Eudora eMail Problems

Do you have a question? Post it now! No Registration Necessary

Translate This Thread From English to

Threaded View
I'm still not ready to give up my Eudora email program.  But it's proving to  
be a bit intractable at the moment.  I recently switched to a new hosting  
service and had a great deal of problems setting it up for the new servers.  
Seems TLS is broken in Eudora, at least with modern servers.  I was finally  
able to get the bloody thing to work after playing with it for some days.

Now the provider has switched servers and Eudora will no longer send emails.  
  Downloading emails is fine, but on sending either it times out or gives  
errors regarding authentication depending on the port number used.  I ran  
wireshark but I can't say I understand the results.  Only a half dozen  
messages are sent or received and there is 100 second wait between them.  So  
it looks like something is timing out.

Any suggestions on how to debug this?  How do email clients authenticate if  
TLS isn't used?

--  

Rick C

Re: Eudora eMail Problems

Quoted text here. Click to load it

Who's the ISP?  I want to check what protocols they support and
expect.  If you don't want to disclose this information, try the
following as a starting template for an SMTP session using telnet:  
<https://technet.microsoft.com/en-us/library/aa995718 (v=exchg.65).aspx>
Use this to encrypt your password:
<https://www.base64encode.org
If you still have access to your old ISP account that worked, try the
same session and compare results between the old and new ISP.

Good luck.

--  
Jeff Liebermann     snipped-for-privacy@cruzio.com
150 Felker St #D    http://www.LearnByDestroying.com
We've slightly trimmed the long signature. Click to see the full one.
Re: Eudora eMail Problems
wrote:

Quoted text here. Click to load it

OLM.net supports Eudora ;-)
        
                                        ...Jim Thompson
--  
| James E.Thompson                                 |    mens     |
| Analog Innovations                               |     et      |
We've slightly trimmed the long signature. Click to see the full one.
Re: Eudora eMail Problems
On Thu, 03 Aug 2017 12:56:38 -0700, Jim Thompson

Quoted text here. Click to load it

Just realized, after my response, that this was an S.E.D post.

There is a Eudora-specific group:  comp.mail.eudora.ms-windows
        
                                        ...Jim Thompson
--  
| James E.Thompson                                 |    mens     |
| Analog Innovations                               |     et      |
We've slightly trimmed the long signature. Click to see the full one.
Re: Eudora eMail Problems
Jim Thompson wrote on 8/3/2017 3:59 PM:
Quoted text here. Click to load it

Thanks for that.  I've cross posted to that group.

--  

Rick C

Re: Eudora eMail Problems
Jim Thompson wrote on 8/3/2017 3:56 PM:
Quoted text here. Click to load it

Talk about your spartan web pages.  They don't even talk about the control  
panel or if you can support reseller accounts.  I have several people using  
my account to host their web pages and they need separate logins.  I sent  
them a question about it.

--  

Rick C

Re: Eudora eMail Problems
On Thursday, 3 August 2017 20:51:16 UTC+1, Jeff Liebermann  wrote:
The service provider probably wants to use TLSv1.2 which did not
exist when Eudora was frozen.
If that is the case there is no overlap between the security options
in Eudora and those that your provider supports.
The only solution is to try and use no security. Eudora has an option
for this ("Secure sockets when sending: Never") and many email
providers have a special port that they will reluctantly allow to be
used without security.
John

Re: Eudora eMail Problems
snipped-for-privacy@gmail.com wrote on 8/3/2017 4:19 PM:
Quoted text here. Click to load it

Very strange.  Before when I switched to Mightweb they did not allow email  
without authentication.  Now it works just fine.  I assume the  
authentication is to prevent spammers from using email servers as relays.  I  
hope this doesn't get shut down.

--  

Rick C

Re: Eudora eMail Problems
Jeff Liebermann wrote on 8/3/2017 3:51 PM:
Quoted text here. Click to load it

The web hosting provider is Mightyweb.net.  I don't think my ISP has any  
email support.  I tried contacting them yesterday and never heard back.  I  
looked up the possibility of using gmail or Yahoo mail and both seem to use  
TLS which I know Eudora does not work with.

Mightyweb says using no authentication exposes the password which sounds  
like a bad idea.  I'm not sure using authentication actually encrypts the  
password.  I've always used authentication, just not TLS.  How then does  
that work?

--  

Rick C

Re: Eudora eMail Problems
Quoted text here. Click to load it


There are several different forms of authentication which can work
over a non-encrypted connection.  The really insecure ones transmit
the password in cleartext, and these can (as noted) expose your
password on the net, and also require that the ISP store the password
itself.

There are hash-based authentication systems which can be reasonably
secure even if an encrypted connection is not used.  In these, neither
system ever transmits the password itself.  Instead, the server says
(in effect) "Here, append this randomly-chosen string to your
password, compute an MD5/SHA-1/SHA-256 hash of the result, and send me
back the hash."  This allows your client software to "prove" that it
has the password.

With this approach you still have the concern that the email itself is
flowing over a non-encrypted connection and is open to being
wiretapped, even if the password is not.

Not all ISPs, server packages, and client packages support all of
these authentication methods such as MD5AUTH.  You can still end up a
situation in which "plain text" is the only method the two ends can
agree upon... not good, especially in shared-public-network situations.

You can use any of these authentication methods over an encrypted
connection (SSL or TLS), so that both the password phase and the
actual email exchange is secured.



Re: Eudora eMail Problems
Dave Platt wrote on 8/3/2017 6:32 PM:
Quoted text here. Click to load it

Thanks for the info.

--  

Rick C

Re: Eudora eMail Problems
rickman says...

 > I'm still not ready to give up my Eudora email program.

I'm using Eudora 6.2.5.6 for POP/SMTP on Cox cable, with
encryption. No guarantee it would work for you, but I could
provide my Options settings if you like.



Re: Eudora eMail Problems
On Thu, 03 Aug 2017 19:18:09 -0500, Peabody

Quoted text here. Click to load it

It's all a function of what the ultimate E-mail provider supports
(Eudora itself _does_ support SSL).

I'm connected to the Internet via CenturyLink fiber.

But I retrieve E-mail from my website provider, OLM.net, which uses
authentication, but not SSL (for Eudora-based 'retrievers').

Not that I think 'security' is a big deal... if some expert wants to
intercept your E-mail it won't matter what you use... you'll lose >:-}

So keep your criminal communications to face-to-face only ;-)
        
                                        ...Jim Thompson
--  
| James E.Thompson                                 |    mens     |
| Analog Innovations                               |     et      |
We've slightly trimmed the long signature. Click to see the full one.
Re: Eudora eMail Problems
Jim Thompson wrote on 8/3/2017 8:42 PM:
Quoted text here. Click to load it


I've been in touch with OLM and they don't claim to have any special support  
for Eudora.  I asked and the reply was, "what does Eudora support"?  I  
replied that Eudora supports SSL TLSv1.

Hello Rick,

  Thank you for contacting
  OLM.   We do not support TLSv1 SSL
  connections.  There are to[sic] many security
  risks.


Clearly they have no special knowledge or support for Eudora.  How are you  
operating with Eudora?  What type of authentication are you using?  I only  
got mine working by using Wireshark to see just what was happening.


--  

Rick C

Re: Eudora eMail Problems
Peabody wrote on 8/3/2017 8:18 PM:
Quoted text here. Click to load it

Sure.  Do you know what form of authentication they use?

--  

Rick C

Re: Eudora eMail Problems
rickman says...

 > Sure.  Do you know what form of authentication they use?

"Last SSL Info" for POP says Port 995, TLSv1,
 DHE-RSA-AES256-SHA(256bits)

For SMTP it's the same, except Port 587.

Cox requires my Cox username and password.

Under Getting Started, I have Allow Authentication checked.

Under Checking Mail, I have Secure Sockets when receiving
set to "Required, Alternate Port"

Under Incoming Mail, I have POP and Passwords selected.

Under Sending Mail I have Allow Autherntication and Use
Submission Port (587) selected. And under Secure Sockets
when sending, I have Required, STARTTLS selected.

All the Kerberos stuff is turned off.

Then you need to Google "patch QCSSL.dll". This addresses
the situation where the first contact to the server takes a
long time, or even times out.  I think there's a version for
7.1.0.9 on dropbox which Google will take you to.  or if
you're using 6.2.5.6, I can send you the patch.  I think in
both cases, just one byte is changed in the dll.

The big problem most people have is with certificates used
by the server not being considered valid by Eudora.  After
attempting to POP email, you can go into the Last SSL Info
under Checking Mail, and open up the Certificates section at
the bottom, and make sure there are no bad certs.  If there
are, you may need to import them.  And you can only fix one
at a time.  There may be a whole string of them, so you nay
have to repeat the process until everything is good.

I think TLSv1 may not be supported by your server.  It is
considered to be compromised.  If so, you may be out of luck
on encryption.  Eudora used its own SSL dll, and I don't
know how you would get a more modern version.



Re: Eudora eMail Problems
Peabody says...

 > I think TLSv1 may not be supported by your server.  It
 > is considered to be compromised.  If so, you may be out
 > of luck on encryption.  Eudora used its own SSL dll, and
 > I don't know how you would get a more modern version.

I notice that the two usual OPENSSL files are also in the
Eudora program files folder. So it may be possible to update
to newer TLS versions by updating those two files, which
presumably are the 32-bit versions.  However, the only
references I could find to TLS in the QCSSL.dll file were to
v1. So even if later TLS versions are in the OpenSSL files,
they may not be called.


Re: Eudora eMail Problems
Peabody wrote:

Quoted text here. Click to load it

That reminds me that the client and server cannot be too far apart in
their timestamps.  The SSL/TLS handshaking passes a time-sensitive
token.  If one end is way off on time, the token is considered as having
expired.  The OP needs to make sure his date and time are current.

Re: Eudora eMail Problems
VanguardLH wrote on 8/4/2017 12:50 AM:
Quoted text here. Click to load it

Thanks for the suggestion.  I keep my time updated automatically so it is  
correct.  I have the right time zone selected as well.

--  

Rick C

Re: Eudora eMail Problems
Peabody wrote on 8/3/2017 10:58 PM:
Quoted text here. Click to load it

Seems I was mistaken.  I am able to turn off authentication and send an  
email to one of my other email accounts on the same server, but I am still  
not able to send email to other servers.  The reported error is "550 without  
authentication".  My hosting provider is not being much help.  They just see  
it as a problem of using a crappy email program.

I wish I understood the use of Stunnel better.  I'm not sure if it will help  
with this problem or if I can even run it under Windows.

Would it make any sense to run an email server on my laptop?  That seems  
like it would need to be the email endpoint, no?  That would mean I'd have  
to host the domain name on my laptop, right?

--  

Rick C

Site Timeline