On 2017-10-16 22:37, James Knott wrote:
On 10/16/2017 04:02 PM, Carlos E. R. wrote:
On 2017-10-16 20:11, James Knott wrote:
On 10/16/2017 01:51 PM, Carlos E. R. wrote:
Besides, any communication protocol that uses encryption is safe, even if they get entry to our WiFi: ssh, https... but not, I think, smb, nfs, most email... Many email providers are moving to SSL/TLS for POP, IMAP and SMTP. Not mine.
Geez... Spain is really behind the times. Can you not even configure it with your email apps? Also, email web interfaces now use https. Also, Google tries to favour https web sites, to encourage encryption on the web.
It is the ISP, email is secondary for them. It is no longer offered to new clients, so they don't care that much. So currently the IMAP connection has no security at all, whereas the smtp connection does. I tried to enable starttls or ssl/tls and the connection failed. I also looked at my fetchmail log of one connection, it is this: - - 6.3.26 querying imap.telefonica.net (protocol IMAP) at 2017-10-16T13:07:35 CEST: poll started - - Trying to connect to 86.109.99.71/143...connected. - - IMAP< * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE AUTH=PLAIN AUTH=CRAM-MD5] e.movistar.es. - - IMAP> A0001 CAPABILITY - - IMAP< * CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE AUTH=PLAIN AUTH=CRAM-MD5 - - IMAP< A0001 OK Pre-login capabilities listed, post-login capabilities have more. - - IMAP> A0002 AUTHENTICATE CRAM-MD5 - - IMAP< + ***********== - - IMAP> ************== - - IMAP< * CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS THREAD=ORDEREDSUBJECT MUMULTIAPPEND URL-PARTIAL CATENATE UNSELECT CHILDREN NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH ESORT SEARCHRES WITHIN CONTEXT=SEARCH LIST-STATUS SPECIAL-USE BINARY MOVE QUOTA - - IMAP< A0002 OK Logged in - - IMAP> A0003 SELECT "Inbox" - - IMAP< * FLAGS (\Answered \Flagged \Deleted \Seen \Draft NonJunk Junk) - - IMAP< * OK [PERMANENTFLAGS (\Answered \Flagged \Deleted \Seen \Draft NonJunk Junk \*)] Flags permitted. - - IMAP< * 3 EXISTS - - IMAP< * 0 RECENT - - IMAP< * OK [UNSEEN 1] First unseen. - - IMAP< * OK [UIDVALIDITY 1496821626] UIDs valid - - IMAP< * OK [UIDNEXT 33] Predicted next UID - - IMAP< A0003 OK [READ-WRITE] Select completed (0.002 secs). - - IMAP> A0004 EXPUNGE - - IMAP< A0004 OK Expunge completed. - - 3 messages for SOMEBODY at imap.telefonica.net (folder Inbox). - - IMAP> A0005 FETCH 1:3 RFC822.SIZE - - IMAP< * 1 FETCH (RFC822.SIZE 31383) - - IMAP< * 2 FETCH (RFC822.SIZE 15673) - - IMAP< * 3 FETCH (RFC822.SIZE 16227) - - IMAP< A0005 OK Fetch completed. - - IMAP> A0006 FETCH 1 RFC822.HEADER - - IMAP< * 1 FETCH (RFC822.HEADER {2994} - - reading message SOMEBODY@imap.telefonica.net:1 of 3 (2994 header octets)Trying to connect to 127.0.0.1/25...connected. - - SMTP< 220 Telcontar.valinor ESMTP - - SMTP> EHLO Telcontar.valinor - - SMTP< 250-Telcontar.valinor - - SMTP< 250-PIPELINING ... Looking at the exchange and that it used cramd5, I changed Thunderbird to also use encryption for the password and apparently it works - this is new. But I see no nothing about using TLS or SSL in the body fetch. On another provider (pop3), I see: - - POP3> CAPA - - POP3< +OK - - POP3< CAPA - - POP3< TOP - - POP3< UIDL - - POP3< RESP-CODES - - POP3< PIPELINING - - POP3< AUTH-RESP-CODE - - POP3< USER - - POP3< SASL PLAIN - - POP3< . - - pop.dominioabsoluto.net: upgrade to TLS succeeded. <========== so fetchmail tries and succeeds on another provider, but not on telefonica aka movistar. -- Cheers / Saludos, Carlos E. R. (from 42.2 x86_64 "Malachite" at Telcontar)