Invalid or expired SS certificate of att.yahoo.com:995

I noticed also around this time that my mac mail app was no longer marking messages as read on the server.  Based on this thread, something definitely happened around that time.  Based on other threads, it seems like some certificate verification may have expired around then.  People seem to indicate that setting up a new account resolves issues.

One thread pointed to this link: https://www.att.com/esupport/article.html#!/dsl-high-speed/KM1010523

Does anyone know if AT&T U-verse supports IMAP now?  They apparently do.  See this thread:

https://forums.att.com/t5/Data-Messaging-Features-Internet/cannot-verify-server-identity-from-pop-att-yahoo-com/m-p/5059957

Hello.  I am having the same problem.  Stopped receiving incoming emails via Outlook 2010 beginning February 3, 2017.  I can send emails but cannot receive.  I have a bellsouth.net account.  I have tried the inbound/outbound.att.net for incoming and outgoing.  I have tried the pop/smtp.att.yahoo.net for incoming and outgoing.  I have changed my password.  I have compacted my pst files.  I have created a new profile.  Nothing seems to work.  I can send via Outlook 2010 but cannot receive.  I do not have any issues with web mail.  Any help would be greatly appreciated! 

There was a recent change on the Yahoo! side with their servers. This has caused some customers to get errors while attempting to check mail using POP. The issues should be resolved;  however if you are still getting errors, there are a few steps you need to follow to attempt to correct the issue.

Workaround

1.    Ensure you has the correct server settings: (inbound.att.net (SSL) and outbound.att.net (SSL)
2.   If you get a certificate error, you must hit Accept for it to stop coming up.
3.    Ensure your email client is up to date with the latest software. Some older mail clients may not support newer server settings using SNI.
4. Make sure your Username and Password are correct.  You should be using your full domain for their username i.e. example@att.net.

If these steps do not resolve the issue, then there may be an issue with email client that is unsupported, and the troubleshooting for this is beyond the scope of AT&T Technical Support. You can opt to contact Connectech or Tech 360 for a fee-based advanced technical support assistance or contact your email client provider (Office 365, Netscape etc).

Hey Guys, I havent had time to look into this problem any further, I'm just checking email via webmail, but did receive an answer from The Bat! (My email client's) support team and the following is what I received

You get this error message because the server certificate does not contain the server address you connect to - "inbound.att.net".

In this case to make the connection secure you need to import the root certificate into the certificate database. To accomplish that read the following instructions:

1. Contact the server administrator and ask him/her to provide you with the certificate. Once received, save that file to your local HDD.
2. Open the address book in The Bat! and make sure "View/Certificate Address Books" is enabled.
3. Select the Trusted Root CA address book and create a new contact there.
4. Open the properties of that contact and go to the "Certificates" tab.
5. Import the certificate you had received.
It should work properly then

I still dont know how to get a certificae.

I do have The Bat! installed as a user, not the administrator on my computer

I am the administrator of my computer and can log on as such.

do I somehow create one  and make it available to the user account, or go somewhere other than att to get one?

att support does not seem to understand. No one there will point me to a certificate.

They are mostly interested in signing me up for a yearly support plan to be piad for.

Hi,

We noticed that some people that had the older pop and smtp settings and then updated it later have ran into this issue. You should be able to ensure the settings are the latest ones, delete the certificate, and the new certificate received will work with no issues. You can also try deleting your mail profile on your client E-mail program and setting it back up to correct the issue.

-ATTU-verseCare

Hi lawrence0921

Thanks for your attention in this matter.

I truly no very little, almost nothing of certificates, accept what I am trying to learn here recently.
Before Feb 2017 using The Bat! Email client for years with att I have never experienced this problem.

The Bat is up to date. I have the correct server settings: (inbound.att.net (SSL) and outbound.att.net (SSL).
Username and password are correct. If they weren’t I would be receiving an error that that stated so. I am not receiving that error message.

The error message I am receiving is:
TLS handshake failure. The server host name ("inbound.att.net") does not match the certificate.

I did change them from yahoo way back when; it seems like a couple of years ago when att had asked me too. At that time and up until Feb have had no problems using The Bat email client to check and manage my email.

So help me understand please. This is the way I understand this certificate thingie. Please let me know if I am incorrect.

When I click the check mail button in my Email Client, it sends a request to the att server at inbound.att.net. And part of this request the email client checks whether or not it has reached the correct place. And the way it determines if it has reached the correct place (server, address, security stuff, etc.) is to basically read a certificate that has this information on att’s server and one stored on my computer?. And if everything is good we connect.

Is this a correct understanding?

In your last post you advise to:
2. If you get a certificate error, you must hit Accept for it to stop coming up.

The Bat! Email client will not allow connecting with an invalid certificate. It will not even ask to accept.

Doesn’t doing so kind of void having to have a valid certificate?

I really don’t know.
Maybe Att’s certificate is in good working order? From my end so far it seems NOT.

Perhaps it is a problem with the stored certificates on my computer?
I haven’t figured this out yet.

I have learned how to import a certificate into my email client. I don’t know where to get a good one for att.

Again
thanks for the help

I started experience this about a week ago with my Linux Sylpheed client.  I have been using inbound / outbound.att.net for my settings for quite some time and never had a problem until recently.

Current DNS records for inbound/outbound.att.net are as follows:

dig @8.8.8.8 inbound.att.net

; <<>> DiG 9.10.4-P5-RedHat-9.10.4-4.P5.fc25 <<>> @8.8.8.8 inbound.att.net
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14841
;; flags: qr rd ra; QUERY: 1, ANSWER: 6, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;inbound.att.net. IN A

;; ANSWER SECTION:
inbound.att.net. 592 IN CNAME pop-att.mail.yahoo.com.
pop-att.mail.yahoo.com. 233 IN CNAME fo-jpop.mail.att.gm0.yahoodns.net.
fo-jpop.mail.att.gm0.yahoodns.net. 233 IN A 74.6.106.14
fo-jpop.mail.att.gm0.yahoodns.net. 233 IN A 74.6.105.39
fo-jpop.mail.att.gm0.yahoodns.net. 233 IN A 216.155.194.54
fo-jpop.mail.att.gm0.yahoodns.net. 233 IN A 98.138.122.37

;; Query time: 43 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Wed Feb 15 11:28:06 EST 2017
;; MSG SIZE rcvd: 188

dig @8.8.8.8 outbound.att.net

; <<>> DiG 9.10.4-P5-RedHat-9.10.4-4.P5.fc25 <<>> @8.8.8.8 outbound.att.net
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18095
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;outbound.att.net. IN A

;; ANSWER SECTION:
outbound.att.net. 403 IN CNAME smtp-att.mail.yahoo.com.
smtp-att.mail.yahoo.com. 1303 IN CNAME smtp.att.mail.fy4.b.yahoo.com.
smtp.att.mail.fy4.b.yahoo.com. 264 IN A 98.138.84.52

;; Query time: 41 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Wed Feb 15 11:28:59 EST 2017
;; MSG SIZE rcvd: 132