How do I configure my mail client to make sure it encrypts my username, password, and messages?

Why do I have to do this?
What do I do if I get an 'unable to connect to the mail server' error message?
Which mail programs can use encryption?
How do I switch to Mulberry?
Configuring email clients:
What if I use more than one computer/ work from home?
Why do I get a warning about security certificates?

Why do I have to do this?

The email client that you use on your desktop communicates with an email server.

In December 2005 the University stopped the use of unencrypted connections on the student-imap-srv.bris.ac.uk ('spo') and staff-imap-srv.bris.ac.uk ('epo') servers. This was essential to run a safe computing service.

This means that you will not be able to connect to the email server unless you have configured your mail client to make sure it encrypts your username, password, and messages.

What do I do if I get an 'unable to connect to the mail server' error message?

If you see an error message saying that your client is 'unable to connect to the mail server' (or something similar), there could be several reasons for this:

You have not configured your email client (such as Mulberry) correctly: you should follow the instructions on this page to ensure you continue to be able to access your email.
You may access your email from more than one machine: if you use email from home and/ or have more than one machine, it is necessary to make sure that all your mail clients are encrypted on each machine: please follow the instructions on this page for each mail client you use.
You may have extra email accounts set up (other than the standard 'Post Office' account), you will need to ensure that each account is secured correctly. (This does not apply to shared mailboxes). Mulberry users: instructions on how to find out if you have any additional accounts.

Which mail programs can use encryption?

Mulberry version 2.0.5 and later
Thunderbird (NB: this mail client is not supported by the University)
Outlook 2000 and Outlook Express 6.0 and later (NB: this mail client is not supported by the University)
SquirrelMail (no configuration needed)

Neither Simeon or Execmail can be configured to use encryption. Users of these packages will need to switch to another mail client to send and receive mail. We recommend that these users switch to using Mulberry.

How do I switch to Mulberry?

We recommend that users not already using Mulberry switch to it as soon as possible. Users are licensed to use Mulberry at home as well as on campus and it can be downloaded from the Mulberry Version 3 page.

How do I configure Mulberry?

Newer versions of Mulberry will be automatically configured correctly, but to check that your version is using encryption:

Run Mulberry and log on with your usual username and password.
Click on the File menu and choose Preferences.
Click on Advanced to display the advanced preferences.
Click the Accounts tab.
Click the Account drop down list and choose 'Post Office'*.
On the Authenticate mini-tab, for Method choose 'Plain Text'.
On the Secure drop down list, choose 'STARTTLS - TLSv1'
Choose OK

NB: if you have accounts other than the standard 'Post Office' account, you will need to select each in turn and ensure that each one is secured correctly. Instructions on how to find out if you have any additional accounts.

* some older versions of Mulberry may not list 'Post Office', but list 'Staff Server' or 'Student Server' or some other text. The one you want will automatically change the Type: field to 'IMAP Mailbox'.

Screenshot: image of Mulberry Accounts tab

Mulberry is now reconfigured to use the service (no need to restart it).

Additional accounts

You can find out if you have any additional accounts by

clicking on the File menu and choosing Preferences
clicking on Advanced to display the advanced preferences
clicking the Accounts tab
clicking the Account drop down list: if you have any additional mail accounts they will appear in this list with a mailbox icon next to them

If you have accounts other than the standard 'Post Office' account, you will need to select each in turn and ensure that each one is secured correctly as described above.

How do I configure Thunderbird?

This software is not supported. It is unlikely that IT Services can answer any queries about the software. The software is listed because it is known to be in use within the University. There is no documentation or training available from IT Services.

To configure Thunderbird:

Choose 'Tools' and 'Account settings': a preferences window will appear
The configured email accounts are listed in a box on the left of this. Find the Bristol email account and click on 'server settings' in list below it - you might need to click on the '+' icon first in order to expand the list.
Now check the 'Use secure connection (SSL)' box and click on 'OK'. (It's not necessary to check the 'Use secure authentication' box as well).

Screenshot: image of Thunderbird Account Settings window

Thunderbird is now reconfigured to use the service (no need to restart it).

How do I configure Outlook/ Outlook Express?

It is possible to use Office Outlook 2003, or 2007, to access your University email account, but IT Services cannot offer help or advice on them. Use of earlier versions is actively discouraged.

For Outlook 2007, you will need to configure secure connections for incoming and outgoing mail as per the Email application manual configuration page. If you have difficulty, please check the client documentation for instructions on configuring it to connect securely.

How do I configure SquirrelMail?

You do not have to do anything.

How do I configure Apple Mac email?

This software is not supported. It is unlikely that IT Services can answer any queries on the software. The software is listed because it is known to be in use within the University. There is no documentation or training available from IT Services.

We have been supplied with the following information which we hope will be of use:

Configure Apple Mail client to encrypt user name, password, and messages

What if I'm using Simeon/ Execmail?

Local folders

The use of local folders has been discouraged for some time. If you have local folders in Simeon/ Execmail, you will still be able to view these even though you won't be able to send or receive mail from Simeon/ Execmail.

How do I configure other email clients?

It is possible to use other email software to access your University email account, but IT Services cannot offer help or advice on them. Any software that allows you to securely access an IMAP4 server will allow you to read mail on one of the central IMAP servers (staff-imap-srv.bristol.ac.uk, student-imap-srv.bristol.ac.uk). However if you lose messages or corrupt folders, it is likely we will not be able to recover them.

Most modern email clients support secure connections using either STARTTLS (port 143) or SSL/IMAPS (port 993); the University supports both type of connection, but you must use one or the other. It may appear as a generic option, such as 'make secure connection' or 'use SSL'. If you have difficulty configuring unsupported mail clients please check the client documentation for instructions on configuring it to connect securely. If your email client does not support secure IMAP connections you will not be able to use it to read your mail.

Pegasus Mail

Go to Tools / IMAP Profiles / Edit / Security
Change the setting to 'via STARTTLS'

Agendus Mail for Palm OS

You need the SSL version. If you had standard version 4 or later, you can upgrade for around $12 at www.iambic.com. Once installed, you can

Go to Tools / Accounts / Edit / Servers
Use the two drop-down selectors to change to STARTTLS

What if I use more than one computer/ work from home?

If you use email from home and/ or have more than one machine, it is necessary to make sure that your mail clients are encrypted on each machine.

Why do I get a warning about security certificates?

When you make the changes to your email client you may get a warning similar to the following:

'The server you are connected to is using a security certificate that could not be verified.'

This is because the University uses security certificates issued by our own certification authority. Users of standard University software distributions should not see this warning as we (University of Bristol, IT Services) have already been set up as a valid certification authority. Other users will have encountered this warning before whenever accessing University secure web pages.

If you wish to avoid the warnings, you need to recognise the University as a certification authority. You can do this by importing the certificate from this web page (https://wwws.cse.bris.ac.uk/load-IS-CA.html).

Mulberry

The certificate should be already available in Mulberry. If it isn't,

right click on the link to the certification page (https://wwws.cse.bris.ac.uk/load-IS-CA.html)and use the 'save target as' or 'save link as' option to save the certificate to your computer
in Mulberry, choose File -> Preferences
a preferences box will pop up
in the list on the left of this box choose 'Security'
click 'Manage Certificates'
click the 'Authorities' tab
click import and select the certificate file (is-cacert.crt) you downloaded earlier
click 'open'.

Thunderbird

To import the certificate into Thunderbird

right click on the link to the certification page (https://wwws.cse.bris.ac.uk/load-IS-CA.html) and use the 'save target as' or 'save link as' option to save the certificate to your computer
in Thunderbird, choose Edit -> Preferences
in the box that pops up, click 'Advanced' then 'Manage Certificates'
choose the 'Authorities' tab. Click 'Import' and choose the certificate file (is-cacert.crt) you downloaded earlier
click 'open'
check all the check boxes on the next page and click 'OK'

FAQs

Related links