Change in sending email
October 06
Home Services Issues & Themes News and Actions Support & Software Training About

 

In order to provide additional security when you use email, we intend to enable a feature called "secure SMTP" from Tuesday, 10 October 2006. Most people will not notice any difference. However, for people who use Eudora versions 4, 5 or 6 for Windows, it is likely that you will need to make one or two changes to your Eudora options, which are described below.

There may also be corresponding issues with one or two other e-mail or antivirus programs or mail servers. In some cases, such as Eudora version 7, the email program will simply ask you if you want to trust the new certificate, and you can click "Yes".

Why we are doing this

SMTPS (secure simple mail transfer protocol) is a way of sending your outgoing messages to our servers for onward delivery in such a way that they are very hard to intercept. Human Rights Watch has recently recommended use of secure email and web protocols when communicating in certain countries (see this report). Without a secure (encrypted) connection, it could also be theoretically possible for someone to read the content of your email messages or even your GreenNet password, for example if you are sending over a wireless network. GreenNet also provides HTTPS for webmail, POPs, and IMAPs for those with IMAP enabled. Note that this is not the same as end-to-end email encryption available using software like Enigmail or Ciphire, and email is still safely stored in unencrypted form in your mailboxes.

Symptoms of new certificate problem in Eudora

When sending in Eudora, there may be an uninformative error message, or you may see one or more of the following "SSL Negotiation Failed" errors in the task list:

  • SSL Negotiation Failed: Certificate Error: Cert chain not trusted. Try adding this certificate to your certificate database for SSL to succeed. Certificate Error: Unknown and unprovided root certificate. Cause (-6995) (or -6994)
  • Certificate bad: Destination Host name does not match host name in certificate Cause (-6984)

You may also have had a issue with receiving email back in February which was resolved by changing "Secure Sockets when Receiving" to "Never". See also the Eudora help page at http://eudora.com/techsupport/kb/2323hq.html

What to do for Eudora for Windows

Eudora 6.2.3, 7.0 and above should be able to cope with the new certificate more easily. There are therefore three possible ways of solving this.

  • Upgrading Eudora to the latest version from http://www.eudora.com (16MB, about 2hrs on 56K connection)
  • Telling Eudora not to use secure SMTP
  • Telling Eudora to accept the certificate

We recommend using the third option so that you can use secure SMTP:

  1. Try sending an email in order to get the error message. If the email is sent successfully, you need do nothing more.
  2. In the main Eudora window, click on the "Tools" menu, then "Options"
  3. From the list of categories on the left, choose "Sending Mail"
  4. Check the "SMTP server" box, usually third from the top. This may say smtp.greennet.org.uk. Delete this and replace it with "smtp.gn.apc.org"
  5. Click on "Last SSL Info" at the bottom right of the options box
  6. Click on "Certificate Information Manager" at the bottom right of the "Eudora SSL Connection Information Manager" box
  7. Download this file (if necessary by right-clicking and choosing Save as)
  8. Within Eudora's Certificate Information Manager, click on Import Certificate, and choose the file you have just downloaded.
  9. Click 'Done' and try to send mail again. If this succeeds, skip to the last step.
  10. Go back to the Certificate Information Manager. Under "Server Certificates", there should be a certificate beginning
    GB, *.gn.apc.org
  11. (The thumbprint identifying the certificate should read 0B0B 3B11 B712 11BD 923B 0FAF 4383 5A25 5585 AAED . There should be no need to check this.)
  12. Click on this, and then the "Add to trusted" button.
  13. Click "Done", "OK", and "OK"
  14. Try sending again
  15. If this works successfully, you may like to change the "Checking mail" secure sockets option from "Never" to "If Available, STARTTLS", so as to also receive email using a secure connection.

(Incidentally, ou may also be able to reach "Eudora's Certificate Information Manager" in the same way through the "Checking mail" category if you have produced the error by checking mail with STARTTLS turned on.)

If there is still an error : similar to the above (or you want to continue sending email unencrypted), turn off secure SMTP as follows:

  1. In the main Eudora window, click on the "Tools" menu, then "Options"
  2. From the list of categories on the left, choose "Sending Mail"
  3. At the bottom of the Options box is "Secure Sockets when Sending". Change this from "If Available, STARTTLS" to "Never".
  4. Click OK, and try sending again

Apple Mac

For OS 9, you may see a "Unknown SSL Certificate" error.

  1. Click "Open"
  2. Ensure "Add to keychain" is ticked and "Always trust"
  3. Click "OK" and Done

There may be problems with Eudora on OS X 10.1 requiring an upgrade of OS X or Eudora, or turning off SSL in the Settings. If you have problems sending under any version of Mac OS X, try downloading the root certificate to your desktop (hold down the Control key when clicking), double click on the file, select the "X509 anchors" keychain, and click OK. You may then be prompted for your OS X password.

Further information

If have further questions, please phone us on 0845 055 4011 (or +44 20 7065 0942) between 9.30 to 5.30 Monday-Friday. (There is an answerphone service outside those hours, and we will endeavour to contact you at a convenient time.)

Search Code of Practice Calendar Web E-mail Bulletin board Jobs & Volunteering
GreenNet, Development House, 56-64 Leonard Street, London EC2A 4JX, Tel (UK): 0845 055 4011
Tel (int'l): +44 (0)20 7065 0935 Fax: +44 (0)20 7065 0936
Email: info@gn.apc.org