Connection error messages when changing from WLAN to a Mobile Network

Starting with Version 8.2 K-9 mail has changed its behaviour when switching from WLAN to a Mobile Network.

I have an IMAP (imap.mydomain.com) and SMTP (smtp.mydomain.com) Server running in a private network behind a public IP.

When my smartphone is connected to the private WLAN, it gets its IP via DHCP (static mapping) and with it also the ip address of the internal name server to resolve imap.mydomain.com and smtp.mydomain.com. The internal name server resolves both hosts to their LAN ip adresses. The K-9 client connected to the WLAN (part of the LAN) connects (TLS) to the services without problems.

Now, when I leave the WLAN, the smartphone establish a connection to the Mobile Network. While retrieving the Mobile IP address also new name servers are provided to the Smartphone. Using this name servers the two hosts are resolved to the public IP of the my private network. The router then does a port forwarding to the LAN ips of the two services.

When switching from WLAN to mobile LAN K-9 seems to run into a connection timeout of the connections initially established from within the WLAN. That’s expected, as the smtp and imap services are not available at the LAN IP any more. This leads to K-9 throwing connection errors for every account configured. Error message is “authentication failed”, however I think that’s not the root cause.

This did not happen in prior versions. In prior versions K-9 silently re-established the connection to the server in background, which would include to close the idle connection, re-resolve the host’s DNS via the new name servers provided by the mobile network and the establish the connections to the smtp and imap server again using the public ip.

Starting with 8.2 K-9 client runs into a timeout and does not automatically reconnect/re-resolve the host names. I have to click the error message. The smtp and the imap configuration screen is displayed and i have to “okay” them to force K-9 to re-establish the connection. I have to do this twice, since the first time K-9 comes up with the same error, only the second time it actually seems to re-resolve the host names and succeds reconnecting to the imap/smtp services. I have to do this for each email account configured. And: It does not persist, next time i switch from WLAN to Mobile Network, the same happens again.

Funny thing is, it does not happen when switch form the Mobile Network to the WLAN.

Is there a way to make this work smooth again? Is this intended behaviour (change)?

You could use multi subject certificates. That way, changes in IP addresses should not lead to errors on the certificate.

For security reasons it makes sense to throw an error when the IP “suddenly” changes. Just imagine you are in a public network (Starbucks or so) and an attacker redirects you somewhere else on the DNS level and presents a valid certificate they retrieved maliciously (like back in days of Mossad’s StartSSL infiltration)…

The TLS connections in both cases are terminated on the same server/service. And this is working fine IF the connections have been established correctly. So the certs are not the problem here.

The problem as far as I can see is the error handling in K-9 which seems to have changed. As before, when running into a timeout, K-9 seems to have closed the connection and then tried to re-establish it whithout trowing an error message. And if the new connection could be estalbished correctly, there was no reason to throw an error.

The fact, that from both networks TLS connections can be established correctly, documents there is no TLS related issue on the server side.

I’m going to dig a bit deeper. There’s an option to enable logging in K-9, however i wasn’t able to find where the log file is stored?

The client even crashed from time to time after clicking the “Authentication failed” notifcation. Which seems to be another implication something in the error handling has changed and does not work as it should.

Reported as defect here: Connection error messages when changing from WLAN to a Mobile Network · Issue #8824 · thunderbird/thunderbird-android · GitHub