I have one user that uses Outlook Express. Not only do I not use it, I don't have any systems here that can easily use it. I bit of a challenge.
I am strictly enforcing STARTTLS or TLS for SMTP/POP3/IMAP connections.
SO far a google search has not shown me how to configure this for a user. Anyone have a pointer to instructions so I can talk the person through the changes?
Am 21.11.2014 um 21:51 schrieb Robert Moskowitz:
well, if we could tun back time 15 years ago many things would be different - IMHO the decision to deprecate 465 in favour to STARTTLS is plain wrong - it is much easier for a MITM to strip out the STARTTLS in the still unencrypted connection (given a client falls back to unencrypted in that cse) before the TLS handshake ever happens
On 11/21/2014 04:04 PM, Reindl Harald wrote:
It becomes yet another DOS attack, as the server would recognize this and drop the connection. Or at least it should. There are still so many MITM attacks it is sad. We do them be intent in corporation proxies to meet their legal rights as to internal usage.
But, yes, we really need a way-back machine. Lots of great ideas are just not holding up.
On 11/21/2014 03:38 PM, Gedalya wrote:
Back to fixing this and first I see that I DID try something because I created a firewall rule for 645 instead of 465. Then I checked over at:
http://www.iana.org/assignments/service-names-port-numbers/service-names-por...
And 465 is not assigned for this purpose. Looks like a land-grab from back in the days.
Anyway, this is most likely a POSTFIX config item, not Dovecot, so I will have to check through the docs there to get this set up right.
Am 21.11.2014 um 20:59 schrieb Robert Moskowitz:
you shouldnt support outdated stuff
http://en.wikipedia.org/wiki/Outlook_Express
...
Included with Windows 98, Windows Me, Windows 2000, Windows XP, Windows Server 2003
...
Best Regards MfG Robert Schetterer
-- [*] sys4 AG
http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstraße 15, 81669 München
Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein
Am 21.11.2014 um 22:24 schrieb Robert Schetterer:
the situation for Outlook (not OE) and TLS is not much better
some versions support STARTTLS on SMTP but not for IMAP/POP3 and "you shouldnt support" is not that easy to do - if i could i would shut down so much outdated clients while i can't in case of business customers having other business companies as their customers
On 11/21/14 04:29 PM, Reindl Harald wrote:
the situation for Outlook (not OE) and TLS is not much better
some versions support STARTTLS on SMTP but not for IMAP/POP3 ...
Outlook (at least since version 2010) does support STARTTLS for IMAP/POP3 on port 143. But they don't call it STARTTLS but "TLS". And they call "SSL" to TLS on port 993/995
With Outlook configured for "TLS" on port 143: outlook -> dovecot: a0gk CAPABILITY dovecot -> outlook: * CAPABILITY IMAP4rev1...STARTTLS... outlook -> dovecot: h96q STARTTLS dovecot -> outlook: h96q OK Begin TLS negotiation now (TLS starts)
Am 21.11.2014 um 23:35 schrieb Oscar del Rio:
for IMAP yes for POP *no*
try it out - i have testing VM's for Outlook 2003/2007/2010 and on all of them IMAP/POp3 accounts
hence it is a crap but that fact don't solve the problem that you need to support all ports and encryptions on the server side
On 21/11/2014 5:50 PM, Reindl Harald wrote:
You are right. I hadn't tested POP3. I just tested Outlook 2013; no STARTTLS for POP. (I assumed that if they implemented STARTTLS for IMAP they would have also done it for POP... wrong assumption!).
hence it is a crap but that fact don't solve the problem that you need to support all ports and encryptions on the server side
True.
Am 21.11.2014 um 22:29 schrieb Reindl Harald:
yes i know that problem, but outdated os may hacked anytime and then it will not be a client/user problem only
Best Regards MfG Robert Schetterer
-- [*] sys4 AG
http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstraße 15, 81669 München
Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein
On Sat, 22 Nov 2014 07:17:02 +0100, Robert Schetterer stated:
You can always post a suggestion to Microsoft here. I do it all the all the time.
http://mymfe.microsoft.com/Office/feedback.aspx?formID=375
-- Jerry
On 11/22/2014 01:17 AM, Robert Schetterer wrote:
I have one user that I have to deal with this, and I will probably have
them come over so I can 'fix' their notebook, and see what I might do.
Thing is this is a charity organization where we do things for them
because. So whatever old notebook they have, I have to support what it
can do.
Am 23.11.2014 um 03:17 schrieb Robert Moskowitz:
Its your policy, but if you have webmail, the user may use this, no need to support outdated clients
Best Regards MfG Robert Schetterer
-- [*] sys4 AG
http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstraße 15, 81669 München
Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein
participants (6)
-
Gedalya
-
Jerry
-
Oscar del Rio
-
Reindl Harald
-
Robert Moskowitz
-
Robert Schetterer