XMailforum is a readonly knowledge archive now.

Registering as a new user or answering posts is not possible anymore.

Might the force be with you, to find here what you are looking for.

2019-09-20 - hschneider, Admin

Cookie Disclaimer: This forum uses only essential, anonymous session cookies (xmailforum*), nothing to be scared of.

XMail Forum [Powered by Invision Power Board]
Printable Version of Topic
Click here to view this topic in its original format
XMail Forum > XMail Server > Pop3s Not Working For Hotmail


Posted by: Digdug Oct 8 2009, 05:16 PM
Hotmail has the ability to be used as a normal POP3 server so I added the following line to POP3LINKS.TAB:

"mydomain" <TAB> "xmailuser" <TAB> "pop3.live.com:995" <TAB> "myname@hotmail.com" <TAB> "MD5PASSWORD" <TAB> "CLR,POP3S"

But Xmail cannot establish the connection. With wireshark I can see Its trying but fails to create the SSLv2 connection.

If I do the same with Outlook Express, everything works...

What am I doing wrong? (Xmail v1.26, Windows)

Posted by: MadMaverick9 Mar 13 2010, 03:07 AM
Back in July 2009 I reported a similar problem with Yahoo POP3.

http://xmailforum.homelinux.net/index.php?showtopic=4503

No response there either.

Posted by: Digdug Mar 13 2010, 11:46 AM
@MadMaverick9:

With v1.27 the problem with hotmail still exists.
For now I "solved" the problem using FreePOPs (http://www.freepops.org)
Gmail and Yahoo also work with FreePOPs.

But I would prefer to use the POP3S function in XMail...
I will post a message at http://www.mail-archive.com/xmail@xmailserver.org/ directly at davide.

Posted by: MadMaverick9 Mar 14 2010, 04:52 AM
QUOTE
I will post a message at mail-archive.com directly at davide.


Thank you - much appreciated.

Posted by: Digdug Mar 14 2010, 10:18 AM
What is the version of XMail you are using?

Posted by: MadMaverick9 Mar 15 2010, 03:56 AM
XMail v1.27

Here's the psync log:

QUOTE
"2010-03-15 09:38:31" "ah.net" "rmj" "pop.mail.yahoo.com:995" "d@yahoo.com" "CLR,POP3S" "SYNC=EFAIL" "0" "0" "0" "0"
"2010-03-15 09:38:32" "ah.net" "rmj" "pop.gmail.com:995" "d@gmail.com" "CLR,POP3S" "SYNC=OK" "0" "0" "0" "0"
"2010-03-15 09:38:33" "ah.net" "rmj" "pop3.myrealbox.com" "rmj" "CLR" "SYNC=OK" "0" "0" "0" "0"


And here's my pop3links.tab:

QUOTE

"ah.net" "rmj" "pop.gmail.com:995" "d@gmail.com" "md5passwd" "CLR,POP3S"
"ah.net" "rmj" "pop.mail.yahoo.com:995" "d@yahoo.com" "md5passwd" "CLR,POP3S"
"ah.net" "rmj" "pop3.myrealbox.com" "rmj" "md5passwd" "CLR"


And this is one of the messages I can see in Wireshark:

QUOTE

1283 20.561422 68.142.206.14 192.168.1.10 TLSv1 Alert (Level: Fatal, Description: Unknown CA)


So - the same as before - nothing has changed from 1.25 to 1.27. sad1.gif

PS: yahoo has enabled pop3 access for all. Search for "yahoo asia pop3". http://www.khimhoe.net/2009/06/20/how-to-enable-pop3-in-yahoo-mail/

So - there's no reason one could not setup a testcase easily.

Hope this helps. I appreciate your efforts. Thank you.

Posted by: MadMaverick9 Mar 15 2010, 04:11 AM
Addtl. Info: fetchmail works fine with both GMail and Yahoo pop3 (both ssl).

So there's something in XMail where the ssl negotiation with yahoo is different than with gmail. I don't know ... just guessing.

Posted by: MadMaverick9 Mar 15 2010, 04:22 AM
One more piece of info - in my "server.tab" I have:

QUOTE
"SSLWantVerify" "0"
"SSLAllowSelfSigned" "1"

Posted by: MadMaverick9 Mar 15 2010, 04:58 AM
I've got some more info:

QUOTE
Debugging XMail Server.
SMAIL thread [00] started
SMAIL thread [01] started
SMAIL thread [02] started
SMAIL thread [03] started
SMAIL thread [04] started
SMAIL thread [05] started
SMAIL thread [06] started
SMAIL thread [07] started
SMAIL thread [08] started
SMAIL thread [09] started
SMAIL thread [10] started
SMAIL thread [11] started
SMAIL thread [12] started
SMAIL thread [13] started
SMAIL thread [14] started
SMAIL thread [15] started
[XMail 1.27 CTRL Server] started
[XMail 1.27 CTRLS Server] started
[XMail 1.27 POP3 Server] started
[XMail 1.27 POP3S Server] started
[XMail 1.27 ESMTP Server] started
[XMail 1.27 ESMTPS Server] started
[XMail 1.27 PSYNC Server] started
[XMail 1.27 FINGER Server] started
XMail 1.27 server started
LMAIL thread [00] started
LMAIL thread [01] started
LMAIL thread [02] started
[PSYNC] entry
[PSYNC] entry
[PSYNC] entry
[PSYNC] User = "rmj" - Domain = "ah.net"
[PSYNC] User = "rmj" - Domain = "ah.net"
[PSYNC] User = "rmj" - Domain = "ah.net"
<<
ErrCode  = -238
ErrString = SSL write error
[PSYNC] User = "rmj" - Domain = "ah.net" Failed !
>>
[PSYNC] exit
[PSYNC] exit
[PSYNC] exit


Hope this all helps to find the problem, esp. because it shows an error code here (-238).

Posted by: Digdug Mar 15 2010, 09:02 AM
Hmm, where did you put the certs directory? Because this looks like XMail can't find the certificates...

QUOTE
1283 20.561422 68.142.206.14 192.168.1.10 TLSv1 Alert (Level: Fatal, Description: Unknown CA)


Strange thing is, your GMail account seems to sync ok with POP3S.
I'll try some test myself.

Posted by: MadMaverick9 Mar 15 2010, 11:59 AM
But when setting "SSLWantVerify" "0", the certs directory is not used/not needed, correct?

Posted by: Digdug Mar 15 2010, 04:11 PM
I am not sure. I also tried all sorts of combinations. Nothing seems to work.
Maybe XMail is missing the certificate hotmail/yahoo use?

Have you tried the SSLUseCertsDir instructions?

Posted by: MadMaverick9 Mar 16 2010, 03:21 AM
QUOTE
Have you tried the SSLUseCertsDir instructions?

No - I have not. Have you? And with "SSLWantVerify" set to "0", it should not be necessary.
QUOTE
1283 20.561422 68.142.206.14 192.168.1.10 TLSv1 Alert (Level: Fatal, Description: Unknown CA)

This is a packet I saw in Wireshark and it was sent from the yahoo server to my machine. So it's yahoo complaining that it doesn't know some CA, not xmail. This is something I do not understand. ("68.142.206.14" is the ip address of the yahoo pop3 server.)

Esp. since gmail works fine (I have been using xmail with gmail for more than a year now for sending (smtp + ssl) and receiving email (pop3 + ssl) - no issues).

More important question - with all this info we have gathered now (error codes, your tests, my tests, fetchmail working (w/ pop3 + ssl) w/ yahoo and gmail, etc.), have you contacted Davide already?

imho - the main question could be: what is xmail doing differently than fetchmail?

Posted by: Digdug Mar 17 2010, 10:38 PM
Yes, I contacted Davide, but solved the problem.
The problem is Hotmail is using certificates not in the certs folder.
Put the certs folder inside the BIN folder:
C:\MailRoot\bin\certs

Using the prompt go to C:\MailRoot\bin
Create a server.key:
openssl genrsa 2048 > server.key
Create a server.cert:
openssl req -new -x509 -key server.key -out server.cert -config openssl.cnf
Put your server.key and server.cert in the mailroot directory:
C:\MailRoot

In POP3LINKS.TAB:
"domainname"<TAB>"mailbox"<TAB>"pop3.live.com:995"<TAB>"username@hotmail.com"<TAB>"md5password"<TAB>"CLR,POP3S"

In SERVER.TAB:
"SSLWantVerify" "1"
#"SSLWantCert" "0"
"SSLAllowSelfSigned" "0"
"SSLUseCertsFile" "1"
"SSLUseCertsDir" "1"

Now the important part, get the certificates. Follow fetchmails tutorial here:
http://wiki.qnap.com/wiki/Setup_Fetchmail_For_GMail_To_XDove
KEEP THE *.PEM FILES!

Now create one new CERTS.PEM file by combining all the *.pem files you created using the fetchmail tutorial.
It should look something like this:
CODE
-----BEGIN CERTIFICATE-----
first pem file
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
second pem file
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
thirt pem file
-----END CERTIFICATE-----
etc.


Put the CERTS.PEM file in the C:\MailRoot\bin directory.

Restart XMail and done.

Posted by: MadMaverick9 Mar 18 2010, 10:22 AM
Thanks for all ur help, Digdug - but ... no luck with Yahoo pop3.

All we have achieved by doing the above, is that XMail (and fetchmail) can now verify the server certificate.

The error if XMail can not verify the server certificate is "CERT verify error: depth = 0 error = 'unable to get local issuer certificate' ErrCode = -234 ErrString = Error establishing SSL connection (connect)".

The error I am still seeing with Yahoo: "error code -238 ssl write error" in xmail plus in wireshark the packet "1283 20.561422 68.142.206.14 192.168.1.10 TLSv1 Alert (Level: Fatal, Description: Unknown CA)".
This problem remains to be solved.

These are two different errors.

One difference I noticed: the cipher for the hotmail and gmail certificates are rc4-md5, whilst the cipher for the Yahoo certificate is aes256-sha. I don't know if that makes a difference.

So unfortunately the question remains: why can fetchmail work fine with Yahoo pop3 and xmail can not? They are using the same certs and the same openssl library. confused.gif

Posted by: Digdug Mar 19 2010, 11:35 AM
Hmm, have you tested if XMail really has the certificate?

CODE
openssl s_client -CApath C:/MailRoot/bin/certs/ -connect pop.mail.yahoo.com:995


The output should give something like this in the end:

CODE
New, TLSv1/SSLv3, Cipher is AES256-SHA
Server public key is 1024 bit
Compression: NONE
Expansion: NONE
SSL-Session:
   Protocol  : TLSv1
   Cipher    : AES256-SHA
   Session-ID: 94BF217E34FF6D51A280B5DD0913737E2DB741E23464B984B45038CD89B9895A

   Session-ID-ctx:
   Master-Key: EB257FFF4A99BCF5C1CF5D5DB3C8FB5636557E89E89BDB66680E654BE454FCCF
E9D5E920E449296E650354BAF286C2D1
   Key-Arg   : None
   Start Time: 1268994535
   Timeout   : 300 (sec)
   Verify return code: 0 (ok)---


See the last line Verify return code: 0 (ok)

This because of your error message:
QUOTE
"error code -238 ssl write error" in xmail plus in wireshark the packet "1283 20.561422 68.142.206.14 192.168.1.10 TLSv1 Alert (Level: Fatal, Description: Unknown CA)".

Powered by Invision Power Board (http://www.invisionboard.com)
© Invision Power Services (http://www.invisionpower.com)