/mail/community?hl=en
/mail/community?hl=en
12/12/12
Original Poster
Hannes Schmidt

Fetching mail from external accounts via secure POP3 broken since Dec 10

I have two Gmail accounts which are configured to fetch mail from external POP3 accounts via TLS (port 995). Each Gmail account fetches from a different external account but both external accounts are hosted on the same POP3 server. No changes were made to either the external POP3 server or the Gmail accounts configuration. On Dec 10, one Gmail account fails to fetch messages:
 
Error fetching mail. Mail from this account has not been retrieved since Dec 10
 
with the following error message undert "View details"
 
SSL Security Error. [ Help ]
Server returned error "SSL error: self signed certificate"
 
The other Gmail account fetches mail ok. Again, both accounts fetch from the same external server!
 
From the point of view of the external server, the POP3 client who fails to fetch mails is at 209.85.212.135 whereas the POP3 client that fetches successfully is at 209.85.212.38. I am attaching a Wireshark packet dump which shows that the POP3 server rejects the connection setup with a TLS Encrypted Alert message.
 
Could this have to do with [1], e.g. the Google load balancers terminating SSL with a temporary self-signed client certificate? I think [2] and [3] might be related.
 
[1] http://static.googleusercontent.com/external_content/untrusted_dlcp/www.google.com/en/us/appsstatus/ir/plibxfjh8whr44h.pdf
[2] http://productforums.google.com/forum/#!searchin/gmail/ssl/gmail/uPP9EsiY1rA/b706EEcnuU0J
[3] http://productforums.google.com/forum/#!searchin/gmail/ssl/gmail/s_oU0DoG8-M/hYcaLAsmjkEJ
 
Community content may not be verified or up-to-date. Learn more.
Recommended Answer
Was this answer helpful?
How can we improve it?
All Replies (42)
J.Galton
12/12/12
J.Galton
Did you click on the Help link and read the text? It specifically says fetching using SSL from servers with self-signed certificates is not (any longer) supported...
J.Galton
12/12/12
J.Galton
(This definitely is not related to the outage from yesterday.)
Mike Kosior
12/12/12
Mike Kosior
I believe you are in fact experiencing the same problem I am having.
 
The problem has to be connected to the account itself, as I am able to setup a new account with the same settings and pop the mail without issue. App River tech support was able to run through the same setup using 3 other test accounts, which leads me to believe that there was some sort of data migration or service interruption that corrupted these specific accounts.
 
I am seriously considering setting up a brand new account a importing the email from the broken account into the working account, but that will take considerable time and effort (neither of which I am able to expend right now) - I am hoping a tech will see these posts and be able to discern the problem or at the very least acknowledge that they know there is a problem.
 
My issues began on Dec 10th - the same as you documented above.
J.Galton
12/12/12
J.Galton
searching help docs for gmail pop3 ssl returns:
http://support.google.com/mail/bin/answer.py?hl=en&answer=21291&ctx=gmail&authuser=1#strictSSL
 
that explicitly says "We do not accept self-signed certificates". what is your external pop3 server?
Mike Kosior
12/12/12
Mike Kosior
I am not using a self signed certificate - the exact same pop settings work with OTHER accounts but not the one that's performed flawlessly for 3+ years.
36 MORE
Joseph Annino
12/18/12
Joseph Annino
To work around this issue, I have set up a cron job to run the following script on my AWS micro instance:

It is working pretty well.  Some notes though:
- I had to modify the script to ignore unsigned certs, and to only sync the INBOX to the INBOX.  (Yeah for open source!)
- Gmail does not seem to run all filters on mail that comes in via an IMAP copy, so some things are showing up in my inbox that wouldn't have before, buts its only a minor annoyance.

I am still really disappointed in Google, and I plan to look into solutions which give me more control over my own data as a result of this.
 
This question is locked and replying has been disabled. Still have questions? Ask the Help Community.

Badges

Some community members might have badges that indicate their identity or level of participation in a community.

 
Expert - Google Employee — Googler guides and community managers
 
Expert - Community Specialist — Google partners who share their expertise
 
Expert - Gold — Trusted members who are knowledgeable and active contributors
 
Expert - Platinum — Seasoned members who contribute beyond providing help through mentoring, creating content, and more
 
Expert - Alumni — Past members who are no longer active, but were previously recognized for their helpfulness
 
Expert - Silver — New members who are developing their product knowledge
Community content may not be verified or up-to-date. Learn more.

Levels

Member levels indicate a user's level of participation in a forum. The greater the participation, the higher the level. Everyone starts at level 1 and can rise to level 10. These activities can increase your level in a forum:

  • Post an answer.
  • Having your answer selected as the best answer.
  • Having your post rated as helpful.
  • Vote up a post.
  • Correctly mark a topic or post as abuse.

Having a post marked and removed as abuse will slow a user's advance in levels.

View profile in forum?

To view this member's profile, you need to leave the current Help page.

Report abuse in forum?

This comment originated in the Google Product Forum. To report abuse, you need to leave the current Help page.

Reply in forum?

This comment originated in the Google Product Forum. To reply, you need to leave the current Help page.