Configuring IMAP - POP - SMTP over SSL

Similar Messages

• Error when trying to se smtp over ssl

  Hi all ,
  I have a webdynpro application that sends mail using smtp over ssl .
  Ihvae imported the ca certificate to trused ca key store , but when I run the application I get the following error :
  javax.mail.MessagingException: Exception reading response;
    nested exception is:
       javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
  could you please help
  Regards ,
  Oren

  My apologies for jumping into this thread, but I'm having a similar problem. I placed a file into the webroot/vod folder for testing purposes, but I cannot play the file when I use it as a source for the HTML5 <video> tag. When I try to access the file directly, http://63.116.232.4/vod/AmericanFlag.mov I get the following error messages:
  Not Found The requested URL /vod/AmericanFlag.mov was not found on this server.Apache/2.2.9 (Win32) DAV/2 mod_ssl/2.2.9 OpenSSL/0.9.8h Server at 63.116.232.4 Port 80
  The sample file, however, plays through Safari with no problems. http://www.librarymedia.net/Flash3/HTML5.html

• Firewall settings for Authenticated SMTP over SSL?

  I'm trying to set up mail servives on a server hosted at a host company with a firewall. I think I need to open ports 587 and 465 but the hosting company says I should only open port 465 for this SMTP over SSL. When I try to send email locally thru an account on the server using the server's SMTP server, Apple Mail says it can't. I think part of the problem is the firewall at my end hosted by my ISP might be interacting with everything else.
  Should i have both ports open? Thanks!

  You will need to open the ports that you have added/enabled in Postfix. By default, Postfix only listens to port 25.
  Typically, port 587 should be used. Often you will also need port 465 for backwards compatibility with some Microsoft mail clients.
  To enable those ports in Postfix, see this:
  http://mac007.com/?Tips:AlternateSMTPPorts
  HTH,
  Alex

• FTP/File Sender Adapter over SSL - 500 Illegal PORT command.

  Hello Experts!
  I'm trying to configure FTP Sender Adapter over SSL. This is the configuration I'm using:
  Server: server01
  Port: 21
  Data Connection: Active
  Timeout: 100
  Connection Security: FTPS (FTP Using SSL/TLS) for Control and Data Connection
  Command Order: AUTH TLS, USER, PASS, PBSZ, PROT
  I have imported ftp server certificate into TrustedCAs key store. When the sender adapter tries to connect it receives the error 500 Illegal PORT command when getting files list.
  This is an excerpt of the logs of connection steps:
  #Plain##ftp server returns reply '220 Restricted Access. All Actions are monitored.'#
  #Plain##Detected 'AUTH TLS' command: Preparing TLS/SSL connection upgrade#
  #Plain##'AUTH TLS' successful: Upgrading control channel to TLS/SSL#
  #Plain##ftp server returns reply '234 Proceed with negotiation.'#
  #Plain##ftp server returns reply '331 Please specify the password.'#
  #Plain##ftp server returns reply '230 Login successful.'#
  #Plain##ftp server returns reply '200 PBSZ set to 0.'#
  #Plain##ftp server returns reply '200 PROT now Private.'#
  #Plain##ftp server returns reply '215 UNIX Type: L8'#
  #Plain##ftp server returns reply '200 Switching to ASCII mode.'#
  #Plain##ftp server returns reply '250 Directory successfully changed.'#
  #Plain##ftp server returns reply '500 Illegal PORT command.'#
  Does anybody know how to solve it?
  Thank you in advance!
  Roger Allué i Vall

  Ok! This is the maximum i could obtain:
  Fri Dec 11 15:28:12 2009 [pid 15206] FTP response: Client "10.58.42.108", "220 Restricted Access. All Actions are monitored."
  Fri Dec 11 15:28:12 2009 [pid 15206] FTP command: Client "10.58.42.108", "AUTH TLS"
  Fri Dec 11 15:28:12 2009 [pid 15206] FTP response: Client "10.58.42.108", "234 Proceed with negotiation."
  Fri Dec 11 15:28:12 2009 [pid 15206] FTP command: Client "10.58.42.108", "USER iubsint"
  Fri Dec 11 15:28:12 2009 [pid 15206] [iubsint] FTP response: Client "10.58.42.108", "331 Please specify the password."
  Fri Dec 11 15:28:12 2009 [pid 15206] [iubsint] FTP command: Client "10.58.42.108", "PASS <password>"
  Fri Dec 11 15:28:12 2009 [pid 15205] [iubsint] OK LOGIN: Client "10.58.42.108"
  Fri Dec 11 15:28:12 2009 [pid 15207] [iubsint] FTP response: Client "10.58.42.108", "230 Login successful."
  Fri Dec 11 15:28:12 2009 [pid 15207] [iubsint] FTP command: Client "10.58.42.108", "PBSZ 0"
  Fri Dec 11 15:28:12 2009 [pid 15207] [iubsint] FTP response: Client "10.58.42.108", "200 PBSZ set to 0."
  Fri Dec 11 15:28:12 2009 [pid 15207] [iubsint] FTP command: Client "10.58.42.108", "PROT P"
  Fri Dec 11 15:28:12 2009 [pid 15207] [iubsint] FTP response: Client "10.58.42.108", "200 PROT now Private."
  Fri Dec 11 15:28:12 2009 [pid 15207] [iubsint] FTP command: Client "10.58.42.108", "SYST"
  Fri Dec 11 15:28:12 2009 [pid 15207] [iubsint] FTP response: Client "10.58.42.108", "215 UNIX Type: L8"
  Fri Dec 11 15:28:12 2009 [pid 15207] [iubsint] FTP command: Client "10.58.42.108", "TYPE I"
  Fri Dec 11 15:28:12 2009 [pid 15207] [iubsint] FTP response: Client "10.58.42.108", "200 Switching to Binary mode."
  Fri Dec 11 15:28:12 2009 [pid 15207] [iubsint] FTP command: Client "10.58.42.108", "CWD /interfaces"
  Fri Dec 11 15:28:12 2009 [pid 15207] [iubsint] FTP response: Client "10.58.42.108", "250 Directory successfully changed."
  Fri Dec 11 15:28:12 2009 [pid 15207] [iubsint] FTP command: Client "10.58.42.108", "PORT 10,58,45,108,159,112"
  Fri Dec 11 15:28:12 2009 [pid 15207] [iubsint] FTP response: Client "10.58.42.108", "500 Illegal PORT command."
  I think we found the problem though. FTP Administrator says this is wrong:
  Fri Dec 11 15:28:12 2009 [pid 15207] [iubsint] FTP command: Client "10.58.42.108", "PORT 10,58,45,108,159,112"
  it should be
  Fri Dec 11 15:28:12 2009 [pid 15207] [iubsint] FTP command: Client "10.58.42.108", "PORT 10,58,42,108,159,112"
  Something is making SAP PI to take a wrong ip address (This server has two).
  I'll let you know if we solve it!!
  Thank you!!!

• How to set up iPhone 5 iOS 6 email with IMAP over SSL on a custom port?

  Basically I have the same problem as this guy 5 years ago but the thread contained no useful answer. Maybe there are people out there who became smarter in the meantime? Please help me out how to get my iPhone read emails via IMAP over SSL on a custom port to the corporate server. The issue is that the iPhone only seems to work if you use the standard 993 port for IMAPS, not with a custom port as we have. I've installed the corporate root certificate in a profile, and it shows up as trusted and verified in the phone, so that should not be the issue. The mail app in the iPhone tries to connect, I can verify that from the server, but then does nothing, doesn't try to authenticate, doesn't log out, nothing is going on, and then drops the connection after 60 seconds. Repeats this every 5 minutes (as set to fetch e-mail every 5 minutes.)
  Original thread 5 years ago: https://discussions.apple.com/message/8104869#8104869

  Solved it by some (a lot) of fiddling.
  Turns out it's not a bug in the iPhone, it's a feature.
  Here's how to make it work.
  DOVECOT
  If the IMAPS port is anything other than 933 (the traditional IMAPS port) the iPhone's Mail App takes the "Use SSL" setting on the IMAP server as 'TLS', meaning it starts the communication in plain text and then issues (tries to issue) the STARTTLS command to switch the connection to encrypted. If, however, Dovecot is set up to start right away in encrypted mode, the two cannot talk to each other. For whatever reason neither the server nor the client realizes the connection is broken and only a timeout ends their misery.
  More explanation about SSL/TLS in the Dovecot wiki: http://wiki2.dovecot.org/SSL
  So to make this work, you have to set Dovecot the following way. (Fyi, I run Dovecot 2.0.19, versions 1.* have a somewhat different config parameters list.)
  1. In the /etc/dovecot/conf.d/10-master.conf file make sure you specify the inet_listener imap and disable (set its port to 0) for imaps like this:
  service imap-login {
    inet_listener imap {
      port = --your port # here--
    inet_listener imaps {
      port = 0
      ssl = yes
  This of course enables unencrypted imap for all hackers of the universe so you quickly need to also do the things below.
  2. In the /etc/dovecot/conf.d/10-ssl.conf file, make sure you set (uncomment) the following:
  ssl = required
  This sets Dovecot to only serve content to the client after a STARTTLS command was issued and the connection is already encrypted.
  3. In /etc/dovecot/conf.d/10-auth.conf set
  disable_plaintext_auth = yes
  This prevents plain text password authentication before encryption (TLS) is turned on. If you have also set ssl=required as per step 2, that will prevent all other kinds of authentications too on an unencrypted connection.
  When debugging this, please note that if you connect from localhost (the same machine the server runs on) disable_plaintext_auth=yes has no effect, as localhost is considered secure. You have to connect from a remote machine to make sure plain text authentication is disabled.
  Don't forget service dovecot restart.
  To test if your setup works as it's supposed to, issue the following (green) from a remote machine (not localhost) (I'm using Ubuntu, but telnet and openssl is available for almost all platforms) and make sure Dovecot responds with something like below (purple):
  telnet your.host.name.here yourimapsportnumber
  * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE STARTTLS LOGINDISABLED] Dovecot ready.
  Most importantly, make sure you see 'STARTTLS' and 'LOGINDISABLED'. Then issue STARTTLS and hopefully you see something like this:
  a STARTTLS
  a OK Begin TLS negotiation now.
  (The 'a' in front of STARTTLS is not a typo, a prefix is required by the IMAP server in front of all commands.)
  Close the telnet (with 'a logout' or Ctrl+C) and you can use openssl to further investigate as you would otherwise; at the end of a lot of output including the certificate chain you should see a line similar to the one below:
  openssl s_client -starttls imap -connect your.domain.name.here:yourimapsportnumber
  . OK Pre-login capabilities listed, post-login capabilities have more.
  You can then use the capability command to look for what authentication methods are available, if you see AUTH=PLAIN, you can then issue a login command (it's already under an encrypted connection), and if it's successful ("a OK Logged in"), then most likely your iPhone will be able to connect to Dovecot as well.
  a capability
  * CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE AUTH=PLAIN
  a login username password
  * CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS MULTIAPPEND UNSELECT CHILDREN NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH ESORT SEARCHRES WITHIN CONTEXT=SEARCH LIST-STATUS
  a OK Logged in
  POSTFIX
  Likewise, you have to set Postfix to wait for STARTTLS before encrypting the communication.
  1. You have to delete the setting smtpd_tls_wrappermode=yes from /etc/postfix/master.cf and/or /etc/postfix/main.cf, if it was enabled. This will mean Outlook won't be able to connect any more because it requires a TSL connection without issuing STARTTLS as per Postfix documentation (haven't tested.) In my case we don't use Outlook so I didn't care. Outlook + iPhone + custom SMTPS port are simply not possible together at the same time as far as I understand. Pick one to sacrifice.
  2. Require encrypted (TLS) mode for any data transfer in /etc/postfix/main.cf:
  smtpd_tls_security_level = encrypt
  3. Authentication should only happen while already in encrypted (TLS) mode, so set in /etc/postfix/main.cf:
  smtpd_tls_auth_only = yes
  Don't forget postfix reload.
  To test if this works, issue the following telnet and wait for the server's greeting:
  telnet your.host.name.here yoursmtpsportnumber
  220 your.host.name ESMTP Postfix (Ubuntu)
  Then type in the EHLO and make sure the list of options contains STARTTLS and does not include an AUTH line (that would mean unencrypted authentication is available):
  ehlo your.host.name.here
  250-STARTTLS
  Then issue starttls and wait for the server's confirmation:
  starttls
  220 2.0.0 Ready to start TLS
  Once again, it's time to use openssl for further testing, detailed info here http://qmail.jms1.net/test-auth.shtml
  CERTIFICATES
  You also need to be aware that iOS is somewhat particular when it comes to certificates. First of all, you have to make sure to set the following extensions on your root certificate (probably in the [ v3_ca ] section in your /etc/ssl/openssl.cnf, depending on your openssl setup), especially the 'critical' keyword:
  basicConstraints = critical,CA:true
  keyUsage = critical, cRLSign, keyCertSign
  subjectKeyIdentifier=hash
  authorityKeyIdentifier=keyid:always,issuer:always
  And then on the certificate you sign for your mail server, set the following, probably in the [ usr_cert ] section of /etc/ssl/openssl.cnf:
  basicConstraints=CA:FALSE
  keyUsage = nonRepudiation, digitalSignature, keyEncipherment
  subjectKeyIdentifier=hash
  authorityKeyIdentifier=keyid,issuer
  subjectAltName = DNS:your.domain.name.here
  issuerAltName=issuer:copy
  Please note, the above are results of extensive google-ing and trial and error, so maybe you can omit some of the stuff above and it still works. When it started working for me, I stopped experimenting because figuring this all out already took way too much time. The iPhone is horribly undocumented when it comes to details of its peculiar behaviors. If you experiment more and have more accurate information, please feel free to post here as a reply to this message.
  You have to import your root certificate into your iPhone embedded in a profile via the iPhone Configuration Utility (free, but only available in Windows or a Mac; details here: http://nat.guyton.net/2012/01/20/adding-trusted-root-certificate-authorities-to- ios-ipad-iphone/ ), after having first added it to Windows' certificate store as a trusted root certificate. This way the Utility will sign your certificate for the phone and it becomes usable; if you just add it from the phone it will be there but won't be used. Using a profile has the added benefit of being able to configure mail settings in it too, and that saves a lot of time when you have to install, remove, reconfigure, install again, etc. a million times until it works.
  Another undocumented constraint is that the key size is limited to a max of 4096. You can actually install a root certificate with a larger key, the iPhone Configuration Utility will do that for you without a word. The only suspicious thing is that on the confirmation screen shown on your iPhone when you install the profile you don't get the text "Root Certificate/ Installing the certificate will add it to the list of trusted certificates on your iPhone" in addition to your own custom prompt set up in the iPhone Configuration Utility. The missing additional text is your sign of trouble! - but how would know that before you saw it working once? In any case, if you force the big key certificate on the device, then when you open the Mail App, it opens up and then crashes immediately. Again, without a word. Supposedly Apple implemented this limit on the request of the US Government, read more here if you're interested: http://blogs.microsoft.co.il/blogs/kamtec1/archive/2012/10/13/limitation-of-appl e-devices-iphone-ipad-etc-on-rsa-key-size-bit.aspx .
  IN CLOSING...
  With all this, you can read and send email from your iPhone.
  Don't forget to set all your other clients (Thunderbird, Claws, etc.) to also use STARTTLS instead of SSL, otherwise they won't be able to connect after the changes above.

• SSL/TLS POP/SMTP setting 6270 ?

  Hi All,
  I recently purchased Nokia 6270 and I do have GPRS connection working well for WAP sites and for Internet access on my laptop.
  I have been trying to configure my GMAIL account on the email client provided with 6270. Gmail pop/smtp access required secure connection SSL/TLS and I could not find any place to set SSL or TLS YES. in personal configuration, there is everything to set except these.
  It was there in old Motorola E398..The settings are really confusing.
  If anybody has accessed/configured GMAIL on 6270, please help..
  Cheers
  Rajiv

  you are right that I should have checked it before buying, I think you can expect such a small feature from a highend mobile. Nokia do claim it as highend mobile. I randomly looked at some of the mobile from different makes today and all of the high end mobiles have this feature.
  And by the way all the email clients do contains feature for specifying SSL or TLS.
  Does that means that 40 series is missing this feature because that is only provided in 60 series. Or is there any logical reason behind it.
  Is there any software version update that can provide this feature. I have Version 03.65 19-12-05 RM-56

• Crystal Report Server - SMTP over secured connection (SSL/TLS)

  <p>Hello All,</p><p>Been looking around information on Crystal Reports Server but have not managed to find the information I need. So was wondering if anyone new if it is possible to distribute reports via SMTP over secured connections such as SSL/TLS using Crystal Reports Server?  </p>

  Only if the security is external to BO. our SMPT configuration does not have a built in configuration parameter to encrypt data.
  Regards,
  Tim

• IMAP, POP and SMTP information for manual email setup

  How to manually set up your Telstra email service:
  Telstra email on the BigPond platform
  POP & SMTP
  Your name
  Enter your name as you’d like it appear in emails you send.
  Account type
  POP3
  Incoming server details
  Server address
  mail.bigpond.com
  Port
  995
  Encrypted connection
  SSL
  Outgoing server details
  Server address
  mail.bigpond.com
  Port
  587 or 465
  Authentication
  Yes
  Encrypted connection
  With SSL Encryption
  Username
  Enter your full email address (ending in '@bigpond.com' or '@bigpond.net.au')
  Password
  Enter your Telstra email account password which will be case-sensitive.
  Other settings to check
  Ensure the checkbox is ticked for Outgoing server requires authentication – in most mail clients, this is not ticked by default.
  Use:
  Secure Sockets Layer (SSL) with the POP and SMTP connection, and
  SMTP authentication for security.
  Ensure that your operating system and email client have the latest updates.
  Telstra email on the Outlook.com platform
  If you’re on the Telstra email platform with Outlook.com®, you can choose either of the following types of settings to set up email on your computer, tablet or mobile phone:
  IMAP and SMTP
  POP and SMTP
  Where possible, it’s preferable to use the IMAP & SMPT settings as they provide an extra layer of security.
  IMAP and SMTP
  Your name
  Enter your name as you’d like it appear in emails you send.
  Account type
  IMAP
  Incoming server details
  Server address
  imap-mail.outlook.com
  Port
  993
  Encrypted connection
  SSL
  Outgoing server details
  Server address
  smtp-mail.outlook.com
  Port
  587
  Authentication
  Yes
  Encrypted connection
  With TLS/STARTTLS (preferred) or SSL Encryption
  Username
  Enter your full email address (ending in ‘@bigpond.com’ or ‘@bigpond.net.au’)
  Password
  Enter your Telstra email account password which will be case-sensitive.
  Other settings to check
  Ensure the checkbox is ticked for Outgoing server requires authentication – in most mail clients, this is not ticked by default.
  Use:
  Secure Sockets Layer (SSL) with the POP and SMTP connection, and
  SMTP authentication for security.
  Ensure that your operating system and email client have the latest updates.
  POP and SMTP
  Your name
  Enter your name as you’d like it appear in emails you send
  Account type
  POP3
  Incoming server details
  Server address
  pop-mail.outlook.com
  Port
  995
  Encrypted connection
  SSL
  Outgoing server details
  Server address
  smtp-mail.outlook.com
  Port
  587
  Authentication
  Yes
  Encrypted connection
  With TLS/STARTTLS (preferred) or SSL Encryption
  Username
  Enter your full email address (ending in '@bigpond.com' or '@bigpond.net.au')
  Password
  Enter your Telstra email account password which will be case-sensitive.
  Other settings to check
  Ensure the checkbox is ticked for Outgoing server requires authentication – in most mail clients, this is not ticked by default.
  Use:
  Secure Sockets Layer (SSL) with the POP and SMTP connection, and
  SMTP authentication for security.
  Ensure that your operating system and email client have the latest updates.
  Outlook is a registered trademark of Microsoft Corporation in the United States and/or other countries.

  Re: BigPond settings for POP, IMAP and SMTP
  I am have trouble with Apple: they claim that because I have not physically changed my email address they won't "accept" it! (it's same one that I have had for the past 5years),
  I am also unable to log on using the email address & password that I have for past 12 months!
  Can I change my email address and password, when I have time (during business hours), regards Eric

• POP over SSL in Messaging 5.2

  I'm running Messaging 5.2, build 2002.51.1611 (iPlanet Messaging Server 5.2 HotFix 2.08 (built Sep 22 2005)) and would like to see if I can enable POP over SSL on that host.
  According to BugID, 4712887 pop over SSL works. When I follow the instructions in that document, I get the following errors:
  ./configutil -o service.pop.enablesslport -v 1
  General Error: func=configmsg_setkeys; func=psetSetAttrList; error=Attribute does not exist
  NO Unable to set option(service.pop.enablesslport)
  ./configutil -o service.pop.sslport -v 995
  [18/Nov/2005:18:34:45 +0000] mocbox5 [16332]: General Error: func=configmsg_setkeys; func=psetSetAttrList; error=Attribute does not exist
  NO Unable to set option(service.pop.sslport)
  service.pop.sslusessl is set to "yes"
  Is this wrong? Does POPS only run on Sun Java Enterprise Messaging (6.x)?
  Thanks,
  Don Holtzer

  try using the -l with your configutil setting
  configutil -o -l service.pop.enablesslport -v yes
  etc.

• Code sample to access imap server over ssl via javamail 1.3.2

  I'm trying to access an imap mailbox over ssl and have downloaded the javamail 1.3.2 release. I understand this introduces the "imaps" protocol for this but has anyone got a simple code example and/or links to articles that describe the steps you need to get a working piece of code ? The release notes and samples seem a bit light on this area. I'm using Tomcat 5.5.4 and Java 5 in my environment.
  Thanks in advance.

  Hi,
  this article should help you to get on the way: http://www.javaworld.com/javatips/jw-javatip115.html.
  To access an IMAP-server via ssl, you could use the following code:
        String SSL_FACTORY = "javax.net.ssl.SSLSocketFactory";
        Properties props = new Properties();
        props.setProperty("mail.store.protocol", "imap");
        props.setProperty("mail.imap.host", hostname);
        props.setProperty("mail.imap.port", port);
        if (mustUseSSL())
          props.setProperty( "mail.imap.socketFactory.class", SSL_FACTORY);
          props.setProperty( "mail.imap.socketFactory.fallback", "false");
          props.setProperty( "mail.imap.socketFactory.port", secureport);
          java.security.Security.setProperty( "ssl.SocketFactory.provider", SSL_FACTORY);
        Session s = Session.getDefaultInstance(props, null);
        Store store = s.getStore(protocol);
        try
            store.connect(hostname, port, user, pwd);
        catch (AuthenticationFailedException afe)
            // no valid authentication
        catch (Exception ge)
             // different exception
        }

• Imap or (pop/smtp) ?

  I am advised by ntl/Virgin (my isp) they don't support imap and I've certainly had some intermittent but not total failure email service since switching from PC and Outlook Express (which was pop/smtp) to my new macbook pro just a week or so ago. Advice I get privately is that imap is the newer technology and preferable. So just what is the difference between these systems for a complete technophobe ? And should I change my isp, or switch to pop/smtp on my mac as ntl/Virgin are advising - well the advice of one of their call centre folk at any rate ?

  POP downloads the messages from the server when you check your mail. Usually the messages are deleted from the server at the same time, but it's possible in Mail to change this to delete after a set period.
  IMAP leaves the messages on the server unless you specifically download them. When you check your mail, Mail simply displays the messages on the server (exactly like webmail). The advantage of this is that you can check mail from several different computers, and, for example, if a message is marked as read on from one computer, it shows as read on the others.
  If your ISP doesn't offer IMAP then you don't have any choice. It hardly seems worth going to the hassle of changing ISPs for - POP works well enough for most people, but only you can tell if you need it badly enough to find another ISP.

• Sending email using IMAP through SMTP Port 587

  Hi,
  I have been sending Mail Merged email to people in organizations that I am active in, using IMAP embedded in StarOffice 5.2 (on Windows 98 Second Edition). This worked fine until a few weeks ago when I received an error message stating that AOL, as part of their anti-spam efforts, was no longer accepting third-party emails on default port 25. All third-party email must now use port 587. I looked in the IMAP dialog and in the Tools -> Options dialog, but did not see any place to change the SMTP port. The AOL error message information page had instructions for changing the port in other applications (Outlook, Eudora, etc.), but not for StarOffice. So, I have some questions:
  1.Is it possible to change the port in StarOffice 5.2?
  2.If not, how does StarOffice 8 send Mail Merged email? Does it use IMAP, and if so, can the port be changed?
  3.Also, I like the integrated configuration in StarOffice 5.2, where database fields can be directly accessed in the Insert -> Fields -> Other dialog. In looking at the Mail Merge section in "SO8_What's New.pdf", it appears that Mail Merge in StarOffice 8 is restricted to predefined fields. Could I still access fields from my existing databases?
  These is a lot of questions, but right now I am blocked from sending Mail Merged emails which is imparing communications with volunteers who are running educational programs. I appreciate any and all help that anyone can provide.

  Please try this out!!!!!!!!!
  You can send emails using Outlook also. You can send email over Microsoft Exchange with this object (or another email server, using IMAP/POP).
  Sub SendMailOutlook(aTo, Subject, TextBody, aFrom)
  'Create an Outlook object
  Dim Outlook 'As New Outlook.Application
  Set Outlook = CreateObject("Outlook.Application")
  'Create e new message
  Dim Message 'As Outlook.MailItem
  Set Message = Outlook.CreateItem(olMailItem)
  With Message
  'You can display the message To debug And see state
  '.Display
  .Subject = Subject
  .Body = TextBody
  'Set destination email address
  .Recipients.Add (aTo)
  'Set sender address If specified.
  Const olOriginator = 0
  If Len(aFrom) > 0 Then .Recipients.Add(aFrom).Type = olOriginator
  'Send the message
  .Send
  End With
  End Sub

• 10.4.7 can't startup IMAP + POP

  My Server is not able to starup IMAP & POP services.
  I have no idea about what's happening!!
  When I startup Mail Service.. SMTP Out/In are OK, but IMAP & POP are not.
  I have the following error messages:
  MAIL ACCESS:
  Sep 18 23:23:15 servidor master[1674]: empty option value on line 23 of configuration file
  Sep 18 23:23:15 servidor master[1674]: exiting
  SYSTEM LOG:
  Sep 18 23:30:34 servidor master[1722]: empty option value on line 23 of configuration file
  Sep 18 23:30:34 servidor master[1722]: exiting
  Sep 18 23:30:34 servidor launchd: edu.cmu.andrew.cyrus.master: exited with exit code: 75
  Sep 18 23:30:34 servidor launchd: edu.cmu.andrew.cyrus.master: respawning too quickly! throttling
  Sep 18 23:30:34 servidor launchd: edu.cmu.andrew.cyrus.master: 1 more failure without living at least 60 seconds will cause job removal
  Sep 18 23:30:34 servidor launchd: edu.cmu.andrew.cyrus.master: will restart in 10 seconds
  Sep 18 23:30:44 servidor master[1723]: empty option value on line 23 of configuration file
  Sep 18 23:30:44 servidor master[1723]: exiting
  Sep 18 23:30:44 servidor launchd: edu.cmu.andrew.cyrus.master: exited with exit code: 75
  Sep 18 23:30:44 servidor launchd: edu.cmu.andrew.cyrus.master: respawning too quickly! throttling
  Sep 18 23:30:44 servidor launchd: edu.cmu.andrew.cyrus.master: too many failures in succession
  What exactly could be happening?
  Thanx a lot.

  I selected a certificate, and than disabled it.
  If you do it without to select NONE... the "Default"
  leaves blank.
  I am not sure... but my problem came from this SSL
  change.
  Correct. Not your fault. it's a server admin bug.

• Connecting to a remote OpenLDAP server over SSL.

  I've been trying for several weeks now to get a remote OpenLDAP server up and running; configured in such a way that it only allows SSL and requires certificate validation.
  I've created a CA with a self-signed certificate.
  I used that CA to create a server and client certificate.
  The server certificate is in /etc/ssl/certs, has a link by the name of its hash.0 pointing to it; permissions are all correct and /etc/ssl/slapd.conf point to it and the CA certificate.
  The client certificate is on my MacBook Pro in /etc/ssl/certs along with the CA certificate; each of which also has its hash linked to it. /etc/ssl/ldap.conf is set up properly, the permissions are correct, and the following test command ran as my user produces a successful result:
  ldapsearch -v -x -H ldaps://ldap.foo.org -b "dc=foo,dc=org" -d -1
  Now the problem part. I open Directory Utility; go to Services with Advanced Settings enabled. After unlocking it, I click the LDAPv3 and the pencil icon.
  I hit New... in the window that pops up and use ldap.foo.org as servername, SSL box ticked. I hit Continue, and behold; nothing happens.
  It is to say; Directory Utility hangs for a while; after which it goes back to the box I clicked Continue in without any error or warning popping up; but obviously hasn't advanced.
  The server logs indicate my Mac had actually connected; received the server certificate; but didn't send a client certificate at which point the TLS connection got aborted for some reason and the session ended.
  My Mac Console shows something even more bizare, though:
  11/09/08 23:09:22 com.apple.DirectoryServices[97123] Assertion failed: (ld != NULL), function ldapsearchext, file search.c, line 76.
  My suspicion is that Directory Utility can't verify the server certificate and aborts the TLS connection. I expect it also uses /etc/openldap/ldap.conf? How can I diagnose the root of this problem?
  Thanks a lot for your assistance; I just can't figure this out and any hint or pointer would be greatly appreciated. It now just looks like OSX does not support a secure LDAP over SSL configuration.
  Though it currently isn't set up to be that way, I'd like to have my client also provide a certificate (CN=lhunath.foo.org) and have the server validate that. For now I've got the server set to:
  TLSVerifyClient never
  (And of course, the client:)
  TLS_REQCERT demand
  Message was edited by: lhunath

  By the way; about the assertion error I get in Console; here's the relevant source of ldap.c. Looks like ld is not set; probably something going wrong before that with setting up the TLS connection, perhaps? Or not?
  * ldapsearchext - initiate an ldap search operation.
  * Parameters:
  * ld LDAP descriptor
  int
  ldapsearchext(
  LDAP *ld,
  assert( ld != NULL );

• Wildcard Certificate use in Sun Java System Messaging Server (IMAPs/POPs)

  I'm trying to use a wildcard certificate acquired from GlobalSign and am having problems getting
  it (properly) into the cert database.
  I tried using certutil, and that didn't seem to work at all, it would list without user cert status:
  rmorneau+root@mmp1:/var/opt/SUNWmsgsr/config# /opt/SUNWmsgsr/sbin/certutil -L -d .
  GlobalSign-Ext-CA CT,c,
  *.xxxxxxxxxxx.edu ,,
  I had some success using msgcert and pk12util, but after importing it in, then seeing that it did
  have user cert status, after a quick restart of Messaging (IMAP/POP), SSL quit for IMAP and kicked all
  my IMAPs users out temporarily (until I put the original cert8.db and key3.db back).
  -------- ImapProxy_20101115.log----
  20101115 135531 ImapProxyAService.cfg (id 2590) SSL negotiation failed for IP XXX.XXX.X.XXX: Cannot connect: SSL is disabled. (-12268)
  pop.xxxxxxxxx.edu u,u,u
  GlobalSign-Ext-CA CT,c,
  *.xxxxxxxxxxx.edu u,u,u
  I truly appreciate any help on this matter.
  -Bob

  2. Does the certificate nickname in NSS match the configured certificate nickname in the product?I'm not sure, but I'll try that the next time I try this... will probably be late at night were I won't be interrupting IMAPs and POPs
  Makes sense. Prior to release 7 update 4, the servers have to be shut down before modifying certificate databases. As of 7 update 4 you can do a one-time migration to the cert9.db/key4.db format that >should allow certificates to be updated without taking the servers offline.
  This was in the log just before the other log entry that I showed before.
  20101115 135440 ImapProxyAService.cfg ASockSSL_Init: couldn't find cert imap.xxxxxxxxx.edu (-8174)
  This is the key line from the log. The server is looking for a certificate with the NSS certificate nickname of 'imap.xxxxxxxxx.edu' and is not finding that certificate so issue 2 is likely the problem.Yes, this was it. Oversite on my part, forgot they had to match and could not be a form of just domainname.edu or *domainname.edu.
  You either need to modify the default:SSLCertNicknames setting to match the nickname of the new certificate, or install the new certificate using the existing certificate nickname of 'imap.xxxxxxxxx.edu'I modified the default:SSLCertNicknames setting.
  Thank you CNewman very much for all your help.
  And, for those trolling for an answer with more detail via an Internet search (that is, if Oracle doesn't screw up these forums for anon searches)::::
  With the private key in hand (not password protected), I used 'openssl' to get it into a pkcs12 type file:
  (It is best to do this as root and not as sudo root as you might run into problems if your host
  does not have root power to write to your home dir on the/a NFS share.... you will get "unable to write 'random state'".)
  root@mmp1:/var/opt/SUNWmsgsr/config/GlobalSign-certs-new# /usr/sfw/bin/openssl pkcs12 -export \
  -in ket-wildcard-cert.pem -inkey private.key -out cert.pkcs12 -name xxxxxxxxx.edu
  Enter Export Password:
  Verifying - Enter Export Password:
  Where "private.key" is the key file, and "ket-wildcard-cert.pem" is the (pem format) cert from our cert provider,
  and cert.pkcs12 is our cert file that will be imported into the database, and xxxxxxxxx.edu is whatever you (nick)name your cert
  in the database
  (I think you could use a password protected private key if you have that password.. I don't.)
  Next, I used 'msgcert' to import the pkcs12 cert file into the database (I'm sure there is a way
  to use certutil or even pk12util to do the same, but I'm on Sun Messenger 6.3 at this time, so that's what I used.
  If someone would like to elaborate for those....?):
  (It is best, when using 'msgcert', to do it where your mailsrv user has some privs.. I took my pkcs12 cert and moved into /tmp.)
  root@mmp1:/tmp# /opt/SUNWmsgsr/sbin/msgcert import-cert cert.pkcs12
  Enter the PKCS#12 file password: (blank)
  Enter the certificate database password: (token password in sslpassword.conf)
  Make sure your (wildcard) cert nickname matches what you have in
  ImapProxyAService.cfg and PopProxyAService.cfg at the "default:SSLCertNicknames" field.
  Edit if need be.
  root@mmp1:/var/opt/SUNWmsgsr/config# /opt/SUNWmsgsr/sbin/certutil -L -d .
  GlobalSign-Ext-CA CT,c,
  xxxxxxxxx.edu u,u,u
  root@mmp1:/var/opt/SUNWmsgsr/config# grep default:SSLCertNicknames *AService.cfg
  ImapProxyAService.cfg:default:SSLCertNicknames xxxxxxxxx.edu
  PopProxyAService.cfg:default:SSLCertNicknames xxxxxxxxx.edu
  Then, of course, restart the msg service(s).
  /opt/SUNWmsgsr/sbin/stop-msg
  /opt/SUNWmsgsr/sbin/start-msg
  Edited by: 810750 on Nov 18, 2010 8:08 AM
  Edited by: 810750 on Nov 18, 2010 8:11 AM