On 1/12/25 9:34 AM, dep via tde-users wrote:
I use ProtonMail. PrnotMail offers an application-filter thing called ProtonBridge; without it one is stuck with Proton's webmail, which is a pain for many reasons, not least that it's impossible to reply to a message at the bottom. ProtonBridge is a fairly large thing that does the encryption/decryption of outgong/incoming messages respectively. Instead of having an actual address for the mail server, Bridge requires we use 127.0.0.1. and port 1143 for incoming and 1025 for outgoing. Fine so far.
Be very, very wary....Protonmail is not accepted by my server and many others due to it routing mail though APNIC servers in PRC. Starting several years ago, I have an engineering company I host that found it could no longer receive mail from proton mail. A quick investigation showed it could no longer receive mails due to the protonmail server being blocked at the firewall. It was banned by fail2ban due to repeated illegal intrusion attempts from that same IP. (dovecot:auth failures)
I know I'm not the only one that now blocks protonmail IPs at the firewall. Just a guess, but given the distributed nature of the wonderful net, if kmail receives header information from an open IP, but the remainder of the message is blocked somewhere along the way at one of the hops close to your delivery point - I could see kmail being quite confused. The same distributed nature of the net should also provide an automatic re-route, but if it run into another block elsewhere I could see a problem like you describe. traceroute on the sender/server IP may turn up something (low probability, but worth doing)
Like I said this is a GUESS, but I can see this becoming a bigger issue as temporary bans come on/off IP addresses. I am seeing just over 1000 brute force attempts per-month (with hundreds of thousands of bad-actor IPs already blocked by ipset).
It may also be that protonbridge causes the mail header to be seen by kmail with some non-standard additions in it used by the web-mail UI that most current mail packages accept. The old "Internet Explorer" type adherence to standards applied to mail... It would be really interesting if you could pin down an error message (hopefully with debug info) from kmail that shows where kmail is unhappy. (and it may just be a corner-case issue that doesn't throw an error or exception).
I'll keep following this thread. I'm interested in what turns up and if it provides a way for me to loosen protonmail restrictions.
-- David C. Rankin, J.D.,P.E.
Attachment:
OpenPGP_signature.asc
Description: OpenPGP digital signature
____________________________________________________ tde-users mailing list -- users@xxxxxxxxxxxxxxxxxx To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxx Web mail archive available at https://mail.trinitydesktop.org/mailman3/hyperkitty/list/users@xxxxxxxxxxxxxxxxxx
