Community Discussions and Support
Using certificates to send mail via SMTP server

David,

Thank you very much for releasing of new Pegasus mail 4.70. Did you managed to use a client certificates for SMTP communication? 

 

<p>David,</p><p>Thank you very much for releasing of new Pegasus mail 4.70. Did you managed to use a client certificates for SMTP communication?  </p><p> </p>

Hi guys! My organisation is using Pegasus Mail & Mercury as main internal mail transport for many, many years. Recently we made some changes to allow our users to access their mailboxes and send e-mails when they are out of office. The SMTP server which is visible from outside of our LAN is Postfix and is configured to allow to external clients to relay messages only if a client certificate is presented. We created and signed the relevant certificates and distributed them to the clients. Everything works fine if the client is Thunderbird, but does not work if the client is Pegasus Mail. It seems to be that Pegasus Mail fails to handle the client certificate during TLS negotiation.

Configuration info:

- the clients used are Pegasus Mail versions 4.61 - 4.63

- the client OS is Windows XP

- the client certificate is imported in the Windows "personal" certificate store

- the SMTP profile in Pegasus Mail is server port: 587, SSL/TLS: "via STARTTLS", SMTP Authentication: "Login to SMTP server using the following details (username and password)"

So the question is:

Does the Pegasus Mail support client certificates for SMTP authentication using STARTTLS negotiation?

<p>Hi guys! My organisation is using Pegasus Mail & Mercury as main internal mail transport for many, many years. Recently we made some changes to allow our users to access their mailboxes and send e-mails when they are out of office. The SMTP server which is visible from outside of our LAN is Postfix and is configured to allow to external clients to relay messages only if a client certificate is presented. We created and signed the relevant certificates and distributed them to the clients. <b>Everything works fine if the client is Thunderbird</b>, but <b>does not work if the client is Pegasus Mail</b>. It seems to be that Pegasus Mail fails to handle the client certificate during TLS negotiation.</p><p>Configuration info:</p><p>- the clients used are Pegasus Mail versions 4.61 - 4.63</p><p>- the client OS is Windows XP</p><p>- the client certificate is imported in the Windows "personal" certificate store</p><p>- the SMTP profile in Pegasus Mail is server port: 587, SSL/TLS: "via STARTTLS", SMTP Authentication: "Login to SMTP server using the following details (username and password)"</p><p><b>So the question is:</b></p><p><b>Does the Pegasus Mail support client certificates for SMTP authentication using STARTTLS negotiation?</b> </p>

[quote user="netware5"]Does the Pegasus Mail support client certificates for SMTP authentication using STARTTLS negotiation?[/quote]

No, it doesn't.

<p>[quote user="netware5"]<b>Does the Pegasus Mail support client certificates for SMTP authentication using STARTTLS negotiation?</b>[/quote]</p><p>No, it doesn't.</p>
			Michael
--
IERenderer's Homepage
PGP Key ID (RSA 2048): 0xC45D831B
S/MIME Fingerprint: 94C6B471 0C623088 A5B27701 742B8666 3B7E657C

[quote user="idw"]

[quote user="netware5"]Does the Pegasus Mail support client certificates for SMTP authentication using STARTTLS negotiation?[/quote]

No, it doesn't.

[/quote]

Thank you Michael! Do you know if the future Pegasus Mail v.5 will support this feature? 

[quote user="idw"]<p>[quote user="netware5"]<b>Does the Pegasus Mail support client certificates for SMTP authentication using STARTTLS negotiation?</b>[/quote]</p><p>No, it doesn't.</p><p>[/quote]</p><p>Thank you Michael! Do you know if the future Pegasus Mail v.5 will support this feature?  </p>

[quote user="netware5"]Thank you Michael! Do you know if the future Pegasus Mail v.5 will support this feature?[/quote]

Since only David Harris can answer this I've forwarded your request to him

<p>[quote user="netware5"]Thank you Michael! Do you know if the future Pegasus Mail v.5 will support this feature?[/quote]</p><p>Since only David Harris can answer this I've forwarded your request to him</p>
			Michael
--
IERenderer's Homepage
PGP Key ID (RSA 2048): 0xC45D831B
S/MIME Fingerprint: 94C6B471 0C623088 A5B27701 742B8666 3B7E657C

[quote user="netware5"]So the question is:

Does the Pegasus Mail support client certificates for SMTP authentication using STARTTLS negotiation?

[/quote]

Not in the current code. Indeed, you're the first person I'm aware of ever asking for this ability (although I've wondered how long it would be before someone did so).

The good news is that there is no reason why this won't be possible in v5. One of the huge number of changes I have made for v5 is moving to OpenSSL for all SSL/TLS encrypted traffic, and in the process of reworking the code, I specifically made allowance for the possibility of using client-side certificates. Incidentally, Mercury now also uses the same OpenSSL-based code for secure connections, and can use external or officially-issued standard .PEM based certificates, so the whole process should be markedly easier. Now that I am aware that there is a specific demand for this type of capability, I'll add steps to my internal testing regime to make sure it works.

I believe I am still on target for getting at least a wide-consumption beta of v5 out the door before the end of the year, but it will be late in the year.

Cheers!

-- David --

[quote user="netware5"]<b>So the question is:</b><p><b>Does the Pegasus Mail support client certificates for SMTP authentication using STARTTLS negotiation?</b> </p>[/quote] Not in the current code. Indeed, you're the first person I'm aware of ever asking for this ability (although I've wondered how long it would be before someone did so). The good news is that there is no reason why this won't be possible in v5. One of the huge number of changes I have made for v5 is moving to OpenSSL for all SSL/TLS encrypted traffic, and in the process of reworking the code, I specifically made allowance for the possibility of using client-side certificates. Incidentally, Mercury now also uses the same OpenSSL-based code for secure connections, and can use external or officially-issued standard .PEM based certificates, so the whole process should be markedly easier. Now that I am aware that there is a specific demand for this type of capability, I'll add steps to my internal testing regime to make sure it works. I believe I am still on target for getting at least a wide-consumption beta of v5 out the door before the end of the year, but it will be late in the year. Cheers! -- David --

Thank you, David!

I am using Pegasus Mail  since 1995 and I can not imagine to use any other e-mail client. I appreciate your efforts to maintain this excellent software for such a long time! I am ready to volunteer for testing the new beta when it become available.

Cheers!

<p>Thank you, David!</p><p>I am using Pegasus Mail  since 1995 and I can not imagine to use any other e-mail client. I appreciate your efforts to maintain this excellent software for such a long time! I am ready to volunteer for testing the new beta when it become available.</p><p>Cheers! </p>
live preview
enter atleast 10 characters
WARNING: You mentioned %MENTIONS%, but they cannot see this message and will not be notified
Saving...
Saved
With selected deselect posts show selected posts
All posts under this topic will be deleted ?
Cancel
Delete
Pending draft ... Click to resume editing
Discard draft