Closed Bug 687457 Opened 13 years ago Closed 13 years ago

New tiscali.it autoconfig template

Categories

(Webtools :: ISPDB Server, defect)

Product:
Webtools
Component:
ISPDB Server
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: tdessi, Assigned: BenB)

Details

Attachments

(2 files, 3 obsolete files)

Config, v3 - Diff
1.41 KB, patch
bwinton
: review+
gozer
: review+
Details | Diff | Splinter Review
Config, v3 - XML
1.14 KB, text/xml
Details
Attached file config-v1.1.xml (obsolete) — 
User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:6.0.2) Gecko/20100101 Firefox/6.0.2
Build ID: 20110906215100

Steps to reproduce:

We just enabled the SSL on imap/pop3/smtp services so we'd like to publish a new template. Please note that the smtp service is still only available from the Tiscali customer network.
(In reply to Tom from comment #0)
> Created attachment 560906 [details]
> config-v1.1.xml
> 
> User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:6.0.2) Gecko/20100101
> Firefox/6.0.2
> Build ID: 20110906215100
> 
> Steps to reproduce:
> 
> We just enabled the SSL on imap/pop3/smtp services so we'd like to publish a
> new template. Please note that the smtp service is still only available from
> the Tiscali customer network.

If you host the file, the histed file will superseed the file hosted by mozilla. Hosting the file will make your next update easier too (see https://developer.mozilla.org/en/Thunderbird/Autoconfiguration#Configuration_server_at_ISP for documentation). Tom would tiscali host the file ?
Status: UNCONFIRMED → NEW
Ever confirmed: true
I know, we are taking care of the autoconfig HTTP server, but it's not yet in place. In the meantime could you please update the tiscali.it template on ispdb? thanks
T.
Attachment #560906 - Flags: review?(ben.bucksch)
> We just enabled the SSL on imap/pop3/smtp services

Thank you!

Review, comparing to the existing tiscali.it file:
- Keep the XML header
- Why the change from EMAILLOCALPART to EMAILADDRESS? That's not what this bug is about.
- You remove the encrypted passwords. Don't. They are still supported,
  and preferred even when over SSL, in case of server hacks etc.

I notice the old config was broken! It had normal SSL on IMAP port 143. This can't work, and doesn't. Worse, we tell the user that his password is wrong! Gah. :-(((

The IMAP server doesn't respond to my 1 CAPABILITY command, but maybe that's the line endings.

Tom, can you confirm?
For all of IMAP, POP3, SMTP:
- SSL (with port 993, 995 and 465, respectively)
- username is the part before the @ of the email address, e.g. "fred" for fred@tiscali.it
- encrypted passwords via CRAM-MD5 are supported for IMAP and POP3, but not for SMTP.
  (We prefer this even over SSL, because if you store the passwords encrypted as well,
  a break into your servers or an SSL failure doesn't leave the users' passwords
  as exposed as with plaintext passwords.)
Attachment #560906 - Flags: review?(ben.bucksch) → review-
Attached patch Config, v2 - Diff (obsolete) — Splinter Review 
Assignee: nobody → ben.bucksch

        Attachment #560906 -
        Attachment is obsolete: true
Status: NEW → ASSIGNED

    
    

    
  

      
      
      
      

        Attached audio
          
        Config, v2 - XML (obsolete)
        — 
      

    


  

        Attachment #561159 -
        Flags: review?

    
  

        Attachment #561159 -
        Flags: review? → feedback?(tdessi)

    
  

        Attachment #561158 -
        Flags: review?

    
    

    
  
Comment on attachment 561158 [details] [diff] [review]
Config, v2 - Diff

Blake, can you please drive this? I won't have much time in the next month, but this needs urgent attention, because the current config is wrong and gives a misleading error message.

        Attachment #561158 -
        Flags: review? → review?(bwinton)

    
    

    
  
(In reply to Ben Bucksch (:BenB) from comment #3)

> Review, comparing to the existing tiscali.it file:
> - Keep the XML header
> - Why the change from EMAILLOCALPART to EMAILADDRESS? That's not what this
> bug is about.

our servers authenticate both EMAILLOCALPART and EMAILADDRESS, maybe it's safer the full EMAILADDRESS (but it's not an issue if you leave EMAILLOCALPART)

> - You remove the encrypted passwords. Don't. They are still supported,
>   and preferred even when over SSL, in case of server hacks etc.

OK

> I notice the old config was broken! It had normal SSL on IMAP port 143. This
> can't work, and doesn't. Worse, we tell the user that his password is wrong!
> Gah. :-(((

i know, it's the main reason for opening this bug!

> The IMAP server doesn't respond to my 1 CAPABILITY command, but maybe that's
> the line endings.

yes, it is, please use -crlf option with "openssl s_client" command

> Tom, can you confirm?
> For all of IMAP, POP3, SMTP:
> - SSL (with port 993, 995 and 465, respectively)

OK

> - username is the part before the @ of the email address, e.g. "fred" for
> fred@tiscali.it

OK (even if i prefer EMAILADDRESS)

> - encrypted passwords via CRAM-MD5 are supported for IMAP and POP3, but not
> for SMTP.
>   (We prefer this even over SSL, because if you store the passwords
> encrypted as well, a break into your servers or an SSL failure doesn't
> leave the users' passwords as exposed as with plaintext passwords.)

OK, agreed but please note that CRAM-MD5 is available even on SMTP host (you cannot reach smtp.tiscali.it from outside Tiscali network), so we can use encrypted passords on smtp.tiscali.it too.

T.

        Attachment #561158 -
        Flags: review?(bwinton) → review?(gozer)

        Attachment #561158 -
        Flags: review?(gozer) → review+

    
    

    
  
Can someone check this in ?
Keywords: checkin-needed

    
    

    
  
> CRAM-MD5 is available even on SMTP host

Great. We should enable that.

> you cannot reach smtp.tiscali.it from outside Tiscali network

That is a problem however. Could you fix that, please, given that you have authentication on SMTP? We have users who take their notebook to work or McDonald's (Hotspot) and are confused when it doesn't work. Even *I* was confused why the server doesn't react.

Ben

    
    

    
  
ludo, we need 2 reviews.
Keywords: checkin-needed

    
    

    
  


  
- Use email address as username
- Use encrypted passwords for SMTP

        Attachment #561158 -
        Attachment is obsolete: true

        Attachment #561362 -
        Flags: review?(bwinton)

    
    

    
  

      
      
      
      

        Attached file
          
        Config, v3 - XML
      

    


  

        Attachment #561159 -
        Attachment is obsolete: true

        Attachment #561159 -
        Flags: feedback?(tdessi)

    
  

        Attachment #561362 -
        Flags: review?(gozer)

    
  

        Attachment #561363 -
        Attachment mime type: audio/x-it → text/xml

    
    

    
  
Comment on attachment 561363 [details]
Config, v3 - XML

Tom, could you please test this config or give me a test account (you can send to my email address)?

    
    

    
  
it works! sent a test account to your address

        Attachment #561362 -
        Flags: review?(gozer) → review+

    
    

    
  
Comment on attachment 561362 [details] [diff] [review]
Config, v3 - Diff

Looks fine to me!

        Attachment #561362 -
        Flags: review?(bwinton) → review+

    
    

    
  
Committed as SVN r95271

    
    

    
  
FIXED
Status: ASSIGNED → RESOLVED
Closed: 13 years ago
Resolution: --- → FIXED

    
    

    
  
OK!
Component: ispdb → ISPDB Server
Product: Mozilla Messaging → Webtools

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: