Eudora eMail Problems

Who's the ISP?  I want to check what protocols they support and
expect.  If you don't want to disclose this information, try the
following as a starting template for an SMTP session using telnet:  
<https://technet.microsoft.com/en-us/library/aa995718 (v=exchg.65).aspx>
Use this to encrypt your password:
<https://www.base64encode.org
If you still have access to your old ISP account that worked, try the
same session and compare results between the old and new ISP.

Good luck.

wrote:



OLM.net supports Eudora ;-)
        
                                        ...Jim Thompson

On Thu, 03 Aug 2017 12:56:38 -0700, Jim Thompson



Just realized, after my response, that this was an S.E.D post.

There is a Eudora-specific group:  comp.mail.eudora.ms-windows
        
                                        ...Jim Thompson

Jim Thompson wrote on 8/3/2017 3:59 PM:


Thanks for that.  I've cross posted to that group.

Jim Thompson wrote on 8/3/2017 3:56 PM:


Talk about your spartan web pages.  They don't even talk about the control  
panel or if you can support reseller accounts.  I have several people using  
my account to host their web pages and they need separate logins.  I sent  
them a question about it.

On Thursday, 3 August 2017 20:51:16 UTC+1, Jeff Liebermann  wrote:
The service provider probably wants to use TLSv1.2 which did not
exist when Eudora was frozen.
If that is the case there is no overlap between the security options
in Eudora and those that your provider supports.
The only solution is to try and use no security. Eudora has an option
for this ("Secure sockets when sending: Never") and many email
providers have a special port that they will reluctantly allow to be
used without security.
John

snipped-for-privacy@gmail.com wrote on 8/3/2017 4:19 PM:


Very strange.  Before when I switched to Mightweb they did not allow email  
without authentication.  Now it works just fine.  I assume the  
authentication is to prevent spammers from using email servers as relays.  I  
hope this doesn't get shut down.

Jeff Liebermann wrote on 8/3/2017 3:51 PM:


The web hosting provider is Mightyweb.net.  I don't think my ISP has any  
email support.  I tried contacting them yesterday and never heard back.  I  
looked up the possibility of using gmail or Yahoo mail and both seem to use  
TLS which I know Eudora does not work with.

Mightyweb says using no authentication exposes the password which sounds  
like a bad idea.  I'm not sure using authentication actually encrypts the  
password.  I've always used authentication, just not TLS.  How then does  
that work?

There are several different forms of authentication which can work
over a non-encrypted connection.  The really insecure ones transmit
the password in cleartext, and these can (as noted) expose your
password on the net, and also require that the ISP store the password
itself.

There are hash-based authentication systems which can be reasonably
secure even if an encrypted connection is not used.  In these, neither
system ever transmits the password itself.  Instead, the server says
(in effect) "Here, append this randomly-chosen string to your
password, compute an MD5/SHA-1/SHA-256 hash of the result, and send me
back the hash."  This allows your client software to "prove" that it
has the password.

With this approach you still have the concern that the email itself is
flowing over a non-encrypted connection and is open to being
wiretapped, even if the password is not.

Not all ISPs, server packages, and client packages support all of
these authentication methods such as MD5AUTH.  You can still end up a
situation in which "plain text" is the only method the two ends can
agree upon... not good, especially in shared-public-network situations.

You can use any of these authentication methods over an encrypted
connection (SSL or TLS), so that both the password phase and the
actual email exchange is secured.

Dave Platt wrote on 8/3/2017 6:32 PM:


Thanks for the info.

rickman says...

 > I'm still not ready to give up my Eudora email program.

I'm using Eudora 6.2.5.6 for POP/SMTP on Cox cable, with
encryption. No guarantee it would work for you, but I could
provide my Options settings if you like.

On Thu, 03 Aug 2017 19:18:09 -0500, Peabody



It's all a function of what the ultimate E-mail provider supports
(Eudora itself _does_ support SSL).

I'm connected to the Internet via CenturyLink fiber.

But I retrieve E-mail from my website provider, OLM.net, which uses
authentication, but not SSL (for Eudora-based 'retrievers').

Not that I think 'security' is a big deal... if some expert wants to
intercept your E-mail it won't matter what you use... you'll lose >:-}

So keep your criminal communications to face-to-face only ;-)
        
                                        ...Jim Thompson

Jim Thompson wrote on 8/3/2017 8:42 PM:



I've been in touch with OLM and they don't claim to have any special support  
for Eudora.  I asked and the reply was, "what does Eudora support"?  I  
replied that Eudora supports SSL TLSv1.

Hello Rick,

  Thank you for contacting
  OLM.   We do not support TLSv1 SSL
  connections.  There are to[sic] many security
  risks.


Clearly they have no special knowledge or support for Eudora.  How are you  
operating with Eudora?  What type of authentication are you using?  I only  
got mine working by using Wireshark to see just what was happening.

Peabody wrote on 8/3/2017 8:18 PM:


Sure.  Do you know what form of authentication they use?

rickman says...

 > Sure.  Do you know what form of authentication they use?

"Last SSL Info" for POP says Port 995, TLSv1,
 DHE-RSA-AES256-SHA(256bits)

For SMTP it's the same, except Port 587.

Cox requires my Cox username and password.

Under Getting Started, I have Allow Authentication checked.

Under Checking Mail, I have Secure Sockets when receiving
set to "Required, Alternate Port"

Under Incoming Mail, I have POP and Passwords selected.

Under Sending Mail I have Allow Autherntication and Use
Submission Port (587) selected. And under Secure Sockets
when sending, I have Required, STARTTLS selected.

All the Kerberos stuff is turned off.

Then you need to Google "patch QCSSL.dll". This addresses
the situation where the first contact to the server takes a
long time, or even times out.  I think there's a version for
7.1.0.9 on dropbox which Google will take you to.  or if
you're using 6.2.5.6, I can send you the patch.  I think in
both cases, just one byte is changed in the dll.

The big problem most people have is with certificates used
by the server not being considered valid by Eudora.  After
attempting to POP email, you can go into the Last SSL Info
under Checking Mail, and open up the Certificates section at
the bottom, and make sure there are no bad certs.  If there
are, you may need to import them.  And you can only fix one
at a time.  There may be a whole string of them, so you nay
have to repeat the process until everything is good.

I think TLSv1 may not be supported by your server.  It is
considered to be compromised.  If so, you may be out of luck
on encryption.  Eudora used its own SSL dll, and I don't
know how you would get a more modern version.

Peabody says...

 > I think TLSv1 may not be supported by your server.  It
 > is considered to be compromised.  If so, you may be out
 > of luck on encryption.  Eudora used its own SSL dll, and
 > I don't know how you would get a more modern version.

I notice that the two usual OPENSSL files are also in the
Eudora program files folder. So it may be possible to update
to newer TLS versions by updating those two files, which
presumably are the 32-bit versions.  However, the only
references I could find to TLS in the QCSSL.dll file were to
v1. So even if later TLS versions are in the OpenSSL files,
they may not be called.

Peabody wrote:



That reminds me that the client and server cannot be too far apart in
their timestamps.  The SSL/TLS handshaking passes a time-sensitive
token.  If one end is way off on time, the token is considered as having
expired.  The OP needs to make sure his date and time are current.

VanguardLH wrote on 8/4/2017 12:50 AM:


Thanks for the suggestion.  I keep my time updated automatically so it is  
correct.  I have the right time zone selected as well.

Peabody wrote on 8/3/2017 10:58 PM:


Seems I was mistaken.  I am able to turn off authentication and send an  
email to one of my other email accounts on the same server, but I am still  
not able to send email to other servers.  The reported error is "550 without  
authentication".  My hosting provider is not being much help.  They just see  
it as a problem of using a crappy email program.

I wish I understood the use of Stunnel better.  I'm not sure if it will help  
with this problem or if I can even run it under Windows.

Would it make any sense to run an email server on my laptop?  That seems  
like it would need to be the email endpoint, no?  That would mean I'd have  
to host the domain name on my laptop, right?