Security Message

[JoeyG]

I've been using Epyrus as my email client almost since it came out.

I'm very happy with it, but about a month ago, I began - intermittently and randomly - to receive the following message when I start the program:



Getting rid of it only requires clicking "Confirm", and I can proceed however I want. Otherwise, the program works fine.

Nonetheless, I'd be interested in knowing what triggers it and whether there's a way to stop it from popping up. I haven't tried reinstalling the program.

My email provider is Deutsche Telekom, Germany's largest, and there are no other issues of any type with either Epyrus or my email in general.

Has anyone else experienced this?

Thank you.

[Pentium4User]

Did you change something in the certificate store?
Does it behave the same in a fresh profile?
Can you view the certificate and check the root?

[JoeyG]

Did you change something in the certificate store?

Not to the best of my knowledge. I don't know how to do this ... or check whether I did it inadvertently.

Does it behave the same in a fresh profile?

In happens so irregularly, I haven't had the chance.

Can you view the certificate and check the root?

How would I do this,please?

Thanks for your reply. I'm sorry I haven't been more helpful, but to be honest, I'm not a very sophisticated user.

[Pentium4User]

If you connect to the server first time in a new profile, it should display this message or accept the certificate because it is from a trusted CA.

[JoeyG]

OK, thanks. I'll try it.

[athenian200]

I'm not an expert on security, but it sounds like the certificate store may be out of date, or the system time may be set incorrectly? Those kind of things can cause valid certificates from sites to be treated as invalid and thus require exceptions.

[ag0044]

I've been getting these messages (at least one for each of my email accounts) for a long time for multiple versions of Epyrus, along with a little box that pops up with a message that Epyrus couldn't connect to my email provider. Usually after a boot/re-boot. I can't remember if it happened with the email clients I was using prior to Epyrus.

As the OP suggested, just clicking on Confirm, or Alt-C, clears the message, and you can proceed.

I haven't raised it before as it's a minor inconvenience and I've just lived with it. I'll try to provide some more substantial information over the next few days.

Epyrus 2.1.3. Win10 Pro 22H2.

Edit to add:

I'm not an expert on security, but it sounds like the certificate store may be out of date, or the system time may be set incorrectly? Those kind of things can cause valid certificates from sites to be treated as invalid and thus require exceptions.

One of my email accounts is with my Internet provider and another account is Gmail - I get the message for both. My 'puter's time is set by my provider (but I'll have to check that).

[Pentium4User]

IIRC Epyrus has, like other Mozilla products, its own certificate store. That means new certificates from CAs need to be imported. This should be done initially by the developer teams for the common CAs.

Please check if the root CA of the cert that you get from the server is in your cert store.

[JoeyG]

Please check if the root CA of the cert that you get from the server is in your cert store.

How can l do this, please?

[Pentium4User]

Settings --> Advanced --> Certificates --> Show certificates

You can see the details for the cert the server give you in the warning message with the button.

[JoeyG]

Ok, thanks.

[Bilbo47]

As I understand it, this is also the message that appears when the connection to the server is actually under an MITM "Machine In The Middle" attack at that moment. While this is very unlikely, it's also good to be aware of what such an attack looks like. I mean, that type of attack is a major thing that certs were invented for.

For example, ISPs are in a position to de-encrypt (and re-encrypt) all data flowing through your ISP connection that would otherwise be secret from them because of being protected by a perfect SSL certificate-chain. Allowing an exception without being certain that doing so is correct would be granting permission for the MITM to see your private data.

Please point out holes in this take.

When looking at cert details, it's not always clear that the cert legitimately belongs to the server you're aiming at. ISPs can have a blanket domain-level cert that applies to all their servers, so the server's name and cert's server-name don't match. Sometimes this is a clue to an attack, but sometimes it's actually correct.

An exposé earlier this year published that fact that a ton of certs are auto-distributed into everyone's browsers that should totally not be allowed there. Certs that grant SSL access by servers in Chyna etc.

The whole recent idea that certs should be auto-expired after 45 days (starting in a couple years) is a blatant attack on the de-centralized design of the Internet. Anything that tends to concentrate "how the Internet works" into fewer hands needs to be chucked out.

[Pentium4User]

This can be an MITM attack - but it can also be a missing CA root cert in the certstore.

The user has to post the details of the certificate the server provides.

[JoeyG]

The question for me is whether there's a security issue with Epyrus.

I certainly like the client, but if there's a hole somewhere that going back to Thunderbird will evade, l have no problem taking that step.

The question for (non-techical) me is where the problem actually lies.

Any suggestions?

[Moonchild]

Any suggestions?

The user has to post the details of the certificate the server provides.

[JoeyG]

Any suggestions?

The user has to post the details of the certificate the server provides.

[Pentium4User]

I assume your AV is doing a MITM attack.
If you want that, you need to import the AVs root cert into your Epyrus.

[Moonchild]

Yup, it's Norton intercepting your connections, in effect killing any connection security you may otherwise have.
I strongly recommend you exclude Epyrus from Norton's "Web/Mail Shield". Let Epyrus handle your connection security with your mail server.

[JoeyG]

Where can I find the Norton setting, please?

[Moonchild]

Where can I find the Norton setting, please?

I assume it's in whatever settings panel Norton has.