Back to Silas S. Brown's home page
Windows Mobile email setup
(see also list of vaguely-usable old Windows Mobile phones
This page has some notes on running old Windows Mobile phones (dating from 2003 to 2009/10) with modern email systems.
SSL encryption problem with built-in client
Email is no longer likely to work on Windows Mobile's built-in client because its SSL
encryption options are now considered insecure and are usually disabled server-side. Cambridge's server switched off RC4 in January 2016 and GMail's in June, by which time Yahoo, Hotmail and iCloud had also stopped working. AOL still worked until November 2017 if you didn't mind connecting to their non-
SSL server---I suggested using ImapFix
setting to remove addresses from the plaintext copy---but then they shut this down and their SSL server didn't work with WM.
Personally I didn't think the known RC4 attacks on Web traffic are also feasible on IMAP unless poll frequency is set way too high, so I think there's a valid argument for re-enabling older ciphers for email only so as to allow old WM phones to connect. But the sysadmins were worried I might be wrong, and eventually GNU/Linux distributions started disabling these ciphers at the SSL library level (e.g. Debian bug #875423), so sysadmins can't now turn them back on even if they want to, unless they recompile their system libraries from source or risk running outdated distributions. This also means you can't just set up Dovecot on a Raspberry Pi or something and expect a quick ssl_cipher_list = ALL to solve your problem: you'd be left with log entries that say SSL routines:tls_process_client_hello:version too low, and the WM device will probably "A secure sockets layer (SSL) connection could not be established" when "require SSL" is turned on, or perpetual re-requests for your password when "require SSL" is turned off (but its exact message may vary).
You can still run on a home server what used to be possible with AOL: use IMAP without SSL, and ImapFix's secondary_is_insecure setting to remove addresses from the plaintext copy of your inbox. To do this with dovecot-imapd you'll need to set disable_plaintext_auth = no in /etc/dovecot/conf.d/10-auth.conf and I strongly recommend changing the passdb section in /etc/dovecot/conf.d/auth-system.conf.ext so it uses driver = passwd-file instead of driver = pam, with args = a path to some alternate passwd file you set up specially for email (use echo `whoami`:`doveadm pw -s CRYPT` > passwd), so you don't have to send your system login password in the clear whenever you check your email.
You might also want to edit 10-mail.conf commenting out mbox and uncommenting maildir options to reduce the disk writes needed for small incremental updates.
(With some Dovecot versions you also need to ensure the mailbox is not on a fusecompress mount.)
Then do /etc/init.d/dovecot restart, open port 143 on your firewall (or set up a script to open it temporarily when requested in some way), and use ImapFix to synchronise your mail there.
For sending email from the phone, you'll also need an SMTP server it can connect to---and this will have the same issues with SSL libraries. I wouldn't recommend connecting to SMTP with a plaintext password---there's a big difference between "sniffing your password to read an inbox from which the most sensitive information has already been redacted" and "sniffing your password to send emails from your server", especially if you have scripts that say emails provably from that server can run certain commands. But the lack of SMTP is not a major issue, because it's hard to type much on a small WM keyboard anyway, and it's rare that urgent matters can't be dealt with by SMS or voice call until you get to a proper keyboard.
Other notes on built-in client
If you have a server to which the phone can
- Messages must be in Unicode; try ImapFix (to fetch folders other than the inbox, use Tools / Manage folders / Select folders for synchronisation
- If you have SMTP but sending results in "message(s) could not be sent" and the recipient gets a truncated version, try adding more newlines and/or sending attachments separately: it's a bug in WM6.1 for which I haven't found a reliable workaround
- WM6.5, unlike earlier versions, refuses to open message/rfc822 attachments in IMAP accounts, so ImapFix's max_size_of_first_part option can no longer be used to expand the range of choices for "Message download limit" in "Download Size Settings" (which is stored in the system \cemail.vol file that you can't access with Python etc, so it's not easy to expand the GUI choices); you can still set max_size_of_first_part as a protection, but you won't then have the option of viewing it anyway from WM6.5's Messaging.
- ``Insert Voice note'' records WAV as PCM or GSM (set format in Start/Settings/Input/Options); if you accidentally Send before stopping, recording will not be attached, but it'll still be around as a hidden file in My Documents which can be attached to another email via Insert File (named ~VRec_0.wav etc) or deleted from Python
You could try (the old WM version of) profimail.cab which supports more SSL options than the built-in client, but even this began to fail to connect to Cambridge servers in December 2016 (reporting error 10022, which is Microsoft speak for an invalid parameter somewhere). If it does
connect to your server:
- Be sure to set "Use system font" if you've installed Chinese fonts or whatever, since ProfiMail's built-in font is English-only. Using the system font also increases the size slightly.
- Pressing Menu from a new-message body causes a display bug that involves the menu shifting vertically after about a second, placing the "Send" option where the "Edit" option was. To avoid premature sending, wait for this vertical shift to happen before deciding where to tap.
- I haven't tested ProfiMail on the non-touchscreen models (WM6-Smartphone).
Otherwise you might have to use PocketPUTTY, which is not suitable for offline use (although you can long-press to paste in a pre-written email when signal becomes available). It won't work on non-touchscreen models although a more-awkward SSH "midlet" does.
Usual disclaimers apply---all the above is at your own risk.
All material © Silas S. Brown unless otherwise stated.