Eudora 7.1: why do I have this strange problem with Certificate?

[ijo...@jejejeje.it]

Hi,
When Eudora try to downoad the mails, I get that error page on the
Eudora sreen.I get this problem maybe 50-60 times every day and I
don't know how I can solve this problem. Can you halp me prease?
I attach you 3 pics:
https://www.dropbox.com/s/rs7iausiccyyfbh/Cattura%20Eudora%201a.JPG?dl=0
https://www.dropbox.com/s/6qf3wmndnew4k6d/Cattura%20Eudora%201.JPG?dl=0
https://www.dropbox.com/s/cs9umbaj5ql6jxr/Cattura%20Eudora%202.JPG?dl=0
But despite this error Eudora downloads the mail.
Thanks

[micky]

In comp.mail.eudora.ms-windows, on Mon, 13 Aug 2018 13:16:50 +0200,

That's a good question. Normally if you have a bad certificate but it's
trusted (because you said to trust it, afaik the only reason it could be
trusted) and it says it's ignoring it, it really ignores it, and if that
message shows up, it's because another certificate below it isn't
trusted, and you wouldn't get your mail. But you do get your mail.

I would click on Certificate INfomration Manager, in the 3rd picture.
As wide as it is, it's still a button.

Then go to the top, click on the + signs (or use the right arrow on the
top line) until the whole tree has beeen dislosed, and I expect you will
see a skull and crossbones (instead of a smiley). Click on that, to
highlight it, then click on Add to Trusted. Then fetch your mail.

Normally the measure of whether you've finished is that you get your
mail, but you already get it. i wonder if somehow this will stop you
from getting it! Let us know. But if it does, go through the process
again and again, being sure to fetch mail inbetween each iteration,
until you can't open up that top line anymore and there are no more
skulls. Then you are done, and surely it will work.

But why it works now, I don't know.

The first picture is sort of worthless and it might even be better to
click on No instead of Yes. My own guess is that that applied when
computers were slower and there was time to click the Yes button before
it moved to the next step.


Except for gmail, new cetificates are issued every one or two years, so
this is not much trouble, but for gmail it's maybe 3 times a month, and
if that gets to be a problem, look into stunnel. Which is free and
automates everythign.

[Will Seehorn]

On Monday, August 13, 2018 at 7:16:53 AM UTC-4, ijo...@jejejeje.it wrote:
> Hi,
> When Eudora try to downoad the mails, I get that error page on the
> Eudora sreen.I get this problem maybe 50-60 times every day and I
> don't know how I can solve this problem. Can you halp me prease?

Sounds like it may be a problem with the server, since Eudora downloads the messages anyway.

The simplest solution to certificate problems is usually stunnel. Eudora doesn't understand newer certificates which usually is what causes certificate errors.

Stunnel acts as a link between Eudora and servers. It understands how to trust modern certificates

Willard

[ijo...@jejejeje.it]

>Then go to the top, click on the + signs (or use the right arrow on the
>top line) until the whole tree has beeen dislosed, and I expect you will
>see a skull and crossbones (instead of a smiley). Click on that, to
>highlight it, then click on Add to Trusted. Then fetch your mail.

If I follow those steps I can do what you have just written because in
my Eudora everything is right. I forgot that problm is with
hotmail.com

EDIT: After 10 days I saw that precise steps, I clicked on "+" and I
solved that problem how I always solve it with g.mail. . It seems
incredible.

Other problems I get with gmail.com I always am able to solve them.

[ijo...@jejejeje.it]

>The simplest solution to certificate problems is usually stunnel. Eudora doesn't understand newer certificates which usually is what causes certificate errors.

I don't understand how I can do it.

[Will Seehorn]

Won't have access to the computer with instructions till next week, will send it then

[Will Seehorn]

Found these instructions for using stunnel. I haven't tried them, but the poster is knowledgeable:

Download stunnel from <https://www.stunnel.org/downloads.html>. Install
stunnel and start it. Set it up to run as a Service (one of the entries in
Start -> All Programs -> stunnel -> stunnel Service Install.

If you only want to use it for GMail you don't have to change the stunnel
configuration.

In Eudora, in the Properties for every Personality that uses GMail:

Generic Properties tab. Check "Authentication allowed", uncheck "Use
relay", uncheck "Use submission port", set SMTP Server to localhost, set
"Secure Sockets when Sending" to Never.
Incoming Mail tab. Set POP server to localhost, set "Secure Sockets when
Receiving" to Never.

If you want to use it for a provider other than GMail, for more than one
provider, or if you have some other program on your computer that listens
on port 110 or 25, then it gets slightly more complicated.

[ijo...@jejejeje.it]

>Download stunnel from <https://www.stunnel.org/downloads.html>. Install
>stunnel and start it. Set it up to run as a Service (one of the entries in
>Start -> All Programs -> stunnel -> stunnel Service Install.

I thank you for your precious suggestions. I last question please:
what What will change after I install Stunnel? I mean: will Eudora
work as before? Thanks

[Will Seehorn]

The only difference you should 'notice' is that you won't be getting certificate errors anymore. Stunnel acts as an interface between Eudora and the new certificates that Eudora doesn't know how to handle, stunnel does it for eudora.

[Ken Leidner]

I get the idea of setting Stunnel for Eudora with more than one provider;
Gmail Yahool, or Hotmail. But my question is would this work? Note I only
included the POP3 part, the other ones would be necessary also. How can I
tell if the ports are "free"? Is there a standard list?

[gmail-pop3]
client = yes
accept = 127.0.0.1:110
connect = pop.gmail.com:995
verifyChain = yes
CAfile = ca-certs.pem
checkHost = pop.gmail.com
OCSPaia = yes

[yahool-pop3]
client = yes
accept = 127.0.0.1:1110
connect = pop.gmail.com:995
verifyChain = yes
CAfile = ca-certs.pem
checkHost = pop.gmail.com
OCSPaia = yes

[hotmail-pop3]
client = yes
accept = 127.0.0.1:1111
connect = pop.gmail.com:995
verifyChain = yes
CAfile = ca-certs.pem
checkHost = pop.gmail.com
OCSPaia = yes

[micky]

In comp.mail.eudora.ms-windows, on Fri, 24 Aug 2018 05:45:05 -0500,
g...@rr.com wrote:

>I have been using Stunnel for over a year with Gmail and Eudora. This
>week I started getting errors trying to send emails in Eudora with
>Gmail. I happen to open the stunnel Log file and notice the following
>which implied the issue was Avast. There was a lot in the Log file and
>I was lucky to even see this. As soon as I turned off Avast Email
>protection then Gmail and Eudora started working again.

It's good of you to point out the value of the stunnel log.

>Is there is a better way to fix this than to turn off Avast email

Not afaik, but Eudora is different from most other email programs in
that it separates attachments from the emails and stores attachments in
their own directory. Therefore the regular antimalware protection for
any new file will also check attachments, and it's not needed to check
incoming mail.

You should also have "run executables" unchecked in Tools / Options
becasue malware can run that way too. I don't know the relationship of
email executables to antivirus programs like Avast.

Also, bear in mind that Avast will turn itself back on even after you
turn it off. I think this happens when new releases of it are
installed. If it's possible to uninstall the email portion of Avast, I
think that prevents that. That is possible with AVG, which was bought
by Avast within the last year or so.

>protection? I would like to have my incoming emails scanned but seem
>to remember I had to exclude Eudora before. I think one of the Avast
>updated much have turned it back on?
>
>Just another place to look for issues is the Log file of Stunnel. I
>had even made a point to update my Stunnel to the newest version
>before I found this.
>
>: Rejected by CERT at depth=1: OU=generated by Avast Antivirus for SSL/TLS scanning, O=Avast Web/Mail Shield, CN=Avast Web/Mail Shield Root
>2018.08.23 21:39:38 LOG3[0]: SSL_connect: 14090086: error:14090086:SSL
>routines:ssl3_get_server_certificate:certificate verify failed
>2018.08.23 21:39:38 LOG5[0]: Connection reset: 0 byte(s) sent to TLS,
>0 byte(s) sent to socket

Very interesting.

BTW, I've been using stunnel with Eudora for a year and it has required
no maintenance during that time. It's certainly not obsolete and I
don't think it's even obsolescent. It would be a parallel alternative
to the new version qcsll.dll, if that is really bug-free and some people
still report problems with it. I havenb't tried it at all because
stunnel works 100% for me.

[micky]

In comp.mail.eudora.ms-windows, on Wed, 29 Aug 2018 17:40:19 -0400, Ken

Leidner <y...@somehost.somedomain> wrote:

>I get the idea of setting Stunnel for Eudora with more than one provider;
>Gmail Yahool, or Hotmail. But my question is would this work? Note I only
>included the POP3 part, the other ones would be necessary also. How can I
>tell if the ports are "free"? Is there a standard list?

No list I've seen but it doesn't matter. You need to use the ports that
gamil, yahoo etc. want you to use. Not ports you like.

Yes, you can use stunnel for more than one provider,, but I have to
admit, I'm not sure how.

I use the same installation of stunnel for Eudora and for the newsreader
Agent 1.93 (for times I send email from it) which was also written
before ssl existed. I've been using it for maybe 15 years with no
trouble at all.

Except some effort was needed to make it work for Eudora too, because it
was already set up for Agent.

>[gmail-pop3]
>client = yes
>accept = 127.0.0.1:110
>connect = pop.gmail.com:995
>verifyChain = yes
>CAfile = ca-certs.pem
>checkHost = pop.gmail.com
>OCSPaia = yes
>
>[yahool-pop3]
>client = yes
>accept = 127.0.0.1:1110
>connect = pop.gmail.com:995
>verifyChain = yes
>CAfile = ca-certs.pem
>checkHost = pop.gmail.com
>OCSPaia = yes
>
>[hotmail-pop3]
>client = yes
>accept = 127.0.0.1:1111
>connect = pop.gmail.com:995
>verifyChain = yes
>CAfile = ca-certs.pem
>checkHost = pop.gmail.com
>OCSPaia = yes

This might work. Did it?

[mob-11]

I've been using only Eudora since 1994. For several years, I have been able to continue receiving mail (v 7.01) by clicking "Yes" when the SSL notice appears.

A few days ago, I stopped receiving mail via Eudora. Instead of one SSL notice, I started receiving the notice twice, clicked "Yes" twice, and did not receive the mail.

Server IP# 96.114.157.77 (Comcast)
Port: 995
SSL version: TLSv1
Unknown error
The connection with the server has been lost.

The SSL notice says "Data: version: 3 (0x2)" - I don't know if that matters.

I phoned Comcast (Xfinity) and they can't help.

I've never done anything with "stunnel" because it seems too complicated for me.

[chas....@gmail.com]

On Monday, August 13, 2018 at 7:16:53 AM UTC-4, ijo...@jejejeje.it wrote:

This used to happen to me as well. I "solved" the problem by setting Eudora Options for Secure Sockets to "Never" for receiving and sending mail. They've been set this way for at least 2 years and I've had no problems that I know of.
I'm using Eudora 7.1.0.9 (Paid) on Windows 10, but the same settings also worked on Windows XP which I had when I first had the socket problem.