Why do I Need to Change the Configuration in My Email Program?
The PCUG DSL Service uses a server outside the PCUG network of servers. In order to send emails ADSL subscribers will need to use the special authenticated email relay setup. This is necessary because the PCUG servers are protected from intrusion by unauthorised people.
ADSL Subscribers will need to configure their email program to use a secure connection. The details are set out below.
PCUG Authenticated Email Relay for Outgoing Mail
The details of the PCUG authenticated email relay are :
server name: smtps.tip.net.au - this is NOT a typo, is says "smtps" - please be careful typing this into your email program.
ports: 25, 465, or 587
On port 25, there is a normal mail server that also allows a client to switch to a secure connection (user the standard STARTTLS command).
On port 465, the secure connection must be established before the mail server will communicate at all.
Port 587 is the same as port 25 except you MUST establish a secure connection. Having port 587 available allows people to get around restrictions placed on outgoing connections to port 25 (by certain enlightened ISPs like TIP :-)). After establishing a secure (TLS) connection, the user can authenticate using their standard PCUG email username and password (not their special ADSL log-in ID and password).
The certificate that we use for the TLS (security) has been issued by CAcert.org , and the CA root certificate can be obtained form this web site if a users mail client requires it. Otherwise, clients may just trust us (as they currently do with our web site).
If you do need to download the the TLS security certificate from the CAcert web site . Go to that web site and download the CA root certificate from the link in the second paragraph "please install our root certificate". You will see a pop-up window that says "Install the CAcert root certificate (followed by a long URL)". Download the installation file to a suitable location in your computer, which you can find later when you need it. The file will have this name (or one very similar) - "cacert.crt.cer". Make sure you know where the file is as you will need it later. If you use Eudora you may not need to do this - try without it first.
PCUG Secure POP (Incoming Mail) Server Configuration
The PCUG email servers also have the ability to support secure connections to the TIP server, for incoming mail, which means your login and password details can be protected. These are sent in the clear, which means they can potentially be snooped whilst in transit, if subscribers use dial-up or TransACT broadband and have not implemented the set up below. This is not of concern if you are accessing the server from the TIP networks (ie TIP dialin or TIP TransACT broadband), but is if accessed from elsewhere (i.e. via any other ISP, including the TIP Comindico ADSL service). If you are accessing the server from elsewhere, outside the TIP networks, you are STRONGLY ENCOURAGED to alter your mail client configuration to use a secure connection option, as outlined below.
There are actually two variants of this - depending which mail client you use, typically one or the other is supported. In all cases you should specify the POP (Incoming Mail) Server host as: POP Server Name: mailhost.pcug.org.au Then look for one of the following options: a) POP with STARTTLS (or STLS) support - on port 110 This is typically an option like "use STARTTLS command to start SSL session" and port 110 should be the default choice b) POPS (which is POP over SSL) - on port 995 This is typically an option like "Use secure connection (SSL)" and port 995 should then be set as the default choice
Note that this uses a DIFFERENT server for the outgoing vs incoming email. This is correct. Otherwise you will need to configure your Outgoing Email SMTP server to be that of the ISP you are using.
Save and restart the mail client - you should then have secure access.
All of our main secure servers (POP, SMTP and WWW) now use certificates issued by CAcertifications . To stop warning messages annoying you, you should install the main CAcert Root certificate on your system, so it can then verify our (and various others organisations) certificates issues by them. Instructions for doing this on various systems are given at: CAcertifications Help
If you have any problems with the above configurations, please contact the TIP Help Team by posting to tip.help or emailing help@tip.net.au
------------------------------------------------------------------How do I configure Outlook to use the service? (Thanks to Owen Cook for this information).
Before going further, if you have not already downloaded the CAcert root certificate, do so now. Once it is downloaded, double click on the file and select "Install Certificate". Allow the installation program to install the certificate in the correct location. Once that is done Outlook will recognise the security certificate in the PCUG servers as valid.
Outlook 2000 and Outlook Express 6.0 can both be configured to use the SAMS service. Win 95 with OE5.5 can also be configured. In either case:
Outlook 2000 is now reconfigured to use the service (no need to restart it).
1. Leave settings for Incoming Mail the same - "mailhost.pcug.org.au". Please try to send an email to someone you know who will tell you whether it arrived or not. If you are asked for a password enter your PCUG email password. If the email does not go make a note of all error messages and seek help. Give all the error messages to Help.
2. If you have your email program set up to dial in automatically when you check mail, you will need to disable that setting.
NOTE: If you are changing from a dial-up account and decide to create a new ADSL mail account, be sure to go to Outlook Express Tools|Accounts|Old dialup account|Properties|General Tab and de-select "Include this account when receiving mail or synchronising". Otherwise the system may try to use dial-up as well as ADSL. But creating a new mail account should be unnecessary - the old one should work OK.
3. Restart Computer.
______________________________________________________How do I configure Eudora to Use the Service?
First, in order to use the PCUG secure authenticated email relay, you must have Eudora version 6.1.1. or later and use either the Paid or Sponsored mode. Earlier versions and versions operating in Light Mode cannot connect with the the PCUG authenticated email relay servers.
Next, you will need to decide if you will use your Dominant Personality for sending emails or set up a separate personality for that purpose. If you decide to use your Dominant Personality follow the instructions below. If you prefer to use a separate Personality for sending emails skip the next few paragraphs and go to the section which describes how to set up and configure a separate personality.
Using Your Dominant Personality for Sending Emails
Go to the Tools menu in Eudora - click on "Tools" in the menu bar, then scroll down to "Options". Scroll down the "Category" list on the left and select "Sending Mail". In the right hand column first go to the box called "SMTP server:" and replace "mailhost.pcug.org.au" with "smtps.tip.net.au". Next, select "Allow authentication". In the selection against "SMTP Relay Personality:" select "Dominant". Under "Secure Sockets when Sending" select "Required, Alternate Port". Click OK.
Next try to send an email to someone you know who will tell you whether it arrived or not. SMTP authentication should operate automatically in Eudora. If you have followed the instructions in the paragraph above, Eudora will attempt authentication to the PCUG server. (Eudora's preferred SMTP authentication method is CRAM-MD5. If CRAM-MD5 is not available, LOGIN or PLAIN will automatically be used. The PCUG server does not use CRAM-MD5, but does use LOGIN or PLAIN.)
Once Eudora discovers that your SMTP server allows authentication, when you send messages, a dialog box appears that prompts you to enter your PCUG email password. If the email does not go, make a note of all error messages. If the error message is - "Certificate Error: Cert Chain not trusted. Try adding this certificate to your certificate database for SSL to succeed Unknown certificate chain validation error: Code(0)", follow the instructions in the next paragraph.
After you have tried to send an email go to "Personalities" in Eudora - either in the panel which shows all personalities you have created, or by selecting Tools then Personalities. Once in "Personalities", select "Dominant" then right click. Left click on "Properties" then press the button "Last SSL Info". A new window will open which lists information about your attempt to connect. Press the bar at the bottom of the window "Certificate Information Manager". The Certificate Information Manager window will open. At the top of the window there should be a certificate showing under "Server Certificates" - "Root CA,
You should now be able to send emails through the PCUG authenticated email relay. Try again to send an email. If you see any error messages note down all the details and seek help. Give all the error messages to Help.
Once you have secure authenticated email relay set up, each time you restart Eudora the first time you send an email through the SMTPS server you will be asked to re-enter your PCUG email password. This is necessary for authentication reasons.
Create a New Personality for Sending Emails
To create multiple personalities in Eudora, go to the Tools menu, select Personalities. A window will appear listing your Personalities. Right click and select New. Create a personality which will use your PCUG emailusername and password to send mail. A new window called "Create New Account" will appear. In the various fields enter -
Make sure the "Check Mail" box in the lower left hand corner is unchecked if you do not wish to check mail on this email account. If you do plan on using this personality to check mail select the "Incoming Mail" tab and enter the POP server "mailhost.pcug.org.au". Click "OK" when you are finished.
Now go back to the Tools menu, Options, click Sending Mail. In the window in the right column, in the "SMTP Relay Personality" field choose the personality previously set up for the STMP relay from the menu. (None is the default.) Click "OK".
Note: All messages sent from each of your personalities will use the email address for that selected personality. It will not use the email address for the specified "SMTP Relay Personality". For example, if you bring your computer to work, you can easily change your SMTP relay to a personality which uses a different ISP to send mail through your work connection. Or you can set the SMTP relay personality to "None" so that you can send mail using the settings specified for each personality.
Next try to send an email to someone you know who will tell you whether it arrived or not. SMTP authentication should operate automatically in Eudora. If you have followed the instructions in the paragraph above, Eudora will attempt authentication to the PCUG server. (Eudora's preferred SMTP authentication method is CRAM-MD5. If CRAM-MD5 is not available, LOGIN or PLAIN will automatically be used. The PCUG server does not use CRAM-MD5, but does use LOGIN or PLAIN.)
Once Eudora discovers that your SMTP server allows authentication, when you send messages, a dialog box appears that prompts you to enter your PCUG email username password. If the email does not go, make a note of all error messages. If the error message is - "Certificate Error: Cert Chain not trusted. Try adding this certificate to your certificate database for SSL to succeed Unknown certificate chain validation error: Code(0)", follow the instructions in the next paragraph.
After you have tried to send an email go to "Personalities" in Eudora - either in the panel which shows all personalities you have created, or by selecting Tools then Personalities. Once in "Personalities", select "Dominant" then right click. Left click on "Properties" then press the button "Last SSL Info". A new window will open which lists information about your attempt to connect. Press the bar at the bottom of the window "Certificate Information Manager". The Certificate Information Manager window will open. At the top of the window there should be a certificate showing under "Server Certificates" - "Root CA,
You should now be able to send emails through the PCUG authenticated email relay. Try again to send an email. If you see any error messages note down all the details and seek help. Give all the error messages to Help.
Once you have secure authenticated email relay set up, each time you restart Eudora the first time you send an email through the SMTPS server you will be asked to re-enter your PCUG email password. This is necessary for authentication reasons.
If when trying to send an email you get a message from your virus checker and the email does not go, you may need to disable virus checking on sending emails. See the instructions for your virus checker.
If you try to send an email using the PCUG authenticated email relay but it fails to go and you get this message - "Authenticated SMTP, Connecting to the Mail Server ...., EHLO (your computer name).pcug.org.au [time in 24 hour minutes and seconds] SSL Negotiation Failed: You have configured this personality/protocol to reject any exchange key lengths below 0. , But the negotiated exchange key length is -1 Hence this established secure channel is unacceptable. Connection will be dropped. Cause: [2023]". The problem is due to Eudora not trusting the PCUG certificate. Make a note of exactly what you did and seek help.
---------------------------------------------------------------------------------------Some FAQ About Authenticated Email Relay
End of PCUG DSL - Configuring Your Email Client Program
All Suggestions for improvement or correction to this document will be welcome - send to email address below.
If you need help email - "help@tip.net.au"