💾 Archived View for tilde.pink › ~ssb22 › wmemail.gmi captured on 2023-11-04 at 11:47:15. Gemini links have been rewritten to link to archived content

View Raw

More Information

⬅️ Previous capture (2023-01-29)

-=-=-=-=-=-=-

Old notes: Windows Mobile email setup

These notes are old: I stopped running dovecot-imapd in April 2019, so this setup was *not* tested on the newer Raspbian 10 which was released later that year, nor any version of Raspberry Pi OS from 2020+.

This page has some notes on running old Windows Mobile phones (dating from 2003 to 2009/10) with modern email systems.

SSL encryption problem with built-in client

Email is no longer likely to work on Windows Mobile’s built-in client because its SSL encryption options are now considered insecure and are usually disabled server-side. Cambridge’s server switched off RC4 in January 2016 and GMail’s in June, by which time Yahoo, Hotmail and iCloud had also stopped working. AOL still worked until November 2017 if you didn’t mind connecting to their *non-*SSL server—I suggested using ImapFix’s secondary_is_insecure setting to remove addresses from the plaintext copy—but then they shut this down and their SSL server didn’t work with WM.

Personally I didn’t think the known RC4 attacks on Web traffic are also feasible on IMAP unless poll frequency is set way too high, so I think there’s a valid argument for re-enabling older ciphers *for email only* so as to allow old WM phones to connect. But the sysadmins were worried I might be wrong, and eventually GNU/Linux distributions started disabling these ciphers at the SSL *library* level (e.g. Debian bug #875423), so sysadmins can’t now turn them back on even if they *want* to, unless they recompile their system libraries from source or risk running outdated distributions. This also means you can’t just set up Dovecot on a Raspberry Pi or something and expect a quick ssl_cipher_list = ALL to solve your problem: you’d be left with log entries that say SSL routines:tls_process_client_hello:version too low, and the WM device will probably say “A secure sockets layer (SSL) connection could not be established” when “require SSL” is turned on, or perpetually re-request your password when “require SSL” is turned off (but its exact message may vary).

You *can* still run on a home server what used to be possible with AOL: use IMAP *without* SSL, and ImapFix’s secondary_is_insecure setting to remove addresses from the plaintext copy of your inbox. To do this with dovecot-imapd you’ll need to set disable_plaintext_auth = no in /etc/dovecot/conf.d/10-auth.conf and I strongly recommend changing the passdb section in /etc/dovecot/conf.d/auth-system.conf.ext so it uses driver = passwd-file instead of driver = pam, with args = a path to some alternate passwd file you set up specially for email (use echo `whoami`:`doveadm pw -s CRYPT` > passwd), so you don’t have to send your system login password in the clear whenever you check your email. You might also want to edit 10-mail.conf commenting out mbox and uncommenting maildir options to reduce the disk writes needed for small incremental updates. (With some Dovecot versions you also need to ensure the mailbox is *not* on a fusecompress mount.) Then do /etc/init.d/dovecot restart, open port 143 on your firewall (or set up a script to open it temporarily when requested in some way), and use ImapFix to synchronise your mail there.

For *sending* email from the phone, you’ll also need an SMTP server it can connect to—and this will have the same issues with SSL libraries. I wouldn’t recommend connecting to *SMTP* with a plaintext password—there’s a *big* difference between “sniffing your password to read an inbox from which the most sensitive information has already been redacted” and “sniffing your password to send emails *from* your server”, especially if you have scripts that say emails provably from that server can run certain commands. But the lack of SMTP is not a *major* issue, because it’s hard to type much on a small WM keyboard anyway, and it’s rare that urgent matters can’t be dealt with by SMS or voice call until you get to a proper keyboard.

Other notes on built-in client

If you have a server to which the phone *can* connect:

Third-party clients

You could try (the old WM version of) profimail.cab which supports more SSL options than the built-in client, but even this began to fail to connect to Cambridge servers in December 2016 (reporting error 10022, which is Microsoft speak for an invalid parameter somewhere). If it *does* connect to your server:

Otherwise you might have to use PocketPUTTY, which is not suitable for offline use (although you can long-press to paste in a pre-written email when signal becomes available). It won’t work on non-touchscreen models although a more-awkward SSH “midlet” does.

Legal

Usual disclaimers apply—all the above is at your own risk. All material © Silas S. Brown unless otherwise stated. Debian is a trademark owned by Software in the Public Interest, Inc. Linux is the registered trademark of Linus Torvalds in the U.S. and other countries. Microsoft is a registered trademark of Microsoft Corp. Python is a trademark of the Python Software Foundation. Raspberry Pi is a trademark of the Raspberry Pi Foundation. Unicode is a registered trademark of Unicode, Inc. in the United States and other countries. Windows is a registered trademark of Microsoft Corp. Any other trademarks I mentioned without realising are trademarks of their respective holders.