Community Discussions and Support
Several issues with Thunderbird and Mercury - further issues

Thanks for the confirmation, Thomas.  As it's the security of mobile (public AP) connections that I am most concerned about, what Xoom/K9 offers with CRAM-MD5 will do the job.  The use of CRAM-MD5 will provide protection for my logins (I will be the only mobile user using my server), specifically just the password, I suppose.  However, it seems that Mercury will still also accept plain logins.  It would seem better if CRAM-MD5 had to be used to login, but I don't know whether it is normally used in that way by IMAP4 servers.

Thank you

Gordon

 

 

<P>Thanks for the confirmation, Thomas.  As it's the security of mobile (public AP) connections that I am most concerned about, what Xoom/K9 offers with CRAM-MD5 will do the job.  The use of CRAM-MD5 will provide protection for my logins (I will be the only mobile user using my server), specifically just the password, I suppose.  However, it seems that Mercury will still also accept plain logins.  It would seem better if CRAM-MD5 had to be used to login, but I don't know whether it is normally used in that way by IMAP4 servers.</P> <P>Thank you</P> <P>Gordon</P> <P mce_keep="true"> </P> <P mce_keep="true"> </P>

The background to this is partially explained in an earlier thread I started concerned with SSL.  I have started a new thread because this all refers to Thunderbird as the mail client.  In summary, I want to to be able to use a Motorola Xoom tablet to access accounts on Mercury and also access these same accounts from several computer on my home LAN.  To do this, I switched from using no authentication to SSL.  As it is a one or the other situation for IMAP4 (no authentication or SSL, but not both), the computers on my home LAN also need to use SSL.  I am using IMAP4.

What I don't know is whether the following issues are problems with Thunderbird (3.1.10) or with Mercury (still 4.72) or some combination.

I am currently having four issues showing up when I start Thunderbird:

1. A temporary pop-up message appears saying "The current operation on "Inbox" did not succeed.  The mail server account [username] responded: Folder in use by other connections".  This happens when one of the other computers on the LAN is also running Thunderbird and includes the same account [username].  I can see that there are sometimes issues when two computers are accessing the same mailbox, but I have never had a failure situation arise (e.g. when using Windows Live Mail or Outlook Express, with no authentication set up for clients or server).  Despite this, I seem to be receiving mail in all of the user accounts.  If no other computers on the LAN are running Thunderbird I don't see this pop-up message.  The e-mail application (K9) on my Xoom can still be running and it doesn't cause the pop-up to appear.

2. A temporary pop-up message appears saying "The IMAP server [account name] does not support the selected authentication method.  Please change the authenitcation method in the Account/Server settings".

3. On one of the LAN computers (my wife's, so I need to get this fixed!), some attached received pictures are not completely shown by Thunderbird.  The top half of the picture is shown correctly, but the bottom half is just grey.  This has only happened when pictures have been attached wich are large, e.g. ~1MB or more.  Small pictures (<100KB) have never caused this problem so far.  Also, when there are several attached pictures, I have only seen one of them with this problem.  If I terminate Thunderbird and restart it, the pictures all show correctly.  I have tried synchonization to only download headers or the whole message and this makes no difference.

 4.  In the Thunderbird error log, I am seeing:

mydomain.com : server does not support RFC 5746, see CVE-2009-3555 .

 

I have looked at the Mercury IMAP4 error logs (general and session) and I see the following:

General Logging (just a sample)

[Not-logged-in] at 192.168.1.1: 0 sec. elapsed, connection closed Thu Jun 16 06:03:19 2011
[Not-logged-in] at 192.168.1.1: 0 sec. elapsed, connection closed Thu Jun 16 06:03:19 2011
[Not-logged-in] at 192.168.1.1: 0 sec. elapsed, connection closed Thu Jun 16 06:03:19 2011
[Not-logged-in] at 192.168.1.1: 0 sec. elapsed, connection closed Thu Jun 16 06:03:19 2011
[Not-logged-in] at 192.168.1.1: 0 sec. elapsed, connection closed Thu Jun 16 06:03:19 2011
Connection from 192.168.1.1, Thu Jun 16 06:03:19 2011
Connection from 192.168.1.1, Thu Jun 16 06:03:19 2011
Connection from 192.168.1.1, Thu Jun 16 06:03:19 2011
Connection from 192.168.1.1, Thu Jun 16 06:03:19 2011
Connection from 192.168.1.1, Thu Jun 16 06:03:19 2011
Connection from 192.168.1.1, Thu Jun 16 06:04:12 2011
[Not-logged-in] at 192.168.1.1: 2 sec. elapsed, connection closed Thu Jun 16 06:04:14 2011
Connection from 192.168.1.1, Thu Jun 16 06:04:15 2011
Connection from 192.168.1.1, Thu Jun 16 06:10:12 2011
Connection from 192.168.1.1, Thu Jun 16 06:15:32 2011
Connection from 192.168.1.1, Thu Jun 16 06:35:48 2011
User2 at 192.168.1.1: 2120 sec. elapsed, connection closed Thu Jun 16 06:45:32 2011
User2 at 192.168.1.1: 1803 sec. elapsed, connection closed Thu Jun 16 06:45:35 2011
Connection from 192.168.1.1, Thu Jun 16 07:05:09 2011
User2 at 192.168.1.1: 1850 sec. elapsed, connection closed Thu Jun 16 07:06:38 2011
User2 at 192.168.1.1: 257 sec. elapsed, connection closed Thu Jun 16 07:09:26 2011
User2 at 192.168.1.1: 3911 sec. elapsed, connection closed Thu Jun 16 07:09:26 2011
Connection from 192.168.1.1, Thu Jun 16 07:10:48 2011
[Not-logged-in] at 192.168.1.1: 0 sec. elapsed, connection closed Thu Jun 16 07:10:48 2011
Connection from 192.168.1.1, Thu Jun 16 07:10:48 2011

Session Logging (in file TCP0000)

05:07:53.187: Connection from 192.168.1.104, Wed Jun 08 05:07:53 2011<lf>
05:07:53.187: << * OK mydomain.com IMAP4rev1 Mercury/32 v4.62 server ready.<cr><lf>
05:07:53.187: >> xag1 CAPABILITY<cr><lf>
05:07:53.187: << * CAPABILITY IMAP4rev1 STARTTLS LOGINDISABLED X-MERCURY-1<cr><lf>
05:07:53.187: << xag1 OK CAPABILITY complete.<cr><lf>
05:07:53.187: >> 4ne8 LOGIN "account-name" "password"<cr><lf>
05:07:53.187: << 4ne8 NO LOGIN is not allowed unless STARTTLS has been issued.<cr><lf>
05:07:53.187: --- Connection closed normally at Wed Jun 08 05:07:53 2011. ---
05:07:53.187:
05:03:59.812: Connection from 192.168.1.1, Thu Jun 16 05:03:59 2011<lf>
05:03:59.812: << * OK mydomain.com IMAP4rev1 Mercury/32 v4.62 server ready.<cr><lf>
05:03:59.937: >> 1 CAPABILITY<cr><lf>
05:03:59.937: << * CAPABILITY IMAP4rev1 STARTTLS LOGINDISABLED X-MERCURY-1<cr><lf>
05:03:59.937: << 1 OK CAPABILITY complete.<cr><lf>
05:03:59.140: >> 2 STARTTLS<cr><lf>
05:03:59.140: << 2 OK Begin SSL/TLS negotiation now.<cr><lf>
05:04:00.906: 22: Error -41 activating SSL session (locus 0, type 0, code 0, 'No data was read because the remote syst')
05:04:00.906: --- Connection closed normally at Thu Jun 16 05:04:00 2011. ---
05:04:00.906:

I don't understand why there are two dates in this file, unless the file is re-used in some way.  I think that the connection detail for Wed June 08 can be ignored, because I definitely had SSL incorrectly set-up at that time.

I have set up MercuryI to listen on Port 993; "Refuse access when no password is defined: is checked; Under the SSL tab, I have checked "Enable support for SSL/TLS secure connections" and "Disable plaintext logins for non-SSL connections".  I generated a self-signed certificate and allowed this to be accepted by the clients on first connection.

In Thunderbird, for the server settings, I have defined Port 993, Connection Security as STARTTLS and Authentication method as "Normal password".  (I wasn't sure about this, but using "Encrypted password" wouldn't work at all.

Any help on these issues would be much appreciated.

Thank you

Gordon

 

 

&lt;p&gt;The background to this is&amp;nbsp;partially explained&amp;nbsp;in an earlier thread I started concerned with SSL.&amp;nbsp; I have started a new thread because this all refers to Thunderbird as the mail client.&amp;nbsp; In summary, I want to to be able to use a Motorola Xoom tablet to access accounts on Mercury and also access these same accounts from several computer on my home LAN.&amp;nbsp; To do this, I switched from using no authentication to SSL.&amp;nbsp; As it is a one or the other situation for IMAP4&amp;nbsp;(no authentication&amp;nbsp;or SSL, but not both), the computers on my home LAN also need to use SSL.&amp;nbsp; I am using IMAP4.&lt;/p&gt;&lt;p&gt;What I don&#039;t know is whether the following issues are problems with Thunderbird (3.1.10) or with Mercury (still 4.72) or some combination.&lt;/p&gt;&lt;p&gt;I am currently having four issues showing up when I start Thunderbird:&lt;/p&gt;&lt;p&gt;1. A temporary pop-up message appears saying &quot;The current operation on &quot;Inbox&quot; did not succeed.&amp;nbsp; The mail server account [username] responded: Folder in use by other connections&quot;.&amp;nbsp; This happens when one of the other computers on the LAN is also running Thunderbird and includes the same account [username].&amp;nbsp; I can see that there are sometimes issues when two computers are accessing the same mailbox, but I have never had a failure situation arise (e.g. when using Windows Live Mail or Outlook Express, with no authentication set up for clients or server).&amp;nbsp; Despite this, I seem to be receiving mail in all of the user accounts.&amp;nbsp; If no other computers on the LAN are running Thunderbird I don&#039;t see this pop-up message.&amp;nbsp; The e-mail application (K9) on my Xoom can still be running and it doesn&#039;t cause the pop-up to appear.&lt;/p&gt;&lt;p&gt;2. A temporary pop-up message appears saying &quot;The IMAP server [account name] does not support the selected authentication method.&amp;nbsp; Please change the authenitcation method in the Account/Server settings&quot;.&lt;/p&gt;&lt;p&gt;3. On one of the LAN computers (my wife&#039;s, so I need to get this fixed!), some attached received pictures are not completely shown by Thunderbird.&amp;nbsp; The top half of the picture is shown correctly, but the bottom half is just grey.&amp;nbsp; This has only happened when pictures have been attached wich are large, e.g. ~1MB or more.&amp;nbsp; Small pictures (&amp;lt;100KB) have never caused this problem so far.&amp;nbsp; Also, when there are several attached pictures, I have only seen one of them with this problem.&amp;nbsp; If I terminate Thunderbird and restart it, the pictures all show correctly.&amp;nbsp; I have tried&amp;nbsp;synchonization to only download headers or the whole message and this makes no difference.&lt;/p&gt;&lt;p&gt;&amp;nbsp;4.&amp;nbsp; In&amp;nbsp;the Thunderbird error log, I am seeing: &lt;/p&gt;&lt;p&gt;mydomain.com : server does not support RFC 5746, see CVE-2009-3555&amp;nbsp;.&lt;/p&gt;&lt;p mce_keep=&quot;true&quot;&gt;&amp;nbsp;&lt;/p&gt;&lt;p&gt;I have looked at the Mercury IMAP4 error logs (general and session) and I see the following:&lt;/p&gt;&lt;p&gt;&lt;b&gt;General Logging (just a sample)&lt;/b&gt;&lt;/p&gt;&lt;p&gt;[Not-logged-in] at 192.168.1.1: 0 sec. elapsed, connection closed Thu Jun 16 06:03:19 2011 [Not-logged-in] at 192.168.1.1: 0 sec. elapsed, connection closed Thu Jun 16 06:03:19 2011 [Not-logged-in] at 192.168.1.1: 0 sec. elapsed, connection closed Thu Jun 16 06:03:19 2011 [Not-logged-in] at 192.168.1.1: 0 sec. elapsed, connection closed Thu Jun 16 06:03:19 2011 [Not-logged-in] at 192.168.1.1: 0 sec. elapsed, connection closed Thu Jun 16 06:03:19 2011 Connection from 192.168.1.1, Thu Jun 16 06:03:19 2011 Connection from 192.168.1.1, Thu Jun 16 06:03:19 2011 Connection from 192.168.1.1, Thu Jun 16 06:03:19 2011 Connection from 192.168.1.1, Thu Jun 16 06:03:19 2011 Connection from 192.168.1.1, Thu Jun 16 06:03:19 2011 Connection from 192.168.1.1, Thu Jun 16 06:04:12 2011 [Not-logged-in] at 192.168.1.1: 2 sec. elapsed, connection closed Thu Jun 16 06:04:14 2011 Connection from 192.168.1.1, Thu Jun 16 06:04:15 2011 Connection from 192.168.1.1, Thu Jun 16 06:10:12 2011 Connection from 192.168.1.1, Thu Jun 16 06:15:32 2011 Connection from 192.168.1.1, Thu Jun 16 06:35:48 2011 User2 at 192.168.1.1: 2120 sec. elapsed, connection closed Thu Jun 16 06:45:32 2011 User2&amp;nbsp;at 192.168.1.1: 1803 sec. elapsed, connection closed Thu Jun 16 06:45:35 2011 Connection from 192.168.1.1, Thu Jun 16 07:05:09 2011 User2&amp;nbsp;at 192.168.1.1: 1850 sec. elapsed, connection closed Thu Jun 16 07:06:38 2011 User2&amp;nbsp;at 192.168.1.1: 257 sec. elapsed, connection closed Thu Jun 16 07:09:26 2011 User2&amp;nbsp;at 192.168.1.1: 3911 sec. elapsed, connection closed Thu Jun 16 07:09:26 2011 Connection from 192.168.1.1, Thu Jun 16 07:10:48 2011 [Not-logged-in] at 192.168.1.1: 0 sec. elapsed, connection closed Thu Jun 16 07:10:48 2011 Connection from 192.168.1.1, Thu Jun 16 07:10:48 2011&lt;/p&gt;&lt;p&gt;&lt;b&gt;Session Logging (in file TCP0000)&lt;/b&gt;&lt;/p&gt;&lt;p&gt;05:07:53.187: Connection from 192.168.1.104, Wed Jun 08 05:07:53 2011&amp;lt;lf&amp;gt; 05:07:53.187: &amp;lt;&amp;lt; * OK mydomain.com IMAP4rev1 Mercury/32 v4.62 server ready.&amp;lt;cr&amp;gt;&amp;lt;lf&amp;gt; 05:07:53.187: &amp;gt;&amp;gt; xag1 CAPABILITY&amp;lt;cr&amp;gt;&amp;lt;lf&amp;gt; 05:07:53.187: &amp;lt;&amp;lt; * CAPABILITY IMAP4rev1 STARTTLS LOGINDISABLED X-MERCURY-1&amp;lt;cr&amp;gt;&amp;lt;lf&amp;gt; 05:07:53.187: &amp;lt;&amp;lt; xag1 OK CAPABILITY complete.&amp;lt;cr&amp;gt;&amp;lt;lf&amp;gt; 05:07:53.187: &amp;gt;&amp;gt; 4ne8 LOGIN &quot;account-name&quot; &quot;password&quot;&amp;lt;cr&amp;gt;&amp;lt;lf&amp;gt; 05:07:53.187: &amp;lt;&amp;lt; 4ne8 NO LOGIN is not allowed unless STARTTLS has been issued.&amp;lt;cr&amp;gt;&amp;lt;lf&amp;gt; 05:07:53.187: --- Connection closed normally at Wed Jun 08 05:07:53 2011. --- 05:07:53.187: 05:03:59.812: Connection from 192.168.1.1, Thu Jun 16 05:03:59 2011&amp;lt;lf&amp;gt; 05:03:59.812: &amp;lt;&amp;lt; * OK mydomain.com IMAP4rev1 Mercury/32 v4.62 server ready.&amp;lt;cr&amp;gt;&amp;lt;lf&amp;gt; 05:03:59.937: &amp;gt;&amp;gt; 1 CAPABILITY&amp;lt;cr&amp;gt;&amp;lt;lf&amp;gt; 05:03:59.937: &amp;lt;&amp;lt; * CAPABILITY IMAP4rev1 STARTTLS LOGINDISABLED X-MERCURY-1&amp;lt;cr&amp;gt;&amp;lt;lf&amp;gt; 05:03:59.937: &amp;lt;&amp;lt; 1 OK CAPABILITY complete.&amp;lt;cr&amp;gt;&amp;lt;lf&amp;gt; 05:03:59.140: &amp;gt;&amp;gt; 2 STARTTLS&amp;lt;cr&amp;gt;&amp;lt;lf&amp;gt; 05:03:59.140: &amp;lt;&amp;lt; 2 OK Begin SSL/TLS negotiation now.&amp;lt;cr&amp;gt;&amp;lt;lf&amp;gt; 05:04:00.906: 22: Error -41 activating SSL session (locus 0, type 0, code 0, &#039;No data was read because the remote syst&#039;) 05:04:00.906: --- Connection closed normally at Thu Jun 16 05:04:00 2011. --- 05:04:00.906: &lt;/p&gt;&lt;p&gt;I don&#039;t understand why there are two dates in this file, unless the file is re-used in some way.&amp;nbsp; I think that the connection detail for Wed June 08 can be ignored, because I definitely had SSL incorrectly set-up at that time.&lt;/p&gt;&lt;p&gt;I have set up MercuryI&amp;nbsp;to listen on&amp;nbsp;Port 993; &quot;Refuse access when no password is defined: is checked; Under the SSL tab, I have checked &quot;Enable support for SSL/TLS secure connections&quot; and&amp;nbsp;&quot;Disable plaintext logins for non-SSL connections&quot;.&amp;nbsp; I generated a self-signed certificate and allowed this to be accepted by the clients on first connection.&lt;/p&gt;&lt;p&gt;In Thunderbird,&amp;nbsp;for the server settings, I have defined Port 993, Connection Security as STARTTLS and Authentication method as &quot;Normal password&quot;.&amp;nbsp; (I wasn&#039;t sure about this, but using &quot;Encrypted password&quot; wouldn&#039;t work at all.&lt;/p&gt;&lt;p&gt;Any help on these issues would be much appreciated.&lt;/p&gt;&lt;p&gt;Thank you&lt;/p&gt;&lt;p&gt;Gordon&lt;/p&gt;&lt;p mce_keep=&quot;true&quot;&gt;&amp;nbsp;&lt;/p&gt;&lt;p mce_keep=&quot;true&quot;&gt;&amp;nbsp;&lt;/p&gt;

> In Thunderbird, for the server settings, I have defined Port 993,

Connection Security as STARTTLS
> and Authentication method as "Normal

password".  (I wasn't sure about this, but using "Encrypted
> password"

wouldn't work at all.

Port 993 is used for Direct SSL connections, have you tried using T-bird set to use SSL/TLS and password instead of STARTTLS?  I've got it working that way here with Mercury v4.73 and it works for me.

 

 

&lt;p&gt;&amp;gt; In Thunderbird,&amp;nbsp;for the server settings, I have defined Port 993, Connection Security as STARTTLS &amp;gt; and Authentication method as &quot;Normal password&quot;.&amp;nbsp; (I wasn&#039;t sure about this, but using &quot;Encrypted &amp;gt; password&quot; wouldn&#039;t work at all.&lt;/p&gt;&lt;p&gt;Port 993 is used for Direct SSL connections, have you tried using T-bird set to use SSL/TLS and password instead of STARTTLS?&amp;nbsp; I&#039;ve got it working that way here with Mercury v4.73 and it works for me.&lt;/p&gt;&lt;p&gt;&amp;nbsp;&lt;/p&gt;&lt;p&gt;&amp;nbsp;&lt;/p&gt;

Thank you, Thomas.  That did the trick!  I updated to 4.73. and then used SSL/TLS and plaintext password and I no longer receive the pop-up error messages.  This wouldn't work at all with 4.72.  I don't know yet whether the problem with partially greyed-out pictures has also been solved, but I'll keep an eye on this.

Gordon

 

&lt;P&gt;Thank you, Thomas.&amp;nbsp; That did the trick!&amp;nbsp; I updated to 4.73. and then used SSL/TLS and plaintext password and I no longer receive the pop-up error messages.&amp;nbsp; This wouldn&#039;t work at all with 4.72.&amp;nbsp; I don&#039;t know yet whether the problem with partially greyed-out pictures has also been solved, but I&#039;ll keep an eye on this.&lt;/P&gt; &lt;P&gt;Gordon&lt;/P&gt; &lt;P mce_keep=&quot;true&quot;&gt;&amp;nbsp;&lt;/P&gt;

Not good news ....  As previously noted, using SSL/TLS and port 993 with Thunderbird (and SSL-only with K9 on my Xoom) seemed to cure the problem of the pop-up error messages and the other issues noted in the Mercury logs.  However, this morning, I found that none of the clients on any of the machines on my LAN would connect to Mercury.  According to Mercury's IMAP4 general log (unfortunately, I had turned off session logging, thinking that the problem was solved) the attempted connections were "Not logged in".  By coincidence (or not), the problems started to occur immediately (to the minute) after Mercury had undertaken the daily maintenance tasks (I follow this by an automatic re-start).

The error message from Thunderbird (there is nothing from K9) is:

 An error occurred during a connection to mydomain.com:993.<!--?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" /-->

SSL received a record that exceeded the maximum permissible length.

(Error code: ssl_error_rx_record_too_long)

 In an attempt to try to get mail at all, I changed to STARTTLS/993 (TLS-only on K9) and this worked, except that I am back with the pop-up error messages from Thunderbird (K9 doesn't complain).

I have done a bit of research on this problem and it seems that the TB error shown above is fairly common.  However, it appears that this is specifically affecting the 3.1.XX branch of TB.  I am using 3.1.10 (I wonder what you are using Thomas?), which is the most recent stable version.  The solution for some TB users has been to use a 3.0.xx version of TB.  However, given that I also experienced problems with K9, the issue is not isolated to TB.

Any thoughts on this?

Thank you

Gordon

 

&lt;p&gt;Not good news ....&amp;nbsp; As previously noted, using SSL/TLS and port 993 with Thunderbird (and SSL-only with K9 on my Xoom) seemed to cure the problem of the pop-up error messages and the other issues noted in the Mercury logs.&amp;nbsp; However, this morning, I found that none of the clients on any of the machines on my LAN would connect to Mercury.&amp;nbsp; According to Mercury&#039;s IMAP4 general log (unfortunately, I had turned off session logging, thinking that the problem was solved) the attempted connections were &quot;Not logged in&quot;.&amp;nbsp; By coincidence (or not), the problems started to occur immediately (to the minute) after Mercury had undertaken the daily maintenance tasks (I follow this by an automatic re-start).&lt;/p&gt;&lt;p&gt;The error message from Thunderbird (there is nothing from K9) is:&lt;/p&gt;&lt;blockquote&gt;&lt;p&gt;&amp;nbsp;&lt;font size=&quot;3&quot;&gt;&lt;font face=&quot;Times New Roman&quot;&gt;An error occurred during a connection to mydomain.com:993.&lt;!--?xml:namespace prefix = o ns = &quot;urn:schemas-microsoft-com:office:office&quot; /--&gt;&lt;o:p&gt;&lt;/o:p&gt;&lt;/font&gt;&lt;/font&gt;&lt;/p&gt;&lt;/blockquote&gt;&lt;blockquote&gt;&lt;p style=&quot;MARGIN: 0in 0in 0pt&quot; class=&quot;MsoNormal&quot;&gt;&lt;font size=&quot;3&quot;&gt;&lt;font face=&quot;Times New Roman&quot;&gt;SSL received a record that exceeded the maximum permissible length.&lt;o:p&gt;&lt;/o:p&gt;&lt;/font&gt;&lt;/font&gt;&lt;/p&gt;&lt;p&gt;&lt;span style=&quot;FONT-FAMILY: &#039;Times New Roman&#039;; FONT-SIZE: 12pt; mso-fareast-font-family: &#039;Times New Roman&#039;; mso-ansi-language: EN-CA; mso-fareast-language: EN-CA; mso-bidi-language: AR-SA&quot;&gt;(Error code: ssl_error_rx_record_too_long)&lt;/span&gt;&lt;/p&gt;&lt;/blockquote&gt;&lt;p&gt;&amp;nbsp;In an attempt to try to get mail at all, I changed to STARTTLS/993 (TLS-only on K9) and this worked, except that I am back with the pop-up error messages from Thunderbird (K9 doesn&#039;t complain).&lt;/p&gt;&lt;p&gt;I have done a bit of research on this problem and it seems that the TB error shown above is fairly common.&amp;nbsp; However, it appears that this is specifically affecting the 3.1.XX branch of TB.&amp;nbsp; I am using 3.1.10 (I wonder what you are using Thomas?), which is the most recent stable version.&amp;nbsp; The solution for some TB users has been to use a 3.0.xx version of TB.&amp;nbsp; However, given that I also experienced problems with K9, the issue is not isolated to TB.&lt;/p&gt;&lt;p&gt;Any thoughts on this?&lt;/p&gt;&lt;p&gt;Thank you&lt;/p&gt;&lt;p&gt;Gordon&lt;/p&gt;&lt;p mce_keep=&quot;true&quot;&gt;&amp;nbsp;&lt;/p&gt;

There were several problems again this morning.  None of the machines on the network would connect to the Mercury server. 

Again, as with the different problem the previous day, from the general IMAP log, the problem seemed to start very shortly after Mercury's daily maintenance at 2330.

 SSL direct-connect failure from 192.168.1.1, Sat Jun 18 23:33:33 2011

Thunderbird was reporting:

 Unable to connect to your IMAP server. You may have exceeded the maximum number of connections to this server. If so, use the Advanced IMAP Server Settings dialog to reduce the number of cached connections

I checked that the cached connections in TB were 1 (they were) for all accounts (there are 7 accounts on one machine and one on another).  I changed TB's mail checking so that it was less often (4 minutes) and disabled checking on start-up.  Session logging had been off, so I turned it back on.  After this last step, mail started to be downloaded to the clients again.

However, although mail seems to be being received, I am still seeing errors in the IMAP logs.  For example, I am seeing many cases on "[Not-logged-in]" ...... 

Connection from 192.168.1.1, Sun Jun 19 10:42:22 2011
[Not-logged-in] at 192.168.1.1: 0 sec. elapsed, connection closed Sun Jun 19 10:42:22 2011

I am also seeing the following type of error indication, several times in the IMAP session log .....

10:07:30.921: Connection from 192.168.1.1, Sun Jun 19 10:07:30 2011<lf>
10:07:30.921: << * OK mydomain.com IMAP4rev1 Mercury/32 v4.73 server ready.<cr><lf>
10:07:30.937: >>
10:07:30.937: << * BAD Malformed command or oversize literal.<cr><lf>
10:07:30.937: >> l÷»~gE†h¹Ñ
10:07:30.937: << * BAD Malformed command or oversize literal.<cr><lf>
10:07:30.937: >> ÀÀÀ
10:07:30.937: << * BAD Malformed command or oversize literal.<cr><lf>
10:07:30.937: >> ÀÀ<cr>ÀÀ
10:07:30.937: << * BAD Malformed command or oversize literal.<cr><lf>
10:07:30.937: >>
10:07:30.937: << * BAD Malformed command or oversize literal.<cr><lf>
10:07:31.203: 7: Socket read error 10054 (connection aborted by remote host)
10:07:31.203: --- Connection closed normally at Sun Jun 19 10:07:31 2011. ---
10:07:31.203:

I am still suspicious that the version of TB that I am using (3.1.10) is causing problems.  Could someone please confirm that they are successfully using this latest version with Mercury, using IMAP4 and SSL/TLS?  My next step, for lack of any other ideas, is to install an older version of TB, probably 3.0.11.

Any thoughts, anyone?

Thank you

Gordon

 

&lt;P&gt;There were several problems again this morning.&amp;nbsp; None of the machines on the network would connect to the Mercury server.&amp;nbsp; &lt;/P&gt; &lt;P&gt;Again, as with the different problem the previous day, from the general IMAP log, the problem seemed to start very shortly after Mercury&#039;s daily maintenance at 2330.&lt;/P&gt; &lt;BLOCKQUOTE&gt; &lt;P&gt;&amp;nbsp;SSL direct-connect failure from 192.168.1.1, Sat Jun 18 23:33:33 2011 &lt;/P&gt;&lt;/BLOCKQUOTE&gt; &lt;P&gt;Thunderbird&amp;nbsp;was reporting:&lt;/P&gt; &lt;BLOCKQUOTE&gt; &lt;P&gt;&amp;nbsp;Unable to connect to your IMAP server. You may have exceeded the maximum number of connections to this server. If so, use the Advanced IMAP Server Settings dialog to reduce the number of cached connections&lt;/P&gt;&lt;/BLOCKQUOTE&gt; &lt;P&gt;I checked that&amp;nbsp;the cached connections in TB were 1 (they were) for all accounts (there are 7 accounts on one machine and one on another).&amp;nbsp; I changed&amp;nbsp;TB&#039;s mail checking so&amp;nbsp;that it was less often (4 minutes) and disabled checking on start-up.&amp;nbsp; Session logging had been off, so I turned it back on.&amp;nbsp; After this last step,&amp;nbsp;mail started to be downloaded to the clients again.&lt;/P&gt; &lt;P&gt;However,&amp;nbsp;although mail seems to be&amp;nbsp;being received, I am still seeing&amp;nbsp;errors in the IMAP logs.&amp;nbsp; For example, I am seeing many cases on &quot;[Not-logged-in]&quot; ......&amp;nbsp;&lt;/P&gt; &lt;BLOCKQUOTE&gt; &lt;P&gt;Connection from 192.168.1.1, Sun Jun 19 10:42:22 2011 [Not-logged-in] at 192.168.1.1: 0 sec. elapsed, connection closed Sun Jun 19 10:42:22 2011&lt;/P&gt;&lt;/BLOCKQUOTE&gt; &lt;P mce_keep=&quot;true&quot;&gt;I am also seeing the following type of error indication, several times in the IMAP session log .....&lt;/P&gt; &lt;BLOCKQUOTE&gt; &lt;P&gt;10:07:30.921: Connection from 192.168.1.1, Sun Jun 19 10:07:30 2011&amp;lt;lf&amp;gt; 10:07:30.921: &amp;lt;&amp;lt; * OK mydomain.com IMAP4rev1 Mercury/32 v4.73 server ready.&amp;lt;cr&amp;gt;&amp;lt;lf&amp;gt; 10:07:30.937: &amp;gt;&amp;gt;  10:07:30.937: &amp;lt;&amp;lt; * BAD Malformed command or oversize literal.&amp;lt;cr&amp;gt;&amp;lt;lf&amp;gt; 10:07:30.937: &amp;gt;&amp;gt; l&divide;&raquo;~gE&dagger;h&sup1;&Ntilde; 10:07:30.937: &amp;lt;&amp;lt; * BAD Malformed command or oversize literal.&amp;lt;cr&amp;gt;&amp;lt;lf&amp;gt; 10:07:30.937: &amp;gt;&amp;gt; &Agrave;&Agrave;&Agrave; 10:07:30.937: &amp;lt;&amp;lt; * BAD Malformed command or oversize literal.&amp;lt;cr&amp;gt;&amp;lt;lf&amp;gt; 10:07:30.937: &amp;gt;&amp;gt; &Agrave;&Agrave;&amp;lt;cr&amp;gt;&Agrave;&Agrave; 10:07:30.937: &amp;lt;&amp;lt; * BAD Malformed command or oversize literal.&amp;lt;cr&amp;gt;&amp;lt;lf&amp;gt; 10:07:30.937: &amp;gt;&amp;gt; 10:07:30.937: &amp;lt;&amp;lt; * BAD Malformed command or oversize literal.&amp;lt;cr&amp;gt;&amp;lt;lf&amp;gt; 10:07:31.203: 7: Socket read error 10054 (connection aborted by remote host) 10:07:31.203: --- Connection closed normally at Sun Jun 19 10:07:31 2011. --- 10:07:31.203: &lt;/P&gt;&lt;/BLOCKQUOTE&gt; &lt;P&gt;I am still suspicious that the version of TB that I am using (3.1.10) is causing problems.&amp;nbsp; Could someone please confirm that they are successfully using this latest version with Mercury, using IMAP4 and SSL/TLS?&amp;nbsp; My next step, for lack of any other ideas, is to install an older version of TB, probably 3.0.11.&lt;/P&gt; &lt;P&gt;Any thoughts, anyone?&lt;/P&gt; &lt;P&gt;Thank you&lt;/P&gt; &lt;P&gt;Gordon&lt;/P&gt; &lt;P mce_keep=&quot;true&quot;&gt;&amp;nbsp;&lt;/P&gt;

Gordon,

I'm using Mercury 4.73 and Thunderbird 3.1.10 under WinXP.  I've been using StartTLS with IMAP4 to a Nokia Smartphone for some time, with unencrypted local Thunderbird connections. I didn't think it necessary to encrypt traffic within my own subnet.   In response to your query I've enabled SSL/TLS in Thunderbird, and I can retrieve messages. The Mercury session log, however, suggests that authentication is by StartTLS, not SSL/TLS - presumably the fact that StartTLS is enabled in Mercury is meaning that SSL/TLS is not, although the MercuryI config doesn't actually say that.(It has the box checked for 'Enable support for SSL/TLS connections' but also 993 as the port in the section for 'Enable support for deprecated direct connection')

Does that help you at all? I'm reluctant to start reconfiguring Mercury as I'm only an amateur at this and have largely forgotten how I set it up 2 years ago; I don't want to break my current smartphone setup and I haven't time at present to re-educate myself in SSL.

Chris

 


 

 

 

&lt;p&gt;Gordon,&lt;/p&gt;&lt;p&gt;I&#039;m using Mercury 4.73 and Thunderbird 3.1.10 under WinXP.&amp;nbsp; I&#039;ve been using StartTLS with IMAP4 to a Nokia Smartphone for some time, with unencrypted local Thunderbird connections. I didn&#039;t think it necessary to encrypt traffic within my own subnet. &amp;nbsp; In response to your query I&#039;ve enabled SSL/TLS in Thunderbird, and I &lt;b&gt;can&lt;/b&gt; retrieve messages. The Mercury session log, however, suggests that authentication is by StartTLS, not SSL/TLS - presumably the fact that StartTLS is enabled in Mercury is meaning that SSL/TLS is not, although the MercuryI config doesn&#039;t actually say that.(It has the box checked for &#039;Enable support for SSL/TLS connections&#039; but also 993 as the port in the section for &#039;Enable support for deprecated direct connection&#039;) &lt;/p&gt;&lt;p&gt;Does that help you at all? I&#039;m reluctant to start reconfiguring Mercury as I&#039;m only an amateur at this and have largely forgotten how I set it up 2 years ago; I don&#039;t want to break my current smartphone setup and I haven&#039;t time at present to re-educate myself in SSL. &lt;/p&gt;&lt;p&gt;Chris &lt;/p&gt;&lt;p&gt;&amp;nbsp; &lt;/p&gt;&lt;p&gt; &lt;/p&gt;&lt;p&gt;&amp;nbsp;&lt;/p&gt;&lt;p&gt;&amp;nbsp;&lt;/p&gt;&lt;p&gt;&amp;nbsp;&lt;/p&gt;

Thank you for the reply, Chris.  We seem to have similar set-ups .... Thunderbird 3.1.10 under WinXP.  However, how are you getting Mercury to handle both remote STARTTLS and unencrypted local connections.  Are you, perhaps, not checking the box "Disable plaintext logins for non-SSL connections"?  I had avoided doing this, thinking that it was a security risk.  However, I don't have port 143 open on my firewall (993 is open), so maybe this is OK.  I am not sure.  If someone tried to connect through port 993 with a planetext login, would Mercury accept it, I don't know?  I am not bothered about encryption within my home LAN, so I don't really need to use STARTTLS or SSL/TLS for that purpose.  Thank you for trying out the local SSL/TLS connection.  It's useful to know that Thunderbird 3.1.10 is working for you for SSL/TLS.  In fact this worked for me until the daily maintenence check was completed, then I got errors (this might be a coincidence, of course).  Yes, my log seems to suggest that STARTTLS is involved, even when the Thunderbird setting is SSL/TLS.  I don't understand this either.

Don't break your setup for me [:)] 

Thank you.

Gordon

 

&lt;P&gt;Thank you for the reply, Chris.&amp;nbsp; We seem to have similar set-ups .... Thunderbird 3.1.10 under WinXP.&amp;nbsp; However, how are you getting Mercury to handle both remote&amp;nbsp;STARTTLS and unencrypted local connections.&amp;nbsp; Are you, perhaps, not checking the box &quot;Disable plaintext logins for non-SSL connections&quot;?&amp;nbsp; I had avoided doing this, thinking that it was a security risk.&amp;nbsp; However, I don&#039;t have port 143 open on my firewall (993 is open), so maybe this is OK.&amp;nbsp; I am not sure.&amp;nbsp; If someone tried to connect through port 993 with a planetext login, would Mercury accept it, I don&#039;t know?&amp;nbsp; I am not bothered about encryption within my home LAN, so I don&#039;t really need to use STARTTLS or SSL/TLS for that purpose.&amp;nbsp; Thank you for trying out the local SSL/TLS connection.&amp;nbsp; It&#039;s useful to know that Thunderbird 3.1.10 is working for you for SSL/TLS.&amp;nbsp; In fact this worked for me until the daily maintenence check was completed, then I got errors (this might be a coincidence, of course).&amp;nbsp; Yes, my log seems to suggest that STARTTLS is involved, even when the Thunderbird setting is SSL/TLS.&amp;nbsp; I don&#039;t understand this either.&lt;/P&gt; &lt;P&gt;Don&#039;t break your setup for me [:)]&amp;nbsp; &lt;/P&gt; &lt;P&gt;Thank you.&lt;/P&gt; &lt;P&gt;Gordon&lt;/P&gt; &lt;P mce_keep=&quot;true&quot;&gt;&amp;nbsp;&lt;/P&gt;

> I am still suspicious that the version of TB that I am using (3.1.10) is causing problems.  Could someone please confirm that they are
> successfully using this latest version with Mercury, using IMAP4 and SSL/TLS?  My next step, for lack of any other ideas, is to install an
> older version of TB, probably 3.0.11.

I am using Thunderbird v3.1.10 with Mercury/32 v4.73 with Direct SSL/TLS I have not disabled plain text login via port 143.  Sorry for the delayed answer, I was in Reno for the last couple of days.  I was doing my mail with a laptop but I did not know what version I was using with my test setup.

&amp;gt; I am still suspicious that the version of TB that I am using (3.1.10) is causing problems.&amp;nbsp; Could someone please confirm that they are &amp;gt; successfully using this latest version with Mercury, using IMAP4 and SSL/TLS?&amp;nbsp; My next step, for lack of any other ideas, is to install an &amp;gt; older version of TB, probably 3.0.11. I am using Thunderbird v3.1.10 with Mercury/32 v4.73 with Direct SSL/TLS I have not disabled plain text login via port 143.&amp;nbsp; Sorry for the delayed answer, I was in Reno for the last couple of days.&amp;nbsp; I was doing my mail with a laptop but I did not know what version I was using with my test setup.

Thank you for the confirmation about your Thunderbird version, Thomas.  SSL/TLS seems to running satisfactorily here at the  moment, at least so far as the IMAP session log files seem to say.  I am not so sure about the IMAP general log.  It is still showing a lot of [Not-logged-in] lines.  I had assumed that this indicated connection failures, but maybe this is not correct.

I am guessing that, similar to Chris, you are probably doing plain logins within your LAN and SSL/TLS when you are travelling with your laptop etc.  I'll maybe allow the plaintext logins, though I am a bit concerned that someone could do an external plain login on the non-standard port 993.

Gordon

 

&lt;P&gt;Thank you for the confirmation about your Thunderbird version, Thomas.&amp;nbsp; SSL/TLS seems to running satisfactorily here at the&amp;nbsp; moment, at least so far as the IMAP session log files seem to say.&amp;nbsp; I am not so sure about the IMAP general log.&amp;nbsp; It is still showing a lot of [Not-logged-in] lines.&amp;nbsp; I had assumed that this indicated&amp;nbsp;connection failures, but maybe this is not correct.&lt;/P&gt; &lt;P&gt;I am guessing that, similar to&amp;nbsp;Chris, you are probably doing plain logins within your LAN and SSL/TLS when you are travelling with your laptop etc.&amp;nbsp; I&#039;ll maybe allow the plaintext logins, though I am a bit concerned that someone could do an external&amp;nbsp;plain login on the non-standard port 993.&lt;/P&gt; &lt;P&gt;Gordon&lt;/P&gt; &lt;P mce_keep=&quot;true&quot;&gt;&amp;nbsp;&lt;/P&gt;

Things are getting very frustrating .... "management" here at home is being very patient, but this may not last [:)]  On 16 June, following Thomas' advice, I changed the Thunderbird clients on all of the networked machines to SSL/TLS/Port 993.  By 18 June, this had stopped working and I was getting:

An error occurred during a connection to mydomain.com:993.

SSL received a record that exceeded the maximum permissible length.

(Error code: ssl_error_rx_record_too_long)

 So, I changed all of the clients back to STARTTLS, and mail started to be received by the clients again, though there were some pop-up error messages from time-to-time in Thunderbird.

Then the STARTTLS connections stopped again and I switched back to SSL/TLS and mail was received once more!

(Very) Early this morning, SSL/TLS again stopped working, so I switched back to STARTLS and again all was well.

Later this morning, yet again mail stopped.  This time I set Mercury IMAP to allow plaintext logins on the SSL tab and set all of the clients on the LAN to use plain logins.  This now works, though I had to use Port 993.  I presume that this port is to be expected.  The LAN clients were using "mydomain.com" as the IMAP server.  However, I have now changed these to use to the server's IP address, 192.168.xxx.xxx and all is still well.  A bonus is that, if anyone tries to login with plaintext from outside of the LAN, Thunderbird recognizes this and asks for a password (even though a password has already been saved by Thunderbird's password manager, when connecting within the LAN).  It seems that Thunderbird recognizes the login source as different between account_name@mydomain.com and account_name@192.168.xxx.xxx .... so that provide a certain level of security.

So I have had to flip-flop between using SSL/TLS and STARTTLS to keep the mail flowing and I have no idea why.  Any ideas on this?

I am hopeful that the plaintext logins on the LAN will conitnue to work.  The other good news is that the Xoom K9 mail client is still working, though I have to use "TLS Only" rather than "SSL Only" ... there is no option that mentions STARTTLS.

Gordon

 

 

 

&lt;P&gt;Things are getting very frustrating .... &quot;management&quot; here at home is being very patient, but this may not last [:)]&amp;nbsp; On 16 June, following Thomas&#039; advice, I changed the Thunderbird clients on all of the networked machines to SSL/TLS/Port 993.&amp;nbsp; By 18 June, this had stopped working and I was getting:&lt;/P&gt; &lt;P&gt;&lt;FONT size=3&gt;An error occurred during a connection to mydomain.com:993.&lt;/FONT&gt;&lt;/P&gt; &lt;BLOCKQUOTE&gt; &lt;P style=&quot;MARGIN: 0in 0in 0pt&quot; class=MsoNormal&gt;&lt;FONT face=&quot;Times New Roman&quot;&gt;&lt;FONT size=3&gt;SSL received a record that exceeded the maximum permissible length.&lt;/FONT&gt;&lt;/FONT&gt;&lt;/P&gt; &lt;P&gt;&lt;SPAN style=&quot;FONT-FAMILY: &#039;Times New Roman&#039;; FONT-SIZE: 12pt; mso-fareast-font-family: &#039;Times New Roman&#039;; mso-ansi-language: EN-CA; mso-fareast-language: EN-CA; mso-bidi-language: AR-SA&quot;&gt;(Error code: ssl_error_rx_record_too_long)&lt;/SPAN&gt;&lt;/P&gt;&lt;/BLOCKQUOTE&gt; &lt;P&gt;&amp;nbsp;So, I changed all of the clients back to STARTTLS, and mail started to be received by the clients again, though there were some pop-up error messages from time-to-time in Thunderbird.&lt;/P&gt; &lt;P&gt;Then the STARTTLS connections stopped again and I switched back to SSL/TLS and mail was received once more!&lt;/P&gt; &lt;P&gt;(Very) Early this morning, SSL/TLS again stopped working, so I switched back to STARTLS and again all was well.&lt;/P&gt; &lt;P&gt;Later this morning, yet again mail stopped.&amp;nbsp; This time I set Mercury IMAP to allow plaintext logins on the SSL tab and set all of the clients on the LAN&amp;nbsp;to use plain logins.&amp;nbsp; This now works, though I had to use Port 993.&amp;nbsp; I presume that this port&amp;nbsp;is to be expected.&amp;nbsp; The LAN clients were using &quot;mydomain.com&quot; as the IMAP server.&amp;nbsp; However, I have now changed these to use to the server&#039;s IP address, 192.168.xxx.xxx and all is still well.&amp;nbsp; A bonus is that, if anyone tries to login with plaintext from outside of the LAN, Thunderbird recognizes this and asks for a password (even though a password has already been saved by Thunderbird&#039;s password manager, when connecting within the LAN).&amp;nbsp; It seems that Thunderbird recognizes the login source as different between &lt;A href=&quot;mailto:account_name@mydomain.com&quot;&gt;account_name@mydomain.com&lt;/A&gt; and &lt;A href=&quot;mailto:account_name@192.168.xxx.xxx&quot;&gt;account_name@192.168.xxx.xxx&lt;/A&gt; .... so that provide a certain level of security.&lt;/P&gt; &lt;P&gt;So I have had to flip-flop between using SSL/TLS and STARTTLS to keep the mail flowing&amp;nbsp;and I have no idea why.&amp;nbsp; Any ideas on this?&lt;/P&gt; &lt;P&gt;I am hopeful that the plaintext logins on the LAN will conitnue to work.&amp;nbsp; The other good news is that the Xoom K9 mail client is still working, though I have to use &quot;TLS Only&quot; rather than &quot;SSL Only&quot; ... there is no option that mentions STARTTLS.&lt;/P&gt; &lt;P&gt;Gordon&lt;/P&gt; &lt;P mce_keep=&quot;true&quot;&gt;&amp;nbsp;&lt;/P&gt; &lt;P mce_keep=&quot;true&quot;&gt;&amp;nbsp;&lt;/P&gt; &lt;P mce_keep=&quot;true&quot;&gt;&amp;nbsp;&lt;/P&gt;

> I am guessing that, similar to Chris, you are probably doing plain logins within your LAN and SSL/TLS when you are travelling with your
> laptop etc.  I'll maybe allow the plaintext logins, though I am a bit concerned that someone could do an external plain login on the
> non-standard port 993.

But what's  the real problem if they do they and do this?  If it's a bad guy and gets the users credentials then they could login using the SSL/TLS.  If you maintain good password requirements (i.e. changing them every 90 days, require secure type passwords, limit the username and password to e-mail only, etc) generally this is not going to be a problem.

&amp;gt; I am guessing that, similar to Chris, you are probably doing plain logins within your LAN and SSL/TLS when you are travelling with your &amp;gt; laptop etc.&amp;nbsp; I&#039;ll maybe allow the plaintext logins, though I am a bit concerned that someone could do an external plain login on the &amp;gt; non-standard port 993. But what&#039;s&amp;nbsp; the real problem if they do they and do this?&amp;nbsp; If it&#039;s a bad guy and gets the users credentials then they could login using the SSL/TLS.&amp;nbsp; If you maintain good password requirements (i.e. changing them every 90 days, require secure type passwords, limit the username and password to e-mail only, etc) generally this is not going to be a problem.

Thank you once again Thomas.  I have so far only been using within-LAN connections for IMAP4,  so I have rarely changed passwords.

I am assuming (I hope correctly) that by "using secure type passwords" you mean passwords with a random set of meaningless characters, e.g. 3Gyd1aA4g (that's not one of my actual passwords!) and not an encrypted password.  In Thunderbird, for the within-LAN clients, I have the IMAP server information set up with Connection Security - None and Authentication Method - Password, transmitted insecurely (the alternatives are Encrypted Password, Kerberos, GSSAPI or NTLM).  For the external mobile K9 mail client, I have TLS Always with Authentication - Plain (the only other alternative is CRAM_MD5).  I don't think that Mercury provides support for any of these alternatives (if it does, I can't see it anywhere).

Is what I have done what you would expect to see, for what I am trying to do?

Sorry that this is become such a long drawn-out issue!

Gordon

 

&lt;P&gt;Thank you once again Thomas.&amp;nbsp; I have so far only been using within-LAN connections for IMAP4,&amp;nbsp;&amp;nbsp;so I have rarely changed passwords.&lt;/P&gt; &lt;P&gt;I am assuming (I hope correctly) that by &quot;using secure type passwords&quot; you mean passwords with a random set of meaningless characters, e.g. 3Gyd1aA4g (that&#039;s not one of my actual passwords!) and not an encrypted password.&amp;nbsp; In Thunderbird, for the within-LAN clients, I have the IMAP server information set up with Connection Security - None and Authentication Method - Password, transmitted insecurely (the alternatives are Encrypted Password, Kerberos, GSSAPI or NTLM).&amp;nbsp; For the external mobile K9 mail client, I have TLS Always with Authentication - Plain (the only other alternative is CRAM_MD5).&amp;nbsp; I don&#039;t think that Mercury provides support for any of these alternatives (if it does, I can&#039;t see it anywhere).&lt;/P&gt; &lt;P&gt;Is what I have done what you would expect to see, for what I am trying to do?&lt;/P&gt; &lt;P&gt;Sorry that this is become such a long drawn-out issue!&lt;/P&gt; &lt;P&gt;Gordon&lt;/P&gt; &lt;P mce_keep=&quot;true&quot;&gt;&amp;nbsp;&lt;/P&gt;

I also allow plain text logins. My logic was that access is protected by password; an unauthorised person attempting to login doesn't have the password. To get it, they would have to intercept my login; if it's on my LAN, it's not visible unless things have gone seriously wrong, by which point an email password would be of trivial value. But it can be intercepted if I login from outside my LAN, therefore it must be encrypted in that instance.

When I set up Thunderbird to use StartTLS or SSL/TLS, I did nothing with regard to port selection; I don't know where in Thunderbird I would do that. StartTLS automatically used 143, SSL/TLS automatically used 993. I use static IPs on my LAN so use the IP to identify the server in Thunderbird, so I did have to tell Thunderbird that the certificate which belonged to mydomain.com was acceptable to log in to the IP address.   On reflection, Thunderbird already knew about the certificate so it's possible I did set up SSL previously and then removed it.

Is it possible there's a firewall blocking you somewhere?

When you mention Thunderbird having cached the password, and then using it from outside the LAN, I assume you have it on a laptop and connect from different places, with a different account to allow for the change in server address?

For info, here's my SSL configuration. I've blanked the name of my certificate file, otherwise it's unedited.

&lt;p&gt;I also allow plain text logins. My logic was that access is protected by password; an unauthorised person attempting to login doesn&#039;t have the password. To get it, they would have to intercept my login; if it&#039;s on my LAN, it&#039;s not visible unless things have gone seriously wrong, by which point an email password would be of trivial value. But it can be intercepted if I login from outside my LAN, therefore it must be encrypted in that instance.&lt;/p&gt;&lt;p&gt;When I set up Thunderbird to use StartTLS or SSL/TLS, I did nothing with regard to port selection; I don&#039;t know where in Thunderbird I would do that. StartTLS automatically used 143, SSL/TLS automatically used 993. I use static IPs on my LAN so use the IP to identify the server in Thunderbird, so I did have to tell Thunderbird that the certificate which belonged to mydomain.com was acceptable to log in to the IP address.&amp;nbsp;&amp;nbsp; On reflection, Thunderbird already knew about the certificate so it&#039;s possible I did set up SSL previously and then removed it.&lt;/p&gt;&lt;p&gt;Is it possible there&#039;s a firewall blocking you somewhere? &lt;/p&gt;&lt;p&gt;When you mention Thunderbird having cached the password, and then using it from outside the LAN, I assume you have it on a laptop and connect from different places, with a different account to allow for the change in server address? &lt;/p&gt;&lt;p&gt;For info, here&#039;s my SSL configuration. I&#039;ve blanked the name of my certificate file, otherwise it&#039;s unedited. &lt;/p&gt;&lt;img src=&quot;http://www.cjbolton.plus.com/misc/imapssl.jpg&quot; mce_src=&quot;http://www.cjbolton.plus.com/misc/imapssl.jpg&quot;&gt;

> Thank you once again Thomas.  I have so far only been using within-LAN connections for IMAP4,  so I have rarely changed passwords.
>
> I am assuming (I hope correctly) that by "using secure type passwords" you mean passwords with a random set of meaningless characters, e.g.
> 3Gyd1aA4g (that's not one of my actual passwords!) and not an
> encrypted password.  

Ideally a password should be 10 characters long and contain both numbers and characters.  With my setups the e-mail username and password is different that the username and password that is used to protect other data.  The critical (classified) data is also held on separate servers with no connection to the outside.  

> In Thunderbird, for the within-LAN clients, I have the IMAP server information set up with Connection Security - None and Authentication
> Method - Password, transmitted insecurely (the alternatives are Encrypted Password, Kerberos, GSSAPI or NTLM).  

I use both STARTTLS and TLS/SSL connections to Mercury.  And password authentication.

> For the external mobile K9 mail client, I have TLS Always with Authentication - Plain (the only other alternative is CRAM_MD5).  I
> don't think that Mercury provides support for any of these alternatives (if it does, I can't see it anywhere).

David Harris has implemented ESMTP AUTH CRAM-MD5 for WinPMail.  It does a SMTP authentication in accordance with RFCs 2554 and 2195.  It will also do the LOGIN and the strange MS AUTH=LOGIN.  I use CRAM-MD5 for the clients that support is since it encrypts the username and password sent to the server.


&amp;gt; Thank you once again Thomas.&amp;nbsp; I have so far only been using within-LAN connections for IMAP4,&amp;nbsp; so I have rarely changed passwords. &amp;gt; &amp;gt; I am assuming (I hope correctly) that by &quot;using secure type passwords&quot; you mean passwords with a random set of meaningless characters, e.g. &amp;gt; 3Gyd1aA4g (that&#039;s not one of my actual passwords!) and not an &amp;gt; encrypted password. &amp;nbsp; Ideally a password should be 10 characters long and contain both numbers and characters.&amp;nbsp; With my setups the e-mail username and password is different that the username and password that is used to protect other data.&amp;nbsp; The critical (classified) data is also held on separate servers with no connection to the outside. &amp;nbsp; &amp;gt; In Thunderbird, for the within-LAN clients, I have the IMAP server information set up with Connection Security - None and Authentication &amp;gt; Method - Password, transmitted insecurely (the alternatives are Encrypted Password, Kerberos, GSSAPI or NTLM). &amp;nbsp; I use both STARTTLS and TLS/SSL connections to Mercury.&amp;nbsp; And password authentication. &amp;gt; For the external mobile K9 mail client, I have TLS Always with Authentication - Plain (the only other alternative is CRAM_MD5).&amp;nbsp; I &amp;gt; don&#039;t think that Mercury provides support for any of these alternatives (if it does, I can&#039;t see it anywhere). David Harris has implemented ESMTP AUTH CRAM-MD5 for WinPMail.&amp;nbsp; It does a SMTP authentication in accordance with RFCs 2554 and 2195.&amp;nbsp; It will also do the LOGIN and the strange MS AUTH=LOGIN.&amp;nbsp; I use CRAM-MD5 for the clients that support is since it encrypts the username and password sent to the server.

Chris - Thank you for the detailed explanation.  Your requirement and set-up sounds almost identical to what I have at the moment.  The portable machine, as mentioned earlier is a Motorola Xoom tablet and I plan to always having it living outside of the LAN.  When I first set-up all of this, all of the machines were using my Internet domain address as the server address and on first connection, I accepted the certificate on each of them.  When I changed the server address for the machines inside the LAN to the local IP address, there was no new certificate acceptance and mail still arrived in the clients, with the chequered history that I have already described.  At various times, I was switching the Thunderbird clients between SSL/TLS and STARTTLS and I changed the default port of 143  for STARTTLS to 993 (this is easy to do on the Server Settings section of Thunderbird accounts).  This was because I had set up port-forwarding in my router for port 993 and not 143.  Maybe, I should have changed this port-forwarding to 143 when I was using STARTTLS.  I am not sure whether this matters.

So far, since this morning, I have had no problems using the same within-LAN set-up as you and using "TLS always" on K9.  I don't know whether K9 is using STARTTLS.  An option specifically named STARTTLS isn't provided by K9.  From what I have read about K9, I don't think that passwords are transmitted in the clear when using "TLS always", but I am not 100% sure about this.

The setup that I am trying to use may well be temporary as my preference would be use a VPN, which provides much more flexibility than just for protecting e-mail, i.e. using network shares, as the travelling machine effectivley lives inside the LAN.  I have used this approach with my netbook.  However, my new tablet can't use my preferred VPN solution (OpenVPN) unless it is "rooted", which voids the warranty.  So, I want to wait  until I get past a reasonable "infant mortality" point before rooting.

Thomas has raised some points that I don't understand, but I'll have to wait unitl tomorrow to take these up with him, as it's getting late here.

Thank you

Gordon

 

&lt;P&gt;Chris - Thank you for the detailed explanation.&amp;nbsp; Your requirement and set-up sounds almost identical to what I have at the moment.&amp;nbsp; The portable machine, as mentioned earlier is a Motorola Xoom tablet and I plan to&amp;nbsp;always having it living outside of the LAN.&amp;nbsp; When I first set-up all of this, all of the machines were using my Internet domain address as the server address and on first connection, I accepted the certificate on each of them.&amp;nbsp; When I changed the server address for the machines inside the LAN to the local IP address, there was no new certificate acceptance and mail still arrived in the clients, with the chequered history that I have already described.&amp;nbsp; At various times, I was switching the Thunderbird clients between SSL/TLS and STARTTLS and I changed the default port of 143&amp;nbsp; for STARTTLS to 993 (this is easy to do on the Server Settings section of Thunderbird accounts).&amp;nbsp; This was because I had set up port-forwarding in my router for port 993 and not 143.&amp;nbsp; Maybe, I should have changed this port-forwarding to 143 when I was using STARTTLS.&amp;nbsp; I am not sure whether this matters.&lt;/P&gt; &lt;P&gt;So far, since this morning, I have had no problems using the same within-LAN set-up as you and using &quot;TLS always&quot; on K9.&amp;nbsp; I don&#039;t know whether K9 is using STARTTLS.&amp;nbsp; An option specifically named&amp;nbsp;STARTTLS isn&#039;t provided by K9.&amp;nbsp; From what I have read about K9, I don&#039;t think that passwords are transmitted in the clear when using &quot;TLS always&quot;, but I am not 100% sure about this.&lt;/P&gt; &lt;P&gt;The setup that I am trying to use may well be temporary as my preference would be use a VPN, which provides much more flexibility than just for protecting e-mail, i.e. using network shares, as the travelling machine effectivley lives inside the LAN.&amp;nbsp; I have used this approach with my netbook.&amp;nbsp; However, my new tablet can&#039;t use my preferred VPN solution (OpenVPN) unless it is &quot;rooted&quot;, which voids the warranty.&amp;nbsp; So, I want to wait&amp;nbsp; until I get past a reasonable &quot;infant mortality&quot; point before rooting.&lt;/P&gt; &lt;P&gt;Thomas has raised some points that I don&#039;t understand, but I&#039;ll have to wait unitl tomorrow to take these up with him, as it&#039;s getting late here.&lt;/P&gt; &lt;P&gt;Thank you&lt;/P&gt; &lt;P&gt;Gordon&lt;/P&gt; &lt;P mce_keep=&quot;true&quot;&gt;&amp;nbsp;&lt;/P&gt;

Well, I didn't think things could get any worse, but they have!  I have been happily using TB with Mercury for the last 3 or 4 days.  The TB set-up I have been using for the locally (LAN) connected machines, which worked, is:

Server name: The local IP address .... 192.168.1.101

Port: 993

Security Settings: Connection Security - None, Authentication method - Password, transmitted insecurely.

Server settings/Advanced/Maximum number of server connections to cache: 1

On the Mercury side, I have:

Under General

Listen on port: 993

Under Connection control

Nothing refused.

Under SSL 

Enable support for SSL/TLS connection - Checked

Disable plaintext logins fo non-SSL connecitons - Unchecked

Support for depracated direct-connect SSL, Port 993

However, TB is now no longer connecting to Mercury and I get a pop-up message in TB, saying tht there are too many cached connections.  The number of cached connections set in TB is 1, so I don't see how this is the problem.

The Mercury session log is showing a time-out, i.e.

09:17:00.687: Connection from 192.168.1.104, Thu Jun 23 09:17:00 2011<lf>
09:17:30.703: 22: Error -25 activating SSL session (locus 0, type 0, code 0, 'Timeout on read (select()) after 30 seconds')
09:17:30.703: --- Connection closed normally at Thu Jun 23 09:17:30 2011. ---
09:17:30.703:

This is happening to both machines that I have running TB on the LAN.

The only change, of which I am aware, that has recently happened is that there has been an automatic update from TB 3.1.10 to 3.1.11.  This happened yesterday, and TB/Mercury continued to work together immediately after the update.  Whenever I have problems, they seem to happen overnight!

So, another plea for help [:(]  Any ideas?

Thank you

Gordon

 

 

&lt;P&gt;Well, I didn&#039;t think things could get any worse, but they have!&amp;nbsp; I have been happily using TB with Mercury for the last 3 or 4 days.&amp;nbsp; The TB set-up I have been using for the locally (LAN) connected machines, which worked, is:&lt;/P&gt; &lt;BLOCKQUOTE&gt; &lt;P&gt;Server name: The local IP address .... 192.168.1.101&lt;/P&gt; &lt;P&gt;Port: 993&lt;/P&gt; &lt;P&gt;Security Settings: Connection Security - None, Authentication method - Password, transmitted insecurely.&lt;/P&gt; &lt;P&gt;Server settings/Advanced/Maximum number of server connections to cache: 1&lt;/P&gt;&lt;/BLOCKQUOTE&gt; &lt;P&gt;On the Mercury side, I have:&lt;/P&gt; &lt;P&gt;&lt;STRONG&gt;Under General&lt;/STRONG&gt;&lt;/P&gt; &lt;BLOCKQUOTE&gt; &lt;P&gt;Listen on port: 993&lt;/P&gt;&lt;/BLOCKQUOTE&gt; &lt;P&gt;&lt;STRONG&gt;Under Connection control&lt;/STRONG&gt;&lt;/P&gt; &lt;BLOCKQUOTE&gt; &lt;P&gt;Nothing refused.&lt;/P&gt;&lt;/BLOCKQUOTE&gt; &lt;P&gt;&lt;STRONG&gt;Under SSL&amp;nbsp;&lt;/STRONG&gt;&lt;/P&gt; &lt;BLOCKQUOTE&gt; &lt;P&gt;Enable support for SSL/TLS connection - Checked&lt;/P&gt; &lt;P&gt;Disable plaintext logins fo non-SSL connecitons - Unchecked&lt;/P&gt; &lt;P&gt;Support for depracated direct-connect SSL, Port 993&lt;/P&gt;&lt;/BLOCKQUOTE&gt; &lt;P&gt;However, TB is now no longer connecting to Mercury and I get a pop-up message in TB, saying tht there are too many cached connections.&amp;nbsp; The number of cached connections set in TB is 1, so I don&#039;t see how this is the problem.&lt;/P&gt; &lt;P&gt;The Mercury session log is showing a time-out, i.e.&lt;/P&gt; &lt;BLOCKQUOTE&gt; &lt;P&gt;09:17:00.687: Connection from 192.168.1.104, Thu Jun 23 09:17:00 2011&amp;lt;lf&amp;gt; 09:17:30.703: 22: Error -25 activating SSL session (locus 0, type 0, code 0, &#039;Timeout on read (select()) after 30 seconds&#039;) 09:17:30.703: --- Connection closed normally at Thu Jun 23 09:17:30 2011. --- 09:17:30.703: &lt;/P&gt;&lt;/BLOCKQUOTE&gt; &lt;P&gt;This is happening to both machines that I have running TB on the LAN.&lt;/P&gt; &lt;P&gt;The only change, of which I am&amp;nbsp;aware, that has recently happened is that there has been an automatic update from TB 3.1.10 to 3.1.11.&amp;nbsp; This happened yesterday, and TB/Mercury continued to work together immediately after the update.&amp;nbsp; Whenever I have problems, they seem to happen overnight!&lt;/P&gt; &lt;P&gt;So, another plea for help [:(]&amp;nbsp; Any ideas?&lt;/P&gt; &lt;P&gt;Thank you&lt;/P&gt; &lt;P&gt;Gordon&lt;/P&gt; &lt;P mce_keep=&quot;true&quot;&gt;&amp;nbsp;&lt;/P&gt; &lt;P mce_keep=&quot;true&quot;&gt;&amp;nbsp;&lt;/P&gt;

A P.S. to my previous post .... I am now able to receive mail but, to do this, I have had to set TB to use SSL/TLS under Connection security.  This continues the circle that I have found myself in.  I fully expect that, tomorrow, SSL/TLS will stop working and I will have to switch to STARTTLS or no security.

Another oddity is that for just one account (there are 7 set up on this particular machine), using SSL/TLS, there was a pop-up error message from TB, stating that it couldn't connect, because the connection to that account was already in use (I forget the exact words).  This has happened before from time-to-time and seems to be inconsistent with the use of IMAP).  Ten minutes later, without me changing any of the TB settings for this account, the account started to receive mail and there were no longer any error messages!

Gordon

 

&lt;P&gt;A P.S. to my previous post .... I am now able to receive mail but, to do this, I have had to set TB to use SSL/TLS under Connection security.&amp;nbsp; This continues the circle that I have found myself in.&amp;nbsp; I fully expect that, tomorrow, SSL/TLS will stop working and I will have to switch to STARTTLS or no security.&lt;/P&gt; &lt;P&gt;Another oddity is that for just one account (there are 7 set up on this particular machine), using SSL/TLS, there was a pop-up error message from TB, stating that it couldn&#039;t connect, because the connection to that account was already in use (I forget the exact words).&amp;nbsp; This has happened before from time-to-time and seems to be inconsistent with the use&amp;nbsp;of&amp;nbsp;IMAP).&amp;nbsp; Ten minutes later, without me changing any of the TB&amp;nbsp;settings for this account, the account started to receive mail and there were no longer any error messages!&lt;/P&gt; &lt;P&gt;Gordon&lt;/P&gt; &lt;P mce_keep=&quot;true&quot;&gt;&amp;nbsp;&lt;/P&gt;

I have a little more evidence ....  At 1550 today, I changed the time for performing Daily Maintenance Tasks to 1600.  It has normally been at 2330 each day.  I also checked the box to restart Mercury after the check (as I have always done).  I don't think that the restart is necessary, but I wanted to change as few things as possible.  Prior to the Maintenance time, all accounts were working well with Thunderbird set to SSL/TLS.  After the Maintenance time, none of the accounts worked and I received the TB error:

An error occurred during a connection to 192.168.1.101:993.

SSL received a record that exceeded the maximum permissible length.

(Error code: ssl_error_rx_record_too_long)

I then changed all of the accounts back to STARTTLS/993 and mail service was restored again to all accounts.  At 1615, I tried to force another maintenance check, to see if STARTTLS would stop functioning.  The maintenance check didn't happen.  Maybe there is a minimum time before another check can be made or maybe there can only be one per calendar day.

I realize that I am not using the normal port for STARTTLS, as the default seems to be 143.  Maybe this is a problem, but I don't see why it should stop SSL/TLS from functioning.

Gordon

P.S. A very trivial question .... When I am using the PMail forum, when I want to add a new line, it always appears double-spaced.  Is this to be expected?

 

&lt;P&gt;I have a little more evidence ....&amp;nbsp; At 1550 today, I changed the time for performing&amp;nbsp;Daily Maintenance Tasks to 1600.&amp;nbsp; It has normally been at 2330 each day.&amp;nbsp; I also checked the box to restart Mercury after the check (as I have always done).&amp;nbsp; I don&#039;t think that the restart is necessary, but I wanted to change as few things as possible.&amp;nbsp; Prior to the Maintenance time, all accounts were working well with Thunderbird set to SSL/TLS.&amp;nbsp; After the Maintenance time, none of the accounts worked and I received the TB error:&lt;/P&gt; &lt;BLOCKQUOTE&gt; &lt;P&gt;An error occurred during a connection to 192.168.1.101:993.&lt;/P&gt; &lt;P&gt;SSL received a record that exceeded the maximum permissible length.&lt;/P&gt; &lt;P&gt;(Error code: ssl_error_rx_record_too_long) &lt;/P&gt;&lt;/BLOCKQUOTE&gt; &lt;P&gt;I then changed all of the accounts back to STARTTLS/993 and mail service was restored again to all accounts.&amp;nbsp; At 1615, I tried to force another maintenance check, to see if STARTTLS would stop functioning.&amp;nbsp; The maintenance check didn&#039;t happen.&amp;nbsp; Maybe there is a minimum time before another check can be made or maybe there can only be one per calendar day.&lt;/P&gt; &lt;P&gt;I&amp;nbsp;realize that I am not using the normal port for STARTTLS, as the default seems to be 143.&amp;nbsp; Maybe this is a problem, but I don&#039;t see why it should stop SSL/TLS from functioning.&lt;/P&gt; &lt;P&gt;Gordon&lt;/P&gt; &lt;P&gt;P.S. A very trivial question .... When I am using the PMail forum, when I want to add a new line, it always appears double-spaced.&amp;nbsp; Is this to be expected?&lt;/P&gt; &lt;P mce_keep=&quot;true&quot;&gt;&amp;nbsp;&lt;/P&gt;

In Thunderbird, the default port changes automatically depending on whether you're using StartTLS, SSL/TLS or nothing. I've let mine follow the default. My Mercury is set to 'Listen on 143' - otherwise I think the settings are the same as yours. I do have a Thunderbird client on the same box as Mercury; the IP for that is 127.0.0.0 to avoid conversations going via the router. I'm still on 3.1.10 as auto-update doesn't work for me.

 Are you sure the problems are due to using encryption, or might it just be co-incidence? The error messages suggest a different cause entirely. I also get messages about not being able to carry out an operation, because of another connection. This is by design, a result of Mercury not supporting deletion (EXPUNGE) when more than one client is connected to the account. Prior to 4.73, they only appeared occasionally, even though I usually had two clients connected. A few oddities occurred after I went to 4.73, until I edited the Thunderbird config to set mail.server.default.fetch_by_chunks to false- since then, if I move or delete a mail, I get that error. I ignore them but when I've finished I close Thunderbird, and Mercury then only has one client - so it carries out all the saved operations. When I restart it, everything has moved as I intended. But only since I changed that config to false - prior to that I was getting random odd behaviour.

The other thing that made Thunderbird behave randomly was the Synchronisation introduced in version 3.0 - it spend so much time syncing it was unusable, so I turned Synchronisation off.

Chris

Composed without seeing your latest post, Gordon. It's possible that not using the default port in TB is confusing Mercury, since you have set 993 in in the IMAP4 SSL config.

&lt;p&gt;In Thunderbird, the default port changes automatically depending on whether you&#039;re using StartTLS, SSL/TLS or nothing. I&#039;ve let mine follow the default. My Mercury is set to &#039;Listen on 143&#039; - otherwise I think the settings are the same as yours. I do have a Thunderbird client on the same box as Mercury; the IP for that is 127.0.0.0 to avoid conversations going via the router. I&#039;m still on 3.1.10 as auto-update doesn&#039;t work for me. &lt;/p&gt;&lt;p&gt;&amp;nbsp;Are you sure the problems are due to using encryption, or might it just be co-incidence? The error messages suggest a different cause entirely. I also get messages about not being able to carry out an operation, because of another connection. This is by design, a result of Mercury not supporting deletion (EXPUNGE) when more than one client is connected to the account. Prior to 4.73, they only appeared occasionally, even though I usually had two clients connected. A few oddities occurred after I went to 4.73, until I edited the Thunderbird config to set &lt;b&gt;mail.server.default.fetch_by_chunks&lt;/b&gt; to &lt;b&gt;false&lt;/b&gt;- since then, if I move or delete a mail, I get that error. I ignore them but when I&#039;ve finished I close Thunderbird, and Mercury then only has one client - so it carries out all the saved operations. When I restart it, everything has moved as I intended. But only since I changed that config to false - prior to that I was getting random odd behaviour. &lt;/p&gt;&lt;p&gt;The other thing that made Thunderbird behave randomly was the Synchronisation introduced in version 3.0 - it spend so much time syncing it was unusable, so I turned Synchronisation off. &lt;/p&gt;&lt;p&gt;Chris &lt;/p&gt;&lt;p&gt;Composed without seeing your latest post, Gordon. It&#039;s possible that not using the default port in TB is confusing Mercury, since you have set 993 in in the IMAP4 SSL config. &lt;/p&gt;
live preview
enter atleast 10 characters
WARNING: You mentioned %MENTIONS%, but they cannot see this message and will not be notified
Saving...
Saved
With selected deselect posts show selected posts
All posts under this topic will be deleted ?
Pending draft ... Click to resume editing
Discard draft