From: Uno on
Hello newsgroup,

I'm trying to use thunderbird to get an e-mail capability on linux, and
since this is the only reason I have to boot windows at all, I'd like to
figure it out.

Where I'm stuck right now is that I know OE uses SSL authentication to
get my mail successfully when I ask for it, but the t-bird set-up is
telling me that the server does not support it.

http://i42.tinypic.com/s5vktk.jpg

This image shows what qwest says are the thunderbird settings. I admit
the possibility that qwest is a crappy corporation with misleading
information, but the evidence points elsewhere.

When I change thunderbird's settings to be analogous to the above, then
I get this:

http://i39.tinypic.com/28ulb3d.jpg

Can I use the perl programming language to determine whether what type
of authentication this server understands?

Thanks for your comment and cheers,
--
Uno
From: Peter J. Holzer on
On 2010-05-16 05:09, Uno <merrilljensen(a)q.com> wrote:
> I'm trying to use thunderbird to get an e-mail capability on linux, and
> since this is the only reason I have to boot windows at all, I'd like to
> figure it out.
>
> Where I'm stuck right now is that I know OE uses SSL authentication to
> get my mail successfully when I ask for it, but the t-bird set-up is
> telling me that the server does not support it.
[...]
> http://i39.tinypic.com/28ulb3d.jpg

"SSL Authentication" != "Secure Authentication".

You probably just have to turn "Secure Authentication" off (but leave
STARTTLS on).


> Can I use the perl programming language to determine whether what type
> of authentication this server understands?

Yes. However, you don't have to write that program yourself, as somebody
has already done it: Look for "swaks" (the SWiss Army Knife for Smtp).
Some linux distributions (e.g. Debian) include it, or you can download
it from http://www.jetmore.org/john/code/swaks/

hp

From: Uno on
On 5/16/2010 6:20 AM, Peter J. Holzer wrote:
> On 2010-05-16 05:09, Uno<merrilljensen(a)q.com> wrote:
>> I'm trying to use thunderbird to get an e-mail capability on linux, and
>> since this is the only reason I have to boot windows at all, I'd like to
>> figure it out.
>>
>> Where I'm stuck right now is that I know OE uses SSL authentication to
>> get my mail successfully when I ask for it, but the t-bird set-up is
>> telling me that the server does not support it.
> [...]
>> http://i39.tinypic.com/28ulb3d.jpg
>
> "SSL Authentication" != "Secure Authentication".
>
> You probably just have to turn "Secure Authentication" off (but leave
> STARTTLS on).

What was going on here was that I was conflating secure connections and
secure authentication. The latter is an MS thing, and the whole picture
you get of it as a windows user slightly distorts what is actually
happening.

I was "sure" that I was using SSL, and in my head it sounded right that
a secure socket layer would employ secure authentication. They are
completely separate notions.

So, problem solved by unchecking a box.
>
>
>> Can I use the perl programming language to determine whether what type
>> of authentication this server understands?
>
> Yes. However, you don't have to write that program yourself, as somebody
> has already done it: Look for "swaks" (the SWiss Army Knife for Smtp).
> Some linux distributions (e.g. Debian) include it, or you can download
> it from http://www.jetmore.org/john/code/swaks/

Well, hot damn:

> $ swaks --to merrilljensen(a)q.com --server pop3.live.com
=== Trying pop3.live.com:25...
*** Error connecting 0.0.0.0 to pop3.live.com:25:
*** IO::Socket::INET: connect: timeout
$ swaks --to merrilljensen(a)q.com --server smtp.live.com
=== Trying smtp.live.com:25...
=== Connected to smtp.live.com.
<- 220 BLU0-SMTP21.blu0.hotmail.com Microsoft ESMTP MAIL Service,
Version: 6.0.3790.4675 ready at Sun, 16 May 2010 14:29:18 -0700
-> EHLO dan-desktop
<- 250-BLU0-SMTP21.blu0.hotmail.com Hello [97.123.175.133]
<- 250-TURN
<- 250-SIZE 35840000
<- 250-ETRN
<- 250-PIPELINING
<- 250-DSN
<- 250-ENHANCEDSTATUSCODES
<- 250-8bitmime
<- 250-BINARYMIME
<- 250-CHUNKING
<- 250-VRFY
<- 250-TLS
<- 250-STARTTLS
<- 250 OK
-> MAIL FROM:<dan(a)dan-desktop>

So ... what's all this?

http://www.jetmore.org/john/code/swaks/latest/doc/ref.txt

I didn't see in the documentation above any discussion on how to
determine whether a server wants "secure authentication."

Cheers,
--
Uno





From: Ilya Zakharevich on
On 2010-05-16, Uno <merrilljensen(a)q.com> wrote:
> I was "sure" that I was using SSL, and in my head it sounded right that
> a secure socket layer would employ secure authentication. They are
> completely separate notions.

Secure connection makes absolutely no sense without secure
authentication (well, "almost" - one can invent a FEW types of attacks
which may be stopped by "just SSL" - but why would the attackers
restrict themselves?).

The standard analogy of secure connection is sending a parcel guarded
by a policeman on route. The standard analogy of having no secure
authentication is leaving a package on a bench in a public park so
that the other party may come and pick it up. Now imagine doing
both...

> So, problem solved by unchecking a box.

Hardly.

Hope this helps,
Ilya
From: sln on
On Sun, 16 May 2010 23:08:53 +0000 (UTC), Ilya Zakharevich <nospam-abuse(a)ilyaz.org> wrote:

>On 2010-05-16, Uno <merrilljensen(a)q.com> wrote:
>> I was "sure" that I was using SSL, and in my head it sounded right that
>> a secure socket layer would employ secure authentication. They are
>> completely separate notions.
>
>Secure connection makes absolutely no sense without secure
>authentication (well, "almost" - one can invent a FEW types of attacks
>which may be stopped by "just SSL" - but why would the attackers
>restrict themselves?).
>
>The standard analogy of secure connection is sending a parcel guarded
>by a policeman on route. The standard analogy of having no secure
>authentication is leaving a package on a bench in a public park so
>that the other party may come and pick it up. Now imagine doing
>both...
>
>> So, problem solved by unchecking a box.
>
>Hardly.
>

This all sounds very criminal.

-sln