Steve Dondley
2021-Apr-29 09:22 UTC
What imap ssl/auth settings work best with MS Outlook?
On 2021-04-29 01:45 AM, @lbutlr wrote:> On 28 Apr 2021, at 12:49, Steve Dondley <s at dondley.com> wrote: >> I repeatedly have a hell of a time getting clients' Outlook software >> working well with Dovecot. It's hard for me to test myself since I >> don't have Outlook and it would be impossible to keep up with all the >> different versions anyway. > > How old is the version of Outlook they are using? Office 2010 is a > disaster, and if I recall correctly 2014 has many issues as well.I'm not sure. It's fairly recent though. Some more nuttiness: I bit the bullet and downloaded a trial version of MS 365 and downloaded the Outlook desktop. On my mac, at least, there are two different interfaces/version of Outlook: the "old" Outlook and a "new," more minimalist version. You can switch between the versions easily. On the "old" outlook, I was able to get things set up without issue. But with the "new" outlook, I couldn't send email or set up a new account. It turns out I had to enable the smtp_tls_wrappermode setting to get it working with the "new" Outlook. See http://www.postfix.org/postconf.5.html#smtp_tls_wrappermode I thought the wrapper setting was just for the long dead Outlook Express mail client. But now I'm wondering if I need this setting for some versions of Outlook.> Even so, it's terrible software that is designed to 'encourage' users > to use Exchange Servers for mail instead of real email servers.I'm not conspiracy theorist, but I can't help but come to the same conclusion. I am totally unfamiliar with Exchange servers. What do they offer, exactly, that dovecot/postfix does not (besides a revenue stream for MS)?
On 29/04/2021 10:22, Steve Dondley wrote:> On 2021-04-29 01:45 AM, @lbutlr wrote: >> On 28 Apr 2021, at 12:49, Steve Dondley <s at dondley.com> wrote: >>> I repeatedly have a hell of a time getting clients' Outlook software >>> working well with Dovecot. It's hard for me to test myself since I >>> don't have Outlook and it would be impossible to keep up with all >>> the different versions anyway. >> >> How old is the version of Outlook they are using? Office 2010 is a >> disaster, and if I recall correctly 2014 has many issues as well. > > I'm not sure. It's fairly recent though. > > Some more nuttiness: I bit the bullet and downloaded a trial version > of MS 365 and downloaded the Outlook desktop. On my mac, at least, > there are two different interfaces/version of Outlook: the "old" > Outlook and a "new," more minimalist version. You can switch between > the versions easily. > > On the "old" outlook, I was able to get things set up without issue. > But with the "new" outlook, I couldn't send email or set up a new > account. > > It turns out I had to enable the smtp_tls_wrappermode setting to get > it working with the "new" Outlook. See > http://www.postfix.org/postconf.5.html#smtp_tls_wrappermode > > I thought the wrapper setting was just for the long dead Outlook > Express mail client. But now I'm wondering if I need this setting for > some versions of Outlook. > > >> Even so, it's terrible software that is designed to 'encourage' users >> to use Exchange Servers for mail instead of real email servers. > > I'm not conspiracy theorist, but I can't help but come to the same > conclusion. > > I am totally unfamiliar with Exchange servers. What do they offer, > exactly, that dovecot/postfix does not (besides a revenue stream for MS)? >built in calander integration. -- This email has been checked for viruses by AVG. https://www.avg.com
On Thu, 29 Apr 2021 05:22:45 -0400, Steve Dondley stated:>On 2021-04-29 01:45 AM, @lbutlr wrote: >> On 28 Apr 2021, at 12:49, Steve Dondley <s at dondley.com> wrote: >>> I repeatedly have a hell of a time getting clients' Outlook >>> software working well with Dovecot. It's hard for me to test myself >>> since I don't have Outlook and it would be impossible to keep up >>> with all the different versions anyway. >> >> How old is the version of Outlook they are using? Office 2010 is a >> disaster, and if I recall correctly 2014 has many issues as well. > >I'm not sure. It's fairly recent though. > >Some more nuttiness: I bit the bullet and downloaded a trial version >of MS 365 and downloaded the Outlook desktop. On my mac, at least, >there are two different interfaces/version of Outlook: the "old" >Outlook and a "new," more minimalist version. You can switch between >the versions easily. > >On the "old" outlook, I was able to get things set up without issue. >But with the "new" outlook, I couldn't send email or set up a new >account. > >It turns out I had to enable the smtp_tls_wrappermode setting to get >it working with the "new" Outlook. See >http://www.postfix.org/postconf.5.html#smtp_tls_wrappermode > >I thought the wrapper setting was just for the long dead Outlook >Express mail client. But now I'm wondering if I need this setting for >some versions of Outlook. > > >> Even so, it's terrible software that is designed to 'encourage' users >> to use Exchange Servers for mail instead of real email servers. > >I'm not conspiracy theorist, but I can't help but come to the same >conclusion. > >I am totally unfamiliar with Exchange servers. What do they offer, >exactly, that dovecot/postfix does not (besides a revenue stream for >MS)?I am using Outlook without any problems what so ever. It sounds to me like you are setting up Outlook to use port 465. In the setup screen, set the port to either "25" or "587". I am using "587" with "starttls" Your "incoming mail port" will depend on how you have Dovecot configured. I use port "143" with "starttls" for Outlook. YMMV depending on your configuration. You might want to consider posting the output of "doveconf -a" and how you have Outlook configured. -- Jerry -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 659 bytes Desc: OpenPGP digital signature URL: <https://dovecot.org/pipermail/dovecot/attachments/20210429/10051af8/attachment.sig>
On 29 Apr 2021, at 03:22, Steve Dondley <s at dondley.com> wrote:> I am totally unfamiliar with Exchange servers. What do they offer, exactly, that dovecot/postfix does not (besides a revenue stream for MS)?A monthly stipend to Microsoft? (I think they actuallyy do offer some useful tools for things like meetings and calendars and such, including the 'feature' of being able to automatically add people to your itinerary.) -- "I hope someday you know the indescribable joy of having children, and of paying someone else to raise them."
Robert L Mathews
2021-Apr-30 19:47 UTC
What imap ssl/auth settings work best with MS Outlook?
On 4/29/21 2:22 AM, Steve Dondley wrote:> Some more nuttiness: I bit the bullet and downloaded a trial version of > MS 365 and downloaded the Outlook desktop. On my mac, at least, there > are two different interfaces/version of Outlook: the "old" Outlook and a > "new," more minimalist version. You can switch between the versions easily. > > On the "old" outlook, I was able to get things set up without issue. But > with the "new" outlook, I couldn't send email or set up a new account.I also have seen this. We had a customer within the last month report that the "new Outlook" did not work on port 143 with STARTTLS -- it shows a generic error that it has "a connection problem". I was able to buy a copy of it and duplicate it. Switching back to "old Outlook" fixes it. Switching "new Outlook" to port 993 with forced TLS/SSL also solves it. So does disabling STARTTLS on port 143 in "new Outlook". The "new Outlook" is labeled as a work in progress -- it only received IMAP support at all within the last couple of months! -- so maybe they will fix this. That said, there's a trend nowadays to avoid STARTTLS due to "STRIPTLS" attacks -- see the "Weaknesses and mitigations" section on <https://en.wikipedia.org/wiki/Opportunistic_TLS>. Port 993 with forced TLS is immune to this. Because of this, I've changed my company's various email autoconfigure/autodiscover hints and help pages to recommend configuring new clients using port 993 for IMAP and port 465 for SMTP submission (rather than 143 and 587 with STARTTLS). I don't need the hassle of finding out the hard way that new programs are deprecating STARTTLS, if that's what they're doing. -- Robert L Mathews, Tiger Technologies, http://www.tigertech.net/
On 30 Apr 2021, at 13:47, Robert L Mathews <lists at tigertech.com> wrote:> Because of this, I've changed my company's various email > autoconfigure/autodiscover hints and help pages to recommend configuring > new clients using port 993 for IMAPThe is the right choice, though port 993 is IMAPS, not IMAP. I did not even know starttls was allowed/supported/widely available on port 143. I haven?t allowed use of that port in nearly 20 years (people with old mail clients that didn?t support IMAPS could use webmail).> and port 465 for SMTP submission (rather than 143 and 587 with STARTTLS). > I don't need the hassle of finding out the hard way that new programs are > deprecating STARTTLS, if that's what they're doing.Since port 587 is dedicated to submission with STARTTLS you should be fine, as anyone wanting yo use submissions will be using only port 465. Unless you are concerned about STRIPTLS, but on most (all proper?) configurations of port 587, there is no fallback for STRIPTLS to exploit via a downgrade attack. And most newer (last half decade?) mail clients will try submissions it submission fails, or vice-versa. Or at least the clients used by most people. -- 'Why are our people going out there?' said Mr Boggis of the Thieves' Guild. 'Because they are showing a brisk pioneering spirit and seeking wealth and... additional wealth in a new land,' said Lord Vetinari. 'What's in it for the Klatchians?' said Lord Downey. 'Oh, they've gone out there because they are a bunch of unprincipled opportunists always ready to grab something for nothing,' said Lord Vetinari. [...] The Patrician looked down again at his notes. 'Oh, I do beg your pardon,' he said. 'I seem to have read those last two sentences in the wrong order.