On Fri, 23 Apr 2021 19:30:02 +0200, Bernd Rose posted for all of us to digest...

On Thu, 22nd Apr 2021 17:14:32 -0400, Tekkie� wrote:

On Wed, 21 Apr 2021 21:53:58 +0000, Larry posted for all of us to digest...

[...]

In stunnel.conf - try
connect = smtp.comcast.net:465

Okay did that and reloaded the stunnel conf
No joy got these error in Gravity, in order:

Socket receive error 10054

So you can cross out case 3 of the 5 variants I suggested yesterday.
My best bet would be on case 1. ;-)

Bernd

It works!!!! Exuberance is too mild of word to describe my happiness.

I admit the last go around of failure is the fact that Comcast requires me to change my password every two weeks on this account. When I tested the last config Gravity gave an error message & to view the event log. The event log was blank. I now had to put on my aluminum foil hat and think for myself. I forgot to change my password in Gravity... You now have proof that I am a burnt out bulb in the chandelier.

I want to thank you for sticking with me and providing a solution I have been struggling with for years. I am posting the working config in the hope that someone else can benefit.


[Comcast_SMTP]
client = yes
accept = localhost:25
connect = smtp.comcast.net:587
protocol = smtp
ProtocolAuthentication = login
verifyChain = yes
CAfile = ca-certs.pem
checkHost = smtp.comcast.net
OCSPaia = yes



--
Tekkie

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Sat, 24th Apr 2021 16:01:14 -0400, Tekkie� wrote:

[Gravity-sTunnel-Comcast setup]

It works!!!! Exuberance is too mild of word to describe my happiness.

Thanks for the feedback! :-)

Btw., the working setup would have been my first suggestion, if you hadn't fooled me with your initial statement, that you already got many suggestions and none worked. Therefore, my first variant was a more exotic approach. ;-)

I admit the last go around of failure is the fact that Comcast requires me to change my password every two weeks on this account.

Not a good idea. They should know better. If people need to change their passwords frequently, they tend to use too simple ones. (Just to be able
to remember them.) The passwords then are easily guessed with dictionary attacks (maybe combined with counters) and the like. Or users write the passwords down in places accessible to others.

Moreover, email inboxes are usually accessed from many different places
(PC, Smartphone,...). The programs used for access usually are configured
to save passwords. Although saved passwords usually aren't encrypted too
well on local systems (especially with older programs), frequent changes
of password will provide no advantage in security. If a device is already compromised, the password change will not alter this. If not, then the situation is okay, in the first place.

But with many devices, people tend to forget changing passwords. Result
are frequent cases of multiple failing logins. If the provider will not
go out of service in no time, he has to configure his service to react
lenient on invalid logins. This is an invitation for hackers.

Better would be the opposite approach: Require a long complex password,
do not permit unencrypted (with secure, current methods) login and react
harsh on failed login attempts. (Sufficient timeout, but not so long,
that after a hacking attempt, the legitimate user can not login, either.) Provide (unerasable, nonalterable) login history on a status page for
a feasible amount of time (maybe a month). And require any password
change (and any other basic setup alteration, like means of contact) to
be verified and confirmed across a different - secure - channel.

I forgot to change my password in Gravity... You now have proof that I am
a burnt out bulb in the chandelier.

IMHO, the requirement to change mail password every two weeks is just ridiculous.

Bernd

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Sat, 24 Apr 2021 16:01:14 -0400, Tekkie� <Tekkie@comcast.net> wrote:

I admit the last go around of failure is the fact that Comcast requires me to >change my password every two weeks on this account.

When and where did Comcast start this silliness? Any explanation as to
why your email accounts have this limitation?

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Sun, 25 Apr 2021 07:54:17 +0200, Bernd Rose posted for all of us to digest...

On Sat, 24th Apr 2021 16:01:14 -0400, Tekkie� wrote:

[Gravity-sTunnel-Comcast setup]

It works!!!! Exuberance is too mild of word to describe my happiness.

Thanks for the feedback! :-)

Btw., the working setup would have been my first suggestion, if you hadn't fooled me with your initial statement, that you already got many suggestions and none worked. Therefore, my first variant was a more exotic approach. ;-)

I admit the last go around of failure is the fact that Comcast requires me to
change my password every two weeks on this account.

Not a good idea. They should know better. If people need to change their passwords frequently, they tend to use too simple ones. (Just to be able
to remember them.) The passwords then are easily guessed with dictionary attacks (maybe combined with counters) and the like. Or users write the passwords down in places accessible to others.

Moreover, email inboxes are usually accessed from many different places
(PC, Smartphone,...). The programs used for access usually are configured
to save passwords. Although saved passwords usually aren't encrypted too
well on local systems (especially with older programs), frequent changes
of password will provide no advantage in security. If a device is already compromised, the password change will not alter this. If not, then the situation is okay, in the first place.

But with many devices, people tend to forget changing passwords. Result
are frequent cases of multiple failing logins. If the provider will not
go out of service in no time, he has to configure his service to react lenient on invalid logins. This is an invitation for hackers.

Better would be the opposite approach: Require a long complex password,
do not permit unencrypted (with secure, current methods) login and react harsh on failed login attempts. (Sufficient timeout, but not so long,
that after a hacking attempt, the legitimate user can not login, either.) Provide (unerasable, nonalterable) login history on a status page for
a feasible amount of time (maybe a month). And require any password
change (and any other basic setup alteration, like means of contact) to
be verified and confirmed across a different - secure - channel.

I forgot to change my password in Gravity... You now have proof that I am
a burnt out bulb in the chandelier.

IMHO, the requirement to change mail password every two weeks is just ridiculous.

Bernd

Bernd, be glad you don't have to deal with Comcast. Their customer (non)service gets consistent subterranean ratings. Comcast agrees that it should not need to be changed every two weeks, I've complained and I will see next week what happens. I use Roboform so it helps me generate & remember passwords.

Again, thanks for your help. I would share your solution on the Gravity site but so far I have been unsuccessful in being able to post.

I am also using your solution on another newsreader that I used for d/l's and you can credit yourself with a double pat on the back.

Guten abend,

--
Tekkie

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Sun, 25 Apr 2021 15:41:35 +0000, Larry posted for all of us to digest...

On Sat, 24 Apr 2021 16:01:14 -0400, Tekkie� <Tekkie@comcast.net> wrote:

I admit the last go around of failure is the fact that Comcast requires me to
change my password every two weeks on this account.

When and where did Comcast start this silliness? Any explanation as to
why your email accounts have this limitation?

It's been about six months. It only applies to this account, the rest are fine.

There is no explanation why or how Comcast does things...

My wife's account also gets email from another persons account. We got all the details where she moved because of this. It seems to have subsided for a month so maybe it's fixed now. I mean the account names weren't even remotely alike.

Thank you for your help,

--
Tekkie

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Mon, 26th Apr 2021 15:27:43 -0400, Tekkie� wrote:

[sTunnel setup]

Again, thanks for your help. I would share your solution on the Gravity site but so far I have been unsuccessful in being able to post.

I am also using your solution on another newsreader that I used for d/l's and you can credit yourself with a double pat on the back.

Your feedback is kind, but the (working) suggestion is really standard and corresponds even to the basic examples found in sTunnel documentation. So, there's no need to refer to me when you share the solution. Just post these settings as working.

Important when sharing the setup is, to point out the client side settings,
as well. (I.e., the settings in the newsreader or mail program.) That's probably the place, where applying the suggestions you got earlier failed.
With this I mean:

| In Gravity you set
| "Mail server (SMTP)": localhost
| "Server ports SMTP": 25
| and provide your login credentials (Name/Password).
|
| If you use local port 25 with another program, already, change *both*
| occurrences of 25 to an unused port number (e.g. 250).

The other place, referred to in "both", is this sTunnel.conf setting:

| accept = localhost:25

Bernd

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)