On Tue Jul 07 2020 02:07:08 GMT-0400 (Eastern Standard Time), Mark Constable <markc at renta.net> wrote:> FWIW I meant if the client is Windows7/old-Outlook then changing either > 993/SSL or 143/STARTTLS to 143/NONE could help pick up the mail. We had > to do this for a 100 or so clients a few months ago after upgrading to > Ubuntu 20.04.Really, really bad idea. You just disabled an/all security on your imap connection.
Tanstaafl skrev den 2020-07-15 21:28:> On Tue Jul 07 2020 02:07:08 GMT-0400 (Eastern Standard Time), Mark > Constable <markc at renta.net> wrote: >> FWIW I meant if the client is Windows7/old-Outlook then changing >> either >> 993/SSL or 143/STARTTLS to 143/NONE could help pick up the mail. We >> had >> to do this for a 100 or so clients a few months ago after upgrading to >> Ubuntu 20.04. > > Really, really bad idea. You just disabled an/all security on your imap > connection.windows 7 just need tls 1.0, why its need to disabled all, is aswell beyong me, do not disable tls 1.0 in dovecot aslong one have windows 7 clients upgrade all clients to windows 10, then tls 1.0 and more weak tls 1.1 can be disabled in dovecot hope the best for all
On 16/7/20 5:54 am, Benny Pedersen wrote:>>> FWIW I meant if the client is Windows7/old-Outlook then changing >>> either 993/SSL or 143/STARTTLS to 143/NONE could help pick up the >>> mail. > > windows 7 just need tls 1.0, why its need to disabled all, is as well > beyong me, do not disable tls 1.0 in dovecot aslong one have windows > 7 clientsWould anyone with Windows7 clients be able to provide me with the EXACT set of ssl_* settings that should work with W7 please? I tried for a week with various combinations but nothing worked short of disabling SSL altogether. These are the remnants of some attempts... # 20200531 suggested by Aki Tuomi #ssl_min_protocol = TLSv1.0 #ssl_ciphers = ALL:!LOW:!SSLv2:!EXP:!aNULL # https://ssl-config.mozilla.org OLD # openssl dhparam -dsaparam 1024 > /etc/dovecot/dh.pem ssl_prefer_server_ciphers = yes #ssl_min_protocol = TLSv1 #ssl_cipher_list = ECDHE-ECDSA**** # https://ssl-config.mozilla.org MEDIUM # openssl dhparam -dsaparam 2048 > /etc/dovecot/dh.pem #ssl_prefer_server_ciphers = no #ssl_min_protocol = TLSv1.2 #ssl_cipher_list = ECDHE-ECDSA**** ~ dovecot --version 2.3.7.2 (3c910f64b) Apologies to the OP for hijacking this thread. -- Mark Constable 0419 530 037 https://spiderweb.com.au