Mail.app vs. STARTTLS

I’m sorry, dear reader, if your eyes glaze over when you see acronyms and acronym-like things. If you aren’t interested in the usually fascinating world of email client configuration, feel free to stop reading now. I won’t feel bad.

Still with me? (Seriously, this is dry stuff…)

Okay, okay, I’ll get on with it already.

I’ve had a problem with my mail setup for some time due to the fact that I run two separate mail servers, but they live behind a NAT device on a single IP address. It doesn’t matter what the reason is; suffice it to say that (a) I won’t use an unencrypted mail connection over the Internet and (b) it’s not possible to map the same port – in this case the IMAP SSL port, TCP port 993 – to two different machines. Thus begins my odyssey into Mac OS X’s Mail.app and IMAP account configuration.

What I discovered is this: when configured with an IMAP account, Mail.app does indeed support the IMAP STARTTLS command. While I didn’t perform an exhaustive search, I believe this is not documented. Here’s how to do it:

  1. Configure a normal IMAP account, if you don’t have one set up already. (It’s up to you to figure out where you can do this. This particular exercise is beyond the scope of this article.)
  2. Edit the account, and on the Advanced tab, look to the bottom to find the “Use SSL” checkbox. Notice that it doesn’t mention TLS. Check it anyway.
  3. Finally, change the port from 993 back to 143. Magic happens here. Just trust me.

Now, if your IMAP server supports TLS, Mail.app will automatically attempt to use it. Beware; if you are using a self-signed certificate, or a certificate that is not signed by a trusted certificate authority (CA), it appears to fail without so much as a peep as to precisely why.

With this setup, I’m now able to access both mail servers, one on port 143 with STARTTLS, and the other on port 993 with a standard SSL connection. w00t!

Enjoy…

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.