RE: [Fed-Talk] Mail.app ignores the "Verify Certificate" dialog?
RE: [Fed-Talk] Mail.app ignores the "Verify Certificate" dialog?
- Subject: RE: [Fed-Talk] Mail.app ignores the "Verify Certificate" dialog?
- From: "Miller, Timothy J." <email@hidden>
- Date: Thu, 4 Mar 2010 09:10:20 -0500
- Acceptlanguage: en-US
- Thread-topic: [Fed-Talk] Mail.app ignores the "Verify Certificate" dialog?
The ISP was doing SMTP redirecting on you, sending you to *their* server rather than Google's. This is usually done on captive-portal networks (like those found at hotels and coffee shops) from being used as launch points for spam dumping.
Login failed because it wasn't Google's SMTP service. You were correct to change your Google password afterward.
-- Tim
>-----Original Message-----
>From: fed-talk-bounces+tmiller=email@hidden [mailto:fed-
>talk-bounces+tmiller=email@hidden] On Behalf Of Dan
>Morrison
>Sent: Wednesday, March 03, 2010 11:31 PM
>To: Fed Talk
>Subject: [Fed-Talk] Mail.app ignores the "Verify Certificate" dialog?
>
>This isn't 100% Fed related, but I thought it would interest folks on
>this list.
>
>I'm staying in a hotel, and when I try to have Mail.app connect to
>smtp.google.com to send an email, I get the attached (does this list
>allow attachments?) dialog warning me that the certificate for
>smtp.google.com is a self-signed root cert from mail10.wildflower.net.
>
>I am told I can click "Connect" to "connect to the server anyway", or
>click "Cancel", which presumably drops the connection. When I click
>cancel, I then (after a few seconds) get a dialog telling me that the
>server "smtp.gmail.com" has rejected my password, and asking me to re-
>enter it. I am taking this to mean that even though I told Mail.app NOT
>to connect to the server, it went ahead and sent my password anyway,
>potentially providing an adversary with my password.
>
>I changed my Google Apps password just in case (and did not enter the
>new one in Mail.app), but this behavior seems to be very wrong. What is
>the point of warning me about an untrusted cert if it connects against
>my will anyway? Incidentally, the hotel is in Suffolk, VA.
>
>Thoughts?
>
>Dan
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden