[nmglug] Comcast refuses to send mail to Linux desktop email clients

Alucard alucard at swcp.com
Fri Dec 7 23:56:58 PST 2018


Hi Tom,




Can you paste the cert(s) in this email thread?




Thanks




-- Jared






From: Tom Ashcraft


Sent: Friday, December 7, 11:53 PM


Subject: Re: [nmglug] Comcast refuses to send mail to Linux desktop email clients


To: Alucard, nmglug at lists.nmglug.org, abqgwyns at comcast.net






Jared, Looking at how the server SSL certificates turn up when I a) set up the Thunderbird test profile and performed it's initial startup, b) what happened when I started it again, and c) what happened when I next granted the permanent certificate mis-match exception for my original profile, my suspicions continue to comport with negative expectations with regard to Comcast. My current theory (noted again as being rather poorly informed and based on only partial understanding) is that Comcast or General Electric or Xfinity--or who ever decided it was somebody else's job--just didn't bother to provide a current certificate for imap.ge.xfinity.com. I think this because nowhere have I seen or can I find *any* certificate for imap.comcast.net.  Only certificates associated with imap.email.comcast.net and imap.ge.xfinity.com seem to appear.  And here, I think, might lie the crux of the matter. Could it not be that Comcast simply allowed the certificate for imap.comcast.net to lapse and failed to renew it?  Might not such an event--the absence of a certificate--have caused Thunderbird to refuse to connect with imap.comcast.net when it stopped receiving new mail for me on three different computers a few days ago? Note that old iPod app and older Windows versions of Thunderbird, which are probably of less secure design than the then non-receiving current Linux Thunderbird, Kmail, or Sylpheed I have, continued to work properly. Tom On 12/7/18 7:49 PM, Alucard wrote: > Hi Tom, > > No problem. > > Comcast doesn't manage mail well though. They're notoriously bad. > > We have a dedicated smtp server JUST to make sure it plays nice with > Comcast. > > In short, drop them as soon as possible. Pretty much anyone else is > better than them. I know the pain that will cause. But sooner than > later is probably best. > > -- Jared > > On 12/7/18 7:44 PM, Tom Ashcraft wrote: >> Wow. Thanks, Jared.  It'll take me a while to grok and test all the >> new info you've provided.   Just now have recovered from crashing, >> deleting, and restoring account after most recent experiments.  I >> appreciate your help and will keep you appraised as efforts and >> results unfold.  OK, back to sawing on the limb I'm sitting on ... >> >> On 12/7/18 7:15 PM, Alucard wrote: >>> Hi Tom, >>> >>> Are you able to reproduce the issue with a new Tbird profile? >>> >>> thunderbird -p >>> >>> Create a test profile, add the account. >>> >>> Use the hostname: >>> imap.ge.xfinity.com for imap 993 SSL/TLS >>> smtp.comcast.net for smtp 465 SSL/TLS >>> >>> Your username is probably the same as the email, without >>> @comcast.net at the end. >>> >>> I used telnet to confirm that those two hostnames are answering on >>> port 143 and 25. >>> >>> If it works after that, I would move over your old profiles' .mab >>> files to the new profile. (all of which is in .thunderbird) >>> >>> Thunderbird makes it super easy to move around in profiles. If you >>> wanted to make Tbird work quickly, I would do the above. If you >>> wanted to try and actually find the issue, I would start with >>> removing any accept invalid certs. >>> >>> Prefrences -> Advanced -> Certificates -> Manage Certificates >>> >>> (Probably back these up first) Find the Comcast cert, and remove it. >>> >>> I'm not 100% which tab it will be in. (Your Certificates, People, >>> Servers, or Authorities) But probably under servers. >>> >>> Let me know how all that goes, please. >>> >>> Thanks! >>> >>> -- Jared >>> >>> On 12/7/18 6:54 PM, Tom Ashcraft wrote: >>>> Thanks for the suggestions, Jared. >>>> >>>> Switching from imap.ge.xfinity.com to mail.comcast.net didn't work >>>> at all (and I think I may have tried that before a couple of days >>>> ago per suggestions found in Comcast support pages) but I suspect >>>> the problem (and the original certificate problem I mentioned >>>> before switching from imap.comcast.net to imap.ge.xfinity.com) has >>>> something to do with the way configuration files get >>>> modified/updated (or not) in Thunderbird. >>>> >>>> It worked the first time (after the warning) going from >>>> imap.comcast.net to imap.ge.xfinity.com but not going from there to >>>> mail.comcast.net. >>>> >>>> I don't really know what to look for in the .thunderbird >>>> directories and I've probably failed to be sufficiently thorough in >>>> my examination of menus. >>>> >>>> At this point I expect I'd best put some time in studying up on SSL >>>> certificates, i.e. when and where they come from and where they go >>>> when they work right.  My comprehension of all that is pretty poor. >>>> >>>> On 12/7/18 5:43 PM, Alucard wrote: >>>>> Hi Tom, >>>>> >>>>> Try using this hostname for imap: >>>>> mail.comcast.net >>>>> >>>>> And use this hostname for smtp: >>>>> smtp.comcast.net >>>>> >>>>> That should allow you to get a valid SSL cert. >>>>> >>>>> Let me know how that goes. Also, don't setup your own email. >>>>> Setting up a dovecot server is fun, but maintaining it to work >>>>> with all other email providers is a super big drag. Especially >>>>> when people need to have their email flow without a problem. >>>>> >>>>> -- Jared >>>>> >>>>> On 12/7/18 5:02 PM, Tom Ashcraft wrote: >>>>>> OK, I *think* that having more or less successfully substituted >>>>>> imap.ge.xfinity.com for imap.comcast.net--currently with a >>>>>> certificate mis-match warning I don't yet know how to fix--is >>>>>> probably at least marginally more desirable than having to go >>>>>> through Xfinity mail website... >>>>>> >>>>>> Because, going through the website, Comcast/Xfinity has greater >>>>>> opportunity to do their social engineering infantilization thing, >>>>>> further shape my perceptions, whither my digital self-reliance >>>>>> skillset, more fully exploit me as a consumer milk cow and allow >>>>>> government and corporations to better trace and predict my >>>>>> physical and economic movements should they desire to do so, etc. >>>>>> >>>>>> But am I wrong, should I continue to use the website until I'm >>>>>> completely sure I have the certificate thing properly nailed? >>>>>> >>>>>> On 12/7/18 4:13 PM, Casey Dentinger wrote: >>>>>>> I don't find receiving mail to be that bad but getting it >>>>>>> successfully >>>>>>> delivered is a place where the internet is hamstrung by >>>>>>> corporations. >>>>>>> >>>>>>> On 18-12-07 15:45:26, chochoms at earthlink.net wrote: >>>>>>>> >>>>>>>> >>>>>>>> -----Original Message----- >>>>>>>>> From: Casey Dentinger >>>>>>>>> Sent: Dec 7, 2018 2:46 PM >>>>>>>>> To: nmglug at lists.nmglug.org >>>>>>>>> Subject: Re: [nmglug] Comcast refuses to send mail to Linux >>>>>>>>> desktop email clients >>>>>>>>> >>>>>>>>> That escalated quickly :) >>>>>>>>> >>>>>>>>> Also you don't need imap if you just use mutt locally >>>>>>>>> >>>>>>>>> On Fri, Dec 7, 2018, at 2:43 PM, J Marsden DeLapp wrote: >>>>>>>>>> On Fri, 7 Dec 2018 10:49:39 -0700 >>>>>>>>>> jason schaefer wrote: >>>>>>>>>> >>>>>>>>>>> On 12/1/18 10:47 PM, Tom Ashcraft wrote: >>>>>>>>>>>> What they can't steal from us most of seem to be willing to >>>>>>>>>>>> give to >>>>>>>>>>>> them for free. So much for any hope of anonymity or privacy >>>>>>>>>>>> from our >>>>>>>>>>>> corporate overlords. Might as well let them tatoo a barcode >>>>>>>>>>>> on your >>>>>>>>>>>> forehead--though that wouldn't be nearly as effective. >>>>>>>>>>> Its worth pointing out that if you are concerned about these >>>>>>>>>>> issues >>>>>>>>>>> you shouldn't be using comcast for email... >>>>>>>>>> With a simple >>>>>>>>>> apt install postfix dovecot-imapd >>>>>>>>>> you can run your own mail server. >>>>>>>>>> >>>>>>>>>> Mars >>>>>>>>>> >>>>>>>>>> -- >>>>>>>>>> ============================================================= >>>>>>>>>> J. Marsden DeLapp, PE >>>>>>>>>> President >>>>>>>> I am following this discussion with great amusement. Maybe you >>>>>>>> guys know something I don't, but having your own email server >>>>>>>> or an email client on your desktop (phones of course are too >>>>>>>> insecure to use for anything important) seems like a lot of >>>>>>>> un-needed work trying to keep things secure.  I concluded >>>>>>>> several years ago that I had neither the time nor the >>>>>>>> inclination (plus I am not expert enough in Linux) to harden my >>>>>>>> computer against email-carried malware. Also since someone >>>>>>>> could conceivably get into my computer I don't want them to >>>>>>>> have access to my email. Consequently I use web mail, (not >>>>>>>> GOOGLE!), because the ISP can do a lot better job than I at >>>>>>>> filtering out the malware and protecting against crackers. If I >>>>>>>> need to send something encrypted or very sensitive I use >>>>>>>> Protonmail from CERN. >>>>>>>> >>>>>>>> Problem solved. Doesn't matter what Comcast or anyone else >>>>>>>> allows, plus I can check my mail on any computer in the world. >>>>>>>> >>>>>>>> If I am wrong, please explain to this Linux neophyte why. >>>>>>>> >>>>>>>> >>>>>>>>>> DeLapp & Associates, Inc. dba DeLapp Engineering. >>>>>>>>>> Providing lighting and power planning, design and analysis >>>>>>>>>> services >>>>>>>>>> for commercial, industrial and large residential facilities. >>>>>>>>>> 1190 Harrison Road Ste 3a >>>>>>>>>> Santa Fe NM 87507 >>>>>>>>>> (505) 983-5557 >>>>>>>>>> http://DeLapp.com >>>>>>>>>> ============================================================= >>>>>>>>>> _______________________________________________ >>>>>>>>>> nmglug mailing list >>>>>>>>>> nmglug at lists.nmglug.org >>>>>>>>>> http://lists.nmglug.org/listinfo.cgi/nmglug-nmglug.org >>>>>>>>> _______________________________________________ >>>>>>>>> nmglug mailing list >>>>>>>>> nmglug at lists.nmglug.org >>>>>>>>> http://lists.nmglug.org/listinfo.cgi/nmglug-nmglug.org >>>>>>> _______________________________________________ >>>>>>> nmglug mailing list >>>>>>> nmglug at lists.nmglug.org >>>>>>> http://lists.nmglug.org/listinfo.cgi/nmglug-nmglug.org >>>>>> _______________________________________________ >>>>>> nmglug mailing list >>>>>> nmglug at lists.nmglug.org >>>>>> http://lists.nmglug.org/listinfo.cgi/nmglug-nmglug.org >>>>> >>> > 




-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nmglug.org/pipermail/nmglug-nmglug.org/attachments/20181208/a884cbe2/attachment-0001.html>


More information about the nmglug mailing list