From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail From: Eli Zaretskii Newsgroups: gmane.emacs.help Subject: Re: Clarification about forced TLS connections with remote mailboxes and smtp Date: Wed, 24 Apr 2024 08:52:12 +0300 Message-ID: <861q6v48ab.fsf@gnu.org> References: <875xw8cbs0.fsf@RISEUP> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214"; logging-data="23790"; mail-complaints-to="usenet@ciao.gmane.io" To: help-gnu-emacs@gnu.org Original-X-From: help-gnu-emacs-bounces+geh-help-gnu-emacs=m.gmane-mx.org@gnu.org Wed Apr 24 07:52:54 2024 Return-path: Envelope-to: geh-help-gnu-emacs@m.gmane-mx.org Original-Received: from lists.gnu.org ([209.51.188.17]) by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1rzVYr-0005x5-U6 for geh-help-gnu-emacs@m.gmane-mx.org; Wed, 24 Apr 2024 07:52:53 +0200 Original-Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1rzVYG-0008FH-VN; Wed, 24 Apr 2024 01:52:17 -0400 Original-Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1rzVYF-0008Ep-29 for help-gnu-emacs@gnu.org; Wed, 24 Apr 2024 01:52:15 -0400 Original-Received: from fencepost.gnu.org ([2001:470:142:3::e]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1rzVYE-0007Lk-QD for help-gnu-emacs@gnu.org; Wed, 24 Apr 2024 01:52:14 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=MIME-version:References:Subject:In-Reply-To:To:From: Date; bh=nR0HUi+mp05mPQ/0YUHfZvSrHA8NXbe2X/tEVxpvA34=; b=f5v7SmTmhF7dfo+FDOss muXLqYeoY3yIPJ3K6XVblXdt04idpBGuzVHvGlDxPFQQvG30ZvBr6zOwXnpRrO7fNv71dk2OiRtM4 4vsWJKXeCbBFucWqy98RE3l1ylzqHH0szcDwTb4Z7jDnvvuquSVr9g8XXsfnYx8mc40N153aiAZOF KQxeRnGtZyOeEjt2BTMcgsYtAhDXrOG4TMOqTVjx8/g09nBG3m6xSwxOTGyhPqBYuPLY/ycBfdttk WKuEBUlaXziyD9dZY2e5ROPM7PM2LY9SkkzU44r1MZKCwR3pQOI8+jGifz/LXqz+Ee//VoGsf7OQr iKN1qN38NBGWww==; In-Reply-To: <875xw8cbs0.fsf@RISEUP> (message from BP25 on Tue, 23 Apr 2024 16:57:19 +0100) X-BeenThere: help-gnu-emacs@gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Users list for the GNU Emacs text editor List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: help-gnu-emacs-bounces+geh-help-gnu-emacs=m.gmane-mx.org@gnu.org Original-Sender: help-gnu-emacs-bounces+geh-help-gnu-emacs=m.gmane-mx.org@gnu.org Xref: news.gmane.io gmane.emacs.help:146463 Archived-At: > From: BP25 > Date: Tue, 23 Apr 2024 16:57:19 +0100 > > I have a few questions. Is there a kind soul who would clarify a few > things for me please? I will try, but in general, all the info is in the Mailutils and Emacs manuals, ready for you to read on. > 1. I use Rmail to fetch my messages from remote mailboxes. Do you know > if using the url starting with pops:// or imaps:// always forces the > connection to be encrypted via TLS over SSL? The Mailutils manual says: pops Remote mailbox accessed using the "Post Office Protocol" (POP3). The transmission channel is encrypted using the "transport layer security" (TLS). The default port is 995. and similarly about imaps. > 1a. Then what happens when only the Emacs movemail is available? I think > that no encrypted connection is supported for the POP protocol then. The version of movemail that comes with Emacs does not support pops and imaps, so you will get failure to fetch email with some error message. > 1b. Suppose we're using instead the Mailutils movemail: does the --tls > flag only affect connections with URL starting by pop:// or imap://, and > doesn't affect connections whose URL starts by pops:// or imaps://? Not clear. Why is that important? > 2. I read on the movemail manual ``The deprecated POP3S protocol is also > supported. It is enabled by an URL beginning with pops:// instead of > pop://'' but I read on the Emacs manual ``If using Mailutils movemail, > you may wish to use ‘pops’ in place of ‘pop’.'' therefore I'm confused > on whether this syntax is obsolete or recommended! The latest Mailutils manual doesn't say this, and I think it was only relevant to pop3d, the daemon, so not relevant for you. > I use Message and I send emails by using smtpmail-send-it. I also set > variables smtpmail-smtp-service 465 and smtpmail-stream-type 'ssl. > > 3a. Does setting either one of these last two varibales already force > the connection to happen via TLS over SSL? smtpmail is about _sending_ email, not about _receiving_ it. So you are now asking about a different functionality altogether. The Emacs user manual says: The value of ‘send-mail-function’ should be one of the following functions: [...] ‘smtpmail-send-it’ Send mail through an external mail host, such as your Internet service provider's outgoing SMTP mail server. If you have not told Emacs how to contact the SMTP server, it prompts for this information, which is saved in the ‘smtpmail-smtp-server’ variable and the file ‘~/.authinfo’. *Note Emacs SMTP Library: (smtpmail)Top. IOW, the preferred way of using smtpmail is by having the ~/.authinfo file. If you have ~/.authinfo, smtpmail-stream-type should be nil. Whether the connection is encrypted depends on the SMTP server; usually using a certain port which is documented to accept encrypted connections will make your connection encrypted. > 3b. If neither of the two variables is set but the SMTP server I use > says that: > > --8<---------------cut here---------------start------------->8--- > ``If your mail client does not support secure SMTP, you cannot use our > server as your SMTP. You might have the option of choosing either TLS or > SSL for the secure connection. Both protocols work, but most ISPs will > block port 25 (used by TLS), so we recommend that you choose SSL'' and > later adds that ``For security reasons, we no longer support SSL.'' > --8<---------------cut here---------------end--------------->8--- > > then does it mean that I cannot have accidentally exposed my login > details or other information by initiating a nonencrypted connection? I don't think the above citation says anything about disclosing your login details. It's a general statement that warns you about using insecure SMTP. > 3c. Do you agree that the quoted information from my SMTP server above > is confusing? Maybe (you only show a small part of it), but in any case, that server is not part of Emacs, is it?