Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

IMAP STARTTLS port 143 not connecting #868

Closed
marxistvegan opened this issue Sep 2, 2014 · 9 comments
Closed

IMAP STARTTLS port 143 not connecting #868

marxistvegan opened this issue Sep 2, 2014 · 9 comments

Comments

@marxistvegan
Copy link

@marxistvegan marxistvegan commented Sep 2, 2014

Hey folks, I can connect on port 993 using ssl but the email server we use recommends port 143 for starttls those are the settings i have in Icedove. If I choose port 993 then I do not get my folders, but with port 143 I would. Any chance we can add this suppport to IMAP?

@BjarniRunar

This comment has been minimized.

Copy link
Member

@BjarniRunar BjarniRunar commented Sep 2, 2014

It seems that STARTTLS for IMAP is not supported by the Python 2.x imaplib. So we'll have to hack this up ourselves at some point. Marking this for 1.0, I don't think I'll be able to get it done for beta. Thanks for the report - I wasn't aware of STARTTLS for IMAP until just now!

@marxistvegan

This comment has been minimized.

Copy link
Author

@marxistvegan marxistvegan commented Sep 10, 2014

@BjarniRunar thanks for taking it up, I really hope to offer this to our members and starttls is key glad to help out in any way too

@da2x

This comment has been minimized.

Copy link
Contributor

@da2x da2x commented Oct 7, 2014

My private mail server and the email from my workplace is only setup with IMAP+STARTTLS. Serious roadblock for my Mailpile adoption. The only other email client that have given me trouble with this is Mail in Windows 8.

@nidico

This comment has been minimized.

Copy link

@nidico nidico commented Oct 22, 2014

Definitely a very relevant issue!

For traceability: connecting to mailbox.org IMAP doesn't work due to lack of STARTTLS support.

@manuel-io

This comment has been minimized.

Copy link
Contributor

@manuel-io manuel-io commented Jul 4, 2015

Now replace IMAP4 with IMAP4_STARTTLS
https://github.com/mailpile/Mailpile/blob/master/mailpile/mail_source/imap.py#L589

And IMAP with IMAP/STARTTLS in the web interface
https://github.com/mailpile/Mailpile/blob/master/mailpile/www/default/html/profiles/account-form.html#L406

At last you need one new file. Say python2_imap_starttls.py and from python2_imap_starttls import IMAP4_STARTTLS

Do not use IMAP (143) without STARTTLS

#!/usr/bin/python2
import imaplib
import ssl

Commands = {
  'STARTTLS': ('NONAUTH')
}

imaplib.Commands.update(Commands)

class IMAP4_STARTTLS(imaplib.IMAP4, object):
  def __init__(self, host, port):
    super(IMAP4_STARTTLS, self).__init__(host, port)
    self.__starttls__()
    self.__capability__()

  def __starttls__(self, keyfile = None, certfile = None):
    typ, data = self._simple_command('STARTTLS')
    if typ != 'OK':
      raise self.error('no STARTTLS')
    self.sock = ssl.wrap_socket(self.sock,
      keyfile,
      certfile,
      ssl_version=ssl.PROTOCOL_TLSv1)
    self.file.close()
    self.file = self.sock.makefile('rb')

  def __capability__(self):
    typ, dat = super(IMAP4_STARTTLS, self).capability()
    if dat == [None]:
      raise self.error('no CAPABILITY response from server')
    self.capabilities = tuple(dat[-1].upper().split())

# imap = IMAP4_STARTTLS(host, port)
# print(imap.capabilities)
# imap.login(user, password)
# imap.logout()

Update: I noticed the capabilities string is not automatically updated. See https://gist.github.com/manuel-io/438c20d2f040ee797388 if your interested in further changes or refer to the official source.

@da2x

This comment has been minimized.

Copy link
Contributor

@da2x da2x commented Jul 5, 2015

Actually, the client is supposed to use plain-text auth unless server sends LOGINDISABLED capability (meaning, no login attempt unless client takes further action first – like STARTTLS). Keep in mind that users may want to connect to an IMAP server on the same machine, or some other situation where STARTTLS is not needed.

@BjarniRunar

This comment has been minimized.

Copy link
Member

@BjarniRunar BjarniRunar commented Jul 5, 2015

Thank you very much @manuel-io and @Aeyoun for your hints. I'll try and integrate this during the next few days!

@manuel-io

This comment has been minimized.

Copy link
Contributor

@manuel-io manuel-io commented Jul 5, 2015

@Aeyoun I see from my own provider:

[CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE STARTTLS LOGINDISABLED] vs. [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE AUTH=PLAIN AUTH=LOGIN]

That's why, I had so little fun with Mailpile. IMAP+STARTTLS is not supported by Mailpile and IMAPS (993) is not supported by my provider.

Think about providers offering STARTTLS and plain-text authentication at the same time. There is no LOGINDISABLED and STARTTLS will not be used. That's why there should be an extra switch which enforces STARTTLS.

It's a design decision if you allow plain-text auth at all. I think about conferences and public Wi-Fi hotspots in trains, bars, hospitals. People tend to use the same password twice. This makes social engineering much easyer. If you use plain IMAP, use a big warning message too.

@BjarniRunar

This comment has been minimized.

Copy link
Member

@BjarniRunar BjarniRunar commented Jul 13, 2015

STARTTLS for IMAP just got merged. Closing this. :-) Thanks @manuel-io !

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
5 participants
You can’t perform that action at this time.