Outlook vs Thunderbird (re disabling SSL)

[Mark Constable]

On 8/7/20 2:04 am, Alexander Dalloz wrote:
>> FWIW I meant if the client is Windows7/old-Outlook then changing
>> either 993/SSL or 143/STARTTLS to 143/NONE could help pick up the
>> mail. We had to do this for a 100 or so clients a few months ago
>> after upgrading to Ubuntu 20.04.
> 
> Curious, what's the rationale behind that move? Is it because that
> old beast of Outlook does not have the capabilities modern
> TLS/STARTTLS implementations require regarding TLS minimal version
> and ciphers?

It involved Windows7 customers and older Apple device users.

Recent versions of Thunderbird on Win7 still worked fine but even
Outlook 2016 on Win7 could no longer pick up mail with SSL enabled.
It happened after a Ubuntu server update to Dovecot and Openssl about
3 or 4 months ago.

> But plaintext auth for mail access, seriously?

Tell me about it! We spent YEARS getting these same folks to change to
secure settings (some of them have been with us for 20+ years) so it
was heartbreaking to contact each one of them and talk them through
disabling SSL.

I spent a week trying every cypher combination I could find via Google
for Dovecot but with the phone going off the hook from complaints by
customers not being able to pick up their mail. We had to respond with
some solution so, after a week, disabling SSL was very reluctantly the
only option left. We lost ~40 customers to outlook.com because of this.

Actually, there is a regedit "trick" for Win7 but that is beyond the
ability of our customers to apply, and that doesn't help the older
Apple device users.

FWIW.