In order to provide additional security when you use email, we intend to enable a feature called “secure SMTP“ from Tuesday, 10 October 2006. Most people will not notice any difference. However, for people who use Eudora versions 4, 5 or 6 for Windows, it is likely that you will need to make one or two changes to your Eudora options, which are described below.
There may also be corresponding issues with one or two other e-mail or antivirus programs or mail servers. In some cases, such as Eudora version 7, the email program will simply ask you if you want to trust the new certificate, and you can click “Yes”.

You may notice this is quite an old article. If you are having problems with *Eudora 7 in 2016*, the following may not be helpful as the problem is caused by yet another root certificate, which in this case can't be assimilated into Eudora. Therefore you may need to trust the individual cert, so please see these instructions instead.

Why we are doing this

SMTPS (secure simple mail transfer protocol) is a way of sending your outgoing messages to our servers for onward delivery in such a way that they are very hard to intercept. Human Rights Watch has recently recommended use of secure email and web protocols when communicating in certain countries (see this report). Without a secure (encrypted) connection, it could also be theoretically possible for someone to read the content of your email messages or even your GreenNet password, for example if you are sending over a wireless network. GreenNet also provides HTTPS for webmail, POPs, and IMAPs for those with IMAP enabled. Note that this is not the same as end-to-end email encryption available using software like Enigmail or Ciphire, and email is still safely stored in unencrypted form in your mailboxes.

Symptoms of new certificate problem in Eudora

When sending in Eudora, there may be an uninformative error message, or you may see one or more of the following “SSL Negotiation Failed” errors in the task list:

  • SSL Negotiation Failed: Certificate Error: Cert chain not trusted. Try adding this certificate to your certificate database for SSL to succeed. Certificate Error: Unknown and unprovided root certificate. Cause (-6995) (or -6994)
  • Certificate bad: Destination Host name does not match host name in certificate Cause (-6984)

You may also have had a issue with receiving email back in February which was resolved by changing “Secure Sockets when Receiving” to “Never”. See also the Eudora help page

What to do for Eudora for Windows

Eudora 6.2.3, 7.0 and above should be able to cope with the new certificate more easily. There are therefore three possible ways of solving this.

  • Upgrading Eudora to the latest version from http://www.eudora.com (16MB, about 2hrs on 56K connection), or switch to Mozilla Thunderbird
  • Telling Eudora not to use secure SMTP
  • Telling Eudora to accept the certificate

 

We recommend using the third option so that you can use secure SMTP:

  • Try sending an email in order to get the error message. If the email is sent successfully, you need do nothing more.
  • In the main Eudora window, click on the “Tools“ menu, then “Options
  • From the list of categories on the left, choose “Sending Mail
  • Check the “SMTP server“ box, usually third from the top. This may say smtp.greennet.org.uk. Delete this and replace it with “smtp.gn.apc.org
  • Click on “Last SSL Info“ at the bottom right of the options box
  • Click on “Certificate Information Manager“ at the bottom right of the “Eudora SSL Connection Information Manager” box

 

  • Download this file (if necessary by right-clicking and choosing Save as)
  • Within Eudora’s Certificate Information Manager, click on Import Certificate, and choose the file you have just downloaded.
  • Click ‘Done’ and try to send mail again. If this succeeds, skip to the last step.
  • Go back to the Certificate Information Manager. Under “Server Certificates”, there should be a certificate beginning

GB, .gn.apc.org

  •  
  • Click on this, and then the “Add to trusted“ button.
  • Click “Done“, “OK”, and “OK”
  • Try sending again
  • If this works successfully, you may like to change the “Checking mail” secure sockets option from “Never” to “If Available, STARTTLS”, so as to also receive email using a secure connection.

(Incidentally, you may also be able to reach “Eudora’s Certificate Information Manager” in the same way through the “Checking mail” category if you have produced the error by checking mail with STARTTLS turned on.)
If there is still an error : similar to the above (or you want to continue sending email unencrypted), turn off secure SMTP as follows:

  • In the main Eudora window, click on the “Tools” menu, then “Options”
  • From the list of categories on the left, choose “Sending Mail”
  • At the bottom of the Options box is “Secure Sockets when Sending”. Change this from “If Available, STARTTLS” to “Never”.
  • Click OK, and try sending again

 

Apple Mac

For OS 9, you may see a “Unknown SSL Certificate” error. *Click “Open” *Ensure “Add to keychain” is ticked and “Always trust” *Click “OK” and Done

There may be problems with Eudora on OS X 10.1 requiring an upgrade of OS X or Eudora, or turning off SSL in the Settings. If you have problems sending under any version of Mac OS X, try downloading the root certificate to your desktop (hold down the Control key when clicking), double click on the file, select the “X509 anchors” keychain, and click OK. You may then be prompted for your OS X password.

Port numbers

Normally, email uses ‘port 25’ to send and a secure SSL connection is available on that. However, some ISPs and institutions block outgoing port 25, so you will want to use port 587 if you are using a standard email program, or port 465 if you want to use a secure connection using Microsoft Outlook, Outlook Express or Windows Mail. These account settings are usually configured in ‘Server’, ‘Advanced’ or ‘More Settings…’ (Outlook).

Further information

If have further questions, please phone us on 020 7065 0942 between 9.30 to 5.30 Monday-Friday. (There is an answerphone service outside those hours, and we will endeavour to contact you at a convenient time.)