Re: Finding a replacement for my ISP's smtp server
On Sun, Jul 27, 2014 at 10:56 AM, Paul E Condon
<pecondon@mesanetworks.net> wrote:
> I've known for a long while that there was something
> strange about sending mail via my ISP.
(Piques my curiosity.)
> They have made
> it clear in that they do not require or use TLS.
(Wondering what TLS has to do with strangeness in this case.)
> It
> occurs to me that perhaps my computer does not have
> installed the appropriate certs to function with TLS.
My experience is that MUAs really don't mess with certificates. They
assume the mail server is legit enough to run through a handshake that
involves asymmetric keys, and thus should protect the client from fake
servers trying to steal passwords. This approach is considered
allowable because you should not really be connecting to random mail
servers, and the real server should know how to decrypt your client's
encrypted transmission of your password.
If you are browsing your mail via the web (thus, https for TLS), your
web browser will need certificates for the mail provider's web server.
The certificate would be used for the https connection. But that is
usually transparent to the user. Pre-installed certificates for
everyserver and the kitchen sink on all major browsers including
Iceweasel (which I think is a flaw in implementation, but that's a
separate issue).
> How would I ever have known they were missing if they
> were not being used? So maybe their goofyness has allowed me to miss
> something that I was doing something wrong from way back when I first got
> started
> in Debian in about Y2K. Certs are used for https and
> these must be on the computer because it manages to
> connect to my banks (2) , but maybe the ones needed to do SMTP are some
> different? How can I check.
The difference is basically in the way you log in. In http, you start
without authentication because you're supposed to be starting in
surfing mode (which was supposed to be anonymous, which control-freak
companies can't stand). The shift from http to https uses a different
handshake protocol which involves the assumption that the browser
should recognize or not recognize the https connection by the
certificate. (See above opinion on the current implementation.)
> I have found some instructions for using gmail
> as a smart host and I'm trying to follow them, but things are not
> working.
I hope the instructions you are using are from Google's own pages.
> When I press the 'y' key in mutt to send an
> email, the message 'sending...' displays in the bottom
> line, but it stays there for many minutes when it once would accept an email
> is just a few seconds. How can I
> find out what is happening during that time? Is there
> some debug tool?
>
> Thoughts or suggestions?
>
> --
> Paul
Delays in connections may be due to using port numbers other than the
ones the mail provider asks for, or such things. Or it may be the
provider or the MUA falling back from the specified mode, and trying
other modes.
Now that I think of it, I have definitely seen the latter. Set the MUA
to try TLS, but allow fallback, and it has to timeout each attempted
connection as it falls back.
--
Joel Rees
Computer memory is just fancy paper,
and the CPU is just a fancy pen.
Reply to: