New tiscali.it autoconfig template

RESOLVED FIXED

Status

Webtools
ISPDB Server
RESOLVED FIXED
7 years ago
5 years ago

People

(Reporter: Tom, Assigned: BenB)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(2 attachments, 3 obsolete attachments)

(Reporter)

Description

7 years ago
Created attachment 560906 [details]
config-v1.1.xml

User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:6.0.2) Gecko/20100101 Firefox/6.0.2
Build ID: 20110906215100

Steps to reproduce:

We just enabled the SSL on imap/pop3/smtp services so we'd like to publish a new template. Please note that the smtp service is still only available from the Tiscali customer network.
(In reply to Tom from comment #0)
> Created attachment 560906 [details]
> config-v1.1.xml
> 
> User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:6.0.2) Gecko/20100101
> Firefox/6.0.2
> Build ID: 20110906215100
> 
> Steps to reproduce:
> 
> We just enabled the SSL on imap/pop3/smtp services so we'd like to publish a
> new template. Please note that the smtp service is still only available from
> the Tiscali customer network.

If you host the file, the histed file will superseed the file hosted by mozilla. Hosting the file will make your next update easier too (see https://developer.mozilla.org/en/Thunderbird/Autoconfiguration#Configuration_server_at_ISP for documentation). Tom would tiscali host the file ?
Status: UNCONFIRMED → NEW
Ever confirmed: true
(Reporter)

Comment 2

7 years ago
I know, we are taking care of the autoconfig HTTP server, but it's not yet in place. In the meantime could you please update the tiscali.it template on ispdb? thanks
T.
Attachment #560906 - Flags: review?(ben.bucksch)
(Assignee)

Comment 3

7 years ago
> We just enabled the SSL on imap/pop3/smtp services

Thank you!

Review, comparing to the existing tiscali.it file:
- Keep the XML header
- Why the change from EMAILLOCALPART to EMAILADDRESS? That's not what this bug is about.
- You remove the encrypted passwords. Don't. They are still supported,
  and preferred even when over SSL, in case of server hacks etc.

I notice the old config was broken! It had normal SSL on IMAP port 143. This can't work, and doesn't. Worse, we tell the user that his password is wrong! Gah. :-(((

The IMAP server doesn't respond to my 1 CAPABILITY command, but maybe that's the line endings.

Tom, can you confirm?
For all of IMAP, POP3, SMTP:
- SSL (with port 993, 995 and 465, respectively)
- username is the part before the @ of the email address, e.g. "fred" for fred@tiscali.it
- encrypted passwords via CRAM-MD5 are supported for IMAP and POP3, but not for SMTP.
  (We prefer this even over SSL, because if you store the passwords encrypted as well,
  a break into your servers or an SSL failure doesn't leave the users' passwords
  as exposed as with plaintext passwords.)
(Assignee)

Updated

7 years ago
Attachment #560906 - Flags: review?(ben.bucksch) → review-
(Assignee)

Comment 4

7 years ago
Created attachment 561158 [details] [diff] [review]
Config, v2 - Diff
Assignee: nobody → ben.bucksch
Attachment #560906 - Attachment is obsolete: true
Status: NEW → ASSIGNED
(Assignee)

Comment 5

7 years ago
Created attachment 561159 [details]
Config, v2 - XML
Attachment #561159 - Flags: review?
(Assignee)

Updated

7 years ago
Attachment #561159 - Flags: review? → feedback?(tdessi)
(Assignee)

Updated

7 years ago
Attachment #561158 - Flags: review?
(Assignee)

Comment 6

7 years ago
Comment on attachment 561158 [details] [diff] [review]
Config, v2 - Diff

Blake, can you please drive this? I won't have much time in the next month, but this needs urgent attention, because the current config is wrong and gives a misleading error message.
Attachment #561158 - Flags: review? → review?(bwinton)
(Reporter)

Comment 7

7 years ago
(In reply to Ben Bucksch (:BenB) from comment #3)

> Review, comparing to the existing tiscali.it file:
> - Keep the XML header
> - Why the change from EMAILLOCALPART to EMAILADDRESS? That's not what this
> bug is about.

our servers authenticate both EMAILLOCALPART and EMAILADDRESS, maybe it's safer the full EMAILADDRESS (but it's not an issue if you leave EMAILLOCALPART)

> - You remove the encrypted passwords. Don't. They are still supported,
>   and preferred even when over SSL, in case of server hacks etc.

OK

> I notice the old config was broken! It had normal SSL on IMAP port 143. This
> can't work, and doesn't. Worse, we tell the user that his password is wrong!
> Gah. :-(((

i know, it's the main reason for opening this bug!

> The IMAP server doesn't respond to my 1 CAPABILITY command, but maybe that's
> the line endings.

yes, it is, please use -crlf option with "openssl s_client" command

> Tom, can you confirm?
> For all of IMAP, POP3, SMTP:
> - SSL (with port 993, 995 and 465, respectively)

OK

> - username is the part before the @ of the email address, e.g. "fred" for
> fred@tiscali.it

OK (even if i prefer EMAILADDRESS)

> - encrypted passwords via CRAM-MD5 are supported for IMAP and POP3, but not
> for SMTP.
>   (We prefer this even over SSL, because if you store the passwords
> encrypted as well, a break into your servers or an SSL failure doesn't
> leave the users' passwords as exposed as with plaintext passwords.)

OK, agreed but please note that CRAM-MD5 is available even on SMTP host (you cannot reach smtp.tiscali.it from outside Tiscali network), so we can use encrypted passords on smtp.tiscali.it too.

T.
Attachment #561158 - Flags: review?(bwinton) → review?(gozer)
Attachment #561158 - Flags: review?(gozer) → review+
Can someone check this in ?
Keywords: checkin-needed
(Assignee)

Comment 9

7 years ago
> CRAM-MD5 is available even on SMTP host

Great. We should enable that.

> you cannot reach smtp.tiscali.it from outside Tiscali network

That is a problem however. Could you fix that, please, given that you have authentication on SMTP? We have users who take their notebook to work or McDonald's (Hotspot) and are confused when it doesn't work. Even *I* was confused why the server doesn't react.

Ben
(Assignee)

Comment 10

7 years ago
ludo, we need 2 reviews.
Keywords: checkin-needed
(Assignee)

Comment 11

7 years ago
Created attachment 561362 [details] [diff] [review]
Config, v3 - Diff

- Use email address as username
- Use encrypted passwords for SMTP
Attachment #561158 - Attachment is obsolete: true
Attachment #561362 - Flags: review?(bwinton)
(Assignee)

Comment 12

7 years ago
Created attachment 561363 [details]
Config, v3 - XML
Attachment #561159 - Attachment is obsolete: true
Attachment #561159 - Flags: feedback?(tdessi)
(Assignee)

Updated

7 years ago
Attachment #561362 - Flags: review?(gozer)
(Assignee)

Updated

7 years ago
Attachment #561363 - Attachment mime type: audio/x-it → text/xml
(Assignee)

Comment 13

7 years ago
Comment on attachment 561363 [details]
Config, v3 - XML

Tom, could you please test this config or give me a test account (you can send to my email address)?
(Reporter)

Comment 14

7 years ago
it works! sent a test account to your address
Attachment #561362 - Flags: review?(gozer) → review+
Comment on attachment 561362 [details] [diff] [review]
Config, v3 - Diff

Looks fine to me!
Attachment #561362 - Flags: review?(bwinton) → review+
(Assignee)

Comment 16

7 years ago
Committed as SVN r95271
(Assignee)

Comment 17

7 years ago
FIXED
Status: ASSIGNED → RESOLVED
Last Resolved: 7 years ago
Resolution: --- → FIXED
(Reporter)

Comment 18

7 years ago
OK!
Component: ispdb → ISPDB Server
Product: Mozilla Messaging → Webtools
You need to log in before you can comment on or make changes to this bug.