I'm pleased to say that (possibly in response to my concerns) Lonely Cat Games, the vendors of Profimail, have published version 3.14c as a beta - this has the option to use STARTTLS on an IMAP connection and it works with Mercury. I can recommend it to any wanting to connect a Symbian smartphone to a Mercury server over IMAP.

I've been running Mercury for several years on my home network with Thunderbird as a client. Since no traffic ever went outside I didn't enable SSL. Now I want to use a Nokia E71 smartphone to access mail. Using the Profimail client it works pretty well without SSL.

I enabled SSL in MercuryI, and created a certificate - no problems, viewing the certificate it seems to have been created. When I enable SSL in either Thunderbird or the phone, however, connection fails. The error message is exactly the same as if I enable SSL in the clients and not in Mercury. I've tried certificate filenames with no extension and .crt

Session logs and the general MercuryI log don't show any record of an attempted connection, so I first suspected my firewall and or NAT port forwarding. I've turned off the firewall, the AV, and I've triple checked that the router is forwarding port 993 as well as 143 - but still no connection. The problem with Thunderbird occurs even if I run it on the Mercury server to (I hope) eliminate router effects.

So my question is, how can I test whether MercuryI is actually accepting SSL connections? I can telnet to port 143, but not to 993 - I assume that's because telnet isn't SSL?  I'm still wondering if there may be some block somewhere I've missed, but any diagnostics that will help pin it down.

Thanks, Chris

So my question is, how can I test whether MercuryI is actually

accepting SSL connections? I can telnet to port 143, but not to 993 - I

assume that's because telnet isn't SSL?  I'm still wondering if there

may be some block somewhere I've missed, but any diagnostics that will

help pin it down.

Turn on session logging in MercuryI and it will show if the server is getting connections to the IMAP4 server on this port.  Here's a session log from T-Bird connecting with direct SSL to port 993.

20:55:05.031: Connection from 192.168.1.5, Thu Jun 25 20:55:05 2009<lf>
20:55:05.046: [*] SSL/TLS session established: 3DES, CBC mode, keysize 192 bits
20:55:05.046: << * OK tstephenson.com IMAP4rev1 Mercury/32 v4.72 server ready.<cr><lf>
20:55:05.093: >> 1 capability<cr><lf>
20:55:05.093: << * CAPABILITY IMAP4rev1 AUTH=PLAIN X-MERCURY-1<cr><lf>
20:55:05.093: << 1 OK CAPABILITY complete.<cr><lf>
20:55:13.906: >> 2 authenticate plain<cr><lf>
20:55:13.906: << +<cr><lf>
20:55:13.906: >> AHRYI2hzdXBwAIVlY2g=<cr><lf>
20:55:13.015: << 2 OK AUTHENTICATE completed.<cr><lf>

I usually use STARTTLS but as you can see the direct SSL works as well.  The first thing I would do is use 127.0.0.1 or localhost as the server name with the firewall turned off and try to connect from the system running Mercury/32 to ensure that this is not a firewall, LAN or router problem. 

Thanks, Thomas.

I'm making some progress. TLS works, over port 143. The MercuryI session log shows an encrypted session, and clients ask about and accept the self-signed certificate.

But the client I need to use on the phone only seems to implement SSL, not TLS, and I can't get SSL to work. Telnet to localhost 993 fails to connect (even with the LAN cable unplugged to eliminate router issues). There's nothing in the session log to show an attempt.

Will all firewalls etc off, netstat shows nothing listening on 993. There is no difference at all in the netstat output with SSL enabled in MercuryI or not. The MercuryI section in mercury.ini does show SSL_Mode : 1 when enabled.

I changed the normal IMAP port to 993, and it works exactly as 143 does - no problems. So 993 as a port is available and not blocked.

I'm running Mercury 4.62 as a service using NTWrapper, under Windows XP SP3.

It's looking to me as if Mercury is, for some reason, not listening for SSL connections - but a bug in Mercury seems unlikely.

So, two questions:

 - when SSL is enabled in MercuryI, does netstat show listening on port 993?

-  any ideas what I'm doing wrong?

Thanks.

Tested activating SSL/TLS support for MercuryI and restarted Mercury - port 993 listening. Did the same running as a service - port 993 listening.

This was the 4.72 release candidate, so you might try it with 4.71 beta and see if that makes a difference.

/Rolf 

I changed the normal IMAP port to 993, and it works exactly as 143

does - no problems. So 993 as a port is available and not blocked.

I'm running Mercury 4.62 as a service using NTWrapper, under Windows XP SP3.

I do this as well with tstephenson.com, the service is not a problem.

It's looking to me as if Mercury is, for some reason, not listening for SSL connections - but a bug in Mercury seems unlikely.

So, two questions:

 - when SSL is enabled in MercuryI, does netstat show listening on port 993?

It does when there is a telnet session in place, i.e. Telnet 192.168.1.5 993 shows a blank screen and netstat shows

  TCP    Dell_D8MBDT91:2274     dell.e510.com:993      ESTABLISHED

-  any ideas what I'm doing wrong?

I think Rolf may be right, I'm not sure v4.62 supports direct SSL.  Try using v4.71 to see if this works.  Also you might try asking further questions to techsupp@tstephenson.com.  ;-)

Thanks, Rolf and Thomas.

I've installed 4.71 and you are correct. The release notes for 4.71 say

IMAP Direct-connect SSL support  The approved way for clients to connect to IMAP servers via SSL is using a special command called STARTTLS, which Mercury has always supported. An older connection method, where the client connects directly to port 993 using SSL has been deprecated and discouraged for a number of years, but client developers are persisting in using it. Accordingly, and slightly against our best judgment, we have decided to support this deprecated SSL form in MercuryI.

So I now have SSL running on port 993 but the phone won't connect. The MercuryI session log says

22: Error -41 activating SSL session (locus 0, type 0, code 10054, 'WSAECONNRESET: Connection was reset by the remote host execu')

I don't have many configuration options on the phone, but I'll raise this on the Profimail forum as well. A Google search suggests that the error number is specific to Mercury/Pegasus.

IMAP on a Smartphone is turning out to be rather more cutting edge than I'd expected. The native client on the phone won't read plain text emails, and the recommended 3rd party one only supports a deprecated encryption protocol and (from the look of it) not very well (I'd be very surprised if non-compliance which is causing the problem is in Mercury)

One other point of interest - after I fired up 4.71, MercuryS was totally quiet. My firewall told me there was mail coming in but it didn't appear. MercuryS said it was 'offline' which I suspected as the cause but didn't know how to fix. Eventually I spotted 'File > Enter offline mode' which allowed me to put the whole of Mercury offline, and when I brought it back on, MercuryS sprang into life.

 Thanks again

Chris