I was looking through the Account Info screen of OS X 10.10 Yosemite’s Mail.app and the red alert 🚨 sounded in my head because sending mail using the iCloud SMTP server my account is configured for didn’t appear to be using SSL:
I immediately asked AppleCare to call me. I didn’t want to waste any time figuring this out, I wanted to know how to fix it. As soon as I put my number in the web form, I got a call. Then I got connected immediately to a person. Apple has this part of the customer service experience nailed.
The guys I talked to at AppleCare were great. The first guy I talked didn’t waste my time with scripts. As soon as I described my issue he knew what I was talking about & had me try resetting my account in System Preferences Internet Accounts. When that didn’t work, he escalated to a guy named “Chris”.
While on hold, I did some digging of my own. I found the iCloud SMTP server config in ~/Library/Preferences/MobileMeAccounts.plist. Here’s the section on the iCloud SMTP server:
<key>smtpHostname</key> <string>p03-smtp.mail.me.com</string> <key>smtpPort</key> <integer>587</integer> <key>smtpRequiresSSL</key> <true/>
Looks like SSL is required, but the UI isn’t showing it. What’s going on? I turned on logging in Mail’s Connection Doctor and captured this log while sending a test mail out (bolds mine):
INITIATING CONNECTION Dec 31 11:39:39.264 host:p03-smtp.mail.me.com -- port:587 -- socket:0x0 -- thread:0x618000a69b40
CONNECTED Dec 31 11:39:39.375 [kCFStreamSocketSecurityLevelNone] -- host:p03-smtp.mail.me.com -- port:587 -- socket:0x6100004a5460 -- thread:0x618000a69b40
READ Dec 31 11:39:39.553 [kCFStreamSocketSecurityLevelNone] -- host:p03-smtp.mail.me.com -- port:587 -- socket:0x6100004a5460 -- thread:0x618000a69b40 220 nk11p03mm-asmtp002.mac.com -- Server ESMTP (Oracle Communications Messaging Server 7.0.5.33.0 64bit (built Aug 27 2014))
WROTE Dec 31 11:39:39.562 [kCFStreamSocketSecurityLevelNone] -- host:p03-smtp.mail.me.com -- port:587 -- socket:0x6100004a5460 -- thread:0x618000a69b40 EHLO [10.0.1.6]
READ Dec 31 11:39:39.653 [kCFStreamSocketSecurityLevelNone] -- host:p03-smtp.mail.me.com -- port:587 -- socket:0x6100004a5460 -- thread:0x618000a69b40 250-nk11p03mm-asmtp002.mac.com 250-8BITMIME 250-PIPELINING 250-CHUNKING 250-DSN 250-ENHANCEDSTATUSCODES 250-EXPN 250-HELP 250-XADR 250-XSTA 250-XCIR 250-XGEN 250-XLOOP 1EAF97A4D9D382EFF77592D25EA741DA 250-STARTTLS 250-NO-SOLICITING 250 SIZE 28311552
WROTE Dec 31 11:39:39.653 [kCFStreamSocketSecurityLevelNone] -- host:p03-smtp.mail.me.com -- port:587 -- socket:0x6100004a5460 -- thread:0x618000a69b40 STARTTLS
READ Dec 31 11:39:39.749 [kCFStreamSocketSecurityLevelNone] -- host:p03-smtp.mail.me.com -- port:587 -- socket:0x6100004a5460 -- thread:0x618000a69b40 220 2.5.0 Go ahead with TLS negotiation.
WROTE Dec 31 11:39:40.088 [kCFStreamSocketSecurityLevelTLSv1_0] -- host:p03-smtp.mail.me.com -- port:587 -- socket:0x6100004a5460 -- thread:0x618000a69b40 EHLO [10.0.1.6]
READ Dec 31 11:39:40.187 [kCFStreamSocketSecurityLevelTLSv1_0] -- host:p03-smtp.mail.me.com -- port:587 -- socket:0x6100004a5460 -- thread:0x618000a69b40 250-nk11p03mm-asmtp002.mac.com 250-8BITMIME 250-PIPELINING 250-CHUNKING 250-DSN 250-ENHANCEDSTATUSCODES 250-EXPN 250-HELP 250-XADR 250-XSTA 250-XCIR 250-XGEN 250-XLOOP 1EAF97A4D9D382EFF77592D25EA741DA 250-AUTH PLAIN LOGIN ATOKEN 250-AUTH=LOGIN PLAIN 250-NO-SOLICITING 250 SIZE 28311552
WROTE Dec 31 11:39:40.188 [kCFStreamSocketSecurityLevelTLSv1_0] -- host:p03-smtp.mail.me.com -- port:587 -- socket:0x6100004a5460 -- thread:0x618000a69b40 AUTH ATOKEN (*** 80 bytes hidden ***)
READ Dec 31 11:39:40.291 [kCFStreamSocketSecurityLevelTLSv1_0] -- host:p03-smtp.mail.me.com -- port:587 -- socket:0x6100004a5460 -- thread:0x618000a69b40 235 2.7.0 ATOKEN authentication successful.
WROTE Dec 31 11:39:40.292 [kCFStreamSocketSecurityLevelTLSv1_0] -- host:p03-smtp.mail.me.com -- port:587 -- socket:0x6100004a5460 -- thread:0x618000a69b40 MAIL FROM:<redacted>
READ Dec 31 11:39:40.399 [kCFStreamSocketSecurityLevelTLSv1_0] -- host:p03-smtp.mail.me.com -- port:587 -- socket:0x6100004a5460 -- thread:0x618000a69b40 250 2.5.0 Address Ok.
WROTE Dec 31 11:39:40.399 [kCFStreamSocketSecurityLevelTLSv1_0] -- host:p03-smtp.mail.me.com -- port:587 -- socket:0x6100004a5460 -- thread:0x618000a69b40 RCPT TO:<redacted>
READ Dec 31 11:39:40.744 [kCFStreamSocketSecurityLevelTLSv1_0] -- host:p03-smtp.mail.me.com -- port:587 -- socket:0x6100004a5460 -- thread:0x618000a69b40 250 2.1.5 redacted OK.
WROTE Dec 31 11:39:40.744 [kCFStreamSocketSecurityLevelTLSv1_0] -- host:p03-smtp.mail.me.com -- port:587 -- socket:0x6100004a5460 -- thread:0x618000a69b40 DATA
READ Dec 31 11:39:40.833 [kCFStreamSocketSecurityLevelTLSv1_0] -- host:p03-smtp.mail.me.com -- port:587 -- socket:0x6100004a5460 -- thread:0x618000a69b40 354 Enter mail, end with a single ".".
WROTE Dec 31 11:39:40.833 [kCFStreamSocketSecurityLevelTLSv1_0] -- host:p03-smtp.mail.me.com -- port:587 -- socket:0x6100004a5460 -- thread:0x618000a69b40 From: Dave Murdock <redacted> Content-Type: text/plain Content-Transfer-Encoding: 7bit Subject: Test Mail Message-Id: <19F12A22-0D05-4B13-B96F-3F3036C368ED@icloud.com> Date: Wed, 31 Dec 2014 11:39:39 -0500 To: Dave Murdock <redacted> Mime-Version: 1.0 (Mac OS X Mail 8.1 \(1993\)) X-Mailer: Apple Mail (2.1993)
.
READ Dec 31 11:39:41.042 [kCFStreamSocketSecurityLevelTLSv1_0] -- host:p03-smtp.mail.me.com -- port:587 -- socket:0x6100004a5460 -- thread:0x618000a69b40 250 2.5.0 Ok, envelope id 0NHG002NOGY4N150@nk11p03mm-asmtp002.mac.com
Mail.app is negotiating for TLS using STARTTLS. Technically, the UI is correct, SSL/TLS is not guaranteed but negotiated. Mail data wasn’t exchanged until TLS had been negotiated, so everything is fine, except the UI is misleading.
I thought SMTPS(ecure) required a dedicated port, but TLS is expected to be negotiated over port 587 (or another if in use). Wikipedia has a good summary.
“Chris” at AppleCare confirmed what was going on and called the account summary screen a “display” bug, which he would file with engineering.
Just for fun, we tried adding the iCloud SMTP server defaulting to, not negotiated, TLS, but it didn’t work. Turns out with 2 factor authentication, you can’t add the iCloud SMTP server directly, it constantly reports that it can’t authenticate.