POP3 SSL problem

Markus

posted Mar 2 '10 at 9:37 am

[quote user="tBB"][quote user="vgracia"]

it does mean that the mercury v4.52 ssl over pop3 is now compatible with outlook?

[/quote]

No, it means that you need - as Thomas already mentioned - STunnel ( http://www.stunnel.org ) if you want native SSL over POP3/IMAP4 as Mercury doesn't support it. Note that the recommended port for POP3/SSL is 995 and for IMAP4/SSL is 993 as you can see here: http://www.stunnel.org/faq/misc.html so the required STunnel.conf entry(s) would look like:

;---

[POP3S-IN]
accept = 0.0.0.0:995
connect = 127.0.0.1:110
delay = yes
TIMEOUTbusy = 120
TIMEOUTclose = 0
TIMEOUTconnect = 120
TIMEOUTidle = 30

;---

and/or

;---

[IMAPS-IN]
accept = 0.0.0.0:993
connect = 127.0.0.1:143
delay = yes
TIMEOUTbusy = 120
TIMEOUTclose = 0
TIMEOUTconnect = 120
TIMEOUTidle = 30

;---

Best regards,

Nico

[/quote]

Hi,

I know this is an old thread, but where did you find those timeout values? Especially the "TIMEOUTclose = 0". The stunnel documentation only mentions this for a broken MSIE, not relevant for imap or pop and probably old news anyway. Are they really necessary and/or do they fix any known problems?

Greetins

Markus Borst

[quote user="tBB"][quote user="vgracia"]it does mean that the mercury v4.52 ssl over pop3 is now compatible with outlook?[/quote] No, it means that you need - as Thomas already mentioned - STunnel ( http://www.stunnel.org ) if you want native SSL over POP3/IMAP4 as Mercury doesn't support it. Note that the recommended port for POP3/SSL is 995 and for IMAP4/SSL is 993 as you can see here: http://www.stunnel.org/faq/misc.html so the required STunnel.conf entry(s) would look like: ;--- [POP3S-IN] accept = 0.0.0.0:995 connect = 127.0.0.1:110 delay = yes TIMEOUTbusy = 120 TIMEOUTclose = 0 TIMEOUTconnect = 120 TIMEOUTidle = 30 ;--- and/or ;--- [IMAPS-IN] accept = 0.0.0.0:993 connect = 127.0.0.1:143 delay = yes TIMEOUTbusy = 120 TIMEOUTclose = 0 TIMEOUTconnect = 120 TIMEOUTidle = 30 ;--- Best regards, Nico [/quote] Hi,I know this is an old thread, but where did you find those timeout values? Especially the "TIMEOUTclose = 0". The stunnel documentation only mentions this for a broken MSIE, not relevant for imap or pop and probably old news anyway. Are they really necessary and/or do they fix any known problems? GreetinsMarkus Borst

markd

posted Mar 1 '08 at 6:19 am

I'm running Mercury/32 v4.01b and to enable reasonably secure roaming I am tinkering with SSL. I have been successful getting SSL and Authenticated SMTP working in MercuryS SMTP. In MercuryP POP3 I'm getting errors while trying to implement SSL per the instructions in the help file. Now here's the kicker...I'm using MS Outlook 2003! It's not entirely by choice so don't beat me up too bad over it. Anyway the error on the client side (in Outlook) reads:

Task 'MyEmailAddress@xyz.com - Receiving' reported error (0x800CC0F): 'The connection to the server was interrupted. If the problem continues, contact your server administrator or Internet service provider (ISP).'

When I enabled session logging I would receive two separate session logs (where xxx.xxx.x.xx is the same IP) per POP3 request. The first one reads.

31:11.312: Connection from xxx.xxx.x.xx, Fri Feb 29 20:31:11 2008<lf>
20:31:11.312: << +OK <638167312.830@mail.xxxxx.com, POP3 server ready.<cr><lf>
20:31:11.312: >> €L
20:31:11.312: << -ERR Unrecognized command (try HELP).<cr><lf>
20:31:11.312: --- Connection closed normally at Fri Feb 29 20:31:11 2008. ---
20:31:11.328:

and the second one reads..

31:11.328: Connection from xxx.xxx.x.xx, Fri Feb 29 20:31:11 2008<lf>
20:31:11.328: << +OK <638167328.6366@mail.xxxxx.com>, POP3 server ready.<cr><lf>
20:31:11.328: --- Connection closed normally at Fri Feb 29 20:31:11 2008. ---
20:31:11.328:

I'm hoping that I missed something simple. Any ideas from anyone? I'm just wondering if I'm missing something real obvious.

Thanks Mark D.

I'm running&nbsp;Mercury/32 v4.01b and to enable reasonably secure roaming I am tinkering with SSL. I have been successful getting SSL and Authenticated SMTP working in MercuryS SMTP. In MercuryP POP3&nbsp;I'm getting&nbsp;errors while trying to implement SSL per the instructions in the help file. Now here's the kicker...I'm using MS Outlook 2003! &nbsp;It's not entirely by choice so don't beat me up too bad over it. Anyway the error on the client side (in Outlook) reads: Task <A href="mailto:'MyEmailAddress@xyz.com">'MyEmailAddress@xyz.com</A> - Receiving' reported error (0x800CC0F): 'The connection to the server was interrupted. If the problem continues, contact your server administrator or Internet service provider (ISP).' When I enabled session logging I would receive two separate session logs (where xxx.xxx.x.xx is the same IP) per&nbsp;POP3 request. The first one reads. 31:11.312: Connection from xxx.xxx.x.xx, Fri Feb 29 20:31:11 2008&lt;lf&gt; 20:31:11.312: &lt;&lt; +OK &lt;638167312.830@mail.xxxxx.com, POP3 server ready.&lt;cr&gt;&lt;lf&gt; 20:31:11.312: &gt;&gt; €L 20:31:11.312: &lt;&lt; -ERR Unrecognized command (try HELP).&lt;cr&gt;&lt;lf&gt; 20:31:11.312: --- Connection closed normally at Fri Feb 29 20:31:11 2008. --- 20:31:11.328: and the second one reads.. 31:11.328: Connection from xxx.xxx.x.xx, Fri Feb 29 20:31:11 2008&lt;lf&gt; 20:31:11.328: &lt;&lt; +OK &lt;<A href="mailto:638167328.6366@mail.xxxxx.com">638167328.6366@mail.xxxxx.com</A>&gt;, POP3 server ready.&lt;cr&gt;&lt;lf&gt; 20:31:11.328: --- Connection closed normally at Fri Feb 29 20:31:11 2008. --- 20:31:11.328: I'm hoping that I missed something simple. Any ideas from anyone? I'm just wondering if I'm missing something real obvious. &nbsp;Thanks Mark D.

Thomas R. Stephenson

posted Mar 1 '08 at 6:28 am

[quote user="markd"]

I'm running Mercury/32 v4.01b and to enable reasonably secure roaming I am tinkering with SSL. I have been successful getting SSL and Authenticated SMTP working in MercuryS SMTP. In MercuryP POP3 I'm getting errors while trying to implement SSL per the instructions in the help file. Now here's the kicker...I'm using MS Outlook 2003! It's not entirely by choice so don't beat me up too bad over it. Anyway the error on the client side (in Outlook) reads:

Task 'MyEmailAddress@xyz.com - Receiving' reported error (0x800CC0F): 'The connection to the server was interrupted. If the problem continues, contact your server administrator or Internet service provider (ISP).'

When I enabled session logging I would receive two separate session logs (where xxx.xxx.x.xx is the same IP) per POP3 request. The first one reads.

31:11.312: Connection from xxx.xxx.x.xx, Fri Feb 29 20:31:11 2008<lf>
20:31:11.312: << +OK <638167312.830@mail.xxxxx.com, POP3 server ready.<cr><lf>
20:31:11.312: >> €L
20:31:11.312: << -ERR Unrecognized command (try HELP).<cr><lf>
20:31:11.312: --- Connection closed normally at Fri Feb 29 20:31:11 2008. ---
20:31:11.328:

and the second one reads..

31:11.328: Connection from xxx.xxx.x.xx, Fri Feb 29 20:31:11 2008<lf>
20:31:11.328: << +OK <638167328.6366@mail.xxxxx.com>, POP3 server ready.<cr><lf>
20:31:11.328: --- Connection closed normally at Fri Feb 29 20:31:11 2008. ---
20:31:11.328:

I'm hoping that I missed something simple. Any ideas from anyone? I'm just wondering if I'm missing something real obvious.

Thanks Mark D.

[/quote]

Mercury/32 does TLS via STARTTLS, Outlook does not support this standard, it only support SSL. The only way this can be done with Outlook is to use STunnel to allow Mercury/32 to do SSL.

FWIW, you really should upgrade to v4.52. This is especially true if you are running MercuryS.

[quote user="markd"]I'm running&nbsp;Mercury/32 v4.01b and to enable reasonably secure roaming I am tinkering with SSL. I have been successful getting SSL and Authenticated SMTP working in MercuryS SMTP. In MercuryP POP3&nbsp;I'm getting&nbsp;errors while trying to implement SSL per the instructions in the help file. Now here's the kicker...I'm using MS Outlook 2003! &nbsp;It's not entirely by choice so don't beat me up too bad over it. Anyway the error on the client side (in Outlook) reads: Task <a href="mailto:%27MyEmailAddress@xyz.com" mce_href="mailto:'MyEmailAddress@xyz.com">'MyEmailAddress@xyz.com</a> - Receiving' reported error (0x800CC0F): 'The connection to the server was interrupted. If the problem continues, contact your server administrator or Internet service provider (ISP).' When I enabled session logging I would receive two separate session logs (where xxx.xxx.x.xx is the same IP) per&nbsp;POP3 request. The first one reads. 31:11.312: Connection from xxx.xxx.x.xx, Fri Feb 29 20:31:11 2008&lt;lf&gt; 20:31:11.312: &lt;&lt; +OK &lt;638167312.830@mail.xxxxx.com, POP3 server ready.&lt;cr&gt;&lt;lf&gt; 20:31:11.312: &gt;&gt; €L 20:31:11.312: &lt;&lt; -ERR Unrecognized command (try HELP).&lt;cr&gt;&lt;lf&gt; 20:31:11.312: --- Connection closed normally at Fri Feb 29 20:31:11 2008. --- 20:31:11.328: and the second one reads.. 31:11.328: Connection from xxx.xxx.x.xx, Fri Feb 29 20:31:11 2008&lt;lf&gt; 20:31:11.328: &lt;&lt; +OK &lt;<a href="mailto:638167328.6366@mail.xxxxx.com" mce_href="mailto:638167328.6366@mail.xxxxx.com">638167328.6366@mail.xxxxx.com</a>&gt;, POP3 server ready.&lt;cr&gt;&lt;lf&gt; 20:31:11.328: --- Connection closed normally at Fri Feb 29 20:31:11 2008. --- 20:31:11.328: I'm hoping that I missed something simple. Any ideas from anyone? I'm just wondering if I'm missing something real obvious. &nbsp;Thanks Mark D.[/quote]&nbsp;Mercury/32 does TLS via STARTTLS,&nbsp; Outlook does not support this standard, it only support SSL.&nbsp; The only way this can be done with Outlook is to use STunnel to allow Mercury/32 to do SSL.FWIW, you really should upgrade to v4.52.&nbsp; This is especially true if you are running MercuryS.&nbsp;&nbsp;&nbsp;

vgracia

posted Mar 3 '08 at 5:23 pm

it does mean that the mercury v4.52 ssl over pop3 is now compatible with outlook?

i'm experiencing problem with outlook when i try to configure pop3/imap4 with ssl

my mercury is v4.52

any idea??

thanks

it does mean that the mercury v4.52 ssl over pop3 is now compatible with outlook? i'm experiencing&nbsp;problem with outlook when i try to configure pop3/imap4 with ssl&nbsp; my mercury is v4.52&nbsp; &nbsp; any idea?? &nbsp; thanks

Rolf Lindby

posted Mar 3 '08 at 6:52 pm

The suggested upgrade to Mercury/32 4.52 is for security reasons - 4.01b is not to be considered safe.

/Rolf

The suggested upgrade to Mercury/32 4.52 is for security reasons -&nbsp; 4.01b is not to be considered safe./Rolf&nbsp;

tBB

posted Mar 4 '08 at 12:09 am

[quote user="vgracia"]

it does mean that the mercury v4.52 ssl over pop3 is now compatible with outlook?

[/quote]

No, it means that you need - as Thomas already mentioned - STunnel ( http://www.stunnel.org ) if you want native SSL over POP3/IMAP4 as Mercury doesn't support it. Note that the recommended port for POP3/SSL is 995 and for IMAP4/SSL is 993 as you can see here: http://www.stunnel.org/faq/misc.html so the required STunnel.conf entry(s) would look like:

;---

[POP3S-IN]
accept = 0.0.0.0:995
connect = 127.0.0.1:110
delay = yes
TIMEOUTbusy = 120
TIMEOUTclose = 0
TIMEOUTconnect = 120
TIMEOUTidle = 30

;---

and/or

;---

[IMAPS-IN]
accept = 0.0.0.0:993
connect = 127.0.0.1:143
delay = yes
TIMEOUTbusy = 120
TIMEOUTclose = 0
TIMEOUTconnect = 120
TIMEOUTidle = 30

;---

Best regards,

Nico

[quote user="vgracia"]it does mean that the mercury v4.52 ssl over pop3 is now compatible with outlook?[/quote] No, it means that you need - as Thomas already mentioned - STunnel ( http://www.stunnel.org ) if you want native SSL over POP3/IMAP4 as Mercury doesn't support it. Note that the recommended port for POP3/SSL is 995 and for IMAP4/SSL is 993 as you can see here: http://www.stunnel.org/faq/misc.html so the required STunnel.conf entry(s) would look like: ;--- [POP3S-IN] accept = 0.0.0.0:995 connect = 127.0.0.1:110 delay = yes TIMEOUTbusy = 120 TIMEOUTclose = 0 TIMEOUTconnect = 120 TIMEOUTidle = 30 ;--- and/or ;--- [IMAPS-IN] accept = 0.0.0.0:993 connect = 127.0.0.1:143 delay = yes TIMEOUTbusy = 120 TIMEOUTclose = 0 TIMEOUTconnect = 120 TIMEOUTidle = 30 ;--- Best regards, Nico

vgracia

posted Mar 5 '08 at 12:45 pm

thanks for the response. it is ok.

if we use stunnel to implement ssl over pop3/imap4, how does configure mercury to accept only ssl connection?

thanks for the response. it is ok. if we use stunnel to implement ssl over pop3/imap4, how does configure mercury to accept only ssl connection?

PaulW

posted Mar 5 '08 at 1:23 pm

You could block ports 110/143 at your firewall/router and only allow 995/993. You could also change 'connection control' in the POP and IMAP modules to only allow connections from localhost (127.0.0.1) or whereever you are running stunnel, and refuse all others.

You could block ports 110/143 at your firewall/router and only allow 995/993.&nbsp; You could also change 'connection control' in the POP and IMAP modules to only allow connections from localhost (127.0.0.1) or whereever you are running stunnel, and refuse all others. &nbsp;

vgracia

posted Mar 5 '08 at 11:52 pm

many thanks

cheers

Victor

many thanks &nbsp; cheers &nbsp; Victor

Related Topics

Pending draft

Confirm move posts

Insufficient permissions

Select a different topic

Edit history