Pegasus Mail & Mercury

Welcome to the Community for Pegasus Mail and
The Mercury Mail Transport System, the Internet's longest-serving PC e-mail system!
Welcome to Pegasus Mail & Mercury Sign in | Join | Help
in
Home Blogs Forums Downloads Pegasus Mail Overview Mercury Overview Wiki

What new security feature is "Pegasus Mail" missing? Is an upgrade coming?

Last post 03-07-2020, 3:04 by irelam. 13 replies.
Sort Posts: Previous Next
  •  02-24-2020, 22:48

    • Cat009 is not online. Last active: 09 Mar 2020, 21:53 Cat009
    • Top 500 Contributor
    • Joined on 07-22-2011
    • England
    • Member
    • Points 470

    What new security feature is "Pegasus Mail" missing? Is an upgrade coming?

    I have 3 email accounts at Sky Broadband UK (which uses Yahoo email) and about two months ago Sky sent me (at one of those 3 accounts) an email (see its text below), warning that I needed to change my app and/or program by late February 2020 if I wanted to continue using that email account via my app and/or program.

    I use the excellent "K-9" on my Android devices, so I wrote to the "K-9" developers: they said that Sky's issue is probably SSL, so I shouldn't worry because "K-9" allows users to select Direct SSL, an option which in fact I have been using for years in "K-9". But the developers were wrong because I now find I can no longer access that Sky account using either my app or my Windows email client, the excellent "Pegasus Mail". I have downloaded and installed the latest "Pegasus Mail" upgrade but that hasn't helped.

    The Sky page doesn't refer to "Pegasus Mail" unfortunately. It doesn't acknowledge its existence.  See the apps or programs it approves of here:  https://www.sky.com/help/articles/getting-started-with-sky-yahoo-mail-v1

    But I have 1000s of important historical email records stored in my "Pegasus Mail" folders! "Pegasus Mail" is so sophisticated that I can put retrieve any email within seconds using its excellent retrieval method. I cannot afford to stop using it. I have been using "Pegasus Mail" since 1991.

    And now, today, I have received a second email from Sky. Sky has moved on to another of my 3 email accounts, and sent me the same email as before, as pasted in below. Very soon I won't be able to access my emails in that account either, using "K-9" or "Pegasus Mail"! And then, no doubt, Sky will move on to my 3rd email account in the same way!

    I can still access all 3 accounts by signing into either Sky or Yahoo, but I don't wish to attend to email on either website. It's an inefficient way of working. I wish to keep using my trusted email clients.

    So what can be done so that I don't have to use the apps or programs which Sky lists as compatible with its latest change(s)? 

    Are the developers of "Pegasus Mail" planning an upgrade which will satisfy the latest security standard?

    Help!

    Many thanks,

    Cat009 - a Kiwi in the UK.

    ----------------------------------------------------------------


    Update your email application today!

    Dear (redacted),

    We've noticed that you may be accessing your Sky.com email on your mobile, tablet or other device using an out-of-date version of an email application such as Apple Mail, Outlook or Windows Live Mail.

    To ensure a better and more consistent experience for all our customers, out-of-date versions of these email applications will no longer be supported by Sky.com email from 09/03/2020.

    This means you will need to update your email application to the latest version, which will include new features, enhanced security standards and better usability.

    If you decide not to update your email application, you will no longer be able to access your Sky.com email using this method on or after 09/03/2020.

    However, you will still be able to access your sky.com email via Sky.com

    To verify this email and get all the help you need, please head to Sky.com and click on the section titled 'Help accessing Sky mails via email apps' on the homepage.

    Please note you do not need to reset or change your password for your Sky.com email address.

    Kind regards,
    Sky.

    -------------------------------------------------------------------------------------------


    A Pegasus-user since 1991, when I found a Kiwi techie had installed it on the computers at an Internet cafe in Waterstones university bookshop in Bloomsbury, London. Loved it, installed it on my own computer, and have been using it ever since.
  •  02-24-2020, 23:57

    Re: What new security feature is "Pegasus Mail" missing? Is an upgrade coming?

    Hi,

    I've been using yahoo.com for ages and it is still doing fine in both POP3, IMAP, and SMTP. Looking into sky.com I could only see IMAP option. Is that protocol you're using? Below some information I got from them.

    POP access settings and instructions for Sky Yahoo Mail

    POP (Post Office Protocol) is 1 way to get Sky Yahoo Mail in a desktop or mobile app. POP downloads copies of your email, so you can move and delete them in the app without affecting the original emails.

    POP settings for Sky Yahoo Mail

    Incoming Mail (POP) Server

    • Server - pop.tools.sky.com
    • Port - 995
    • Requires SSL - Yes

    Outgoing Mail (SMTP) Server

    • Server - smtp.tools.sky.com
    • Port - 465 or 587
    • Requires SSL - Yes
    • Requires TLS - Yes (if available)
    • Requires authentication - Yes

    Your login info

    • Email address - Your full email address (name@domain.com.)
    • Password - Your account's password.
    • Requires authentication - Yes



    Best,

    euler f german
    sete lagoas, mg, brazil
    Pegasus Mail 4.73.639 Standalone - Windows 7 Ultimate
    BearHTML 4.9.9.6 IERenderer 2.6.3.4
    Binaries: C:\PMAIL\Programs
    Mailboxes: C:\PMAIL\MAIL

    InsPMDic — Dictionary Handler Add-on (link on profile)
  •  02-25-2020, 2:42

    • Brian Fluet is not online. Last active: 04-08-2020, 19:19 Brian Fluet
    • Top 10 Contributor
    • Joined on 12-24-2014
    • North Carolina, USA
    • SuperStar
    • Points 29,835

    Re: What new security feature is "Pegasus Mail" missing? Is an upgrade coming?

    Configuration of Pegasus Mail is similar to what would be done for Outlook 2003 to 2013 which is referenced on the site noted in the original post (https://www.sky.com/help/articles/getting-started-with-sky-yahoo-mail-v1).  In that section is a reference to generating an app password.  I can't tell whether an app password is a solution to the current notices though.

    Also, you can find the most recent Pegasus Mail developer news at www.pmail.com.

  •  02-25-2020, 12:00

    • davews is not online. Last active: 02 Mar 2020, 9:17 davews
    • Top 200 Contributor
    • Joined on 05-08-2007
    • Member
    • Points 415

    Re: What new security feature is "Pegasus Mail" missing? Is an upgrade coming?

    This is becoming a big issue with Pegasus Mail, not only Sky but GMail and Yahoo. All these are now insisting on OpenAuth login for POP3/SMTP and no doubt other providers will follow suit. OAuth is a complicated issue, I have tried to get my head around it but failed, and I am relatively tech savvy.

    A long description of the issue can be found on the Sky forums at:

     https://helpforum.sky.com/t5/Email/Summary-of-Oauth-compatible-apps-for-Windows-users/m-p/3138647#M75341

    David in his latest update suggested he will update Pegasus soon to add support for OAuth, but ONLY for GMail. This is clearly not enough, he must also add it for Yahoo mail as all new Yahoo Mail accounts demand OAuth login. I have already encountered this myself.

     Fortunately my main email is with my own domain provider (1&1) but I suspect they will follow the trend and introduce OAuth before long. At which point Pegasus will no longer be an option for me.

     

  •  02-26-2020, 22:19

    • Cat009 is not online. Last active: 09 Mar 2020, 21:53 Cat009
    • Top 500 Contributor
    • Joined on 07-22-2011
    • England
    • Member
    • Points 470

    Re: What new security feature is "Pegasus Mail" missing? Is an upgrade coming?

    Thank you to everyone who has been helpful. Below is all the advice I have received from Sky, Pegasus-Mail , and K-9 forums.

    It’s believed that Yahoo now requires use of the Open Authentication (OAuth2) login protocol, as described at: https://oauth.net/2/

    As the Android "K-9" app and the Windows "Pegasus Mail" program don’t provide for this protocol, then as a workaround users may be able to use an "application-specific password" in place of the normal password, which ISPs give directions on how to generate. Sky gives directions here:
    https://helpforum.sky.com/t5/Email/16-character-App-Password-for-Sky-Yahoo-Mail/td-p/3089577 (Be sure to be logged into the correct account when generating the app password, but it may be best to log out of all accounts so that you are asked for the relevant details when creating the password.)

    Apparently Yahoo is not the only ISP now insisting on OpenAuth logins. See the description of the issue at:
    https://helpforum.sky.com/t5/Email/Summary-of-Oauth-compatible-apps-for-Windows-users/m-p/3138647#M75341 

    Pegasus Mail’s developer is apparently planning to support OAuth, but only for GMail.

    It’s been suggested that Sky/Yahoo email accounts should be substituted with Gmail accounts, or that emails be redirected from Sky accounts to Gmail accounts.

    So unfortunately it looks like I will either have to ditch the Android email app and Windows email program I love, or set a day or two aside for a lot of troublesome experimentation.

    If anyone has already trodden the path and has additional advice to give I would be grateful to receive it.

    Thanks.

     


    A Pegasus-user since 1991, when I found a Kiwi techie had installed it on the computers at an Internet cafe in Waterstones university bookshop in Bloomsbury, London. Loved it, installed it on my own computer, and have been using it ever since.
  •  03-02-2020, 8:31

    • David Harris is not online. Last active: 04-03-2020, 19:26 David Harris
    • Top 25 Contributor
    • Joined on 01-31-2007
    • New Zealand
    • Star
    • Points 10,020
    • SystemAdministrator

    Re: What new security feature is "Pegasus Mail" missing? Is an upgrade coming?

    Argh! This is turning into a royal nuisance for my users, and a significant headache for me.

    To summarise the problem with OAUTH2: it is *NOT* a standard - it's a generalized specification. I can't write one implementation that will work with all providers - each provider will need a specifically-modified OAUTH module designed to work with it, which is tedious and time-consuming. The fact that I will personally have to go through a process of registering my application separately with **each and every site** using OAUTH2 just makes the matter worse.

    The issue has been looming with GMail for a while (Google are one of the primary movers behind this fiasco of a "standard"), but I've actually been caught a bit by surprise to find that there are so many other sites looking at using OAUTH. I can see very few advantages in it, and a lot of problems.

    However, on the basis of what I've read in this thread, I've now decided to revise my assessment of OAUTH2 and push it to the top of the queue, suspending all other development until it's no longer an issue. With only a quite small amount of luck, once I have a GMail implementation working, it may be relatively easy to come up with support for other providers as it becomes essential.

    I don't like providing deadlines for things, but I'll see if I can get something working before the end of March - this is not a promise, but a statement of intent.

    Watch this space for more information.

    -- David --

  •  03-02-2020, 9:17

    • davews is not online. Last active: 02 Mar 2020, 9:17 davews
    • Top 200 Contributor
    • Joined on 05-08-2007
    • Member
    • Points 415

    Re: What new security feature is "Pegasus Mail" missing? Is an upgrade coming?

    Thanks for the update David. The little I have read of OAUTH is that it is indeed a nightmare and quite hard to get ones head round even as a user. Touch wood outside Gmail and Yahoo (with its derivatives) it won't become wide spread to other providers but who knows. Let us hope you can come up with a solution and thanks for all your work.

     

  •  03-02-2020, 16:36

    Re: What new security feature is "Pegasus Mail" missing? Is an upgrade coming?

    I'm quite sure I was one of the first Pegasus Mail's users to suffer from this inconvenience. It happened with one of my Gmail accounts, the one used to access the PM-WIN list at listserv.ua.edu. Changing my email address to a Yahoo account didn't help very much as it has a long history of DMAC problems, which caused many problems with the message's replies. The best solution I found was to create an account with GMX and forward all traffic of that particular Gmail account to it. GMX is not perfect (who/what is?) but works fine with Pegasus Mail on both POP3 and IMAP.

    Other Gmail accounts followed the behavior of that first one. It took more than a year to happen, and I still have Gmail accounts running the old way. As I said once, there's very little concern from these service providers like security. Pegasus Mail has been providing security means to email users since the advent of the Internet, or almost it. The real catch (IMHO) is to make the users access their accounts from the provider's Web interface, where they'll be more conveniently exploit. They offered "free" POP3/IMAP/SMTP as a honey pot, and now they are closing the traps.

    Long story short, my approach to this OAUTH2 thing is very simple: Gmail, Yahoo or any other provider directives will not govern my client choice or the way I deal with my mail. In my simplistic way to see things, the server follows the client, not the other way around. Maybe I may be proved wrong in the future, but I'm quite positive alternatives will appear as long we simply say no to them once in a while.
    Best,

    euler f german
    sete lagoas, mg, brazil
    Pegasus Mail 4.73.639 Standalone - Windows 7 Ultimate
    BearHTML 4.9.9.6 IERenderer 2.6.3.4
    Binaries: C:\PMAIL\Programs
    Mailboxes: C:\PMAIL\MAIL

    InsPMDic — Dictionary Handler Add-on (link on profile)
    Filed under:
  •  03-02-2020, 21:50

    • Sellerie is not online. Last active: 2020/03/25, 14:20 Sellerie
    • Top 75 Contributor
    • Joined on 04-10-2014
    • Member
    • Points 1,280

    Re: What new security feature is "Pegasus Mail" missing? Is an upgrade coming?

    I believe you are wrong. FIDO2 or should i better say WebAuthn is coming.
  •  03-05-2020, 20:14

    • Cat009 is not online. Last active: 09 Mar 2020, 21:53 Cat009
    • Top 500 Contributor
    • Joined on 07-22-2011
    • England
    • Member
    • Points 470

    Re: What new security feature is "Pegasus Mail" missing? Is an upgrade coming?

    David, thank you for your reply.  I am honoured!  I feel sure I have sent you a message at some point before during the last 30 years to say how splendid "Pegasus Mail" is.  I still feel that way, hence my concern.

    I have been too busy to reply to your message before now, but am doing so now because for the first time, and completely without warning from my ISP, I am now unable to log-in to my main (vital) email account from "Pegasus Mail".  (I have even had trouble logging-in to the account via the ISP's website!)

    In case it is of any help to you, this is the error message which "Pegasus Mail" has presented:


    When I send an email from my email client, "Pegasus Mail" gives me the following error message:

    18:41:54.738: --- 5 Mar 2020, 18:41:54.738 ---
    18:41:54.738: Connect to 'smtp.tools.sky.com', timeout 180 seconds.
    18:41:55.955:

  • SSL/TLS session established
    18:41:55.955:
  • ECDHE-RSA-AES256-GCM-SHA384, TLSv1.2, Kx=ECDH, Au=RSA, Enc=AESGCM(256), Mac=AEAD
    18:41:55.955:
  • Peer's certificate name is '/C=GB/postalCode=TW7 5QD/ST=Middlesex/L=Isleworth/street=Grant Way/street=7 Centaurs Business Centre/O=Sky Limited/OU=Information Technology/CN=smtp.tools.sky.com'.
    18:41:55.955: >> 220 smtp.mail.yahoo.com ESMTP ready
    18:41:55.955: << EHLO
  • [192.168.0.10]
    18:41:55.970: >> 250-smtp407.mail.ir2.yahoo.com Hello [192.168.0.10] [2.219.22.248])
    18:41:55.970: >> 250-PIPELINING
    18:41:55.970: >> 250-ENHANCEDSTATUSCODES
    18:41:55.970: >> 250-8BITMIME
    18:41:55.970: >> 250-SIZE 41697280
    18:41:55.970: >> 250 AUTH PLAIN LOGIN XOAUTH2 OAUTHBEARER
    18:41:56.002: << AUTH LOGIN
    18:41:56.017: >> 334 xxxxxxxxxxxx
    18:41:56.017: << xxxxxxxxxxxxxxxxxxxxxxxx
    18:41:56.048: >> 334 xxxxxxxxxxxx
    18:41:56.048: << xxxxxxxxxxxxxxxxxxxxxxxx
    18:41:56.142: >> 535 5.7.0 (#AUTH005) Too many bad auth attempts.

    And when I log-in to the Sky's webmail, I receive the following message!

    404 Not Found: Requested route ('securep-mysky-homepage.cf.sky.com') does not exist.

    I will complain to Sky, but these ISPs take no note of users' unhappiness (and the fact that many users, particularly older folk, are not up to the complexities involved).

    Regards,

    David (cat009).

     

     

     

     

     

     

     


    A Pegasus-user since 1991, when I found a Kiwi techie had installed it on the computers at an Internet cafe in Waterstones university bookshop in Bloomsbury, London. Loved it, installed it on my own computer, and have been using it ever since.
  •  03-05-2020, 21:06

    • irelam is not online. Last active: 04-08-2020, 22:15 irelam
    • Top 10 Contributor
    • Joined on 03-23-2007
    • Edmonton, Alberta, Canada
    • SuperStar
    • Points 22,735
    • BetaTeam Moderator

    Re: What new security feature is "Pegasus Mail" missing? Is an upgrade coming?

    The reason is that the OAuth2 function is not set up, see: 250 AUTH PLAIN LOGIN XOAUTH2 OAUTHBEARER

    This is a known problem, which will be resolved in the not too distant future.  Meanwhile you should check with your ISP, SKY to see if you can get around this.


    HTH

    Martin

  •  03-05-2020, 22:52

    • Cat009 is not online. Last active: 09 Mar 2020, 21:53 Cat009
    • Top 500 Contributor
    • Joined on 07-22-2011
    • England
    • Member
    • Points 470

    Re: What new security feature is "Pegasus Mail" missing? Is an upgrade coming?

    Yes, Martin, that is correct, as discussed higher up this thread.

    The challenge for me now is trying to somehow use "Pegasus Mail" to bypass the obstruction.  I have just been reading the huge number of posts on the Sky Community Forum and people are clearly having great difficulty, even though they are using apps and programs other than "Pegasus Mail".

    For example, people are being recommended by other users to user email clients which will, right now, enable connection.  For instance, one user says: "Can only suggest using "eM Client" instead. It's much easier to setup - you just select Yahoo from the list of providers and follow the prompts," while another adds, "eM client is easy to set up - it's been Oauth compliant since 2015"

    And another user advises on member as follows: "You may need to resign yourself to a change of email software or upgrade to Windows 10. It's looking like Microsoft have to alter Outlook to make it work with Yahoo and they may only do this to Outlook 2019/365, which doesn't work on Windows 7."

    It would be a pain for me to set up a new email client, like this "eM Client", even though it is likely to work, but worst of all I would lose access to my "Pegasus Mail" "desktop" - the many addressbooks and distribution lists which I have there, not to mention the folders full of copies of 1000s historical emails going back 30 years which I often refer to, or the customised dictionary!

    However, I plan on setting aside a day or two this week to see if there is some trick I can use to make "Pegasus Mail" functional again.

    The following advice from one Sky user is enlightening:

     

    Background 

    Sky have a rolling programme of converting email accounts from Basic Authentication (password submitted to server as plain text) to Open Authentication (Oauth). With Oauth, the password is replaced by a 'token' of random characters,  making it more secure. 

    Apps may fail after Sky converts your email account to the new security standard. They can often be revived by deleting and reinstalling the email account.

    App password users: try using the password generator to generate a 16 character App password.

    Symptoms : Your email app just stops working, for no apparent reason.

    Check that you can login to webmail to make sure your password is valid. If it works OK, then the most likely explanation is that your account has been converted by Sky to requiring the new Oauth security method.

     General approach to fixing problem

    • Because most Android / iOS apps don't generally allow settings to be edited, you need to delete the account and set it up again, choosing Yahoo from the list of providers when prompted.
    • Enter Sky email address and Sky ID Password, then grant the app access to email etc. and you are done!

    Your account will be setup using IMAP protocol; you won't (normally) be asked for server settings.

    Backup:  Because most Android  and iOS devices use IMAP, your emails should be preserved on the server. Nevertheless, it's worth copying, forwarding or otherwise duplicating anything really important before deleting your email account.

    Android users (Apps downloadable from Google Play Store)

    The following are based on first-hand experience using a Samsung J5 phone running Android version 9.

    Microsoft Outlook: (for Android) Probably the market leader. Clean presentation and can be linked to calendar functions. 

    Bluemail: Lots of options to tune it; can vary how much email it looks at( 2 weeks to all), turn the cc/bcc field on/off and much more. Also has calendar capability.

    Samsung mail: Works, but very basic; virtually no options to choose from.

    Yahoo mail: Lots of adverts, but numerous users report that it works. I haven't tested it because I definitely don't want the adverts!

    The Gmail app doesn't work; I found it failed with a '404 error' after granting app access. 

    Thunderbird: Although not on Sky's list Thunderbird is fully supported and will work without using the generated password. You just need to change the authentication to OAuth2 and use the Yahoo servers.


     

    cat009

     


    A Pegasus-user since 1991, when I found a Kiwi techie had installed it on the computers at an Internet cafe in Waterstones university bookshop in Bloomsbury, London. Loved it, installed it on my own computer, and have been using it ever since.
  •  03-06-2020, 22:57

    • Cat009 is not online. Last active: 09 Mar 2020, 21:53 Cat009
    • Top 500 Contributor
    • Joined on 07-22-2011
    • England
    • Member
    • Points 470

    Re: What new security feature is "Pegasus Mail" missing? Is an upgrade coming?

    Just in case it helps anyone hoping to continue using email apps or email programs which Sky has not listed as now being authorised or compatible with their email servers, here is what I have managed to do in order to keep using the excellent "Pegasus Mail" (for Windows) and the superb "K-9" for Android. 

    Old apps and programs will continue to work if you simply use a password which Sky/Yahoo will generate for you!

    To generate passwords for Sky/Yahoo email accounts:
    at www.sky.com log-in by clicking the "Yahoo Mail Sign In" box, instead of "Come on in".

    Then enter the email address and your ordinary Sky password.
    This will take you to your email account.

    Open a new tab and enter www.sky.com, and below your account name select "My Details"
    (If you can’t find the "My Details" link, see the note below this paragraph.)
    If you have been able to click on "My Details" then scroll down to "Sky Yahoo Mail access" and click "Manage passwords".

    Answer the questions, then copy the generated password,
    then enter that password it into your email app or program wherever a password is needed.
    Some apps need only be given it once,
    others need it to be entered separately in the incoming server settings and the outgoing server settings.

    While you are doing this copy the password to a notepad document or somesuch, to keep in a secured place for possible future use.

    If you can’t find the "My Details" link referred to above, then after you have signed in just paste the following link to the generator into the address bar:
    https://skyid.sky.com/signin/skycom?successUrl=https%3A%2F%2Fwww.sky.com%2Fsky-yahoo-mail%2Fmanage-apps%3Fclient%3Demail&cancelUrl=https%3A%2F%2Fwww.sky.com%2F

     

    Many thanks to the half-dozen members of this community who have helped me implement the above procedure.   I used it this afternoon to reconnect 3 Sky/Yahoo email accounts on four devices:

    - a Windows desktop using the Rolls Royce of email clients, "Pegasus Email",

    - a Linux laptop using the "Thunderbird" email client,

    - an Android Tablet using the marvellous "K-9" email app, and

    - an Android Phone also using the marvellous "K-9" email app.

     

    The whole process happened flawlessly, and all is now perfect again in my Internet world!


    A Pegasus-user since 1991, when I found a Kiwi techie had installed it on the computers at an Internet cafe in Waterstones university bookshop in Bloomsbury, London. Loved it, installed it on my own computer, and have been using it ever since.
  •  03-07-2020, 3:04

    • irelam is not online. Last active: 04-08-2020, 22:15 irelam
    • Top 10 Contributor
    • Joined on 03-23-2007
    • Edmonton, Alberta, Canada
    • SuperStar
    • Points 22,735
    • BetaTeam Moderator

    Re: What new security feature is "Pegasus Mail" missing? Is an upgrade coming?

    Thank you for posting this response. If anyone else can confirm this action process, we will copy and file it outside this thread

    Martin 

    Filed under: , ,
View as RSS news feed in XML

Contact | Advertise | Host provider: PraktIT | Terms of Use | Privacy Statement
Copyright © 2007-2011 David Harris / Peter Strömblad. | Pegasus Mail Home Page