Re: "Connection reset by peer" errors with Outlook
From: Steve Dondley s@dondley.com
I have no idea what is triggering it for so many different users from legit email addresses. Still investigating. But this appears to be a fail2ban problem, not a dovecot problem.
My logs are filled with failed authentication from Outlook clients. The clients seem to be trying different usernames (with/without domains), and maybe SSL/TLS flavours. My guess is Outlook is doing some autodiscovery/autoconfiguration thing, and occasionally hits the right combo and successfully authenticates.
I'm not sure I would characterise this as a fail2ban problem. Fail2ban is doing what it says on the side of the tin: looking for repeated authentication failures, and blocking those that fail too many times. The real problem is Outlook fumble around for the correct settings, and mimicking a brute force attack.
I've had great difficulty getting some Outlook clients to configure exactly the settings it should have (like excluding domain names from usernames). Try running his command line using Windows-R (not from cmd.exe).
outlook.exe /PIM NoEmail
This will avoid the auto-setup process that railroads you into frustration.
MacOSX Mail app tries the same stuff, but at least you can turn that behaviour off and stop it from second guessing your settings.
Joseph Tam jtam.home@gmail.com
On 23/01/2024 09:23, Joseph Tam wrote:
My guess is Outlook is doing some autodiscovery/autoconfiguration thing, and occasionally hits the right combo and successfully authenticates.
I think, the intention is to make life of users easier: no need to remember authentication type, starttls or SSL on another port, etc.
Doesn't it try service discovery before fallback to authentication attempts? However I am unsure if it expects DNS records or well-known path on the HTTP server. Serving configuration this way might help to avoid issues with fail2ban.
participants (2)
-
Joseph Tam
-
Max Nikulin