betabug... Sascha Welter

home english | home deutsch | Site Map | Sascha | Kontakt | Pro | Weblog | Wiki

14 June 2006

IMAPS setup: Please wait for Mail.app to time out

Yes, there is an 'S' at the end of "IMAPS"

Why are some mail clients so obviously dumbed down in respect to secure IMAPS? For the server of HelMUG (where I'm co-serveradmin), I'm testing our soon-to-be IMAPS setup. We are going to open up only SSL based IMAPS, not plain IMAP. And what are programs like Apple's Mail.app (in 10.4) trying to do when you set up an account? They test the availability of the IMAP server only without SSL. Result: Users have to wait for that test to time out. Maybe the developers of that app have never heard or imagined a setup where security is at least a bit of a consideration...


When you set up the new account, you enter the most basic account information (username, password, mail server), then Mail.app tries to connect... and tries to connect... and tries to connect. At first I thought this would make it impossible to set up accounts with 10.4 with our setup. But you just have to wait for the timeout (some minutes), then ignore the warning message, and click on "continue". Only then can you tell your shiny mail client that you care to connect via SSL. Would it have been so hard to move that checkbox to the other side of the test? The user has to pass by this checkbox anyway, and it's vital for being able to connect to the right port.

Then I tested with Thunderbird, the mail client of the Mozilla project (where Firefox comes from). It's even worse. It does the same crap "I'll test if I can connect to your server before you enter all your information" dance too. But also it doesn't really let you know what it's doing. Even worse, when you finally get to tell it you want IMAPS, you have a choice of different options (amongst them "TLS" and "SSL" and some "maybe this or that", of which for Mac OS X Server 10.4 only "SSL" seems to do the trick, not "TLS" - which incidentally is only a nicer name for newer versions of SSL actually). OK, think that would have done the trick? Nonono, thank you, you also have to manually change the port to 993 too!

In my eyes, someone has dumbed these products down, with the thought that "nobody uses secure setups anyway, let's forget about all this SSL crap and make a really simple account setup". Which is nice and dandy, but it shouldn't make a secure setup seemingly impossible. Instead of just giving members the information "enter your account info, choose 'connect via SSL'", we will have to give them instructions for the complete dance.

Posted by betabug at 22:14 | Comments (1) | Trackbacks (1)
ch athens
Life in Athens (Greece) for a foreigner from the other side of the mountains. And with an interest in digital life and the feeling of change in a big city. Multilingual English - German - Greek.
Main blog page
Recent Entries
Best of
Some of the most sought after posts, judging from access logs and search engine queries.

Apple & Macintosh:
Security & Privacy:
Misc technical:
Athens for tourists and visitors:
Life in general:
<< Breaking Down of the Cell Walls | Main | A View at Kerameikos >>
Comments
Re: IMAPS setup: Please wait for Mail.app to time out

Yeah, definitely a local DNS problem blocking me where I was. Pretty sad I can reach your page on a cobbled together GPRS connection with my phone taped to an outdoor window and a pretty long range bluetooth connection...

But, to get to the post. Mail.app is a nice program for extremely basic uses. That said, I've pretty well given up providing any official support for it. For anything even remotely non-standard it's just become easier to give people a link to Thunderbird. I say this as both my business partner and my father (2 people) run Mail.app successfully on our TLS/IMAP.

Mail is not my specialty and I may be wrong on this, but it could be that Mail.app is making an assumption that the secure connection is being made on the same port after issuing the command to start tls? I know a lot of other protocols have gone to that and a lot of people are considering 465 to no longer be needed for encrypted SMTP. If that's the case, it could be, in the minds of the developers, checking what they believe to be the new standard for encryption, even if it isn't standard yet.

Anyway, just my 2 cents because my Yeah, definitely a local DNS problem blocking me where I was. Pretty sad I can reach your page on a cobbled together GPRS connection with my phone taped to an outdoor window and a pretty long range bluetooth connection...

But, to get to the post. Mail.app is a nice program for extremely basic uses. That said, I've pretty well given up providing any official support for it. For anything even remotely non-standard it's just become easier to give people a link to Thunderbird. I say this as both my business partner and my father (2 people) run Mail.app successfully on our TLS/IMAP.

Mail is not my specialty and I may be wrong on this, but it could be that Mail.app is making an assumption that the secure connection is being made on the same port after issuing the command to start tls? I know a lot of other protocols have gone to that and a lot of people are considering 465 to no longer be needed for encrypted SMTP. If that's the case, it could be, in the minds of the developers, checking what they believe to be the new standard for encryption, even if it isn't standard yet.

Anyway, just my 2 cents because my

Posted by: JM at June 22,2006 07:26
Trackbacks
You can trackback to: http://betabug.ch/blogs/ch-athens/383/tbping
What happened on June 2nd to Mail.app and port 993?

When I just had a glance at my web stats, I noticed a lot of accesses to an old post of mine about
IMAPS setup: Please wait for Mail.app to time out suddenly getting lots of hits. Usually I know
which posts still get attention, and if a not-so-intere...

Read the linking post here: ch-athens at June 03,2008 13:42
Leave a comment