Open Discussion → Bad Certificate - Grrrrrr

Bad Certificate - Grrrrrr

I have a domain with a hosting service. It's my main mail domain and it's also my main spam problem. Popfile does much to deal with the spam but I am unable to utilize the :SSL function in popfile because the cert at the host has a name mismatch and popfile considers it invalid. Unfortunately the situation isn't going to change. Is there a way to force popfile to use the bad cert? I really don't like using Thunderbird for a direct ssl download because then I have to depend on Thunderbird's spam scanner and it does not learn well at all. Thunderbird will, however, give me an option to accept that invalid cert.

Linux Mint 18.2 amd64 POPFile v1.1.3

  • Message #2189

    This might require a tiny bit of you hacking the popfile source. Are you accessing your mail using IMAP or POP3?

    • Message #2190

      I was figuring I'd have to hack something and did look through some files but found little regarding ssl. I am using the POP3 proxy

      • Message #2191

        OK. So let's try this hack:

        1. Find the file Proxy/Proxy.pm. Navigate to line 583. That's where the socket to the POP-server is opened.
        2. There is a list of options there (starting with "Proto" and ending with "Timeout". After Timeout, add another line that says:

        SSL_verify_mode => SSL_VERIFY_NONE,

        3. Restart POPfile and see if this fixed the issue.

        • Message #2192

          Your line #'s and mine don't seem to match. This is where I inserted the line. Is this the correct spot?

          $mail = IO::Socket::SSL->new( # PROFILE BLOCK START

          Proto => "tcp",
          PeerAddr? => $hostname,
          PeerPort? => $port,
          Timeout => $self->global_config_( 'timeout' ),
          SSL_verify_mode => SSL_VERIFY_NONE,
          Domain => AF_INET,

          ); # PROFILE BLOCK STOP

          I restarted popfile and tested. Same nil results:

          TBird error message:
          Sending of username did not succeed. Mail server 127.0.0.1 responded: can't connect to host3.ivchosting.com:995

          POPFile error message:

          pop3: 626: IO::Socket::INET or IO::Socket::SSL gets an error: SSL connect attempt failed error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed

          • Message #2193

            I am still trying to figure out a fix but nothing so far.

            It would be nice if POPFile provided an option to accept questionable certs.

        • Message #2194

          I seem to have gotten it to work by altering:

          SSL_verify_mode => SSL_VERIFY_NONE,

          to

          SSL_verify_mode => 0,

          Now the popfile log reads:

          pop3: 529: Attempting to connect to SSL server at host3.ivchosting.com:995
          pop3: 558: Connected to host3.ivchosting.com:995 timeout 60
          pop3: 682: POP3 proxy done

          POPFile is scanning the mail and classifying to buckets.

          Thanks for your help with this manni. Could not have done it without you.

          • Message #2195

            I am glad you were able to sort this out. Seems like the docs I consulted were too recent.

            • Message #2196

              I would be interested in reading the docs you are referring to if you have a link to them. I'm always up to learning something new.