What imap ssl/auth settings work best with MS Outlook?

[Robert L Mathews]

On 4/29/21 2:22 AM, Steve Dondley wrote:

> Some more nuttiness: I bit the bullet and downloaded a trial version of
> MS 365 and downloaded the Outlook desktop. On my mac, at least, there
> are two different interfaces/version of Outlook: the "old" Outlook and a
> "new," more minimalist version. You can switch between the versions easily.
> 
> On the "old" outlook, I was able to get things set up without issue. But
> with the "new" outlook, I couldn't send email or set up a new account.

I also have seen this. We had a customer within the last month report
that the "new Outlook" did not work on port 143 with STARTTLS -- it
shows a generic error that it has "a connection problem". I was able to
buy a copy of it and duplicate it.

Switching back to "old Outlook" fixes it.

Switching "new Outlook" to port 993 with forced TLS/SSL also solves it.
So does disabling STARTTLS on port 143 in "new Outlook".

The "new Outlook" is labeled as a work in progress -- it only received
IMAP support at all within the last couple of months! -- so maybe they
will fix this.

That said, there's a trend nowadays to avoid STARTTLS due to "STRIPTLS"
attacks -- see the "Weaknesses and mitigations" section on
<https://en.wikipedia.org/wiki/Opportunistic_TLS>. Port 993 with forced
TLS is immune to this.

Because of this, I've changed my company's various email
autoconfigure/autodiscover hints and help pages to recommend configuring
new clients using port 993 for IMAP and port 465 for SMTP submission
(rather than 143 and 587 with STARTTLS). I don't need the hassle of
finding out the hard way that new programs are deprecating STARTTLS, if
that's what they're doing.

-- 
Robert L Mathews, Tiger Technologies, http://www.tigertech.net/