556272 - [Advocacy] Convince t-online.de to allow secure access outside their network for all users

Status: RESOLVED FIXED

(Webtools :: ISPDB Server, defect)

Description

[Ben Bucksch (:BenB)]

t-online.de, Germany's by far biggest ISP (formerly telco monopoly run by the state) and among the top5 of domains of our users, separates DSL customers in 2 classes:
- Standard customers only get
  - POP access, without SSL, and only within their DSL network.
  - SMTP server forces the From address to be the @t-online.de address and
    even adds the customer ID number in the headers (which then the hotline
    uses as one identification item, so a security risk).
  - There's are SSL-protected servers, but they only work *outside* of the
    DSL network, not within (arg!).
    Or was it only for their for-pay WiFi hotspots? I can't remember.
- "Email package" customers (5 Eur/month, or included in the most expensive
  DSL package) get:
  - IMAP, with SSL, both within and outside of the DSL network
  - SMTP, ditto, and free From address

To add to the idiocy, each of these servers have different hostnames, so there are 3 sets of configs (standard within network, standard customers outside network / in hotspots, and premium customers), and they are mostly mutually exclusive.

In other words, there's no single config that will work always work, *and* there's no way for us to find out which config is the right one, *and* it's so complicated that even I lost track even though I looked into it for hours. Totally unreasonable, from the perspective of a user.

Comment 2

[Ben Bucksch (:BenB)]

https://live.mozillamessaging.com/autoconfig/t-online.de
https://live.mozillamessaging.com/autoconfig/t-online.de%20imap%20ssl
https://live.mozillamessaging.com/autoconfig/t-online.de%20pop%20ssl
(only the first config is active and actually used)

Comment 3

[Ben Bucksch (:BenB)]

Help appreciated.

Comment 5

[Ben Bucksch (:BenB)]

Good news. Contacted t-online (again) and they are currently lifting the limitations. All customers, including non-paying customers, will be allowed to use IMAP and SSL. It will successively be enabled for the customers over the next 2-3 months.

secureimap.t-online.de (Port 993)
securepop.t-online.de (Port 995)
securesmtp.t-online.de (über STARTTLS, Port 25)

If you want to have your account enabled earlier, you can book any free product over their customer website, and it will be enabled.


Yes! Finally!

Comment 6

[Ben Bucksch (:BenB)]

I got mail from T-Online saying that the migration will be finished by Sept 1.

I already had a config file for that config, for extra-pay users (now available to all users), I'm just removing the <enable> element and overwrite t-online.de config with it. Attaching patch.

Comment 7

[Ben Bucksch (:BenB)]

Attachment: t-online.de, use SSL configs

Comment 8

[Blake Winton (:bwinton) (:☕️)]

Comment on attachment 462889 [details] [diff] [review]
t-online.de, use SSL configs

I like it!  Thanks for your work on this one, Ben.

Comment 9

[Ben Bucksch (:BenB)]

Attachment: t-online.de, use SSL configs, v2

So, when testing this, I got "BAD invald username/password" from the IMAP and POP server. On both of my accounts.
Called T-Online. They told me that I cannot use the password that I use to log in to their website, including webmail. IMAP and POP has a different password, which I have to create separately. Of course there's not the slightest hint to that during the registration. Talk about pitfalls for users.

They are aware of it, and their hotline as well (painfully so, I assume). I told my contact to please fix that, but he's just a developer, too.

This is precisely what <enable> was for. So, I'll put this in the config file. New version attached. We'll need bug 564043, for Thunderbird to actually use this field, though, unfortunately.

Comment 10

[Ben Bucksch (:BenB)]

Correction: Bug 586364

Comment 11

[Philippe M. Chiasson (:gozer)]

Comment on attachment 464879 [details] [diff] [review]
t-online.de, use SSL configs, v2

Okay, with one small typo:

"The normal password for the T-Online-Website (including Webmail) dies not work"
should be
"The normal password for the T-Online-Website (including Webmail) does not work"

s/dies/does/

Comment 12

[Ben Bucksch (:BenB)]

Thanks. I had already found and fixed that, as well as "application" with pp.
Great to see that you're all alert :).

Comment 13

[Blake Winton (:bwinton) (:☕️)]

Comment on attachment 464879 [details] [diff] [review]
t-online.de, use SSL configs, v2

This looks like a win.  I'm going to trust that there are no typos in the German.  ;)

Comment 14

[Ben Bucksch (:BenB)]

Commited as SVN revision 72346.

YAY! I am happy that now all T-Online users can make use of SSL, and they won't have any problems getting and sending mail when not at home. And they can even use IMAP.

Only worry I have is the password problem mentioned in comment 9. I hope that T-Online resolves that.

Comment 15

[Ben Bucksch (:BenB)]

FIXED

Comment 16

[Ulf Zibis]

(In reply to comment #15)
> FIXED

Fine!
Does that mean, that Bug 311906 is now silently fixed too?
Before Duplicate, it was valued as WONTFIX.

Comment 17

[Ben Bucksch (:BenB)]

> Does that mean, that Bug 311906 is now silently fixed too?

As far as T-Online is concerned (and it's the only mentioned): yes.