What are the port numbers to use with secure POP3 and SMTP?
SSL POP3 and SMTP email
What are the port numbers to use with secure POP3 and SMTP?
Last time I checked, SSL was not supported for POP email on BH, so it's 110 for incoming, and 25 or 26 for outgoing.
Edit - let me revise that. You can enable SSL and use ports 995 for incoming, 465 for outgoing, but an email client like Outlook will complain about it, because it can't verify the security certificate. That's because the name on the certificate doesn't match the name of your mail server (like mail.yourdomain.com). You can say "yeah, go ahead and use this server," but Outlook will complain about it every time you launch it.
Last edited by Early Out; 01-15-2007 at 01:19 PM.
I just found this
A "self-signed" certificate (i.e. not signed by anyone else) or signed by a "non trusted" Certification Authority should also work (tested with MS Outlook 2000 and MS Outlook Express). In such case the behaviour of an Outlook 2000 client is to popup a message box saying: "The server you are connected to is using a security certificate that could not be verified. A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider. Do you want to continue using this server?". If the answer is yes further requests to the server will be automatically accepted until the client is restarted, in which case the server will become untrusted again. To have the server become permanently trusted by the client, the certificate must be exported from the server java keystore by the administrator and imported into the Windows certificate store of the client by the end user. If the keypair is shared with an HTTP server, an HTTPS request from Internet Explorer by the end user on the client will allow for storing the certificate in the Windows certificate store of the client.
Any idea if I can get the certificate from my control panel??
I've never stumbled on a way to do that, and I suspect that this is one of those things that would be horrendously difficult to explain to the support folks ("You want what, now?"). But they're probably the only ones who could help.
I just figure that anyone who wants to intercept and read my boring emails badly enough to go to the trouble of doing it, is welcome to them.
For webmail, I find that if I use the bluehost name instead of my domain name, I get no grief. That is, I use this URL:
https://box117.bluehost.com/webmail/.
I haven't gotten around to trying it with POP, but I wonder if we could do the same and therefore avoid popup warnings.
Of course, if you have users that might be confused, that would be another problem.
That doesn't work with POP email - using box117.bluehost.com as the server name gives the same "complaint" message from Outlook.
Hi all - have been complaining to support about this issue. Asked them to elevate it to someone higher. Here's what I got back:
"I have had an admin review this, and unfortunately, we will be unable to make a change to the way we do ssl certs on our servers. I do apologize for the inconvenience."
In my mind, still not acceptable. Other hosting services provide this correctly without hassle. I don't get it. Another message I received (earlier) says there needs to be enough complains/customer concerns to do something about it.
I'm quite ticked that I can't set up port 993 without that stupid Outlook message coming up. I don't want to revert to clear-text, as that's just plain dumb in the year 2007. All due to their SSL cert not being properly registered....
I'd recommend everyone else complain to support. Looks like nothing will change as of now. I'd hate to have to move away from Bluehost over something trivial, but if another provider can offer the same, I'd be tempted if Bluehost doesn't want to pursue items like this. The way I see it, this should be STANDARD. I've liked support to this point, but its like they just give up on this issue.
I Complained Also
I've had the run around on this issue. It is resolvable if you have IE6, but as most of you probably upgraded to IE7 by now, you're out of luck along with me. In IE6 you can direct your browser to https://box#.bluehost.com:995/ to pickup the root cert. For some reason IE7 doesn't allow this even if you ignore the security warning.
As I understand it, Bluehost could export the cert and hand it out. This would allow us to be able to get past this problem. I figure it to be a rather significant issue because I have no way of guaranteeing against a man-in-the-middle attack.
I complained a few times to support and have sent Matt Heaton (CEO) a message explaining the problem in hopes that it would catch his attention and be resolved.
If you are really adventurous and have access to an IE6 machine, I understand that you can install the cert on that machine, export it from that one and import it onto an IE6 machine. I can't think of a place I could get access to IE6 though.
If it's been a few months, it might be worth complaining again, because they seem to think that the problem is resolved (sometimes) and other times that it can not be resolved at all.
If you install a security certificate into your email program and get the people you want to communicate with to do the same then you can send and receive encrypted emails over the 110 and 25/26 ports without anyone other than the intended recipient being able to read it. If the person on the other end doesn't have a certificate installed then you can still send signed emails that confirm they came from you.
Thanks for trying, but I'm not talking about the sort of thing PGP or GPG is designed to do. I'm not trying to encrypt individual emails. I'm trying to encrypt the communication from the email server to me and assure that the email server in question is the one I want, and not someone handling a man-in-the-middle attack. PGP would only protect the messages that are encrypted in that instance, but not the stream and it gives me no confidence in the server, therefore my password could be gathered. Plus PGP is no good if the person on the other end can't figure out how to use it and that's often enough to make it largely useless.
Edit:
Matt Heaton got back to me real quick and seemed to get a response out of somebody. He responded coherently mentioning that IE7 is annoying when it comes to certificates. I certainly agree. The tech reply sent me back to this page again: http://helpdesk.bluehost.com/kb/inde...od_id=2&id=451. This only works with IE6, like I mentioned above.
Last edited by flickerfly; 10-18-2007 at 07:15 PM. Reason: update on my ticket
Posting Permissions
Reply With Quote