Use LNotes client to send/receive mail from a yahoo (SSL) account

hcl-bot · June 9, 2009, 6:04pm

Hi,I use LotusNotes as my email client, using a Yahoo account.

This has worked perfect for Y E A R S, until the SSL was a requirement there (as their help page says).

Using it, ssl enabled, BOTH pop & smtp works nicely on RELEASE 5.

But I haven’t been able to use it on Release 6, 7 nor 8 (what a shame!).

On R8, for example:

From menu File/Security/User Security… Identity of others… button [Retrieve internet service certificate]

Service name: pop.mail.yahoo.com

Protocol: POP3 (port 995)

       or

Service name: smtp.mail.yahoo.com

Protocol: SMTP (port 465)

When connecting apears the message:

ssl error: invalid peer

Therefore, when trying to send/receive, the [Replicator Page] says:

SSL bad peer certificate. Connection refused.

And the client’s [LOG] says:

POP3Client: RetrieveMessages

POP3Client: Connect: Host pop.mail.yahoo.com, Port 995, Use SSL: 1

POP3Client: Connect: Attempt to Establish SSL Session Failed. Status: 7291.

	or

SMTPClient: Starting to transfer 1 messages to smtp.mail.yahoo.com for user CN=My Name/O=MEX

SMTPClient: Attempting to Connect: Host smtp.mail.yahoo.com, Port 465, SSL Port 0, Connecting Domain [192.168.1.67]

SMTPClient: SSL handshake error: 1C7Bh

SMTPClient: Attempting to Disconnect:

SMTPClient: Connection already disconnected

Some search results on web say that we should pay for the “yahoo plus” version in order to use an external client.

But why should that be a requirement since it works on an R5, for free ¿?

I have also copied exactly the names.nsf from that version in order to use exactly the same configuration (accounts/certificates) without success.

That’s why I think that this problem is on the LNotes side, rather that the yahoo provider.

Hoping someone there knows a tip about this.

hcl-bot · July 5, 2009, 6:28pm

Subject: Same problem

1/ I’m also using Yahoo small business and getting the same problems. 2/ Extract from Notes log : 05/07/2009 23:00:37 [1E34:0004-1B70:wrepl] POP3Client: Connect: Host pop.bizmail.yahoo.com, Port 995, Use SSL: 1

05/07/2009 23:00:40 [1E34:0004-1B70:wrepl] POP3Client: Connect: Attempt to Establish SSL Session Failed. Status: 7291.

Client replicator pannel (french): Certificat homologue SSL erroné.

3/ The Yahoo certificate’s DN is CN=pop.bizmail.yahoo.com/OU=Yahoo/O=Yahoo! Inc./L=Santa Clara/ST=California/C=US

I tried a version Notes 5 : Files/tools/Add Internet Cross Certificate. It may be the solution for you. Not for me because Notes 5 can’t use my current id…

4/ I’ll try to do from 8.5 security

hcl-bot · July 6, 2009, 3:37am

Subject: POP3 & SSL works like a charme on port 995 with Outlook Express

This post logs my investigations

0/ Despite the fact I set my POP account to not send any X509V3 certificat, as my Id contained an old one, I tried to suppress it (and restart Notes) without any improvement

1/ Notes.ini debug variable used

POP3ClientDebug=1

Debug_Outfile=C:\temp\DEBUG.LOG

2/ I did not found any way to get and cross certify Yahoo certificate from Notes client 8.5 (basic or std)

3/ POP3 & SSL works like a charme on port 995 with Outlook Express

hcl-bot · September 15, 2009, 1:54pm

Subject: Solution Tip (yahoo account)

A tip found, if it helps someone else.

Post refering to a yahoo connection.

http://www-10.lotus.com/ldd/nd8forum.nsf/4d33daaa03bb930385256a0700727b3b/3c80518cd5bf60cd852575850048bfcf?OpenDocument

(As I said at the beginning, I have a normal yahoo free account. And using R5 the pop/smtp SSL works perfect, but NOT on R6, R7, R8 due to retrieve the internet service certificate always gets an “ssl error invalid peer”).

Tip…

On the account-documents, the SSL are disabled, both pop & smtp.

The pop retrieves from the default [110] port, but the smtp sends to the [587] port.

At least working by now.

hcl-bot · July 6, 2009, 4:34am

Subject: Option to import Internet certificate

Next investigation : does Notes need a cross certificate ?

1/ The before mentioned Notes 5 option which enable to import a certificate throught connection is now hidden in file/security/Other identity but (and this is where I do appreciate IBM Lotus “ease of use”) you have to select the third radio button to see a new dialog box where a button brings a new dialog box - not a typo, real sequence ! -… I would have sent a good picture of it but this is a plain text wiki

Conclusion is : “bad SSL pair”

2/ However I have been able to

import Equifax root certificate and crosscertify it
import pop.yahoo.bizmail.com

I also used IE 7 to connect to pop.yahoo.bizmail.com:995, copy certificats to file and then importing them.

2 lost hours