Hello guys, please, help to test a TLS e-mail account at Jag from your ISP/computer

[Alex]

Hi everyone. I'm trying to setup a TLS mailbox at my Jag's hosting account. I'm able to send and receive mail, but every time I connect to the mailserver to receive mail, there is an annoying security warning message. I opened a support ticket (see below), but also need you help.

Hi! Today my e-mail client software (TheBat! 3.85.01) started to display a security warning when I get mail from my mailbox using the TLS protocol (port 995).

here is the log:

---------------
01.10.2006, 00:26:46: FETCH - receiving mail messages
01.10.2006, 00:26:47: FETCH - Initiating TLS handshake
>01.10.2006, 00:26:47: FETCH - Certificate S/N: BC5F585F641E76D8CBE8BF6B51D0527B, algorithm: RSA (1024 bits), issued from 27 янв 2006 to 27 янв 2007, for 1 host(s): secure67.nocdirect.com.
>01.10.2006, 00:26:47: FETCH - Owner: US, 77027, Texas, Houston, 4201 sw freeway #220, Jaguar Technologies, LLC, JaguarPC, Hosted by JaguarPc, InstantSSL, secure67.nocdirect.com.
>01.10.2006, 00:26:47: FETCH - Issuer: GB, Comodo Limited, Comodo Trust Network, Terms and Conditions of use: http://www.comodo.net/repository, (c)2002 Comodo Limited, Comodo Class 3 Security Services CA.
!01.10.2006, 00:26:47: FETCH - TLS handshake failure. Invalid server certificate (The issuer of this certificate chain was not found).
01.10.2006, 00:26:50: FETCH - TLS handshake complete
01.10.2006, 00:26:51: FETCH - connected to POP3 server
01.10.2006, 00:26:51: FETCH - authenticated (plain)
01.10.2006, 00:26:51: FETCH - 0 messages in the mailbox, 0 new
01.10.2006, 00:26:52: FETCH - connection finished - 0 messages received
---------------

It worked like a charm till today. I don't get such error when I send e-mail via TLS (port 465).

Here is a screenshot of the warning message from TheBat!:

http://www.avensen.com/misc/tlswarning.png

Hope this will help.

Hi,
Please provide us a test email/password so that we can check it from our side.

Let us Know if you need further assistance.

Regards,
Andrew

I've setup a test mailbox (it shows the same warning message):
e-mail address: tlstest@avensen.com
username: tlstest+avensen.com
password: tlstest567
mailserver: secure67.nocdirect.com
connection: TLS (ports: 465 to send mail, 995 to receive)

Hi,
I have tried to configure the account with the settings you provided and successfully did so. I didn't receive any error message at all. Please re-configure it again and then test. Hopefully, you wont encounter with this error now.

Let us Know if you need further assistance.

Regards,
Andrew

I've tried to resetup TheBat! and also configured MS Outlook using the same settings. Both show the same warning message. I need some time to experiment with a different ISP/computer. For now, we can close this ticket. Thanks.

Guys, please, test this e-mail account using TLS connectin from your computer. Do you get any security warnings?

Thank you. Alex.

[Vin DSL]

Hrm...

Works okay for me on SSL.

Is TLS different?

Um... Just thinking...

This is kind of dangerous, isn't it?

[Vin DSL]

Oh, BTW...

Yes, I did get the obligatory warning, since 'we' are using a shared cert, but it didn't reappear the second time I used 'our' account.

[Vin DSL]

Heh!

I'm over on your, I mean 'our' SquirrelMail account in cPanel. I see we're using SquirrelMail 1.4.6., just like us, I mean me.

[Vin DSL]

I sent a mail to Vin, over at Lycos, using MSOE via TLS, and the headers look fine!

And, yes, I got another warning message when I sent it, 'cause the cert didn't match the blah, blah.

Anyway, I'm NOT a mail expert. I hate mail and anything that has to do with it, but my best guess is, the problem resides with your mail client, not JagPC...

Okay, I'll go get out of your cPanel, and so forth, and call it a day.

Word to the wise: You might consider icksnaying that mail account, and PM'ing the username and password to (trusted) ppl only, next time, instead of putting them in these threads. A 'blackhat' is going to come along and cause you major grief -- believe me on THIS!

To JagPC: I removed the account from my mail client, and exited his cPanel -- 5:25PM PST. I'm washing my hands on all this. If something happens before the OPER returns, it wasn't/isn't me...

[Ron]

I stand corrected!

[Vin DSL]

First of all, I didn't say HOW I did it...

Secondly, I DID send a PM to Jag! Want me to forward it to you?

Oh, that's right, it would be irresponsible of me!

Look, Sherlock, this thread had been sitting here for almost 12 hours, for every dark-side cracker on the web to see. If you're so concerned about security, why didn't YOU say something?

[Ron]

Elementary. This Sherlock wasn't looking to, nor willing to hack into his neighbors' CPanel to try to help without his explicit permission, Watson.



I'm happy that you PM'd Jag about it, and I take back all the mean rotten and nasty things I thought about you for making this post. Well, almost all of them.

I'm glad to see you back on your meds lately. I've been meaning to commend you on your progress. Bravo!

[Vin DSL]

Elementary. This Sherlock wasn't looking to, nor willing to hack into his neighbors' CPanel to try to help without his explicit permission, Watson.

If that wasn't an invitation, I don't know what is!

I'm happy that you PM'd Jag about it, and I take back all the mean rotten and nasty things I thought about you for making this post. Well, almost all of them.

Apology accepted!

I'm glad to see you back on your meds lately. I've been meaning to commend you on your progress. Bravo!

LoL! You cad!

The only 'meds' I take are vitamins, onions, Tabasco and beer, but let's not argue. We've been getting along so well lately...

I wouldn't have any anger issues at all, if ppl would just quit piss!ng me off!

[Alex]

Thanks for testing, Vin.

Let me try to explain this issue once again.

I used to receive mail by an e-mail client (TheBat!), not web interface, via TLS protocol. It worked fine (without warnings) for a long time. Yesterday e-mail client started to display a warning that there is a problem with certificate. I opened a support ticket. Jag's support said that they can receive mail from the test account without any warnings. I still get them (same with TheBat! and MS Outlook). Actually, there are 3 possibilities: either someone intercepting my connection with Jag's e-mail server and substitutes a fake certificate (man in the middle attack) or something got wrong with the e-mail server or something's wrong with my e-mail software.

Please, don't test this account using web mail. I'd like you to setup your Windows e-mail client (Outlook or TheBat!) and see if there is an error when you receive mail via TLS connection.

P.S. Vin, did I get you right that you were able to get to the cPanel (not e-mail web interface) using that e-mail login? Isn't this a major security hole? Thanks.

[sehh]

posibilities:

1) your email client can't validate the authenticity of the issuer/signer Authority. In this case: GB, Comodo Limited, Comodo Trust Network. Could be because your computer has expired root certificates.

2) its possible that the authority that issued the above certificate has revoked their root certificate! (gone bust, lost it, it expired and they renewed it with a new certificate, etc).

[Vin DSL]

Yesterday e-mail client started to display a warning that there is a problem with certificate.... Actually, there are 3 possibilities: either someone intercepting my connection with Jag's e-mail server and substitutes a fake certificate (man in the middle attack) or something got wrong with the e-mail server or something's wrong with my e-mail software.

Please, don't test this account using web mail. I'd like you to setup your Windows e-mail client (Outlook or TheBat!) and see if there is an error when you receive mail via TLS connection.

P.S. Vin, did I get you right that you were able to get to the cPanel (not e-mail web interface) using that e-mail login? Isn't this a major security hole? Thanks.

Wouldn't that be a hoot? I mean, if there actually WAS a mitma going on?

I didn't send any mails with the SquirrelMail account. I was just curious to see which version your cPanel was running -- somebody asked about that the other day, and I was too lazy to go into my cPanel and look -- plus, as long as I was there, I checked to see if the mail I sent to Lycos, using Outlook, bounced. It didn't... and the headers looked normal -- listed this machine as the sender, and so forth, and so on.

Also, I checked the cert on secure67.nocdirect.com, and it looks fine to me too.

NO I didn't go into the cPanel admin panel. OMG!!! That would be grounds for divorce! I just used the Web Mail panel, since you provided the keys to the fort.

Really, I would get rid of that mail account, and edit your OP. Some clown might send a death threat to a foreign leader, or something, and you'll have a lot of 'esplaining' to do, Lucy!

[Vin DSL]

posibilities:

1) your email client can't validate the authenticity of the issuer/signer Authority. In this case: GB, Comodo Limited, Comodo Trust Network. Could be because your computer has expired root certificates.

2) its possible that the authority that issued the above certificate has revoked their root certificate! (gone bust, lost it, it expired and they renewed it with a new certificate, etc).

Ah, okay, I think I see it now!

Code:

The certificate's CN name doesn't match the passed value.

The CN is: secure67.nocdirect.com

The value that's being passed is: www.avensen.com

Is that the way you see it too? Sort of...

The thing is, isn't this always the way with shared certs?!?!?

Where's Jason, when you need him? I hate mail!

[Vin DSL]

You know... I was just thinking...

It seems to me that I setup my wife's mail client for SSL/TLS a while back -- sounded like a good idea at the time (I was working on feedback mail form security in PHP-Nuke) -- and it ran into the same 'problem', with warnings popping up left n' right. I think the fix was to get your own cert, so I switched her back to regular ol' pop.

That would beg the question, however -- why weren't YOU having this 'problem' before now?

Hrm... interesting! I feel a search coming on...

*HEY* It's about time for someone to make fun of me for talking to myself, isn't it?

[Vin DSL]

Hey, Alex, which version of openSSL are you running?

http://jaguarpc.com/forums/showthread.php?t=14871

n/m

You're on Griffin and you're running OpenSSL/0.9.7a

I thought maybe they patched 'your' server the other day...