Discussion:
Eudora 7.1: why do I have this strange problem with Certificate?
Add Reply
i***@jejejeje.it
2018-08-13 11:16:50 UTC
Reply
Permalink
Raw Message
Hi,
When Eudora try to downoad the mails, I get that error page on the
Eudora sreen.I get this problem maybe 50-60 times every day and I
don't know how I can solve this problem. Can you halp me prease?
I attach you 3 pics:
Loading Image...
Loading Image...
Loading Image...
But despite this error Eudora downloads the mail.
Thanks
micky
2018-08-16 06:06:52 UTC
Reply
Permalink
Raw Message
In comp.mail.eudora.ms-windows, on Mon, 13 Aug 2018 13:16:50 +0200,
Post by i***@jejejeje.it
Hi,
When Eudora try to downoad the mails, I get that error page on the
Eudora sreen.I get this problem maybe 50-60 times every day and I
don't know how I can solve this problem. Can you halp me prease?
https://www.dropbox.com/s/rs7iausiccyyfbh/Cattura%20Eudora%201a.JPG?dl=0
https://www.dropbox.com/s/6qf3wmndnew4k6d/Cattura%20Eudora%201.JPG?dl=0
https://www.dropbox.com/s/cs9umbaj5ql6jxr/Cattura%20Eudora%202.JPG?dl=0
But despite this error Eudora downloads the mail.
Thanks
That's a good question. Normally if you have a bad certificate but it's
trusted (because you said to trust it, afaik the only reason it could be
trusted) and it says it's ignoring it, it really ignores it, and if that
message shows up, it's because another certificate below it isn't
trusted, and you wouldn't get your mail. But you do get your mail.

I would click on Certificate INfomration Manager, in the 3rd picture.
As wide as it is, it's still a button.

Then go to the top, click on the + signs (or use the right arrow on the
top line) until the whole tree has beeen dislosed, and I expect you will
see a skull and crossbones (instead of a smiley). Click on that, to
highlight it, then click on Add to Trusted. Then fetch your mail.

Normally the measure of whether you've finished is that you get your
mail, but you already get it. i wonder if somehow this will stop you
from getting it! Let us know. But if it does, go through the process
again and again, being sure to fetch mail inbetween each iteration,
until you can't open up that top line anymore and there are no more
skulls. Then you are done, and surely it will work.

But why it works now, I don't know.

The first picture is sort of worthless and it might even be better to
click on No instead of Yes. My own guess is that that applied when
computers were slower and there was time to click the Yes button before
it moved to the next step.


Except for gmail, new cetificates are issued every one or two years, so
this is not much trouble, but for gmail it's maybe 3 times a month, and
if that gets to be a problem, look into stunnel. Which is free and
automates everythign.
i***@jejejeje.it
2018-08-17 05:04:42 UTC
Reply
Permalink
Raw Message
Post by micky
Then go to the top, click on the + signs (or use the right arrow on the
top line) until the whole tree has beeen dislosed, and I expect you will
see a skull and crossbones (instead of a smiley). Click on that, to
highlight it, then click on Add to Trusted. Then fetch your mail.
If I follow those steps I can do what you have just written because in
my Eudora everything is right. I forgot that problm is with
hotmail.com

EDIT: After 10 days I saw that precise steps, I clicked on "+" and I
solved that problem how I always solve it with g.mail. . It seems
incredible.

Other problems I get with gmail.com I always am able to solve them.
Will Seehorn
2018-08-16 22:44:47 UTC
Reply
Permalink
Raw Message
Post by i***@jejejeje.it
Hi,
When Eudora try to downoad the mails, I get that error page on the
Eudora sreen.I get this problem maybe 50-60 times every day and I
don't know how I can solve this problem. Can you halp me prease?
Sounds like it may be a problem with the server, since Eudora downloads the messages anyway.

The simplest solution to certificate problems is usually stunnel. Eudora doesn't understand newer certificates which usually is what causes certificate errors.

Stunnel acts as a link between Eudora and servers. It understands how to trust modern certificates

Willard
i***@jejejeje.it
2018-08-17 05:04:46 UTC
Reply
Permalink
Raw Message
Post by Will Seehorn
The simplest solution to certificate problems is usually stunnel. Eudora doesn't understand newer certificates which usually is what causes certificate errors.
I don't understand how I can do it.
Will Seehorn
2018-08-17 18:08:48 UTC
Reply
Permalink
Raw Message
Won't have access to the computer with instructions till next week, will send it then
Will Seehorn
2018-08-21 20:10:11 UTC
Reply
Permalink
Raw Message
Found these instructions for using stunnel. I haven't tried them, but the poster is knowledgeable:

Download stunnel from <https://www.stunnel.org/downloads.html>. Install
stunnel and start it. Set it up to run as a Service (one of the entries in
Start -> All Programs -> stunnel -> stunnel Service Install.

If you only want to use it for GMail you don't have to change the stunnel
configuration.

In Eudora, in the Properties for every Personality that uses GMail:

Generic Properties tab. Check "Authentication allowed", uncheck "Use
relay", uncheck "Use submission port", set SMTP Server to localhost, set
"Secure Sockets when Sending" to Never.
Incoming Mail tab. Set POP server to localhost, set "Secure Sockets when
Receiving" to Never.

If you want to use it for a provider other than GMail, for more than one
provider, or if you have some other program on your computer that listens
on port 110 or 25, then it gets slightly more complicated.
i***@jejejeje.it
2018-08-22 04:14:43 UTC
Reply
Permalink
Raw Message
Post by Will Seehorn
Download stunnel from <https://www.stunnel.org/downloads.html>. Install
stunnel and start it. Set it up to run as a Service (one of the entries in
Start -> All Programs -> stunnel -> stunnel Service Install.
I thank you for your precious suggestions. I last question please:
what What will change after I install Stunnel? I mean: will Eudora
work as before? Thanks
Will Seehorn
2018-08-22 10:58:52 UTC
Reply
Permalink
Raw Message
Post by i***@jejejeje.it
Post by Will Seehorn
Download stunnel from <https://www.stunnel.org/downloads.html>. Install
stunnel and start it. Set it up to run as a Service (one of the entries in
Start -> All Programs -> stunnel -> stunnel Service Install.
what What will change after I install Stunnel? I mean: will Eudora
work as before? Thanks
The only difference you should 'notice' is that you won't be getting certificate errors anymore. Stunnel acts as an interface between Eudora and the new certificates that Eudora doesn't know how to handle, stunnel does it for eudora.
g***@rr.com
2018-08-24 10:45:05 UTC
Reply
Permalink
Raw Message
On Wed, 22 Aug 2018 03:58:52 -0700 (PDT), Will Seehorn
Post by Will Seehorn
Post by i***@jejejeje.it
Post by Will Seehorn
Download stunnel from <https://www.stunnel.org/downloads.html>. Install
stunnel and start it. Set it up to run as a Service (one of the entries in
Start -> All Programs -> stunnel -> stunnel Service Install.
what What will change after I install Stunnel? I mean: will Eudora
work as before? Thanks
The only difference you should 'notice' is that you won't be getting certificate errors anymore. Stunnel acts as an interface between Eudora and the new certificates that Eudora doesn't know how to handle, stunnel does it for eudora.
I have been using Stunnel for over a year with Gmail and Eudora. This
week I started getting errors trying to send emails in Eudora with
Gmail. I happen to open the stunnel Log file and notice the following
which implied the issue was Avast. There was a lot in the Log file and
I was lucky to even see this. As soon as I turned off Avast Email
protection then Gmail and Eudora started working again.

Is there is a better way to fix this than to turn off Avast email
protection? I would like to have my incoming emails scanned but seem
to remember I had to exclude Eudora before. I think one of the Avast
updated much have turned it back on?

Just another place to look for issues is the Log file of Stunnel. I
had even made a point to update my Stunnel to the newest version
before I found this.

: Rejected by CERT at depth=1: OU=generated by Avast Antivirus for SSL/TLS scanning, O=Avast Web/Mail Shield, CN=Avast Web/Mail Shield Root
2018.08.23 21:39:38 LOG3[0]: SSL_connect: 14090086: error:14090086:SSL
routines:ssl3_get_server_certificate:certificate verify failed
2018.08.23 21:39:38 LOG5[0]: Connection reset: 0 byte(s) sent to TLS,
0 byte(s) sent to socket
Dennis Lee Bieber
2018-08-24 13:15:55 UTC
Reply
Permalink
Raw Message
Post by g***@rr.com
Is there is a better way to fix this than to turn off Avast email
protection? I would like to have my incoming emails scanned but seem
to remember I had to exclude Eudora before. I think one of the Avast
updated much have turned it back on?
Eudora has never been happy with scan-during-retrieval -- virus
scanners interrupt the timing in the hand-shaking with the server (this may
also apply to stunnel).

However -- Eudora also stages new message in the spool directory, and
then after fetching them all, processes them into the mailbox files. A good
on-file-access virus scanner should be able to check the file at that time,
when Eudora opens/reads the spool file, and does not need to scan during
retrieval.
Post by g***@rr.com
: Rejected by CERT at depth=1: OU=generated by Avast Antivirus for SSL/TLS scanning, O=Avast Web/Mail Shield, CN=Avast Web/Mail Shield Root
2018.08.23 21:39:38 LOG3[0]: SSL_connect: 14090086: error:14090086:SSL
routines:ssl3_get_server_certificate:certificate verify failed
2018.08.23 21:39:38 LOG5[0]: Connection reset: 0 byte(s) sent to TLS,
0 byte(s) sent to socket
Can't help with that -- is it repeatable or just a on-time event. I
could vaguely see a one-time event if you tried to connect just as a
certificate was expiring, and being replaced...
--
Wulfraed Dennis Lee Bieber AF6VN
***@ix.netcom.com HTTP://wlfraed.home.netcom.com/
g***@rr.com
2018-08-24 22:48:53 UTC
Reply
Permalink
Raw Message
On Fri, 24 Aug 2018 09:15:55 -0400, Dennis Lee Bieber
Post by Dennis Lee Bieber
Post by g***@rr.com
Is there is a better way to fix this than to turn off Avast email
protection? I would like to have my incoming emails scanned but seem
to remember I had to exclude Eudora before. I think one of the Avast
updated much have turned it back on?
Eudora has never been happy with scan-during-retrieval -- virus
scanners interrupt the timing in the hand-shaking with the server (this may
also apply to stunnel).
However -- Eudora also stages new message in the spool directory, and
then after fetching them all, processes them into the mailbox files. A good
on-file-access virus scanner should be able to check the file at that time,
when Eudora opens/reads the spool file, and does not need to scan during
retrieval.
Post by g***@rr.com
: Rejected by CERT at depth=1: OU=generated by Avast Antivirus for SSL/TLS scanning, O=Avast Web/Mail Shield, CN=Avast Web/Mail Shield Root
2018.08.23 21:39:38 LOG3[0]: SSL_connect: 14090086: error:14090086:SSL
routines:ssl3_get_server_certificate:certificate verify failed
2018.08.23 21:39:38 LOG5[0]: Connection reset: 0 byte(s) sent to TLS,
0 byte(s) sent to socket
Can't help with that -- is it repeatable or just a on-time event. I
could vaguely see a one-time event if you tried to connect just as a
certificate was expiring, and being replaced...
Thanks for the suggestions.

I thought other people might also be helped to remember to look at the
Stunnel Log file to see what might causing problems. I almost missed
the 2 lines about Avast being the cause of my problems.
Ken Leidner
2018-08-29 21:40:19 UTC
Reply
Permalink
Raw Message
I get the idea of setting Stunnel for Eudora with more than one provider;
Gmail Yahool, or Hotmail. But my question is would this work? Note I only
included the POP3 part, the other ones would be necessary also. How can I
tell if the ports are "free"? Is there a standard list?

[gmail-pop3]
client = yes
accept = 127.0.0.1:110
connect = pop.gmail.com:995
verifyChain = yes
CAfile = ca-certs.pem
checkHost = pop.gmail.com
OCSPaia = yes

[yahool-pop3]
client = yes
accept = 127.0.0.1:1110
connect = pop.gmail.com:995
verifyChain = yes
CAfile = ca-certs.pem
checkHost = pop.gmail.com
OCSPaia = yes

[hotmail-pop3]
client = yes
accept = 127.0.0.1:1111
connect = pop.gmail.com:995
verifyChain = yes
CAfile = ca-certs.pem
checkHost = pop.gmail.com
OCSPaia = yes

Loading...