EmailDiscussions.com  

Go Back   EmailDiscussions.com > Email Service Provider-specific Forums > FastMail Forum
Register FAQ Members List Calendar Search Today's Posts Mark Forums Read
Stay in touch wirelessly

FastMail Forum All posts relating to FastMail.FM should go here: suggestions, comments, requests for help, complaints, technical issues etc.

Reply
 
Thread Tools
Old 13 Aug 2013, 01:44 AM   #1
Chris02
Junior Member
 
Join Date: Aug 2013
Posts: 1
fastmail connection problems

Hi,
Since Aug 9th, have not been able to Fastmail via email client, I can access mail via web site.

I re-checked settings on email client with no success, have been using secure settings with imap 993, pop 995,smtp 465.

Today, I did a temporary test using "insecure.messagingengine.com
for both imap and pop settings and was able to access mail and download it.

Is there a recent problem with secure settings at fastmail server?

Chris
Chris02 is offline   Reply With Quote

Old 13 Aug 2013, 03:11 AM   #2
CCS
Junior Member
 
Join Date: Aug 2013
Posts: 7
Me too!

I have had exactly the same problem from exactly the same date.

I have been subscribed to fastmail.net for three years and using it without any problems. Then beginning after 8/8/2013 I can no longer access POP or SMTP.

I have posted support tickets at the fastmail site, but it appears that they do not actually answer any such help requests.

Making every test I know how to do, I have not been able to find anything wrong except my client (Pegasus) indicates:

A network error occurred during connection to the host.
<<no trace information available>>

Perhaps we can share information and solve this problem. It looks like fastmail will not be of any help but I really don't want to have to change my email provider/address.

Last edited by CCS : 13 Aug 2013 at 03:17 AM.
CCS is offline   Reply With Quote
Old 13 Aug 2013, 04:32 AM   #3
janusz
The "e" in e-mail
 
Join Date: Feb 2006
Location: EU
Posts: 4,933
Quote:
Originally Posted by Chris02 View Post
Since Aug 9th, have not been able to Fastmail via email client
Quote:
Originally Posted by CCS View Post
I have had exactly the same problem from exactly the same date
A change has been made on exactly the same date. Coincidence??
janusz is offline   Reply With Quote
Old 13 Aug 2013, 08:11 AM   #4
CCS
Junior Member
 
Join Date: Aug 2013
Posts: 7
Quote:
Originally Posted by janusz View Post
A change has been made on exactly the same date. Coincidence??
Hmmm...

I read that as having to do with webmail access via a browser. Would it have any bearing on POP and SMTP access? I am using an XP machine but I am not wanting to use webmail. However, now that I am being forced to use webmail (via Firefox or Opera) it works fine.

It sucks that there seems to be no way to get any information from Fastmail, who should know about the issue.
CCS is offline   Reply With Quote
Old 13 Aug 2013, 11:03 AM   #5
rohanrns
Junior Member
 
Join Date: Aug 2008
Posts: 7
Quote:
Originally Posted by CCS View Post
Would it have any bearing on POP and SMTP access? I am using an XP machine but I am not wanting to use webmail.
I believe the same nginx frontend handles HTTP/POP/SMTP/IMAP/etc.
rohanrns is offline   Reply With Quote
Old 14 Aug 2013, 01:01 AM   #6
Pcar
Junior Member
 
Join Date: Aug 2013
Posts: 2
Quote:
Originally Posted by Chris02
Since Aug 9th, have not been able to Fastmail via email client
Quote:
Originally Posted by CCS
I have had exactly the same problem from exactly the same date
I too have had exactly the same problem from same date and it continues.

So much for
Quote:
Originally Posted by August 9, 2013 — Rob Mueller
We’re pretty sure that this change won’t have any compatibility issues with old clients (which should fall back to older ciphers), but we’ll keep an eye out in case there’s any reported problems.
Support Ticket Submitted:
Quote:
Sun, 11 Aug 4:58 PM (2 days 3 hours ago) +0000 User : Pcar
Hi,

Email client: Pegasus Mail V4.41 (Win32)

Since yesterday I have been unable to send emails and there are no reported issues on Status page or Help Forum

Using STARTTLS on port 465 or 587 I receive error:
[*] Connection established to 66.111.4.52
>> 0042 220 mail.messagingengine.com ESMTP ready
<< 0022 EHLO [192.168.10.27]
>> 0030 250-mail.messagingengine.com
>> 0016 250-PIPELINING
>> 0019 250-SIZE 71000000
>> 0025 250-ENHANCEDSTATUSCODES
>> 0014 250-8BITMIME
>> 0014 250 STARTTLS
<< 0010 STARTTLS
>> 0021 220 2.0.0 Start TLS
22: Error -32 activating SSL session (locus 6014, type 4, code 0, 'Bad server key agreement parameter signature')

Using direct SSL connect on port 465, email client times out with no error message

I've tried Disable certificate validation in case there was a problem with your certificate and same errors occur.

Why am I suddenly unable to send email? Have you changed some security settings?

Please confirm how I may resume sending.

Thanks,
I've had a reply to my ticket, but no solution

Quote:
Updated on ↓ Updated by
Tue, 13 Aug 1:03 AM (18 hours 58 minutes ago) +0000 Admin : Yassar
Hi,

Your issue has been passed to our developers. Please note that, depending on priority of issues, there might be delay before they respond.

We appreciate your patience.

Regards.

Last edited by Pcar : 14 Aug 2013 at 06:08 AM. Reason: Remove support ticket url for opsec
Pcar is offline   Reply With Quote
Old 14 Aug 2013, 04:45 AM   #7
CCS
Junior Member
 
Join Date: Aug 2013
Posts: 7
Quote:
Originally Posted by CCS View Post
I have posted support tickets at the fastmail site, but it appears that they do not actually answer any such help requests.
Today, I finally got a reply to my support ticket after I had given up hope.

Quote:
This appears to be related to a recent SSL change.

The issue has been passed to our developers. Please note that, depending on priority of issues, there might be delay before they respond.

We appreciate your patience.
This is not much help, but it does hold out hope.
CCS is offline   Reply With Quote
Old 15 Aug 2013, 12:22 AM   #8
geek15
Junior Member
 
Join Date: Aug 2013
Posts: 5
What email client are you using? I just connected to my FastMail account using Mozilla Thunderbird using the following server settings.

Incoming Server Address: mail.messagingengine.com
Server Port: 995
Connection Security: SSL/TLS (When using STARTTLS, I am unable to download mail).

Outgoing Server Address: mail.messagingengine.com
Server Port: 465
Connection Security: SSL/TLS

I hope this helps!
geek15 is offline   Reply With Quote
Old 15 Aug 2013, 12:34 AM   #9
janusz
The "e" in e-mail
 
Join Date: Feb 2006
Location: EU
Posts: 4,933
There is no general problem with IMAP access, using the setting you quote.

But one of the users who reported problems runs Pegasus Mail V4.41, which is 7 years' old ....
janusz is offline   Reply With Quote
Old 15 Aug 2013, 03:48 AM   #10
kings8
Junior Member
 
Join Date: Aug 2013
Posts: 1
No good on latest Pegasus either.

IMAP doesn't work with Pegasus 4.63 (latest) either....can't connect. Works okay on my iPad/Phone though. Hope fix comes soon. I have years of email stored via Pegasus locally as well as on IMAP server.
kings8 is offline   Reply With Quote
Old 15 Aug 2013, 04:45 AM   #11
CCS
Junior Member
 
Join Date: Aug 2013
Posts: 7
It seems like the problem may be incompatibility with Pegasus. I use version 4.63 (Dec. 2011) which is less than 2 years old.

My ticket was updated today.

Quote:
--- Ticket Update (by Yassar Ali) (date 2013-08-14 06:52:03 UTC) ---
This is related to recent changes we made to our SSL protocol settings to
bring it up to industry best practice.

http://blog.fastmail.fm/2013/08/09/f...ward-secrecy-w
ith-httpstls-connections/

In theory, older software should just have fallen back to the older ciphers, but it seems your email software is having problems.

It seems Pegasus and Mercury has known SSL compatibility issues, and the developer has been working on it, but progress is slow it seems.

...

In the meantime, I think the best thing to do is change everywhere you've
using "mail.messagingengine.com" as the hostname to retrieve email from to "insecuressl.messagingengine.com".

We run an alternate configuration on insecuressl.messagingengine.com that
has reduced cipher strengths. This should allow mercury to connect and
retrieve, but with unfortunately lesser security. This is probably the
only option until a new verison of mercury appears with better SSL
support.
--- End Update ---
I tried "insecuressl.messagingengine.com" successfully for POP.

Last edited by CCS : 15 Aug 2013 at 04:50 AM.
CCS is offline   Reply With Quote
Old 15 Aug 2013, 04:47 AM   #12
Pcar
Junior Member
 
Join Date: Aug 2013
Posts: 2
Quote:
Originally Posted by kings8 View Post
IMAP doesn't work with Pegasus 4.63 (latest) either....can't connect. I have years of email stored via Pegasus locally as well as on IMAP server.
I have received a reply from developers:

Quote:
This is probably related to recent changes we made to our SSL protocol settings to bring it up to industry best practice.

http://blog.fastmail.fm/2013/08/09/f...s-connections/

In theory, older software should just have fallen back to the older ciphers, but it seems your email software is having problems.

It seems Pegasus and Mercury has known SSL compatibility issues, and the developer has been working on it, but progress is slow it seems.

http://www.pmail.com/devnews.htm

In the meantime, I think the best thing to do is change everywhere you've using "mail.messagingengine.com" as the hostname to retrieve email from to "insecuressl.messagingengine.com".

We run an alternate configuration on insecuressl.messagingengine.com that has reduced cipher strengths. This should allow mercury to connect and retrieve, but with unfortunately lesser security. This is probably the only option until a new verison of mercury appears with better SSL support.
I was already using the work-around posted by Chris02 in post #1 which worked for IMAP and SMTP

If all versions of Pegasus and Mercury are affected, I'm sure other software will be too.

Disappointing that admin haven't updated the SSL blog post and the status page with this fix for Pegasus/Mercury users
Pcar is offline   Reply With Quote
Old 18 Aug 2013, 03:50 AM   #13
LBfan
Junior Member
 
Join Date: Aug 2013
Posts: 1
Pegasus 4.63

In my case IMAP using the regular settings was working just fine in Pegasus 4.63 until some point in the last 7 days, with August 9 being the obvious candidate day. I found this forum and changed the server to insecuressl.messagingengine.com and now I am connecting.

So the fallback to the older protocol when the revised one does not work does seem to be an issue.
LBfan is offline   Reply With Quote
Old 21 Aug 2013, 09:40 AM   #14
CCS
Junior Member
 
Join Date: Aug 2013
Posts: 7
Just thinking ...

Probably the thing that is new about the revised SSL standards is that a backdoor has been inserted for the NSA.

So, it might be a good idea for anyone concerned with possibly having a semblance of security to use

insecuressl.messaging engine.com

so that they can continue to make use of the old SSL standards which might lack a backdoor.
CCS is offline   Reply With Quote
Old 21 Aug 2013, 03:39 PM   #15
robn
Master of the @
 
Join Date: May 2012
Location: Melbourne, Australia
Posts: 1,007

Representative of:
Fastmail.fm
Quote:
Originally Posted by CCS View Post
So, it might be a good idea for anyone concerned with possibly having a semblance of security to use

insecuressl.messaging engine.com

so that they can continue to make use of the old SSL standards which might lack a backdoor.
I highly recommend you don't do this. insecuressl supports various ciphers that are known to be insecure, broken, compromised or otherwise bad. We provide it as a courtesy to people using old clients that are known to have problems with newer secure ciphers, but we don't recommend it at all - its better than cleartext, but not much. See here for details:

http://blog.fastmail.fm/2009/11/18/s...r-old-clients/

If your client works with the standard access methods and ciphers, then use them. If it doesn't then use insecuressl, but be aware that it is what it says: insecure. Consider switching clients and/or contacting the developers of your client to request an update.
robn is offline   Reply With Quote
Reply


Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Forum Jump


All times are GMT +9. The time now is 05:07 PM.

 

Copyright EmailDiscussions.com 1998-2022. All Rights Reserved. Privacy Policy