iPhone Mail.app and imaps on non standard port

There is a nasty bug that apparently Apple refuses to fix in the standard Mail app of iPhone (at least up until 3.0.1).

A similar bug seems to affect the Mail.app of MacOSX according to http://discussions.apple.com/thread.jspa?threadID=1527269

The bug is triggered by the following conditions:

  • your IMAPS (imap over ssl) server uses a non standard port (i.e. it’s not listening on port 993)
  • your IMAPS server has a self-signed or otherwise non-verified SSL cert.

In the above situation, iPhone won’t be able to complete the SSL handshake with your IMAPS server.

Fortunately Oliver Humpage found a workaround for this bug:

  1. Delete the IMAPS account you just created (this is mandatory!!!)
  2. Temporarily open port 993 on the IMAPS server (more on this later)
  3. Create the IMAPS account again.
  4. Check your mailbox from iPhone. You’ll be asked to continue even if the certificate is not valid. Accept.
  5. Go back to the Settings panel, in the advanced tab change the port of the IMAPS server to the non-standard port that you want to use.
  6. Close port 993 on the IMAPS server and open the non-standard one.
  7. Thumbs up! You are done.

Now you may ask: big deal, I cannot open port 993 on the IMAPS server otherwise I wouldn’t be in trouble!

Point taken, but you don’t have to. Here is my work-around (if your Internet gateway is already a Linux box and you have root access to it, you can skip directly to step 4):

  1. Fire up your Linux/BSD box (you got one right?)
  2. Configure your iPhone with a static ip and choose as gateway the ip address of your Linux box.
  3. Setup your Linux box for masquerading (see the Linux Masquerading HOWTO).
  4. Add the following iptables rule (replace 12345 with the non-standard port used by your imaps server): iptables -t nat -I PREROUTING -d ip-of-imaps-server -p tcp –dport 993 -j DNAT –to ip-of-imaps-server:12345

From this time on, all connections routed through your Linux box with destination imaps-server:993 will be redirected to imaps-server:12345.

When you are done setting up your iPhone as detailed by Oliver, you can drop the PREROUTING rule on your Linux box and switch your iPhone back to DHCP mode.

Works for me, hope it will work for you too :)

UPDATE: it worked for a while, then it stopped working again. I ended up using IbisMail which so far seems to be flawless.


Leave a Reply