installed the latest MACos update this morning and immediately MACMAIL showed timeout errors.
I have tried a number of changes and all come back to scanning issues. For the moment I have disabled iMAPs scanning which sort defeats the purpose of mail checking. I have disabled the use of TLS on one smtp account because of continual untrusted smtp server errors.
This was a problem with the iPAD and iPHONE mail, now even though the certificates were installed and trusted except the trust only lasted about 30 minutes or until I went outside with the phone and returned.
I expect somewhere I have installed the wrong certificate, mind you decrypt and scan https works on two MACs with the same certificates.
Now totally confused, I currently have all devices working with mail scanning, though occasional do not trust this server and trust reset and all goes well again.
Okay, the certificate is trusted for about an hour at the most the trust fails. The failing certificate 3xpires at the and of 2021 so I am not sure where this certificate comes from? Also the failing domain is the main domain in the certificate and my mail uses one of the aliases of which there are many. I have tried using the primary domain, but still get the same error.
just as confused as before.
I have found the cause of the issue and that is the iphones and iPad are picking up the wrong ca when checking mail. I have installed the correct cas but still the error persists.
I have changed the label on the thread after a day of investigation and testing. The devices are setup to use Imaps scanning in XG
1/. removed all CAs fro download folders and iCloud.
2/. checked the all the CA areas in the XG are using the same CA.
3/. downloaded a new copy of the XG CA.
4/. Sent a copy to the iPad which was copied to the iCloud to enable sharing with the iPhone.
5/. deleted mail accounts from both iPhone and iPad. restarted both devices.
6/. Installed the CA in both devices
7/. created mail accounts on both devices
8/. all very good - trusted the CAs
9/. no issues for about 60 minutes then trust failed on there map server (SMTPS server fine no issues).
10/. removed mail account from iPad and restarted it.
11/. created new account from a different ISP on the iPad also using iMap.
12/. again all very good for about an hour then trust fails on the new ISP mail server.
13/.checking both device mail accounts I see the the mail servers are not responding, is I think this is the cause of the trust figure.
14/. restart one device and requested to trust the mail server again.
15/. while receiving the CA trust figures I am listening o streaming music, reviewing this website and looking at my weather station.
16/. my wife's MBP (which is currently using wfifi) has been throwing up fails to connect to one of her email accounts, restart the MBP and the issue clears again.
My original issue which I have been chasing over a number of versions of Apple OSes and XG does not appear to be a trust failure but a network issue.
So, inconclusion I am left with no other suggestion than the XG is the common point of failure and therefore has a bug.
The frustrating part of this exercise is that SMPT/S scanning works without any issues.
Scan IMAPS sometimes has issues with server certificates.I don't know the details.Rebooting XG will fix it.I think the recent macOS Update and WiFi are not related.
I agree the latest update and wifi are not related, but the issue is ongoing.
i have restarted the XG and will try again later today. Last restart had no effect. But I have made some changes we will see.
a restart did not fix the issue.
It may be another issue.I'm not sure.
now see more meaningful error messages, the CAs are not pinning compliant. The CA expires 31/1/2022 or there about.
So, off to look at how to change the CA to one the meets the requirements.
this is the issue
Both ISP IMAP accounts present the same date even with different CA details.
I have tried to create a CA in the XG with an executable date which I did and had done previously, but there is no way to change the IMAP/S security setting other then DEFAULT or SSLxxxxx where as in the SMTP setting I can use my self generated CA which of course I do not need to do.
Where to next?
More testing. my wife's email accounts have been driving me crazy for about 3 days using the WIFI, dropped server, not responding, not connecting to incoming mail server, changed her connection back to a physical one and the issues vanished.