Any suggestions on how to debug this? How do email clients authenticate if >TLS isn't used?
On Thu, 3 Aug 2017 13:51:47 -0400, rickman <gnuarm@gmail.com> wrote:
Any suggestions on how to debug this? How do email clients authenticate if >>TLS isn't used?
Who's the ISP? I want to check what protocols they support and
expect. If you don't want to disclose this information, try the
following as a starting template for an SMTP session using telnet: ><https://technet.microsoft.com/en-us/library/aa995718(v=exchg.65).aspx>
Use this to encrypt your password:
<https://www.base64encode.org>
If you still have access to your old ISP account that worked, try the
same session and compare results between the old and new ISP.
Good luck.
I'm still not ready to give up my Eudora email program. But it's proving to be a bit intractable at the moment. I recently switched to a new hosting service and had a great deal of problems setting it up for the new servers. Seems TLS is broken in Eudora, at least with modern servers. I was finally able to get the bloody thing to work after playing with it for some days.
Now the provider has switched servers and Eudora will no longer send emails.
Downloading emails is fine, but on sending either it times out or gives errors regarding authentication depending on the port number used. I ran wireshark but I can't say I understand the results. Only a half dozen messages are sent or received and there is 100 second wait between them. So it looks like something is timing out.
Any suggestions on how to debug this? How do email clients authenticate if TLS isn't used?
On Thu, 03 Aug 2017 12:51:08 -0700, Jeff Liebermann <jeffl@cruzio.com>
wrote:
On Thu, 3 Aug 2017 13:51:47 -0400, rickman <gnuarm@gmail.com> wrote:
Any suggestions on how to debug this? How do email clients authenticate if >>>TLS isn't used?
Who's the ISP? I want to check what protocols they support and
expect. If you don't want to disclose this information, try the
following as a starting template for an SMTP session using telnet: >><https://technet.microsoft.com/en-us/library/aa995718(v=exchg.65).aspx>
Use this to encrypt your password:
<https://www.base64encode.org>
If you still have access to your old ISP account that worked, try the
same session and compare results between the old and new ISP.
Good luck.
OLM.net supports Eudora ;-)
...Jim Thompson
On Thu, 3 Aug 2017 13:51:47 -0400, rickman <gnuarm@gmail.com> wrote:
Any suggestions on how to debug this? How do email clients authenticate if >> TLS isn't used?
Who's the ISP? I want to check what protocols they support and
expect. If you don't want to disclose this information, try the
following as a starting template for an SMTP session using telnet: <https://technet.microsoft.com/en-us/library/aa995718(v=exchg.65).aspx>
Use this to encrypt your password:
<https://www.base64encode.org>
If you still have access to your old ISP account that worked, try the
same session and compare results between the old and new ISP.
On Thu, 03 Aug 2017 12:51:08 -0700, Jeff Liebermann <jeffl@cruzio.com>
wrote:
On Thu, 3 Aug 2017 13:51:47 -0400, rickman <gnuarm@gmail.com> wrote:
Any suggestions on how to debug this? How do email clients authenticate if >>> TLS isn't used?
Who's the ISP? I want to check what protocols they support and
expect. If you don't want to disclose this information, try the
following as a starting template for an SMTP session using telnet:
<https://technet.microsoft.com/en-us/library/aa995718(v=exchg.65).aspx>
Use this to encrypt your password:
<https://www.base64encode.org>
If you still have access to your old ISP account that worked, try the
same session and compare results between the old and new ISP.
Good luck.
OLM.net supports Eudora ;-)
Mightyweb says using no authentication exposes the password which sounds
like a bad idea. I'm not sure using authentication actually encrypts the >password. I've always used authentication, just not TLS. How then does
that work?
In article <om04nj$24e$1@dont-email.me>, rickman <gnuarm@gmail.com> wrote:
Jeff Liebermann wrote on 8/3/2017 3:51 PM:
Mightyweb says using no authentication exposes the password which sounds
like a bad idea. I'm not sure using authentication actually encrypts the
password. I've always used authentication, just not TLS. How then does
that work?
There are several different forms of authentication which can work
over a non-encrypted connection. The really insecure ones transmit
the password in cleartext, and these can (as noted) expose your
password on the net, and also require that the ISP store the password
itself.
There are hash-based authentication systems which can be reasonably
secure even if an encrypted connection is not used. In these, neither
system ever transmits the password itself. Instead, the server says
(in effect) "Here, append this randomly-chosen string to your
password, compute an MD5/SHA-1/SHA-256 hash of the result, and send me
back the hash." This allows your client software to "prove" that it
has the password.
With this approach you still have the concern that the email itself is flowing over a non-encrypted connection and is open to being
wiretapped, even if the password is not.
Not all ISPs, server packages, and client packages support all of
these authentication methods such as MD5AUTH. You can still end up a situation in which "plain text" is the only method the two ends can
agree upon... not good, especially in shared-public-network situations.
You can use any of these authentication methods over an encrypted
connection (SSL or TLS), so that both the password phase and the
actual email exchange is secured.
rickman says...
I'm still not ready to give up my Eudora email program.
I'm using Eudora 6.2.5.6 for POP/SMTP on Cox cable, with
encryption. No guarantee it would work for you, but I could
provide my Options settings if you like.
rickman says...
I'm still not ready to give up my Eudora email program.
I'm using Eudora 6.2.5.6 for POP/SMTP on Cox cable, with
encryption. No guarantee it would work for you, but I could
provide my Options settings if you like.
I'm still not ready to give up my Eudora email program.
Sure. Do you know what form of authentication they use?
I think TLSv1 may not be supported by your server. It
is considered to be compromised. If so, you may be out
of luck on encryption. Eudora used its own SSL dll, and
I don't know how you would get a more modern version.
The big problem most people have is with certificates used
by the server not being considered valid by Eudora.
Peabody wrote:
The big problem most people have is with certificates used
by the server not being considered valid by Eudora.
That reminds me that the client and server cannot be too far apart in
their timestamps. The SSL/TLS handshaking passes a time-sensitive
token. If one end is way off on time, the token is considered as having expired. The OP needs to make sure his date and time are current.
I'm still not ready to give up my Eudora email program. But it's proving to be a bit intractable at the moment. I recently switched to a new hosting service and had a great deal of problems setting it up for the new servers. Seems TLS is broken in Eudora, at least with modern servers. I was finally able to get the bloody thing to work after playing with it for some days.
Now the provider has switched servers and Eudora will no longer send emails.
Downloading emails is fine, but on sending either it times out or gives errors regarding authentication depending on the port number used. I ran wireshark but I can't say I understand the results. Only a half dozen messages are sent or received and there is 100 second wait between them. So it looks like something is timing out.
Any suggestions on how to debug this? How do email clients authenticate if TLS isn't used?
rickman wrote:
I'm still not ready to give up my Eudora email program. But it's proving to >> be a bit intractable at the moment. I recently switched to a new hosting
service and had a great deal of problems setting it up for the new servers. >> Seems TLS is broken in Eudora, at least with modern servers. I was finally >> able to get the bloody thing to work after playing with it for some days.
Now the provider has switched servers and Eudora will no longer send emails. >> Downloading emails is fine, but on sending either it times out or gives
errors regarding authentication depending on the port number used. I ran
wireshark but I can't say I understand the results. Only a half dozen
messages are sent or received and there is 100 second wait between them. So >> it looks like something is timing out.
Any suggestions on how to debug this? How do email clients authenticate if >> TLS isn't used?
Does stunnel work on Windows? It would allow you to get arround TLS
issues.
On Thu, 03 Aug 2017 19:18:09 -0500, Peabody
<waybackNO584SPAM44@yahoo.com> wrote:
rickman says...
I'm still not ready to give up my Eudora email program.
I'm using Eudora 6.2.5.6 for POP/SMTP on Cox cable, with
encryption. No guarantee it would work for you, but I could
provide my Options settings if you like.
It's all a function of what the ultimate E-mail provider supports
(Eudora itself _does_ support SSL).
I'm connected to the Internet via CenturyLink fiber.
But I retrieve E-mail from my website provider, OLM.net, which uses authentication, but not SSL (for Eudora-based 'retrievers').
Sysop: | Keyop |
---|---|
Location: | Huddersfield, West Yorkshire, UK |
Users: | 296 |
Nodes: | 16 (2 / 14) |
Uptime: | 87:32:04 |
Calls: | 6,658 |
Files: | 12,203 |
Messages: | 5,333,881 |