Getting mail on my iPhone

Posted on June 26, 2009 | Leave a comment

We got our iPhones 3GS on the launch day, and I spent part of the weekend getting mail working right. I did hit a few issues, but I have everything working acceptable now. This is all based on my previous post on configuring a mail proxy.

The issues I hit were:

  • Can’t seem to get the phone to connect on a user specified port for either IMAP or SMTP. There are options for that, but I could never get my phone to (reliably) use them.
  • I could never get starttls to work with the iPhone. Other clients, mail.app, worked just fine. This is annoying, but not such a big deal. The password for the login is still encrypted and the mail itself would normally be going outside of my systems anyway.
  • There is no “advanced” or “expert” UI for initially setting up email accounts on the iPhone (nor on mail.app). This means that you have to wait as the phone walks through a lot of default mail options (ports to connect on, SSL or no SSL, etc) before you get a chance to adjust anything.
So here are the steps. There was some bit of trial and error, but I tried to record everything accurately.
  1. Before you try to setup any mail accounts on the phone, you should import all of your self signed certs to the phone. To do this, simply upload all of the certs, renamed to something.crt to a web server and then load that site in Safari on your iPhone. That means to put the .crt files into a directory you can access from your phone (or any browser), not to use the certs to SSL encrypt the site. When you load each of those files in Safari (like going to http:///your.site.tld/file/mycert.crt), you’ll get a new application to import the cert into your profile.
  2. Now create the accounts on the iPhone as you would otherwise. The settings for your connections are:
    Connection Username Authentication SSL
    Incoming username Password On
    Outgoing username@domain CRAM-MD5 Off

  3. When making the initial IMAPS connection, you will be prompted to accept the certificate. Click to continue/accept the cert. I would have thought that importing the certs to my phone’s profiles would have taken care of this, but it didn’t. Of course there is probably some nuance of PKI that I don’t grok (feel free to enlighten me if you know the details).
  4. After much waiting as the phone tries various incarnations of SMTP connections, you’ll get prompted to attempt to proceed un-encrypted. Say NO here. If you say “yes”it seems to screw up the IMAPS connection that is actually working fine at this point.
  5. Now go into the mail settings and fix the SMTP connection to work right. Turn off SSL and set the authentication to CRAM-MD5.
  6. Open mail on the phone and you should mail working fine. Try reading some of your mail and try sending some to make sure it all works right.
That’s about it. This is far from perfect, but seems to be working reliably and the boss (wife) approves. If someone has details on how to make this better or more efficient, please let me know.
    This entry was posted in Uncategorized. Bookmark the permalink.

    Leave a comment