E-mail on mobile

Posted on 20 January 2013



For my corporate mail I’m using: IMAP: linuxNN.webawere.nl with SSL on port 993.

For sending from home I would have to use SMTP: mail.zeelandnet.nl with SSL on port 465 (no need for username/password). The check of these settings is taking forever on Iphone, so be patient. I guess this is because port 465 is a legacy port and port 587 should be used.

There are two disadvantages of setting this SMTP server:

  1. This only works at home
  2. hotmail clients *sometimes* show this message “Wees voorzichtig. Deze afzender is niet goedgekeurd met onze controles voor fraudedetectie.


I guess this is due to the following header in the e-mail source:

spf=softfail (sender IP is; identity alignment result is pass and alignment mode is relaxed) smtp.mailfrom=MAILADDRESS; dkim=none (identity alignment result is pass and alignment mode is relaxed) header.d=DOMAIN; x-hmca=fail
X-SID-Result: FAIL

So I checked the SPF records for the Zeelandnet SMTP server are set like this: “v=spf1 ip4: a:smtp-pub.zeelandnet.nl include:_senderspf.copernica.com ~all”. My domain has this spf settings in the DNS: “v=spf1 a mx ip4:SERVERIP ~all”. So I read a little further and this fail is due to my spf settings not allowing me to send e-mail through a different IP address then the one in the A record of my domain. I could try to add the IP address of the Zeelandnet SMTP server to my spf record using IP4: to solve this problem.

According to this knowledge base article, I could use mail.DOMAIN.nl without SSL on port 25. I tried it but it’s pretty slow. I’ve also had it working with a Android phone with just DOMAIN on port 587 (no SSL), but the experience is that this might not be very reliable.

Using my own server I see this header in hotmail, so this did solve my problem:

spf=pass (sender IP is IPADDRESS) smtp.mailfrom=MAILADDRESS; dkim=none header.d=DOMAIN; x-hmca=pass
X-SID-Result: PASS


I found that it’s best to set up a secure connection (TLS) and then use authentification to make sure you are you.

I ended up setting the mail.DOMAIN.nl server with SSL on port 587 with username and password, which is showing up in the message header as esmtpsa (both a secure and authenticated connection). You can also use port 465 without username and password (esmtps only, no a) but I feel that this is slower.

My webmail is using esmtpa so I guess it’s a good way to ensure your contact that it is really you that sent the e-mail. But is it really important? Both my microsoft and webmail do not show it next to the name like they show it if a DKIM signature is used. And what’s also important: is it really safe? I’m not sure yet if authentication is an added risk? 

One other thing I found is that my server acts like an open mail relay server both on port 25 and 465. As far as I understand from them is that this is not true as it checks if I’ve just logged in to my IPAM box and I guess I can check this with MXtoolbox.

Hotmail and Live

For my microsoft addresses I’m using Exchange: dub-m.hotmail.com  with SSL. It handles both incoming and outgoing e-mail.

But there is a problem with this to: if I send a message from my @live.com account to my @hotmail.nl account it passes the AUTH and SID. But when I send it the other way  (from my @hotmail.nl to my @live.com) I get a NONE on both the SPF= X-AUTH and X-SID, resulting in a message that ‘parts of the message are blocked for your safety’ and I have to unblock it to see attachments like pictures. I wonder why it is different as I’m using the exact same exchange server?

Android phone

On android I didn’t find an exchange option for my microsoft mail. So it’s setupfor incoming e-mail using pop3: pop3.live.com on port 995 with SSL (don’t delete from server).

For outgoing e-mail there is the same problem as with my corporate mail: I get spf FAIL errors. To solve this  here are the instructions for windows live SMTP settings: smtp.live.com with TLS (with credentials) on port 587. I’m using that instead.

Setting the corporate mail to TLS with credentials (esmtpsa) returns this error: Can’t make a secure connection: trust anchor for certification path not found. So I set it up with TLS (all certificates) and now it works fine. I’ll have to check this again with the servername instead of domain name, see if that helps.

Posted in: Iphone, Office