Donors Choose - Grizzly's Giving Page

Wednesday, March 4, 2009

It's Not Free if it's Not Working

Microsoft, in their infinite wisdom, decided to fix the mail on the old Hotmail system, so finally folks with free accounts can get their mail via POP3.  They used to provide that years back, then decided they wanted to charge for providing "real" email access, as compared to web-access-only.  (I used to use free Hotmail via free POP3 years ago when it first existed.)

Lovely idea.  Little problem there.

19:24:17.565: --- Tue Mar 03 19:24:17 2009 ---
19:24:17.565: Connect to '', timeout 30.
19:24:19.766: 22: Error -32 activating SSL session (locus 6014, type 4, code 0, 'Server provided a broken/invalid certifi')
19:24:19.766: --- Connection closed normally at Tue Mar 03 19:24:19 2009. ---

So, since Microsoft Live requires an SSL connection, but doesn't bother to provide a valid Certificate, the service doesn't work.  There is a workaround; tell your mail client to ignore the fact that the certificate is broken.  Without a valid certificate, I'd bet SSL (Secure Sockets Layer) isn't really encrypting the connection, so the user gets an insecure connection, with all the inconvenience of a secure one.  I'm not an expert, maybe that's not true?

I use Mercury MTA as a back-end processor for all my email (I get a lot of email).  Mercury's Distributing POP3 Client (MercuryD), which is used to go and get email from POP3 accounts elsewhere, refuses to ignore the fact that the cert is broken, and won't get my mail.  This doesn't mean Mercury is broken, it means that Mercury correctly follows the standards.  And it means that once again, Microsoft has decided the standards don't apply to them.

If the service doesn't work correctly, what good is it?  How difficult is it to provide a valid certificate?  HINT: Not very, since Mercury can provide a self-signed certificate when it does SSL.  Microsoft can't manage the same thing?

After all these years, Microsoft doesn't know how to implement an MTA?


FURTHER NOTE:  MercuryD works just fine getting POP3 mail from GMail via SSL.  Oddly enough, though, while MercuryD will apparently attempt to get mail from (and fail as described) even having's email active in MercuryD causes Mercury  (the entire MTA)  to crash and restart repeatedly.  Right now, I have the profile present but disabled in MercuryD, and Merc's running just fine.  No idea what's causing that.  Weird.

And yes, other folks have reported the invalid cert problem and came up with the workaround.  So it's not just Mercury.

No comments:

Post a Comment

Episode Zero -- A Minor Local Celebrity

With "Meditation Impromptu" by Kevin MacLeod Originally posted to Libsyn under my original setup around 02/2007.  When I ran out ...