On 8/7/20 2:04 am, Alexander Dalloz wrote:
FWIW I meant if the client is Windows7/old-Outlook then changing either 993/SSL or 143/STARTTLS to 143/NONE could help pick up the mail. We had to do this for a 100 or so clients a few months ago after upgrading to Ubuntu 20.04.
Curious, what's the rationale behind that move? Is it because that old beast of Outlook does not have the capabilities modern TLS/STARTTLS implementations require regarding TLS minimal version and ciphers?
It involved Windows7 customers and older Apple device users.
Recent versions of Thunderbird on Win7 still worked fine but even Outlook 2016 on Win7 could no longer pick up mail with SSL enabled. It happened after a Ubuntu server update to Dovecot and Openssl about 3 or 4 months ago.
But plaintext auth for mail access, seriously?
Tell me about it! We spent YEARS getting these same folks to change to secure settings (some of them have been with us for 20+ years) so it was heartbreaking to contact each one of them and talk them through disabling SSL.
I spent a week trying every cypher combination I could find via Google for Dovecot but with the phone going off the hook from complaints by customers not being able to pick up their mail. We had to respond with some solution so, after a week, disabling SSL was very reluctantly the only option left. We lost ~40 customers to outlook.com because of this.
Actually, there is a regedit "trick" for Win7 but that is beyond the ability of our customers to apply, and that doesn't help the older Apple device users.
FWIW.