here, append this randomly-chosen string to your
password, compute an MD5/SHA-1/SHA-256 hash of the result, and send me
back the hash." This allows your client software to "prove" that it
has the password.

With this approach you still have the concern that the email itself is flowing over a non-encrypted connection and is open to being
wiretapped, even if the password is not.

Not all ISPs, server packages, and client packages support all of
these authentication methods such as MD5AUTH. You can still end up a situation in which "plain text" is the only method the two ends can
agree upon... not good, especially in shared-public-network situations.

You can use any of these authentication methods over an encrypted
connection (SSL or TLS), so that both the password phase and the
actual email exchange is secured.

Thanks for the info.

--

Rick C
--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: sci.electronics.design

On Thu, 03 Aug 2017 19:18:09 -0500, Peabody
<waybackNO584SPAM44@yahoo.com> wrote:

rickman says...

I'm still not ready to give up my Eudora email program.

I'm using Eudora 6.2.5.6 for POP/SMTP on Cox cable, with
encryption. No guarantee it would work for you, but I could
provide my Options settings if you like.

It's all a function of what the ultimate E-mail provider supports
(Eudora itself _does_ support SSL).

I'm connected to the Internet via CenturyLink fiber.

But I retrieve E-mail from my website provider, OLM.net, which uses authentication, but not SSL (for Eudora-based 'retrievers').

Not that I think 'security' is a big deal... if some expert wants to
intercept your E-mail it won't matter what you use... you'll lose >:-}

So keep your criminal communications to face-to-face only ;-)

...Jim Thompson
--
| James E.Thompson | mens |
| Analog Innovations | et |
| Analog/Mixed-Signal ASIC's and Discrete Systems | manus |
| STV, Queen Creek, AZ 85142 Skype: skypeanalog | |
| Voice:(480)460-2350 Fax: Available upon request | Brass Rat |
| E-mail Icon at http://www.analog-innovations.com | 1962 |

I'm looking for work... see my website.

Thinking outside the box...producing elegant & economic solutions.
--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: sci.electronics.design

Peabody wrote on 8/3/2017 8:18 PM:

rickman says...

I'm still not ready to give up my Eudora email program.

I'm using Eudora 6.2.5.6 for POP/SMTP on Cox cable, with
encryption. No guarantee it would work for you, but I could
provide my Options settings if you like.

Sure. Do you know what form of authentication they use?

--

Rick C
--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: sci.electronics.design

rickman says...

I'm still not ready to give up my Eudora email program.

I'm using Eudora 6.2.5.6 for POP/SMTP on Cox cable, with
encryption. No guarantee it would work for you, but I could
provide my Options settings if you like.
--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: sci.electronics.design

rickman says...

Sure. Do you know what form of authentication they use?

"Last SSL Info" for POP says Port 995, TLSv1,
DHE-RSA-AES256-SHA(256bits)

For SMTP it's the same, except Port 587.

Cox requires my Cox username and password.

Under Getting Started, I have Allow Authentication checked.

Under Checking Mail, I have Secure Sockets when receiving
set to "Required, Alternate Port"

Under Incoming Mail, I have POP and Passwords selected.

Under Sending Mail I have Allow Autherntication and Use
Submission Port (587) selected. And under Secure Sockets
when sending, I have Required, STARTTLS selected.

All the Kerberos stuff is turned off.

Then you need to Google "patch QCSSL.dll". This addresses
the situation where the first contact to the server takes a
long time, or even times out. I think there's a version for
7.1.0.9 on dropbox which Google will take you to. or if
you're using 6.2.5.6, I can send you the patch. I think in
both cases, just one byte is changed in the dll.

The big problem most people have is with certificates used
by the server not being considered valid by Eudora. After
attempting to POP email, you can go into the Last SSL Info
under Checking Mail, and open up the Certificates section at
the bottom, and make sure there are no bad certs. If there
are, you may need to import them. And you can only fix one
at a time. There may be a whole string of them, so you nay
have to repeat the process until everything is good.

I think TLSv1 may not be supported by your server. It is
considered to be compromised. If so, you may be out of luck
on encryption. Eudora used its own SSL dll, and I don't
know how you would get a more modern version.
--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: sci.electronics.design

Peabody says...

I think TLSv1 may not be supported by your server. It
is considered to be compromised. If so, you may be out
of luck on encryption. Eudora used its own SSL dll, and
I don't know how you would get a more modern version.

I notice that the two usual OPENSSL files are also in the
Eudora program files folder. So it may be possible to update
to newer TLS versions by updating those two files, which
presumably are the 32-bit versions. However, the only
references I could find to TLS in the QCSSL.dll file were to
v1. So even if later TLS versions are in the OpenSSL files,
they may not be called.
--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: sci.electronics.design

Peabody wrote:

The big problem most people have is with certificates used
by the server not being considered valid by Eudora.

That reminds me that the client and server cannot be too far apart in
their timestamps. The SSL/TLS handshaking passes a time-sensitive
token. If one end is way off on time, the token is considered as having expired. The OP needs to make sure his date and time are current.
--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: sci.electronics.design

VanguardLH wrote on 8/4/2017 12:50 AM:

Peabody wrote:

The big problem most people have is with certificates used
by the server not being considered valid by Eudora.

That reminds me that the client and server cannot be too far apart in
their timestamps. The SSL/TLS handshaking passes a time-sensitive
token. If one end is way off on time, the token is considered as having expired. The OP needs to make sure his date and time are current.

Thanks for the suggestion. I keep my time updated automatically so it is correct. I have the right time zone selected as well.

--

Rick C
--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

In comp.os.ms-windows.networking.windows rickman <gnuarm@gmail.com> wrote:

I'm still not ready to give up my Eudora email program. But it's proving to be a bit intractable at the moment. I recently switched to a new hosting service and had a great deal of problems setting it up for the new servers. Seems TLS is broken in Eudora, at least with modern servers. I was finally able to get the bloody thing to work after playing with it for some days.

Now the provider has switched servers and Eudora will no longer send emails.
Downloading emails is fine, but on sending either it times out or gives errors regarding authentication depending on the port number used. I ran wireshark but I can't say I understand the results. Only a half dozen messages are sent or received and there is 100 second wait between them. So it looks like something is timing out.

Any suggestions on how to debug this? How do email clients authenticate if TLS isn't used?

Does stunnel work on Windows? It would allow you to get arround TLS
issues.
--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

lifewoutmilk wrote:

rickman wrote:

I'm still not ready to give up my Eudora email program. But it's proving to >> be a bit intractable at the moment. I recently switched to a new hosting
service and had a great deal of problems setting it up for the new servers. >> Seems TLS is broken in Eudora, at least with modern servers. I was finally >> able to get the bloody thing to work after playing with it for some days.

Now the provider has switched servers and Eudora will no longer send emails. >> Downloading emails is fine, but on sending either it times out or gives
errors regarding authentication depending on the port number used. I ran
wireshark but I can't say I understand the results. Only a half dozen
messages are sent or received and there is 100 second wait between them. So >> it looks like something is timing out.

Any suggestions on how to debug this? How do email clients authenticate if >> TLS isn't used?

Does stunnel work on Windows? It would allow you to get arround TLS
issues.

I used it a long time ago to use with YahooPOPs (aka YPOPs) to screen
scrape Yahoo Mail's web pages to retrieve e-mails into a local client
(because Yahoo dropped POP access for all but a couple countries).

It requires you configure the e-mail client to use a non-secure
(unencrypted) connection to the local stunnel proxy as though it were
the e-mail server to the client. Then you configure stunnel to connect
as the client (which uses encryption) to the real e-mail server.

sTunnel's documention says it supports: SSLv2, SSLv3, TLSv1 (SSLv3
renamed), TLSv1.1, TLSv1.2. It uses the OpenSSL libs. However, from
what someone else said here, Eudora also uses the OpenSSL libs so just
replace them in the Eudora [sub]folder with the proper bit-width
versions.
--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: sci.electronics.design

Jim Thompson wrote on 8/3/2017 8:42 PM:

On Thu, 03 Aug 2017 19:18:09 -0500, Peabody
<waybackNO584SPAM44@yahoo.com> wrote:

rickman says...

I'm still not ready to give up my Eudora email program.

I'm using Eudora 6.2.5.6 for POP/SMTP on Cox cable, with
encryption. No guarantee it would work for you, but I could
provide my Options settings if you like.

It's all a function of what the ultimate E-mail provider supports
(Eudora itself _does_ support SSL).

I'm connected to the Internet via CenturyLink fiber.

But I retrieve E-mail from my website provider, OLM.net, which uses authentication, but not SSL (for Eudora-based 'retrievers').

I've been in touch with OLM and they don't claim to have any special support for Eudora. I asked and the reply was, "what does Eudora support"? I
replied that Eudora supports SSL TLSv1.

Hello Rick,

Thank you for contacting
OLM. We do not support TLSv1 SSL
connections. There are to[sic] many security
risks.


Clearly they have no special knowledge or support for Eudora. How are you operating with Eudora? What type of authentication are you using? I only
got mine working by using Wireshark to see just what was happening.


--

Rick C
--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)