Beautifying my Berries?



Welcome, Guest \| Home \| Search \| Login \| Register


Author	Beautifying my Berries? (Read 29964 times)
68040 512 MB Posts: 950 68k - thy kingdom come, thy will be done !	Reply #15 on: February 23, 2023, 15:46 Keep in mind that these settings have to be specific for each recipient and might not always make sense. Case in point: For Microsoft's hotmail/outlook the protocol negotiation option "PROTOCOL" must not be set for POP3 and IMAP, but is required for SMTP. Don't ask me why this is, because Mircoooze never made much sense to me. :O
Last Edit: February 23, 2023, 16:44 by 68040
Neal_SE30 256 MB Posts: 401 System 7 Newcomer!	Reply #16 on: February 23, 2023, 22:24 What is stunnel? I’ve never managed to get my email working

mac-cellar 128 MB Posts: 176 Gotta love System 7	Reply #17 on: February 23, 2023, 22:30 I'd like to setup stunnel on the new server I've been slowly spinning up in the cellar. I tried for hours last night with a myriad of different .conf file settings, but wasn't able to establish a connection either to a Microsoftee Live.com account or my ISP (comcast). IMAP worked just fine with Microsoftee (so I could read my mailbox), but I had a persistent SSL connection error that no combination of settings would fix. Gmail just failed at authentication for no apparent reason. Any advice/guidance/links you might have would be very much appreciated. I already have the WebOne proxy and Netatalk file sharing up and running, so Stunnel is really the last link in the chain for my Quadra 610 to be connected to the 21st century

Knezzen Administrator 512 MB Posts: 608 Village idiot	Reply #18 on: February 24, 2023, 10:36 Our "SSL proxy" is actually stunnel and it works very well. Google shut down it's IMAP and SMTP auth support last year, so this part of the config is not really applicable anymore, but you should be able to just change the "connect" part to whatever you want instead of Google.
Last Edit: February 24, 2023, 10:39 by Knezzen
68040 512 MB Posts: 950 68k - thy kingdom come, thy will be done !	Reply #19 on: February 24, 2023, 11:07 YES - we can I manage my Google E-Mail - IMAP, POP3, SMTP and all - from my vintage Mac system via stunnel. For that to work I had to enable 2FA and then set up an app specific password. Which is basically just Google's way of telling you "if you don't want your mail to stay with us then we'll make it extra difficult for you to get at it". Its a hassle but it works. An app pwd is nothing but a Google generated lengthy character string (no numbers or special chars - so its very secure) that allows 1 app of yours to access your mail account the old fashioned way. But in fact Google doesn't have any extra checks built in to verify how many apps you are using it with. You just shouldn't try it from different devices, I guess, or you risk tripping off some security alert of theirs.

Knezzen Administrator 512 MB Posts: 608 Village idiot	Reply #20 on: February 24, 2023, 18:12 That's true, but I meant in the classic sense

68040 512 MB Posts: 950 68k - thy kingdom come, thy will be done !	Reply #21 on: February 24, 2023, 20:19 Once you got your app password the rest of the setup is really no different from "classic". You just have to go through stunnel, but that would be required nowadays anyway.

68040 512 MB Posts: 950 68k - thy kingdom come, thy will be done !	Reply #22 on: February 24, 2023, 22:03 @mac-cellar - You have to be mindful of the client you are using, too. As I found out to my great dismay MS-Outlook persistently fails to negotiate any kind of connection with stunnel. Please keep in mind that "SSL errors" appearing on the Mac side indicate a communication problem, between your client and STunnel and not between your Mac app and the communication endpoint. Once you specified the correct port for stunnel's data exchange all further SSL communication with the endpoint is handled by STunnel. For that reason you should let your client app talk with ST unencrypted, as the ciphers its is using will most likely be deprecated anyway. Enable debug mode with "debug = 7" and have the tunnel run in foreground until you worked out all the kinks (CAUTION: The log file gets huuuge). Last not least, if your end point does not support auto-negotiation, then you must specify the protocol to be used via "protocol =". Otherwise its best to leave this option blank. Btw, Microsoft's live.com had some major outtage these past days were even OAuth apps couldn't send or receive mails from or to other Outlook accounts anymore. That happens from time to time as Microsoft keeps fiddling around with their securitry filters. This is my setup that works, as long as MS keeps its act together: Code: [Select] <...> ; set the security requirements for cipher key length and complexity to -> everything is permitted. securityLevel = 0 <...> sslVersion = all <...> ;Hotmail: IMAP, POP3, and SMTP settings ; IMAP Server: imap-mail.outlook.com Encryption: SSL+TLS Port: 993 (default) ; POP3 Server: pop.outlook.com Encryption: SSL+TLS Port: 995 (default) ; SMTP Server: smtp-mail.outlook.com Encryption: SSL+STARTTLS Port: 587 (default) [hotmail-imap] client = yes ;protocol = imap accept = localhost:5993 connect = imap-mail.outlook.com:993 checkHost = imap-mail.outlook.com verifyChain = yes ;verifyPeer = yes ;OCSPaia = yes [hotmail-pop3] client = yes ;protocol = pop3 accept = localhost:5995 connect = pop.outlook.com:995 checkHost = pop.outlook.com verifyChain = yes ;verifyPeer = yes ;OCSPaia = yes [hotmail-smtp] client = yes protocol = smtp accept = localhost:5587 connect = smtp-mail.outlook.com:587 checkHost = smtp-mail.outlook.com verifyChain = yes ;verifyPeer = yes ;OCSPaia = yes
Last Edit: February 25, 2023, 01:13 by 68040
MTT 256 MB Posts: 394 SSW7 Oldtimer	Reply #23 on: February 25, 2023, 00:59 @68040: Don't know if you spotted it, but there's a new Mulberry v2.1 at the MG that you may like to upgrade to. -at DL #2 on the MG page. Runs well on 68k Mac, 7.6 - 8.1 Large number of bug fixes and new features -including full Appearance Manager support, which is good for 8.1 Don't know if those buttons have improved tho'...
Last Edit: February 25, 2023, 01:03 by MTT
68040 512 MB Posts: 950 68k - thy kingdom come, thy will be done !	Reply #24 on: February 25, 2023, 01:11 @MTT - Oh I would sing your high praises for that, but I gotta hit the loo now and then take my dog for a walk. Maybe I'll dream of you later tonight and I promise to keep it decent (fingers crossed). 😍

mac-cellar 128 MB Posts: 176 Gotta love System 7	Reply #25 on: February 25, 2023, 01:58 @68040 - thanks so much! This is really helpful. Going to give stunned another go this weekend.

68040 512 MB Posts: 950 68k - thy kingdom come, thy will be done !	Reply #26 on: February 25, 2023, 02:49 PS: You have to replace "localhost" with the network IP of your host system (not 127.0.0.1). This is needed because the virtual machine of B-II runs within its own network so specifying "localhost" (or 127.0.0.1) there would just make it talk to itself. For security reasons STunnel only accepts connections at the specified port and network address. So you got to use an IP# (or host name) you can reach from within Basilisk II. STunnel terminates if you use a network address that is not assigned to a local NIC (or a port # that is already occupied) in the "accept =" declaration. Here is a very good read on the configuration of stunnel.
Last Edit: February 25, 2023, 03:29 by 68040
mac-cellar 128 MB Posts: 176 Gotta love System 7	Reply #27 on: February 25, 2023, 03:29 @68040 - you've made my day! I edited my stunnel.conf file in line with yours above and PRESTO - I'm reading and sending email on my Quadra 610. I'm thrilled! Thank you again for taking the time to post your replies.

68040 512 MB Posts: 950 68k - thy kingdom come, thy will be done !	Reply #28 on: February 25, 2023, 11:00 @mac-cellar - Sharing is caring. Seriously, I burned so much midnight oil on this issue and then the solution was so plain forward, once I figured out the main obstacles behind it, that I thought it a shame to have other users waste their time as well, chasing ghosts. The top issues were the enabling of any cipher combinations and SSL versions and the realization that the encryption part is handled by STunnel for 100%. So I had to stop my Mac app trying to negotiate an SSL connection with ST - which in most cases failed for obvious reasons. Last not least was the protocol issue, which proved tricky because its handled differently by different ISP. STARTTLS skips the negotiation part that TLS is based on and encrypts the connection very early on. So you got to specify the "protocol =" parameter. But I found out that with other ISPs they don't like being told upfront what protocol to use - even so the port # pretty much dictates that by itself. So I took that out again - this "trial & error" approach is the reason for the many ';' in my conf file. PS: Always make a backup of your working config files, specially when fiddling around with new changes!
Last Edit: February 25, 2023, 17:36 by 68040
Bolkonskij Administrator 1024 MB Posts: 2023	Reply #29 on: March 02, 2023, 11:58 Just read in the other thread that you've got Eudora up and running. So the young love towards berries died off? :-) If so, what was the reason that made you switch?

	Pages: 1 [2] 3 4

© 2021 System7Today.com.
The Apple Logo, Macintosh™, Mac OS™, and others property of Apple Computer, Inc.
This site is in no way affiliated with Apple Computer, Inc.