Pop3s Not Working For Hotmail

Hotmail has the ability to be used as a normal POP3 server so I added the following line to POP3LINKS.TAB:

"mydomain" <TAB> "xmailuser" <TAB> "pop3.live.com:995" <TAB> "myname@hotmail.com" <TAB> "MD5PASSWORD" <TAB> "CLR,POP3S"

But Xmail cannot establish the connection. With wireshark I can see Its trying but fails to create the SSLv2 connection.

If I do the same with Outlook Express, everything works...

What am I doing wrong? (Xmail v1.26, Windows)

Back in July 2009 I reported a similar problem with Yahoo POP3.

http://xmailforum.homelinux.net/index.php?showtopic=4503

No response there either.

@MadMaverick9:

With v1.27 the problem with hotmail still exists.
For now I "solved" the problem using FreePOPs (site)
Gmail and Yahoo also work with FreePOPs.

But I would prefer to use the POP3S function in XMail...
I will post a message at mail-archive.com directly at davide.

Thank you - much appreciated.

What is the version of XMail you are using?

XMail v1.27

Here's the psync log:

And here's my pop3links.tab:

And this is one of the messages I can see in Wireshark:

So - the same as before - nothing has changed from 1.25 to 1.27.

PS: yahoo has enabled pop3 access for all. Search for "yahoo asia pop3". http://www.khimhoe.net/2009/06/20/how-to-e...-in-yahoo-mail/

So - there's no reason one could not setup a testcase easily.

Hope this helps. I appreciate your efforts. Thank you.

Addtl. Info: fetchmail works fine with both GMail and Yahoo pop3 (both ssl).

So there's something in XMail where the ssl negotiation with yahoo is different than with gmail. I don't know ... just guessing.

One more piece of info - in my "server.tab" I have:

I've got some more info:

Hope this all helps to find the problem, esp. because it shows an error code here (-238).

Hmm, where did you put the certs directory? Because this looks like XMail can't find the certificates...

Strange thing is, your GMail account seems to sync ok with POP3S.
I'll try some test myself.

But when setting "SSLWantVerify" "0", the certs directory is not used/not needed, correct?

I am not sure. I also tried all sorts of combinations. Nothing seems to work.
Maybe XMail is missing the certificate hotmail/yahoo use?

Have you tried the SSLUseCertsDir instructions?

No - I have not. Have you? And with "SSLWantVerify" set to "0", it should not be necessary.

This is a packet I saw in Wireshark and it was sent from the yahoo server to my machine. So it's yahoo complaining that it doesn't know some CA, not xmail. This is something I do not understand. ("68.142.206.14" is the ip address of the yahoo pop3 server.)

Esp. since gmail works fine (I have been using xmail with gmail for more than a year now for sending (smtp + ssl) and receiving email (pop3 + ssl) - no issues).

More important question - with all this info we have gathered now (error codes, your tests, my tests, fetchmail working (w/ pop3 + ssl) w/ yahoo and gmail, etc.), have you contacted Davide already?

imho - the main question could be: what is xmail doing differently than fetchmail?

Yes, I contacted Davide, but solved the problem.
The problem is Hotmail is using certificates not in the certs folder.
Put the certs folder inside the BIN folder:
C:\MailRoot\bin\certs

Using the prompt go to C:\MailRoot\bin
Create a server.key:
openssl genrsa 2048 > server.key
Create a server.cert:
openssl req -new -x509 -key server.key -out server.cert -config openssl.cnf
Put your server.key and server.cert in the mailroot directory:
C:\MailRoot

In POP3LINKS.TAB:
"domainname"<TAB>"mailbox"<TAB>"pop3.live.com:995"<TAB>"username@hotmail.com"<TAB>"md5password"<TAB>"CLR,POP3S"

In SERVER.TAB:
"SSLWantVerify" "1"
#"SSLWantCert" "0"
"SSLAllowSelfSigned" "0"
"SSLUseCertsFile" "1"
"SSLUseCertsDir" "1"

Now the important part, get the certificates. Follow fetchmails tutorial here:
Tutorial
KEEP THE *.PEM FILES!

Now create one new CERTS.PEM file by combining all the *.pem files you created using the fetchmail tutorial.
It should look something like this:

Put the CERTS.PEM file in the C:\MailRoot\bin directory.

Restart XMail and done.

Thanks for all ur help, Digdug - but ... no luck with Yahoo pop3.

All we have achieved by doing the above, is that XMail (and fetchmail) can now verify the server certificate.

The error if XMail can not verify the server certificate is "CERT verify error: depth = 0 error = 'unable to get local issuer certificate' ErrCode = -234 ErrString = Error establishing SSL connection (connect)".

The error I am still seeing with Yahoo: "error code -238 ssl write error" in xmail plus in wireshark the packet "1283 20.561422 68.142.206.14 192.168.1.10 TLSv1 Alert (Level: Fatal, Description: Unknown CA)".
This problem remains to be solved.

These are two different errors.

One difference I noticed: the cipher for the hotmail and gmail certificates are rc4-md5, whilst the cipher for the Yahoo certificate is aes256-sha. I don't know if that makes a difference.

So unfortunately the question remains: why can fetchmail work fine with Yahoo pop3 and xmail can not? They are using the same certs and the same openssl library.