Prev: Will 7.1.0.9 make me pay?
Next: Restoring "Help" under Vista
From: Susan on 5 Sep 2008 13:45
Running Win XP SP2, Eudora 6.2.3.4 - Paid Mode(63)

This morning started getting the following #$&%$# message when trying to
send mail - no problems receiving mail:

"The server's SSL Certificate was rejected for the following reason: One
certificate in the server cert chain has expired. Do you want to trust
this certificate in future sessions?"

For full view of the error message have uploaded a Print Screen graphic
of it: http://home.earthlink.net/~filearchives/EudoraSSLCertExp.jpg

At the bottom of the window are YES and NO buttons. The YES button is
useless. When selected, it still doesn't allow me to send mail. <moan &
groan> I have never had this error message before (using Eudora for over
10 years) and was able to send and receive mail with no problems last
night. Have no problems sending e-mail via MS Outlook on/through the
same server.

On scanning messages in this newsgroup have seen this problem is not
just mine. Under: Options> Sending Mail >

Under "Secure Sockets when Sending" have changed from "If available,
STARTTLS" to "Never." The "Last SSL Info" button says I "...have never
done any SSL negotiations withe any personality...". Now I can send mail
with no problems. Questions:

1. By selecting "Never" for Secure Sockets..., am I opening myself to
trouble?
2. Why did this problem start just overnight with nothing changed on the
computer?

TIA.

--- Susan
From: John H Meyers on 5 Sep 2008 17:24
On Fri, 05 Sep 2008 12:45:56 -0500, Susan wrote:

> Running Win XP SP2, Eudora 6.2.3.4 - Paid Mode(63)

If you want to update, all later versions are still available from
http://eudora.com/download (free updated registration info can be obtained,
often by merely hinting here that you would like a new code).

> This morning started getting the following #$&%$# message when trying
> to send mail - no problems receiving mail:
>
> "The server's SSL Certificate was rejected for the following reason: One
> certificate in the server cert chain has expired. Do you want to trust
> this certificate in future sessions?"
>
> For full view of the error message have uploaded a Print Screen graphic
> of it: http://home.earthlink.net/~filearchives/EudoraSSLCertExp.jpg

The image shows an Earthlink certificate which clearly is not valid
after Nov 1 2007 -- that's quite some while ago,
so something did not change just overnight,
unless Earthlink itself suddenly stored a quite old certificate
into their own SMTP server -- after all, ISP's sometimes
mess up at their own end, which should be no cause
for you to doubt your own computer or the reliable software
which has been perfectly fine for years, and which certainly
did not insert bugs into itself while you slept :)

Expired certificates do not mean that anything goes wrong
with encryption or normal functioning; like an expired driver's license,
it only means that it should have been updated,
not that its owner forgot how to drive :)

Responding that you wish to trust a server certificate
usually suffices for future use of the same SMTP server.

Otherwise, you can click "Last SSL Info"
then "Certificate Information Manager"
then click on the non-trusted certificate
and click "Add to trusted."

However, when the expired certificate is actually
not for the SMTP server itself, but instead
validates a signature on the SMTP server's actual certificate,
then "Add to trusted" might be grayed out,
and if so, you can not "trust" the "verifying" certificate,
although you may instead be able to "trust"
the certificate belonging to the SMTP server itself.

> At the bottom of the window are YES and NO buttons. The YES button is
> useless. When selected, it still doesn't allow me to send mail. <moan &
> groan> I have never had this error message before (using Eudora for over
> 10 years) and was able to send and receive mail with no problems last
> night. Have no problems sending e-mail via MS Outlook on/through the
> same server.

If you look at (and/or post) the Certificate Information Manager's
diagram of the "certificate chain" for Earthlink's server,
it should show that the expired certificate is Earthlink's,
was presented by Earthlink's server, and is not part of Eudora,
so Eudora has nothing to do with the problem (unless other
email clients do not even bother checking for expired certificates,
which does not make them "better" than Eudora, just less secure).

If Earthlink made the mistake of installing an expired certificate
into their own SMTP server (or one of the many they run),
it's entirely possible that they may finally become aware of it
and rectify the problem themselves,
which would then manifest itself by everything working fine again,
without any action by you.

> Under "Secure Sockets when Sending" have changed from "If available,
> STARTTLS" to "Never." The "Last SSL Info" button says I "...have never
> done any SSL negotiations withe any personality...". Now I can send mail
> with no problems. Questions:

> 1. By selecting "Never" for Secure Sockets...,
> am I opening myself to trouble?

"Never" means that you have reverted to port 25 (or 587) without SSL,
sending your password (and message) without encryption;
whether this is "trouble" depends on whether anyone is intercepting
the traffic and using it maliciously, which can't be answered by us.

> 2. Why did this problem start just overnight
> with nothing changed on the computer?

When you hear noises on a telephone line, do you automatically assume
that it's your own telephone at fault, or could it be
the phone at the other end of the line?

Go tell Earthlink what's happening (if it still is),
as this looks more like a problem at their end.

--
From: John H Meyers on 5 Sep 2008 19:17
Reviewing info from recent mailing lists,
I see that Earthlink had previously not offered SSL at all,
but a number of people have found Earthlink
actually accepting SSL on SMTP port 587 for some while,
even though Earthlink may not have announced it.

It may be that SSL was not being offered on port 25, either,
but perhaps that, too, has just been added?

If that's so, Eudora's default SSL setting "If available, STARTTLS"
would suddenly and automatically jump in and start to use SSL/TLS,
the moment it becomes available for the first time,
which might, at least for the one case described, have been yesterday.

In that case, returning to "SSL: Never" would simply
be preserving the status quo, while either marking the
new server certificate as "Trusted" or Earthlink itself
updating its expired "intermediate" certificate on their own server
would "upgrade" your Earthlink SMTP service to SSL (encrypted),
which would begin being more private and secure,
just like web sites secured with SSL.

--
From: Froggie the Gremlin on 5 Sep 2008 21:33
On Fri, 05 Sep 2008 18:17:12 -0500, "John H Meyers"
<jhmeyers(a)nomail.invalid> wrotd:

>Reviewing info from recent mailing lists,
>I see that Earthlink had previously not offered SSL at all,
>but a number of people have found Earthlink
>actually accepting SSL on SMTP port 587 for some while,
>even though Earthlink may not have announced it.
>
>It may be that SSL was not being offered on port 25, either,
>but perhaps that, too, has just been added?
>
>If that's so, Eudora's default SSL setting "If available, STARTTLS"
>would suddenly and automatically jump in and start to use SSL/TLS,
>the moment it becomes available for the first time,
>which might, at least for the one case described, have been yesterday.
>
>In that case, returning to "SSL: Never" would simply
>be preserving the status quo, while either marking the
>new server certificate as "Trusted" or Earthlink itself
>updating its expired "intermediate" certificate on their own server
>would "upgrade" your Earthlink SMTP service to SSL (encrypted),
>which would begin being more private and secure,
>just like web sites secured with SSL.

Earthlink sent out a msg to its users multi-years ago about changing to SSL
porting on the alternate port... I had to change my daughter's system to
accomodate. They said all would have to change... turns out they never
removed the original port 25 service.

It stayed that way 'til they blew off Earthlink for the COMCAST Triple Play
a few months back.

---<ribbit>

From: Susan on 5 Sep 2008 23:32
John H Meyers wrote:

> Reviewing info from recent mailing lists,
> I see that Earthlink had previously not offered SSL at all,
> but a number of people have found Earthlink
> actually accepting SSL on SMTP port 587 for some while,
> even though Earthlink may not have announced it.
>
> It may be that SSL was not being offered on port 25, either,
> but perhaps that, too, has just been added?
>
> If that's so, Eudora's default SSL setting "If available, STARTTLS"
> would suddenly and automatically jump in and start to use SSL/TLS,
> the moment it becomes available for the first time,
> which might, at least for the one case described, have been yesterday.
>
> In that case, returning to "SSL: Never" would simply
> be preserving the status quo, while either marking the
> new server certificate as "Trusted" or Earthlink itself
> updating its expired "intermediate" certificate on their own server
> would "upgrade" your Earthlink SMTP service to SSL (encrypted),
> which would begin being more private and secure,
> just like web sites secured with SSL.
>

John and Froggie,

Thank you for your replies! This evening scanned the messages in the
Earthlink E-mail newsgroup for others with the same problem. Only one
reported it today. Advise to him was to upgrade to a newer version of
Eudora and the port issue.

Anyways, I changed the "Secure Sockets when Sending" back to "If
available, STARTTLS" and sent a test message to myself. It went with no
problems! I checked the SSL certificate info and found Earthlink has now
uploaded or whatever a certificate that does not expire until 6/25/2019!
It is using Port 25. No doubt their phone/mailbox has been ringing off
the hook all day!

Thanks again everyone for responding!

--- Susan
 | 
Pages: 1
Prev: Will 7.1.0.9 make me pay?
Next: Restoring "Help" under Vista