Reply to this topicStart new topicStart Poll

> Pop3s Not Working For Hotmail
Digdug
Posted: Oct 8 2009, 05:16 PM
Quote Post


Member
***

Group: Members
Posts: 92
Member No.: 1456
Joined: 10-January 05



Hotmail has the ability to be used as a normal POP3 server so I added the following line to POP3LINKS.TAB:

"mydomain" <TAB> "xmailuser" <TAB> "pop3.live.com:995" <TAB> "myname@hotmail.com" <TAB> "MD5PASSWORD" <TAB> "CLR,POP3S"

But Xmail cannot establish the connection. With wireshark I can see Its trying but fails to create the SSLv2 connection.

If I do the same with Outlook Express, everything works...

What am I doing wrong? (Xmail v1.26, Windows)
PMEmail Poster
Top
MadMaverick9
Posted: Mar 13 2010, 03:07 AM
Quote Post


Newbie
*

Group: Members
Posts: 19
Member No.: 3317
Joined: 1-July 09



Back in July 2009 I reported a similar problem with Yahoo POP3.

http://xmailforum.homelinux.net/index.php?showtopic=4503

No response there either.
PM
Top
Digdug
Posted: Mar 13 2010, 11:46 AM
Quote Post


Member
***

Group: Members
Posts: 92
Member No.: 1456
Joined: 10-January 05



@MadMaverick9:

With v1.27 the problem with hotmail still exists.
For now I "solved" the problem using FreePOPs (site)
Gmail and Yahoo also work with FreePOPs.

But I would prefer to use the POP3S function in XMail...
I will post a message at mail-archive.com directly at davide.
PMEmail Poster
Top
MadMaverick9
Posted: Mar 14 2010, 04:52 AM
Quote Post


Newbie
*

Group: Members
Posts: 19
Member No.: 3317
Joined: 1-July 09



QUOTE
I will post a message at mail-archive.com directly at davide.


Thank you - much appreciated.
PM
Top
Digdug
Posted: Mar 14 2010, 10:18 AM
Quote Post


Member
***

Group: Members
Posts: 92
Member No.: 1456
Joined: 10-January 05



What is the version of XMail you are using?
PMEmail Poster
Top
MadMaverick9
Posted: Mar 15 2010, 03:56 AM
Quote Post


Newbie
*

Group: Members
Posts: 19
Member No.: 3317
Joined: 1-July 09



XMail v1.27

Here's the psync log:

QUOTE
"2010-03-15 09:38:31" "ah.net" "rmj" "pop.mail.yahoo.com:995" "d@yahoo.com" "CLR,POP3S" "SYNC=EFAIL" "0" "0" "0" "0"
"2010-03-15 09:38:32" "ah.net" "rmj" "pop.gmail.com:995" "d@gmail.com" "CLR,POP3S" "SYNC=OK" "0" "0" "0" "0"
"2010-03-15 09:38:33" "ah.net" "rmj" "pop3.myrealbox.com" "rmj" "CLR" "SYNC=OK" "0" "0" "0" "0"


And here's my pop3links.tab:

QUOTE

"ah.net" "rmj" "pop.gmail.com:995" "d@gmail.com" "md5passwd" "CLR,POP3S"
"ah.net" "rmj" "pop.mail.yahoo.com:995" "d@yahoo.com" "md5passwd" "CLR,POP3S"
"ah.net" "rmj" "pop3.myrealbox.com" "rmj" "md5passwd" "CLR"


And this is one of the messages I can see in Wireshark:

QUOTE

1283 20.561422 68.142.206.14 192.168.1.10 TLSv1 Alert (Level: Fatal, Description: Unknown CA)


So - the same as before - nothing has changed from 1.25 to 1.27. sad1.gif

PS: yahoo has enabled pop3 access for all. Search for "yahoo asia pop3". http://www.khimhoe.net/2009/06/20/how-to-e...-in-yahoo-mail/

So - there's no reason one could not setup a testcase easily.

Hope this helps. I appreciate your efforts. Thank you.
PM
Top
MadMaverick9
Posted: Mar 15 2010, 04:11 AM
Quote Post


Newbie
*

Group: Members
Posts: 19
Member No.: 3317
Joined: 1-July 09



Addtl. Info: fetchmail works fine with both GMail and Yahoo pop3 (both ssl).

So there's something in XMail where the ssl negotiation with yahoo is different than with gmail. I don't know ... just guessing.
PM
Top
MadMaverick9
Posted: Mar 15 2010, 04:22 AM
Quote Post


Newbie
*

Group: Members
Posts: 19
Member No.: 3317
Joined: 1-July 09



One more piece of info - in my "server.tab" I have:

QUOTE
"SSLWantVerify" "0"
"SSLAllowSelfSigned" "1"
PM
Top
MadMaverick9
Posted: Mar 15 2010, 04:58 AM
Quote Post


Newbie
*

Group: Members
Posts: 19
Member No.: 3317
Joined: 1-July 09



I've got some more info:

QUOTE
Debugging XMail Server.
SMAIL thread [00] started
SMAIL thread [01] started
SMAIL thread [02] started
SMAIL thread [03] started
SMAIL thread [04] started
SMAIL thread [05] started
SMAIL thread [06] started
SMAIL thread [07] started
SMAIL thread [08] started
SMAIL thread [09] started
SMAIL thread [10] started
SMAIL thread [11] started
SMAIL thread [12] started
SMAIL thread [13] started
SMAIL thread [14] started
SMAIL thread [15] started
[XMail 1.27 CTRL Server] started
[XMail 1.27 CTRLS Server] started
[XMail 1.27 POP3 Server] started
[XMail 1.27 POP3S Server] started
[XMail 1.27 ESMTP Server] started
[XMail 1.27 ESMTPS Server] started
[XMail 1.27 PSYNC Server] started
[XMail 1.27 FINGER Server] started
XMail 1.27 server started
LMAIL thread [00] started
LMAIL thread [01] started
LMAIL thread [02] started
[PSYNC] entry
[PSYNC] entry
[PSYNC] entry
[PSYNC] User = "rmj" - Domain = "ah.net"
[PSYNC] User = "rmj" - Domain = "ah.net"
[PSYNC] User = "rmj" - Domain = "ah.net"
<<
ErrCode  = -238
ErrString = SSL write error
[PSYNC] User = "rmj" - Domain = "ah.net" Failed !
>>
[PSYNC] exit
[PSYNC] exit
[PSYNC] exit


Hope this all helps to find the problem, esp. because it shows an error code here (-238).
PM
Top
Digdug
Posted: Mar 15 2010, 09:02 AM
Quote Post


Member
***

Group: Members
Posts: 92
Member No.: 1456
Joined: 10-January 05



Hmm, where did you put the certs directory? Because this looks like XMail can't find the certificates...

QUOTE
1283 20.561422 68.142.206.14 192.168.1.10 TLSv1 Alert (Level: Fatal, Description: Unknown CA)


Strange thing is, your GMail account seems to sync ok with POP3S.
I'll try some test myself.
PMEmail Poster
Top
MadMaverick9
Posted: Mar 15 2010, 11:59 AM
Quote Post


Newbie
*

Group: Members
Posts: 19
Member No.: 3317
Joined: 1-July 09



But when setting "SSLWantVerify" "0", the certs directory is not used/not needed, correct?
PM
Top
Digdug
Posted: Mar 15 2010, 04:11 PM
Quote Post


Member
***

Group: Members
Posts: 92
Member No.: 1456
Joined: 10-January 05



I am not sure. I also tried all sorts of combinations. Nothing seems to work.
Maybe XMail is missing the certificate hotmail/yahoo use?

Have you tried the SSLUseCertsDir instructions?
PMEmail Poster
Top
MadMaverick9
Posted: Mar 16 2010, 03:21 AM
Quote Post


Newbie
*

Group: Members
Posts: 19
Member No.: 3317
Joined: 1-July 09



QUOTE
Have you tried the SSLUseCertsDir instructions?

No - I have not. Have you? And with "SSLWantVerify" set to "0", it should not be necessary.
QUOTE
1283 20.561422 68.142.206.14 192.168.1.10 TLSv1 Alert (Level: Fatal, Description: Unknown CA)

This is a packet I saw in Wireshark and it was sent from the yahoo server to my machine. So it's yahoo complaining that it doesn't know some CA, not xmail. This is something I do not understand. ("68.142.206.14" is the ip address of the yahoo pop3 server.)

Esp. since gmail works fine (I have been using xmail with gmail for more than a year now for sending (smtp + ssl) and receiving email (pop3 + ssl) - no issues).

More important question - with all this info we have gathered now (error codes, your tests, my tests, fetchmail working (w/ pop3 + ssl) w/ yahoo and gmail, etc.), have you contacted Davide already?

imho - the main question could be: what is xmail doing differently than fetchmail?
PM
Top
Digdug
Posted: Mar 17 2010, 10:38 PM
Quote Post


Member
***

Group: Members
Posts: 92
Member No.: 1456
Joined: 10-January 05



Yes, I contacted Davide, but solved the problem.
The problem is Hotmail is using certificates not in the certs folder.
Put the certs folder inside the BIN folder:
C:\MailRoot\bin\certs

Using the prompt go to C:\MailRoot\bin
Create a server.key:
openssl genrsa 2048 > server.key
Create a server.cert:
openssl req -new -x509 -key server.key -out server.cert -config openssl.cnf
Put your server.key and server.cert in the mailroot directory:
C:\MailRoot

In POP3LINKS.TAB:
"domainname"<TAB>"mailbox"<TAB>"pop3.live.com:995"<TAB>"username@hotmail.com"<TAB>"md5password"<TAB>"CLR,POP3S"

In SERVER.TAB:
"SSLWantVerify" "1"
#"SSLWantCert" "0"
"SSLAllowSelfSigned" "0"
"SSLUseCertsFile" "1"
"SSLUseCertsDir" "1"

Now the important part, get the certificates. Follow fetchmails tutorial here:
Tutorial
KEEP THE *.PEM FILES!

Now create one new CERTS.PEM file by combining all the *.pem files you created using the fetchmail tutorial.
It should look something like this:
CODE
-----BEGIN CERTIFICATE-----
first pem file
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
second pem file
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
thirt pem file
-----END CERTIFICATE-----
etc.


Put the CERTS.PEM file in the C:\MailRoot\bin directory.

Restart XMail and done.
PMEmail Poster
Top
MadMaverick9
Posted: Mar 18 2010, 10:22 AM
Quote Post


Newbie
*

Group: Members
Posts: 19
Member No.: 3317
Joined: 1-July 09



Thanks for all ur help, Digdug - but ... no luck with Yahoo pop3.

All we have achieved by doing the above, is that XMail (and fetchmail) can now verify the server certificate.

The error if XMail can not verify the server certificate is "CERT verify error: depth = 0 error = 'unable to get local issuer certificate' ErrCode = -234 ErrString = Error establishing SSL connection (connect)".

The error I am still seeing with Yahoo: "error code -238 ssl write error" in xmail plus in wireshark the packet "1283 20.561422 68.142.206.14 192.168.1.10 TLSv1 Alert (Level: Fatal, Description: Unknown CA)".
This problem remains to be solved.

These are two different errors.

One difference I noticed: the cipher for the hotmail and gmail certificates are rc4-md5, whilst the cipher for the Yahoo certificate is aes256-sha. I don't know if that makes a difference.

So unfortunately the question remains: why can fetchmail work fine with Yahoo pop3 and xmail can not? They are using the same certs and the same openssl library. confused.gif
PM
Top
0 User(s) are reading this topic (0 Guests and 0 Anonymous Users)
0 Members:
« Next Oldest | XMail Server | Next Newest »

Reply to this topicStart new topicStart Poll