Closed Bug 148423 Opened 23 years ago Closed 23 years ago

I get constantly warned about my ISP's SSL certificate when I try to send mail.

Categories

(MailNews Core :: Networking: SMTP, defect)

x86
Linux
defect
Not set
normal

Tracking

(Not tracked)

CLOSED INVALID

People

(Reporter: miles, Assigned: mscott)

Details

Repro: I have "Use secure connection (SSL)" set to "When available" in my Mail & News Preferences. I have a megapath.net ISP account. My SMTP server is mail.megapathdsl.net. Result: When I send mail, I get: You have attempted to establish a connection with "mail.megapathdsl.net". However, the security certificate presented belongs to"front2.mail.megapathdsl.net". It is possible, though unlikely, that someone may be trying to intercept your communication with this site.
this is no bug, it's a feature (and it says the certificate is broken/stolen/whatever)
I wrote to my ISP about it and they told me the server was correctly configured. The certificate is not stolen.
but still the certificate is for front2.mail.megapathdsl.net (IP: 66.80.60.30) and _not_ for mail.megapathdsl.net (IP 66.80.60.20)
-> invalid you can try to send your mail with "front2.mail.megapathdsl.net" and you should not get this warning. I had the same "problem" with my ISP but that's no bug. The warning itself is correct !
Status: UNCONFIRMED → RESOLVED
Closed: 23 years ago
Resolution: --- → INVALID
Alright. Matti, is there any way for Megapath to configure their handoff to a least-busy SMTP server in such a way that the certificates would match? The support person at Megapath didn't seem to think so.
Status: RESOLVED → CLOSED
They use this way: you connect to "mail.foo" -> they route it to "blah.mail.foo" (that's the mail server) The certificate is for the real mail server ("blah.mail.foo") and you get the warning. (you can't disable the warning because it could be a very big security problem (man in the middle attack) ) They possible route it because they can switch the mail servers and you doen't need to change your mail settings. (you always connect to "mail.foo") and/or they do load balancing with it (in that case you would get different hostnames in the warning) You can solve this if you do this: change your smtp server from "mail.foo" to "blah.mail.foo" (but it's possible that you get problems if they switch the mail server in a year to blah2.mail.foo) They can solve this if they change the certificate (i dunno if they can do this..) : server "blah.mail.foo" and certificate to "mail.foo" BTW: Please don't use "close", "Remind" or "Later"...
QA Contact: sheelar → junruh
Product: MailNews → Core
Product: Core → MailNews Core
You need to log in before you can comment on or make changes to this bug.