Using Outlook Express against Linux using IMAP/SSL

I wonder if anyone else here does this ?

I have a Linux box (RedHat 7.1) that I use for my email, dns and some web site stuff. I like to be able to read my home email when I'm at work and I also provide email accounts to some friends.

Because the email is being accessed remotely (and by non-techy friends with Win98 boxes) I have a few requirements:

- must be able to use Outlook Express as a client, because my friends are used to it and it is ever present (currently my friends' email gets forwarded to their ISP supplied POP3 mail box, but they want to change to using my server instead)
- must use IMAP, as I want to keep my mail on the server
- must use SSL because I don't want plain text passwords floating around
- should ideally use standard mbox files on the Linux box (I have a bunch of scripts that I would prefer not to have to rewrite, because I have to relearn perl every time I use it)

I have all of this setup and running. I am using the IMAPD that comes with RedHat, which I believe is the University of Washington one.

It all works brilliantly from my Win2k workstation on the local network, it is very fast even using SSL.

It doesn't work so well when I am connecting from work and I can't work out why.

What happens is when I am downloading new mail, the download keeps stalling and restarting the whole time. This means that just downloading a handful of messages over a couple of folder takes 5 minutes, instead of the 10 seconds it should take.

The only interesting thing that I see in the server logs is (with IPs and user names removed):

17:49:22 imaps alternative service init from xx.xx.xx.xx
17:49:22 Login user=andytest
17:49:23 Command stream end of file, while reading line user=andytest
17:49:53 imaps alternative service init from xx.xx.xx.xx
17:49:53 Login user=andytest
17:49:54 Command stream end of file, while reading line user=andytest

The server is sitting on my DSL line, on a real IP address (i.e. no NAT), behind a firewall that has the appropriate holes punched in it. My work machine is connected to the net via a NAT connection somewhere (it must be, as I my machine has a private IP address and everything works too well for transparent proxies to be involved).

I'd normally just turn on Ethereal and see what was happening, but I'm using SSL so I can't even do that.

Has anyone come across a problem like this before ?

Without knowing everything about your setup, at a guess, I'd say that it was because the server certificate you're using matches correctly on your internal address, but not on your external address.

Try the following:

Install a SSH client on your work machine that supports arbitrary port forwarding. ssh to your home machine and forward localhost:143 to your.home.machine:143

Point your email client at localhost:143

This should at least give you access to ssh's logging capabilities. If you're having trouble with the port forwarding, you could always just use pine in the ssh terminal.

Interesting guess, but no, that isn't the problem. I am using a self signed certificate and my server only has one IP address which is a public IP address.

That's an interesting idea, I'll have to give it a try.

You might also try using a network snooper anyway. While you can't see the data flying back and forth, you might at least see which end is closing the connection, which could help out your troubleshooting. Also, try it once without using SSL, in case there's some problem lying underneath that's causing the problem.

Just an update for anyone that is interested...

I gave up on the SSL built into Outlook Express in the end, I couldn't stop it from timing out the connection all the time. Punching a hole in my firewall and switching to straight IMAP worked at the speed it should do, so it was definitely the SSL side of things going wrong.

I installed the new version of putty and I am now using the built in port forwarding which is working brilliantly, finally I have secure IMAP at the right speed.

I would still like to know why the OE SLL isn't working properly remotely (works fine on my local network at home), but life is too short...

Bugger, just realised this solves the problem for me, but doesn't really help my non-techie friends as:

- I don't want them to have shell accounts
- I don't want them to have to mess around with putty and port forwarding

So, back to working out what is wrong with OE and it's SSL :-(

i was thinking about somehting earlier, you seem the one to advise me
i want to allocate some of my disk space to store image and files and such so that (with a domain name) i can refrence to them with an HTTP adress...
is this even possible
i cant really think of a logical way to do it
one problem right off the ba is that i lack a staic IP
but i didn't think that was a huge problem as i never shut down, maybe one a month. and if i did this i would run it on a seperate box..
any suggestions???
forgive the terrible spelling

I finally got this working several months ago, but it was excruciatingly slow. The authentication process took forever. In the end, I settled on a different method of encrypting my mail traffic back and forth to my server.

I use TeraTerm SSH fowarding. I have Teraterm open an ssh connection to my server from my laptop. Then on my laptop I have OE point all it's services to the SSH's local ports.

Fast and encrypted with practically no effort.

Greg

As far as getting a DNS name to associate with your dynamic IP address, take a look at this list of dynamic DNS services, a number of which are free.

I can handle the length of time it takes to authenticate, the problem is that it repeatedly times out and drops the connection, meaning it keeps having to reauthenticate.

These two were related for me. It would take forever to authenticate, and occassionally it would take too long, drop the connection reauthenticate, then take too long on retrieving messages, reauthenticate ...

Teraterm took it out of the hands of OE and made things quite a bit smoother.

g