IMAPS setup: Please wait for Mail.app to time out
Yes, there is an 'S' at the end of "IMAPS"
Why are some mail clients so obviously dumbed down in respect to secure
IMAPS? For the server of HelMUG (where I'm co-serveradmin), I'm testing
our soon-to-be IMAPS setup. We are going to open up only SSL based
IMAPS, not plain IMAP. And what are programs like Apple's Mail.app
(in 10.4) trying to do when you set up an account? They test the
availability of the IMAP server only without SSL. Result: Users have to wait for that test to time out. Maybe the developers
of that app have never heard or imagined a setup where security is at
least a bit of a consideration...
When you set up the new account, you enter the most basic account
information (username, password, mail server), then Mail.app tries to
connect... and tries to connect... and tries to connect. At first I
thought this would make it impossible to set up accounts with 10.4 with
our setup. But you just have to wait for the timeout (some minutes),
then ignore the warning message, and click on "continue". Only then can
you tell your shiny mail client that you care to connect via SSL. Would
it have been so hard to move that checkbox to the other side of the
test? The user has to pass by this checkbox anyway, and it's vital for
being able to connect to the right port.
Then I tested with Thunderbird, the mail client of the Mozilla project
(where Firefox comes from). It's even worse. It does the same crap
"I'll test if I can connect to your server before you enter all your
information" dance too. But also it doesn't really let you know what
it's doing. Even worse, when you finally get to tell it you want IMAPS,
you have a choice of different options (amongst them "TLS" and "SSL" and
some "maybe this or that", of which for Mac OS X Server 10.4 only "SSL"
seems to do the trick, not "TLS" - which incidentally is only a nicer
name for newer versions of SSL actually). OK, think that would have done
the trick? Nonono, thank you, you also have to manually change
the port to 993 too!
In my eyes, someone has dumbed these products down, with the thought
that "nobody uses secure setups anyway, let's forget about all this SSL
crap and make a really simple account setup". Which is nice and dandy,
but it shouldn't make a secure setup seemingly impossible. Instead of
just giving members the information "enter your account info, choose
'connect via SSL'", we will have to give them instructions for the
complete dance.
ch athens
Life in Athens (Greece) for a foreigner from the other side of the mountains.
And with an interest in digital life and the feeling of change in a big city.
Multilingual English - German - Greek.
Main blog page
Recent Entries
Best of
Some of the most sought after posts, judging from access logs and search engine queries.
Apple & Macintosh:
Security & Privacy:
Misc technical:
Athens for tourists and visitors:
Life in general:
Yeah, definitely a local DNS problem blocking me where I was. Pretty sad I can reach your page on a cobbled together GPRS connection with my phone taped to an outdoor window and a pretty long range bluetooth connection...
But, to get to the post. Mail.app is a nice program for extremely basic uses. That said, I've pretty well given up providing any official support for it. For anything even remotely non-standard it's just become easier to give people a link to Thunderbird. I say this as both my business partner and my father (2 people) run Mail.app successfully on our TLS/IMAP.
Mail is not my specialty and I may be wrong on this, but it could be that Mail.app is making an assumption that the secure connection is being made on the same port after issuing the command to start tls? I know a lot of other protocols have gone to that and a lot of people are considering 465 to no longer be needed for encrypted SMTP. If that's the case, it could be, in the minds of the developers, checking what they believe to be the new standard for encryption, even if it isn't standard yet.
Anyway, just my 2 cents because my Yeah, definitely a local DNS problem blocking me where I was. Pretty sad I can reach your page on a cobbled together GPRS connection with my phone taped to an outdoor window and a pretty long range bluetooth connection...
But, to get to the post. Mail.app is a nice program for extremely basic uses. That said, I've pretty well given up providing any official support for it. For anything even remotely non-standard it's just become easier to give people a link to Thunderbird. I say this as both my business partner and my father (2 people) run Mail.app successfully on our TLS/IMAP.
Mail is not my specialty and I may be wrong on this, but it could be that Mail.app is making an assumption that the secure connection is being made on the same port after issuing the command to start tls? I know a lot of other protocols have gone to that and a lot of people are considering 465 to no longer be needed for encrypted SMTP. If that's the case, it could be, in the minds of the developers, checking what they believe to be the new standard for encryption, even if it isn't standard yet.
Anyway, just my 2 cents because my
You can trackback to: http://betabug.ch/blogs/ch-athens/383/tbping
What happened on June 2nd to Mail.app and port 993?
When I just had a glance at my web stats, I noticed a lot of accesses to an old post of mine about
IMAPS setup: Please wait for Mail.app to time out suddenly getting lots of hits. Usually I know
which posts still get attention, and if a not-so-intere...