Discussion:
Eudora 7.1: why do I have this strange problem with Certificate?
(too old to reply)
i***@jejejeje.it
2018-08-13 11:16:50 UTC
Permalink
Hi,
When Eudora try to downoad the mails, I get that error page on the
Eudora sreen.I get this problem maybe 50-60 times every day and I
don't know how I can solve this problem. Can you halp me prease?
I attach you 3 pics:
Loading Image...
Loading Image...
Loading Image...
But despite this error Eudora downloads the mail.
Thanks
micky
2018-08-16 06:06:52 UTC
Permalink
In comp.mail.eudora.ms-windows, on Mon, 13 Aug 2018 13:16:50 +0200,
Post by i***@jejejeje.it
Hi,
When Eudora try to downoad the mails, I get that error page on the
Eudora sreen.I get this problem maybe 50-60 times every day and I
don't know how I can solve this problem. Can you halp me prease?
https://www.dropbox.com/s/rs7iausiccyyfbh/Cattura%20Eudora%201a.JPG?dl=0
https://www.dropbox.com/s/6qf3wmndnew4k6d/Cattura%20Eudora%201.JPG?dl=0
https://www.dropbox.com/s/cs9umbaj5ql6jxr/Cattura%20Eudora%202.JPG?dl=0
But despite this error Eudora downloads the mail.
Thanks
That's a good question. Normally if you have a bad certificate but it's
trusted (because you said to trust it, afaik the only reason it could be
trusted) and it says it's ignoring it, it really ignores it, and if that
message shows up, it's because another certificate below it isn't
trusted, and you wouldn't get your mail. But you do get your mail.

I would click on Certificate INfomration Manager, in the 3rd picture.
As wide as it is, it's still a button.

Then go to the top, click on the + signs (or use the right arrow on the
top line) until the whole tree has beeen dislosed, and I expect you will
see a skull and crossbones (instead of a smiley). Click on that, to
highlight it, then click on Add to Trusted. Then fetch your mail.

Normally the measure of whether you've finished is that you get your
mail, but you already get it. i wonder if somehow this will stop you
from getting it! Let us know. But if it does, go through the process
again and again, being sure to fetch mail inbetween each iteration,
until you can't open up that top line anymore and there are no more
skulls. Then you are done, and surely it will work.

But why it works now, I don't know.

The first picture is sort of worthless and it might even be better to
click on No instead of Yes. My own guess is that that applied when
computers were slower and there was time to click the Yes button before
it moved to the next step.


Except for gmail, new cetificates are issued every one or two years, so
this is not much trouble, but for gmail it's maybe 3 times a month, and
if that gets to be a problem, look into stunnel. Which is free and
automates everythign.
i***@jejejeje.it
2018-08-17 05:04:42 UTC
Permalink
Post by micky
Then go to the top, click on the + signs (or use the right arrow on the
top line) until the whole tree has beeen dislosed, and I expect you will
see a skull and crossbones (instead of a smiley). Click on that, to
highlight it, then click on Add to Trusted. Then fetch your mail.
If I follow those steps I can do what you have just written because in
my Eudora everything is right. I forgot that problm is with
hotmail.com

EDIT: After 10 days I saw that precise steps, I clicked on "+" and I
solved that problem how I always solve it with g.mail. . It seems
incredible.

Other problems I get with gmail.com I always am able to solve them.
Will Seehorn
2018-08-16 22:44:47 UTC
Permalink
Post by i***@jejejeje.it
Hi,
When Eudora try to downoad the mails, I get that error page on the
Eudora sreen.I get this problem maybe 50-60 times every day and I
don't know how I can solve this problem. Can you halp me prease?
Sounds like it may be a problem with the server, since Eudora downloads the messages anyway.

The simplest solution to certificate problems is usually stunnel. Eudora doesn't understand newer certificates which usually is what causes certificate errors.

Stunnel acts as a link between Eudora and servers. It understands how to trust modern certificates

Willard
i***@jejejeje.it
2018-08-17 05:04:46 UTC
Permalink
Post by Will Seehorn
The simplest solution to certificate problems is usually stunnel. Eudora doesn't understand newer certificates which usually is what causes certificate errors.
I don't understand how I can do it.
Will Seehorn
2018-08-17 18:08:48 UTC
Permalink
Won't have access to the computer with instructions till next week, will send it then
Will Seehorn
2018-08-21 20:10:11 UTC
Permalink
Found these instructions for using stunnel. I haven't tried them, but the poster is knowledgeable:

Download stunnel from <https://www.stunnel.org/downloads.html>. Install
stunnel and start it. Set it up to run as a Service (one of the entries in
Start -> All Programs -> stunnel -> stunnel Service Install.

If you only want to use it for GMail you don't have to change the stunnel
configuration.

In Eudora, in the Properties for every Personality that uses GMail:

Generic Properties tab. Check "Authentication allowed", uncheck "Use
relay", uncheck "Use submission port", set SMTP Server to localhost, set
"Secure Sockets when Sending" to Never.
Incoming Mail tab. Set POP server to localhost, set "Secure Sockets when
Receiving" to Never.

If you want to use it for a provider other than GMail, for more than one
provider, or if you have some other program on your computer that listens
on port 110 or 25, then it gets slightly more complicated.
i***@jejejeje.it
2018-08-22 04:14:43 UTC
Permalink
Post by Will Seehorn
Download stunnel from <https://www.stunnel.org/downloads.html>. Install
stunnel and start it. Set it up to run as a Service (one of the entries in
Start -> All Programs -> stunnel -> stunnel Service Install.
I thank you for your precious suggestions. I last question please:
what What will change after I install Stunnel? I mean: will Eudora
work as before? Thanks
Will Seehorn
2018-08-22 10:58:52 UTC
Permalink
Post by i***@jejejeje.it
Post by Will Seehorn
Download stunnel from <https://www.stunnel.org/downloads.html>. Install
stunnel and start it. Set it up to run as a Service (one of the entries in
Start -> All Programs -> stunnel -> stunnel Service Install.
what What will change after I install Stunnel? I mean: will Eudora
work as before? Thanks
The only difference you should 'notice' is that you won't be getting certificate errors anymore. Stunnel acts as an interface between Eudora and the new certificates that Eudora doesn't know how to handle, stunnel does it for eudora.
g***@rr.com
2018-08-24 10:45:05 UTC
Permalink
On Wed, 22 Aug 2018 03:58:52 -0700 (PDT), Will Seehorn
Post by Will Seehorn
Post by i***@jejejeje.it
Post by Will Seehorn
Download stunnel from <https://www.stunnel.org/downloads.html>. Install
stunnel and start it. Set it up to run as a Service (one of the entries in
Start -> All Programs -> stunnel -> stunnel Service Install.
what What will change after I install Stunnel? I mean: will Eudora
work as before? Thanks
The only difference you should 'notice' is that you won't be getting certificate errors anymore. Stunnel acts as an interface between Eudora and the new certificates that Eudora doesn't know how to handle, stunnel does it for eudora.
I have been using Stunnel for over a year with Gmail and Eudora. This
week I started getting errors trying to send emails in Eudora with
Gmail. I happen to open the stunnel Log file and notice the following
which implied the issue was Avast. There was a lot in the Log file and
I was lucky to even see this. As soon as I turned off Avast Email
protection then Gmail and Eudora started working again.

Is there is a better way to fix this than to turn off Avast email
protection? I would like to have my incoming emails scanned but seem
to remember I had to exclude Eudora before. I think one of the Avast
updated much have turned it back on?

Just another place to look for issues is the Log file of Stunnel. I
had even made a point to update my Stunnel to the newest version
before I found this.

: Rejected by CERT at depth=1: OU=generated by Avast Antivirus for SSL/TLS scanning, O=Avast Web/Mail Shield, CN=Avast Web/Mail Shield Root
2018.08.23 21:39:38 LOG3[0]: SSL_connect: 14090086: error:14090086:SSL
routines:ssl3_get_server_certificate:certificate verify failed
2018.08.23 21:39:38 LOG5[0]: Connection reset: 0 byte(s) sent to TLS,
0 byte(s) sent to socket
Dennis Lee Bieber
2018-08-24 13:15:55 UTC
Permalink
Post by g***@rr.com
Is there is a better way to fix this than to turn off Avast email
protection? I would like to have my incoming emails scanned but seem
to remember I had to exclude Eudora before. I think one of the Avast
updated much have turned it back on?
Eudora has never been happy with scan-during-retrieval -- virus
scanners interrupt the timing in the hand-shaking with the server (this may
also apply to stunnel).

However -- Eudora also stages new message in the spool directory, and
then after fetching them all, processes them into the mailbox files. A good
on-file-access virus scanner should be able to check the file at that time,
when Eudora opens/reads the spool file, and does not need to scan during
retrieval.
Post by g***@rr.com
: Rejected by CERT at depth=1: OU=generated by Avast Antivirus for SSL/TLS scanning, O=Avast Web/Mail Shield, CN=Avast Web/Mail Shield Root
2018.08.23 21:39:38 LOG3[0]: SSL_connect: 14090086: error:14090086:SSL
routines:ssl3_get_server_certificate:certificate verify failed
2018.08.23 21:39:38 LOG5[0]: Connection reset: 0 byte(s) sent to TLS,
0 byte(s) sent to socket
Can't help with that -- is it repeatable or just a on-time event. I
could vaguely see a one-time event if you tried to connect just as a
certificate was expiring, and being replaced...
--
Wulfraed Dennis Lee Bieber AF6VN
***@ix.netcom.com HTTP://wlfraed.home.netcom.com/
g***@rr.com
2018-08-24 22:48:53 UTC
Permalink
On Fri, 24 Aug 2018 09:15:55 -0400, Dennis Lee Bieber
Post by Dennis Lee Bieber
Post by g***@rr.com
Is there is a better way to fix this than to turn off Avast email
protection? I would like to have my incoming emails scanned but seem
to remember I had to exclude Eudora before. I think one of the Avast
updated much have turned it back on?
Eudora has never been happy with scan-during-retrieval -- virus
scanners interrupt the timing in the hand-shaking with the server (this may
also apply to stunnel).
However -- Eudora also stages new message in the spool directory, and
then after fetching them all, processes them into the mailbox files. A good
on-file-access virus scanner should be able to check the file at that time,
when Eudora opens/reads the spool file, and does not need to scan during
retrieval.
Post by g***@rr.com
: Rejected by CERT at depth=1: OU=generated by Avast Antivirus for SSL/TLS scanning, O=Avast Web/Mail Shield, CN=Avast Web/Mail Shield Root
2018.08.23 21:39:38 LOG3[0]: SSL_connect: 14090086: error:14090086:SSL
routines:ssl3_get_server_certificate:certificate verify failed
2018.08.23 21:39:38 LOG5[0]: Connection reset: 0 byte(s) sent to TLS,
0 byte(s) sent to socket
Can't help with that -- is it repeatable or just a on-time event. I
could vaguely see a one-time event if you tried to connect just as a
certificate was expiring, and being replaced...
Thanks for the suggestions.

I thought other people might also be helped to remember to look at the
Stunnel Log file to see what might causing problems. I almost missed
the 2 lines about Avast being the cause of my problems.
Ken Leidner
2018-08-29 21:40:19 UTC
Permalink
I get the idea of setting Stunnel for Eudora with more than one provider;
Gmail Yahool, or Hotmail. But my question is would this work? Note I only
included the POP3 part, the other ones would be necessary also. How can I
tell if the ports are "free"? Is there a standard list?

[gmail-pop3]
client = yes
accept = 127.0.0.1:110
connect = pop.gmail.com:995
verifyChain = yes
CAfile = ca-certs.pem
checkHost = pop.gmail.com
OCSPaia = yes

[yahool-pop3]
client = yes
accept = 127.0.0.1:1110
connect = pop.gmail.com:995
verifyChain = yes
CAfile = ca-certs.pem
checkHost = pop.gmail.com
OCSPaia = yes

[hotmail-pop3]
client = yes
accept = 127.0.0.1:1111
connect = pop.gmail.com:995
verifyChain = yes
CAfile = ca-certs.pem
checkHost = pop.gmail.com
OCSPaia = yes
micky
2018-10-02 18:35:15 UTC
Permalink
In comp.mail.eudora.ms-windows, on Wed, 29 Aug 2018 17:40:19 -0400, Ken
Post by Ken Leidner
I get the idea of setting Stunnel for Eudora with more than one provider;
Gmail Yahool, or Hotmail. But my question is would this work? Note I only
included the POP3 part, the other ones would be necessary also. How can I
tell if the ports are "free"? Is there a standard list?
No list I've seen but it doesn't matter. You need to use the ports that
gamil, yahoo etc. want you to use. Not ports you like.

Yes, you can use stunnel for more than one provider,, but I have to
admit, I'm not sure how.

I use the same installation of stunnel for Eudora and for the newsreader
Agent 1.93 (for times I send email from it) which was also written
before ssl existed. I've been using it for maybe 15 years with no
trouble at all.

Except some effort was needed to make it work for Eudora too, because it
was already set up for Agent.
Post by Ken Leidner
[gmail-pop3]
client = yes
accept = 127.0.0.1:110
connect = pop.gmail.com:995
verifyChain = yes
CAfile = ca-certs.pem
checkHost = pop.gmail.com
OCSPaia = yes
[yahool-pop3]
client = yes
accept = 127.0.0.1:1110
connect = pop.gmail.com:995
verifyChain = yes
CAfile = ca-certs.pem
checkHost = pop.gmail.com
OCSPaia = yes
[hotmail-pop3]
client = yes
accept = 127.0.0.1:1111
connect = pop.gmail.com:995
verifyChain = yes
CAfile = ca-certs.pem
checkHost = pop.gmail.com
OCSPaia = yes
This might work. Did it?
micky
2018-10-02 18:30:56 UTC
Permalink
In comp.mail.eudora.ms-windows, on Fri, 24 Aug 2018 05:45:05 -0500,
Post by g***@rr.com
On Wed, 22 Aug 2018 03:58:52 -0700 (PDT), Will Seehorn
Post by Will Seehorn
Post by i***@jejejeje.it
Post by Will Seehorn
Download stunnel from <https://www.stunnel.org/downloads.html>. Install
stunnel and start it. Set it up to run as a Service (one of the entries in
Start -> All Programs -> stunnel -> stunnel Service Install.
what What will change after I install Stunnel? I mean: will Eudora
work as before? Thanks
The only difference you should 'notice' is that you won't be getting certificate errors anymore. Stunnel acts as an interface between Eudora and the new certificates that Eudora doesn't know how to handle, stunnel does it for eudora.
I have been using Stunnel for over a year with Gmail and Eudora. This
week I started getting errors trying to send emails in Eudora with
Gmail. I happen to open the stunnel Log file and notice the following
which implied the issue was Avast. There was a lot in the Log file and
I was lucky to even see this. As soon as I turned off Avast Email
protection then Gmail and Eudora started working again.
It's good of you to point out the value of the stunnel log.
Post by g***@rr.com
Is there is a better way to fix this than to turn off Avast email
Not afaik, but Eudora is different from most other email programs in
that it separates attachments from the emails and stores attachments in
their own directory. Therefore the regular antimalware protection for
any new file will also check attachments, and it's not needed to check
incoming mail.

You should also have "run executables" unchecked in Tools / Options
becasue malware can run that way too. I don't know the relationship of
email executables to antivirus programs like Avast.

Also, bear in mind that Avast will turn itself back on even after you
turn it off. I think this happens when new releases of it are
installed. If it's possible to uninstall the email portion of Avast, I
think that prevents that. That is possible with AVG, which was bought
by Avast within the last year or so.
Post by g***@rr.com
protection? I would like to have my incoming emails scanned but seem
to remember I had to exclude Eudora before. I think one of the Avast
updated much have turned it back on?
Just another place to look for issues is the Log file of Stunnel. I
had even made a point to update my Stunnel to the newest version
before I found this.
: Rejected by CERT at depth=1: OU=generated by Avast Antivirus for SSL/TLS scanning, O=Avast Web/Mail Shield, CN=Avast Web/Mail Shield Root
2018.08.23 21:39:38 LOG3[0]: SSL_connect: 14090086: error:14090086:SSL
routines:ssl3_get_server_certificate:certificate verify failed
2018.08.23 21:39:38 LOG5[0]: Connection reset: 0 byte(s) sent to TLS,
0 byte(s) sent to socket
Very interesting.

BTW, I've been using stunnel with Eudora for a year and it has required
no maintenance during that time. It's certainly not obsolete and I
don't think it's even obsolescent. It would be a parallel alternative
to the new version qcsll.dll, if that is really bug-free and some people
still report problems with it. I havenb't tried it at all because
stunnel works 100% for me.
mob-11
2018-10-12 13:23:26 UTC
Permalink
I've been using only Eudora since 1994. For several years, I have been able to continue receiving mail (v 7.01) by clicking "Yes" when the SSL notice appears.

A few days ago, I stopped receiving mail via Eudora. Instead of one SSL notice, I started receiving the notice twice, clicked "Yes" twice, and did not receive the mail.

Server IP# 96.114.157.77 (Comcast)
Port: 995
SSL version: TLSv1
Unknown error
The connection with the server has been lost.

The SSL notice says "Data: version: 3 (0x2)" - I don't know if that matters.

I phoned Comcast (Xfinity) and they can't help.

I've never done anything with "stunnel" because it seems too complicated for me.
Loading...