Ask
Reply
Solution
11-12-2018 06:33 PM
I've been trying to set up an email client to talk to my server using IMAP and have run into a problem. It all works fine when connected to my wifi but when using mobile data it fails with a certificate error. The certificate is fine.
This evening out of curiousity I set my phone up as a hot spot using mobile data and lo and behold my laptop can't connect to the server that way either (and yes, my router is appropriately configured, I've been running this server for nearly ten years now).
There is a curious difference between the two sessions recorded by my mail client. This is how the normal wifi session starts:
11/12/2018 18:20:45 S: * OK VPOP3 IMAP4rev1 Server
11/12/2018 18:20:45 S: TLS0 OK STARTTLS OK
11/12/2018 18:20:45 C: { ------ TImapLoginTask started ------
11/12/2018 18:20:45 C: 1 CAPABILITY
11/12/2018 18:20:45 S: * CAPABILITY IMAP4rev1 AUTH=CRAM-MD5 NAMESPACE ACL UIDPLUS ENABLE IDLE LIST-EXTENDED CHILDREN SPECIAL-USE CREATE-SPECIAL-USE METADATA
11/12/2018 18:20:45 S: 1 OK CAPABILITY completed
<Login command succeeds>
...
But here is how the session starts when using my phone as a hotspot and mobile data:
11/12/2018 18:18:26 S: * OK VPOP3 IMAP4rev1 Server
11/12/2018 18:18:26 S: TLS0 NO Error in IMAP command.
11/12/2018 18:18:26 C: { ------ TImapLoginTask started ------
11/12/2018 18:18:26 C: 1 CAPABILITY
11/12/2018 18:18:26 S: * CAPABILITY IMAP4rev1 AUTH=CRAM-MD5 NAMESPACE ACL UIDPLUS ENABLE IDLE LIST-EXTENDED CHILDREN SPECIAL-USE CREATE-SPECIAL-USE METADATA LOGINDISABLED
11/12/2018 18:18:26 S: 1 OK CAPABILITY completed
<Login command fails: STARTTLS required>
It looks to me like the STARTTLS command is being blocked/mangled when the connection is going via Vodafone mobile data.
Solved! Go to best answer.
11-12-2018 07:58 PM
Oh, naughty Vodafone!
Having had my dinner I've spent a bit more time on this and if I modify things so that the Android app uses a different port it all works. So it appears that Vodafone are messing with traffic to port 143 to disable STARTTLS. Maybe it's an attempt to allow virus checking? I thought I'd turned off that safe networking thing - leastwise it says it's disabled in My Vodafone.
Much as I understand the thinking behind it I disapprove of ISPs that interfere with network traffic.
11-12-2018 07:58 PM
Oh, naughty Vodafone!
Having had my dinner I've spent a bit more time on this and if I modify things so that the Android app uses a different port it all works. So it appears that Vodafone are messing with traffic to port 143 to disable STARTTLS. Maybe it's an attempt to allow virus checking? I thought I'd turned off that safe networking thing - leastwise it says it's disabled in My Vodafone.
Much as I understand the thinking behind it I disapprove of ISPs that interfere with network traffic.
04-12-2019 07:55 PM
The usual reason ISPs interfere with mail related ports is to hinder spamming from virus infected computers (or smart fridges). Port 25 is the usual target - most ISPs block port 25, 143 not so much. Kind of sucks a bit though. Of course 143 is usually the non-encrypted IMAP port - not sure I would want to download email headers over a non-encrypted connection anyways.....however, I am not an email expert and I thought IMAP 143 was just for retreival so not sure it can be used for spam in the same way as SMTP port 25?
V
05-01-2020 08:19 PM - edited 05-01-2020 08:24 PM
Heh, funny how time flies!
I was reminded of this issue this weekend because I've just replaced my router and wondered why I had a port redirect named 'IMAP VF'.
I don't know if VF are still doing this or not (I'm still with them for mobile) but you're quite right that 143 is IMAP and it does not normally support sending mail. In theory such an extension could be added but I doubt anyone has ever bothered.
I suppose it might be an attempt to force people to use port 993 but that seems a curiously singular thing for VF to be trying to enforce on third party mail servers. It's almost like they are waging a private war against STARTTLS!
In searching I found people complaining about a similar issue with port 25 but I've apparently not fallen foul of that so maybe it was removed (there is some indication in one of those threads that it might have been - something about an 'optimisation' on 3G?!?). Maybe they forgot to remove it from port 143.
But by now they might have removed it. I don't know because I'm relying on my port redirect so my phone never tries to use 143 anyway