At 03:25 PM 1/9/02, Tim Tyler wrote: >Qpopper experts, > I just went live with our ssl implementation of qpopper today and I am >finding mixed results. Many Eudora users of 5.1 have to go into options and >add our site as a trusted certificate.
We spent the $125/year to buy a cert. Relatively cheap solution to that. > This is fine. However, quite a few >clients with Eudora 5.1 simply keep working and never force the Trust issue. >They do have "if available, starttls" or "require ttl". But if they click >on the button next to it, it states they have never accessed a TTLS server. >So they are continuing to work in plain text mode. Why? If we require ttl, >shouldn't it force the process? In my tests, if I set Require TLS, and the server doesn't provide it, Eudora reports an error and exits. > Well it appears to still retrieve in plain >text mode since they still get the "never accessed a ttls server response. > > In some cases, we know that Norton AntiVirus is acting as an intercept for >filtering email. This is an annoyance. They do it badly, IMO. > If we take out the Norton intercept address and put them >back to our server with their standard username, they start to work properly >with SSL. Note that if you have Norton 2001 (what I've tested with) on a machine with Eudora 5.1, you'll still have full virus protection. When Eudora tries to write attachments to the hard disk, Norton Antivirus will notice the virus, and pop up an alert window. Works great without Norton trying to proxy anything. > But some people do NOT have Norton intercepting their email as >far as I can tell; i.e., they have our standard server and their standard >username. So why might their client not attempt to negotiate an SSL >connection? > Could Norton be working in the background to intercept somehow? What else >might I look for? The way Norton's intercept works is to set itself up on port 110 on 127.0.0.1. So if your mail client is trying to use 127.0.0.1 as a mail server, then it's going to be an issue. If it's using the real name/address of the server, it's not an issue. > Also, Am I correct in assuming that Norton probably can't be used for >direct email filtering if one wants SSL protection? You are correct. They haven't gotten the SSL stuff into their proxy, and intercepting isn't viable. As I mentioned above, with Eudora it's not important. ----------------------------------------------------------------- Daniel Senie [EMAIL PROTECTED] Amaranth Networks Inc. http://www.amaranth.com
