Home » Blogs » Adam Knight's blog

What're AT&T and Yahoo! Trying to Pull Here?

Mail alerted me from the background that it couldn’t check an account and I was about to just dismiss the error, thinking a server went offline for a little or something, when I read it was a certificate error with Gmail. Well, that happens, so I checked the certificate.

It was for Yahoo.

I have an AT&T DSL line, so all my services are done via Yahoo, so I immediately got a little concerned that there was some lower-level crap going on. I hit Terminal:

$ host pop.gmail.com
pop.gmail.com is an alias for gmail-pop.l.google.com.
gmail-pop.l.google.com has address 64.233.167.111
gmail-pop.l.google.com has address 64.233.167.109

Well, that appears ok. Both forward and reverse lookups show those as being Google’s (even using another DNS server). So then I checked the connection itself. That’s where it got messed up.

$ openssl s_client -host pop.gmail.com -port 995
CONNECTED(00000003)
depth=0 /C=US/ST=California/L=Santa Clara/O=Yahoo! Inc./OU=Yahoo/CN=pop.att.yahoo.com
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 /C=US/ST=California/L=Santa Clara/O=Yahoo! Inc./OU=Yahoo/CN=pop.att.yahoo.com
verify error:num=27:certificate not trusted
verify return:1
depth=0 /C=US/ST=California/L=Santa Clara/O=Yahoo! Inc./OU=Yahoo/CN=pop.att.yahoo.com
verify error:num=21:unable to verify the first certificate
verify return:1
...
+OK hello from popgate on pop105.sbc.mail.mud.yahoo.com 2.38.1

Connecting to Gmail’s POP port redirects me to Yahoo!‘s mail server.

I’m sorry, but what is going on here? It has resolved itself since then, but the mere fact that this happened at all is rather worrisome. Why are they messing with redirecting my mail requests somewhere else?

Submitted by Adam Knight on February 11, 2008 - 10:36pm.
Terms:

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

Re: What're AT&T and Yahoo! Trying to Pull Here?

Submitted by John Mark Schofield (not verified) on February 14, 2008 - 1:21am.

First of all, thanks for the tip on testing secure services the same way I’d telnet to http or smtp. Very cool.

Second, have you followed up on this? Have you been able to replicate this on other computers on the same network? On other networks? I’m on Verizon FIOS, and my results appeared correct — no funny business.

Re: What're AT&T and Yahoo! Trying to Pull Here?

Submitted by Frank (not verified) on February 15, 2008 - 6:35am.

Worrisome indeed. I suspect that this is the latest round of ISPs trying to redirect traffic whenever they see fit. Just like the latest Google Toolbar with its “helpful” 404 redirection ( http://www.theregister.co.uk/2008/02/13/google_nabs_404_error_pages/ ), or ISP inserting their own messages into HTML pages you browse ( http://www.theregister.co.uk/2007/12/13/rogers_google )…

Now if your email client doesn’t verify the certificate properly (or you just dismiss the warning message), you’re transmitting your POP/IMAP credentials to Yahoo.

But doesn’t this…

verify error:num=20:unable to get local issuer certificate

… mean that the cert was probably faked? Could this mean that you were actually at a, let’s call it “third party” site? Hmm….

Post new comment

The content of this field is kept private and will not be shown publicly.
CAPTCHA
This question is for testing whether you are a human visitor and to prevent automated spam submissions.
4 + 9 =
Solve this simple math problem and enter the result. E.g. for 1+3, enter 4.