email support

Ask us about your TalkTalk email account and Webmail.

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Pipex SMTP Server Certificate issue

Skynet_TX
Community Star
Message 16 of 16

Hi,

 

It looks like the certificate on the Pipex SMTP server has expired overnight, I have the SMTP server setting set to smtp.dsl.pipex.com (using Windows Mail on Windows 7), although this may just be an alias at the TalkTalk end that goes to some other server.

 

@SiHancox has also reported the same issue in another thread : https://community.talktalk.co.uk/t5/Email-Webmail/Problem-with-Pipex-POP-server/m-p/2268900

 

Attempts to send emails using Pipex SMTP are failing for me with the below error :

 

SMTP Error.jpg

@SiHancox has provided more detailed screenshots in the other thread mentioned above.

Please could this be looked into, and the certificate renewed if this is indeed just an expired certificate causing the issue.

 

Thanks

 

Skynet

0 Likes
15 REPLIES 15

SiHancox
Super Duper Contributor
Message 1 of 16

Thanks, I’m still searching the web at the moment, lots of stuff regarding on how to “trust” an expired certificate, not much about the process of updating one, other than deleting your account and then adding back, apparently that process may trigger a new certificate download.

 

Reluctant to do that at the moment without confirmation that the method actually works, and especially since no one yet has informed on the new certificate availability.

0 Likes

Message 2 of 16
I hadn't worked out a way to see the SMTP server certificate details from Windows, although I didn't investigate that hard, so I may look into that a bit more this evening.
0 Likes

SiHancox
Super Duper Contributor
Message 3 of 16

Strangely I couldn’t find much online regarding macOS Mail and the certificate update process, must be a “black art”, at odds with the supposedly “keep it simple” mantra, ah well, that’s progress.

 

I’ll keep looking, but in the mean time I’ve posted the question on the Apple forum, someone I’m sure will have knowledge of this process and may therefore enlighten me.

 

Just out of curiosity, will Windows Mail (or whatever manages keys/certificates) allow you to see certificate details, if so has the date changed, or is that sort of thing locked off from the user?

0 Likes

Message 4 of 16
I don't know anything about Apple kit, so I'm not sure if there is any sort of certificate caching. Or it could just be that Windows Mail has got bored with telling me about the problem !
0 Likes

SiHancox
Super Duper Contributor
Message 5 of 16

I've just looked at the certificate under Keychains on macOS and it remains unchanged so far as the date is concerned, that might be due to the fact I've recently marked it "Trusted" (so I could keep sending mail) or that the "system" takes a little while to refrest outdated ones even when the new are made available, will keep a watch out.

0 Likes

Message 6 of 16
I'm no longer getting certificate warnings when trying to send an email, so they may have sorted it
0 Likes

Message 7 of 16

Another poor response from TT and not really unexpected.

 

This is also affecting people recieving e-mails from us, quote from one of my contacts:

 

"You definitely have gremlins, your email come with a warning that TalkTalk had not encrypted it, and another one saying Gmail could not verify that this email was from"

 

 

E-mails sent to iCloud address are just being returned to me as undeliverable:

 

"Delivery to the following recipients was aborted after 13.9 hour(s):

xxxxxxxx@icloud.com
Reason: The following message to xxxxxxxx@icloud.com was undeliverable.

The reason for the problem:  Maximum Retry Queue Age Reached

Reporting-MTA: dns; cmout2mk [xxx.xx.xxx.xx]
Received-From-MTA: dns; [xxx.xxx.x.xx] [xx.xx.xx.xx]
Arrival-Date: Tue, 30 Oct 2018 09:32:28 +0000"

 

Jolly poor show Talk Talk and no response, that I know about. from moderators here...

Self employed person spending too much time trying to resolve problems with TalkTalk
0 Likes

Message 8 of 16
Whilst these workarounds will get things working again, do be aware that these certificates are there for a reason, and ignoring errors does put you at some degree of risk.

Now I fully accept that in this particular case we are 99% sure that the certificate on the SMTP server expired at 1am on Sunday, and so when we get these errors we are still talking to the real legit SMTP server that just happens to now have an out of date certificate on it.

But the whole point of these certificates is to allow the server to prove to our email client that it is who it says it is, ignoring a certificate error does put you at risk of allowing a connection to a server that is not really the server you think it is.

As I say, in this particular case I think we understand what has gone wrong and we can be 99% sure it is safe, but personally I'm always very reluctant to ignore any sort of certificate error.

The correct fix here is for TalkTalk to update the expired certificate on their server so that our mail clients can successfully validate the server is who it says it is again.

Message 9 of 16

Many thanks 

Have tried and problem sorted 🙂

SR

 

 

0 Likes

SiHancox
Super Duper Contributor
Message 10 of 16

@SJRice wrote:

Hi

I am having a similar issues and have sorted by clicking ok on my laptop but dont appear to have the option on my iphone 😞

Any ideas?

Thanks

SR


I had the option on my iPad Mini 2 to “Accept” or “Continue”, can’t remember which, but on the iPhone X it just gave me “View” or “Cancel”. After a quick search the only way around it that I found was to delete the Pipex Mail Account and then Add it back again, the reason this works is during the last part of setup when it’s checking the details and connections, you are prompted to “accept” what it can’t automatically confirm (I believe it’s the outdated certificate), once done you should be back up and running again.

Message 11 of 16

Hi

I am having a similar issues and have sorted by clicking ok on my laptop but dont appear to have the option on my iphone 😞

Any ideas?

Thanks

SR

0 Likes

SiHancox
Super Duper Contributor
Message 12 of 16

@Skynet_TX

 

Thanks for explaining how the certificate update process will likely go and that seems to mirror what has happened previously. I had a similar Mail issue several years back and recall having to trust the outdated certificate then, didn’t really give it much attention after that but can remember noticing the certificate date had changed automatically somewhere along the line. So it appears when new ones get pushed out they either update or replace the old, in Apple Keychains anyhow, I’ll keep watching this discussion and my Keychains to see what happens.

0 Likes

SiHancox
Super Duper Contributor
Message 13 of 16

@Skynet_TX

 

I’ll follow this discussion from now on so we are jumping around.

Message 14 of 16
Yep, I'm sure clicking 'Yes' will allow it to work, but as I have no email I need to send right now I've not done that yet. If I do need to send an email I will just click 'Yes'. But ignoring certificate errors does not come naturally to me as I work in IT support and am often advising people about security !.
0 Likes

SiHancox
Super Duper Contributor
Message 15 of 16

@Skynet_TX

 

Hi,

 

I’ve replied in the other discussion, but having seen your security warning do you not just select “Yes”, my Apple devices were basically asking the same and once done I’ve not been asked again.

 

I didn’t see any harm in agreeing to an outdated certificate because the server info was still relevant plus I assume TalkTalk will issue an updated one in due course, and it better than reverting to non-ssl mode!

0 Likes