I have one user that uses Outlook Express. Not only do I not use it, I don't have any systems here that can easily use it. I bit of a challenge.
I am strictly enforcing STARTTLS or TLS for SMTP/POP3/IMAP connections.
SO far a google search has not shown me how to configure this for a user. Anyone have a pointer to instructions so I can talk the person through the changes?
On 11/21/2014 02:59 PM, Robert Moskowitz wrote:
I have one user that uses Outlook Express. Not only do I not use it, I don't have any systems here that can easily use it. I bit of a challenge.
I am strictly enforcing STARTTLS or TLS for SMTP/POP3/IMAP connections.
SO far a google search has not shown me how to configure this for a user. Anyone have a pointer to instructions so I can talk the person through the changes? Just put "outlook express ssl" (or tls) in google image search. It doesn't support STARTTLS, only implicit TLS.
On 11/21/2014 03:06 PM, Gedalya wrote:
On 11/21/2014 02:59 PM, Robert Moskowitz wrote:
I have one user that uses Outlook Express. Not only do I not use it, I don't have any systems here that can easily use it. I bit of a challenge.
I am strictly enforcing STARTTLS or TLS for SMTP/POP3/IMAP connections.
SO far a google search has not shown me how to configure this for a user. Anyone have a pointer to instructions so I can talk the person through the changes? Just put "outlook express ssl" (or tls) in google image search. It doesn't support STARTTLS, only implicit TLS.
OK. No wonder nothing on STARTTLS. I support TLS as well.
Am 21.11.2014 um 20:59 schrieb Robert Moskowitz:
I have one user that uses Outlook Express. Not only do I not use it, I don't have any systems here that can easily use it. I bit of a challenge.
I am strictly enforcing STARTTLS or TLS for SMTP/POP3/IMAP connections.
SO far a google search has not shown me how to configure this for a user. Anyone have a pointer to instructions so I can talk the person through the changes?
it can't as well as Outlook for POP3/IMAP you need 993/995 *without* STARTTLS - period
and that's why a sane mailserver needs to support 110,143,993,995,587 *and* 465 to support every client, that won't change in the near future
On 11/21/2014 03:09 PM, Reindl Harald wrote:
Am 21.11.2014 um 20:59 schrieb Robert Moskowitz:
I have one user that uses Outlook Express. Not only do I not use it, I don't have any systems here that can easily use it. I bit of a challenge.
I am strictly enforcing STARTTLS or TLS for SMTP/POP3/IMAP connections.
SO far a google search has not shown me how to configure this for a user. Anyone have a pointer to instructions so I can talk the person through the changes?
it can't as well as Outlook for POP3/IMAP you need 993/995 *without* STARTTLS - period
and that's why a sane mailserver needs to support 110,143,993,995,587 *and* 465 to support every client, that won't change in the near future
I missed 465; got the rest. Will have to look THAT one up. Thanks for the tip, Harald.
On 11/21/2014 03:32 PM, Robert Moskowitz wrote:
On 11/21/2014 03:09 PM, Reindl Harald wrote:
Am 21.11.2014 um 20:59 schrieb Robert Moskowitz:
I have one user that uses Outlook Express. Not only do I not use it, I don't have any systems here that can easily use it. I bit of a challenge.
I am strictly enforcing STARTTLS or TLS for SMTP/POP3/IMAP connections.
SO far a google search has not shown me how to configure this for a user. Anyone have a pointer to instructions so I can talk the person through the changes?
it can't as well as Outlook for POP3/IMAP you need 993/995 *without* STARTTLS - period
and that's why a sane mailserver needs to support 110,143,993,995,587 *and* 465 to support every client, that won't change in the near future
I missed 465; got the rest. Will have to look THAT one up. Thanks for the tip, Harald.
That's just implicit TLS for SMTP submission, instead of 587. OE needs that.
On 11/21/2014 03:38 PM, Gedalya wrote:
On 11/21/2014 03:32 PM, Robert Moskowitz wrote:
On 11/21/2014 03:09 PM, Reindl Harald wrote:
Am 21.11.2014 um 20:59 schrieb Robert Moskowitz:
I have one user that uses Outlook Express. Not only do I not use it, I don't have any systems here that can easily use it. I bit of a challenge.
I am strictly enforcing STARTTLS or TLS for SMTP/POP3/IMAP connections.
SO far a google search has not shown me how to configure this for a user. Anyone have a pointer to instructions so I can talk the person through the changes?
it can't as well as Outlook for POP3/IMAP you need 993/995 *without* STARTTLS - period
and that's why a sane mailserver needs to support 110,143,993,995,587 *and* 465 to support every client, that won't change in the near future
I missed 465; got the rest. Will have to look THAT one up. Thanks for the tip, Harald.
That's just implicit TLS for SMTP submission, instead of 587. OE needs that.
Which is way IETF has made a major pushback against every transport wanting a second port number for TLS. There just are not enough port numbers for this purpose.
Am 21.11.2014 um 21:51 schrieb Robert Moskowitz:
On 11/21/2014 03:38 PM, Gedalya wrote:
On 11/21/2014 03:32 PM, Robert Moskowitz wrote:
On 11/21/2014 03:09 PM, Reindl Harald wrote:
Am 21.11.2014 um 20:59 schrieb Robert Moskowitz:
I have one user that uses Outlook Express. Not only do I not use it, I don't have any systems here that can easily use it. I bit of a challenge.
I am strictly enforcing STARTTLS or TLS for SMTP/POP3/IMAP connections.
SO far a google search has not shown me how to configure this for a user. Anyone have a pointer to instructions so I can talk the person through the changes?
it can't as well as Outlook for POP3/IMAP you need 993/995 *without* STARTTLS - period
and that's why a sane mailserver needs to support 110,143,993,995,587 *and* 465 to support every client, that won't change in the near future
I missed 465; got the rest. Will have to look THAT one up. Thanks for the tip, Harald.
That's just implicit TLS for SMTP submission, instead of 587. OE needs that.
Which is way IETF has made a major pushback against every transport wanting a second port number for TLS. There just are not enough port numbers for this purpose
well, if we could tun back time 15 years ago many things would be different - IMHO the decision to deprecate 465 in favour to STARTTLS is plain wrong - it is much easier for a MITM to strip out the STARTTLS in the still unencrypted connection (given a client falls back to unencrypted in that cse) before the TLS handshake ever happens
On 11/21/2014 04:04 PM, Reindl Harald wrote:
Am 21.11.2014 um 21:51 schrieb Robert Moskowitz:
On 11/21/2014 03:38 PM, Gedalya wrote:
On 11/21/2014 03:32 PM, Robert Moskowitz wrote:
On 11/21/2014 03:09 PM, Reindl Harald wrote:
Am 21.11.2014 um 20:59 schrieb Robert Moskowitz:
I have one user that uses Outlook Express. Not only do I not use it, I don't have any systems here that can easily use it. I bit of a challenge.
I am strictly enforcing STARTTLS or TLS for SMTP/POP3/IMAP connections.
SO far a google search has not shown me how to configure this for a user. Anyone have a pointer to instructions so I can talk the person through the changes?
it can't as well as Outlook for POP3/IMAP you need 993/995 *without* STARTTLS - period
and that's why a sane mailserver needs to support 110,143,993,995,587 *and* 465 to support every client, that won't change in the near future
I missed 465; got the rest. Will have to look THAT one up. Thanks for the tip, Harald.
That's just implicit TLS for SMTP submission, instead of 587. OE needs that.
Which is way IETF has made a major pushback against every transport wanting a second port number for TLS. There just are not enough port numbers for this purpose
well, if we could tun back time 15 years ago many things would be different - IMHO the decision to deprecate 465 in favour to STARTTLS is plain wrong - it is much easier for a MITM to strip out the STARTTLS in the still unencrypted connection (given a client falls back to unencrypted in that cse) before the TLS handshake ever happens
It becomes yet another DOS attack, as the server would recognize this and drop the connection. Or at least it should. There are still so many MITM attacks it is sad. We do them be intent in corporation proxies to meet their legal rights as to internal usage.
But, yes, we really need a way-back machine. Lots of great ideas are just not holding up.
On 11/21/2014 03:38 PM, Gedalya wrote:
On 11/21/2014 03:32 PM, Robert Moskowitz wrote:
On 11/21/2014 03:09 PM, Reindl Harald wrote:
Am 21.11.2014 um 20:59 schrieb Robert Moskowitz:
I have one user that uses Outlook Express. Not only do I not use it, I don't have any systems here that can easily use it. I bit of a challenge.
I am strictly enforcing STARTTLS or TLS for SMTP/POP3/IMAP connections.
SO far a google search has not shown me how to configure this for a user. Anyone have a pointer to instructions so I can talk the person through the changes?
it can't as well as Outlook for POP3/IMAP you need 993/995 *without* STARTTLS - period
and that's why a sane mailserver needs to support 110,143,993,995,587 *and* 465 to support every client, that won't change in the near future
I missed 465; got the rest. Will have to look THAT one up. Thanks for the tip, Harald.
That's just implicit TLS for SMTP submission, instead of 587. OE needs that.
Back to fixing this and first I see that I DID try something because I created a firewall rule for 645 instead of 465. Then I checked over at:
http://www.iana.org/assignments/service-names-port-numbers/service-names-por...
And 465 is not assigned for this purpose. Looks like a land-grab from back in the days.
Anyway, this is most likely a POSTFIX config item, not Dovecot, so I will have to check through the docs there to get this set up right.
Am 21.11.2014 um 20:59 schrieb Robert Moskowitz:
I have one user that uses Outlook Express. Not only do I not use it, I don't have any systems here that can easily use it. I bit of a challenge.
I am strictly enforcing STARTTLS or TLS for SMTP/POP3/IMAP connections.
SO far a google search has not shown me how to configure this for a user. Anyone have a pointer to instructions so I can talk the person through the changes?
you shouldnt support outdated stuff
http://en.wikipedia.org/wiki/Outlook_Express
...
Included with Windows 98, Windows Me, Windows 2000, Windows XP, Windows Server 2003
...
Best Regards MfG Robert Schetterer
-- [*] sys4 AG
http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstraße 15, 81669 München
Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein
Am 21.11.2014 um 22:24 schrieb Robert Schetterer:
Am 21.11.2014 um 20:59 schrieb Robert Moskowitz:
I have one user that uses Outlook Express. Not only do I not use it, I don't have any systems here that can easily use it. I bit of a challenge.
I am strictly enforcing STARTTLS or TLS for SMTP/POP3/IMAP connections.
SO far a google search has not shown me how to configure this for a user. Anyone have a pointer to instructions so I can talk the person through the changes?
you shouldnt support outdated stuff
http://en.wikipedia.org/wiki/Outlook_Express
Included with Windows 98, Windows Me, Windows 2000, Windows XP, Windows Server 2003
the situation for Outlook (not OE) and TLS is not much better
some versions support STARTTLS on SMTP but not for IMAP/POP3 and "you shouldnt support" is not that easy to do - if i could i would shut down so much outdated clients while i can't in case of business customers having other business companies as their customers
On 11/21/14 04:29 PM, Reindl Harald wrote:
the situation for Outlook (not OE) and TLS is not much better
some versions support STARTTLS on SMTP but not for IMAP/POP3 ...
Outlook (at least since version 2010) does support STARTTLS for IMAP/POP3 on port 143. But they don't call it STARTTLS but "TLS". And they call "SSL" to TLS on port 993/995
With Outlook configured for "TLS" on port 143: outlook -> dovecot: a0gk CAPABILITY dovecot -> outlook: * CAPABILITY IMAP4rev1...STARTTLS... outlook -> dovecot: h96q STARTTLS dovecot -> outlook: h96q OK Begin TLS negotiation now (TLS starts)
Am 21.11.2014 um 23:35 schrieb Oscar del Rio:
On 11/21/14 04:29 PM, Reindl Harald wrote:
the situation for Outlook (not OE) and TLS is not much better
some versions support STARTTLS on SMTP but not for IMAP/POP3 ...
Outlook (at least since version 2010) does support STARTTLS for IMAP/POP3 on port 143. But they don't call it STARTTLS but "TLS". And they call "SSL" to TLS on port 993/995
With Outlook configured for "TLS" on port 143: outlook -> dovecot: a0gk CAPABILITY dovecot -> outlook: * CAPABILITY IMAP4rev1...STARTTLS... outlook -> dovecot: h96q STARTTLS dovecot -> outlook: h96q OK Begin TLS negotiation now (TLS starts)
for IMAP yes for POP *no*
try it out - i have testing VM's for Outlook 2003/2007/2010 and on all of them IMAP/POp3 accounts
hence it is a crap but that fact don't solve the problem that you need to support all ports and encryptions on the server side
On 21/11/2014 5:50 PM, Reindl Harald wrote:
Am 21.11.2014 um 23:35 schrieb Oscar del Rio:
On 11/21/14 04:29 PM, Reindl Harald wrote:
the situation for Outlook (not OE) and TLS is not much better
some versions support STARTTLS on SMTP but not for IMAP/POP3 ...
Outlook (at least since version 2010) does support STARTTLS for IMAP/POP3 on port 143. But they don't call it STARTTLS but "TLS". And they call "SSL" to TLS on port 993/995
With Outlook configured for "TLS" on port 143: outlook -> dovecot: a0gk CAPABILITY dovecot -> outlook: * CAPABILITY IMAP4rev1...STARTTLS... outlook -> dovecot: h96q STARTTLS dovecot -> outlook: h96q OK Begin TLS negotiation now (TLS starts)
for IMAP yes for POP *no*
try it out - i have testing VM's for Outlook 2003/2007/2010 and on all of them IMAP/POp3 accounts
You are right. I hadn't tested POP3. I just tested Outlook 2013; no STARTTLS for POP. (I assumed that if they implemented STARTTLS for IMAP they would have also done it for POP... wrong assumption!).
hence it is a crap but that fact don't solve the problem that you need to support all ports and encryptions on the server side
True.
Am 21.11.2014 um 22:29 schrieb Reindl Harald:
Am 21.11.2014 um 22:24 schrieb Robert Schetterer:
Am 21.11.2014 um 20:59 schrieb Robert Moskowitz:
I have one user that uses Outlook Express. Not only do I not use it, I don't have any systems here that can easily use it. I bit of a challenge.
I am strictly enforcing STARTTLS or TLS for SMTP/POP3/IMAP connections.
SO far a google search has not shown me how to configure this for a user. Anyone have a pointer to instructions so I can talk the person through the changes?
you shouldnt support outdated stuff
http://en.wikipedia.org/wiki/Outlook_Express
Included with Windows 98, Windows Me, Windows 2000, Windows XP, Windows Server 2003
the situation for Outlook (not OE) and TLS is not much better
some versions support STARTTLS on SMTP but not for IMAP/POP3 and "you shouldnt support" is not that easy to do - if i could i would shut down so much outdated clients while i can't in case of business customers having other business companies as their customers
yes i know that problem, but outdated os may hacked anytime and then it will not be a client/user problem only
Best Regards MfG Robert Schetterer
-- [*] sys4 AG
http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstraße 15, 81669 München
Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein
On Sat, 22 Nov 2014 07:17:02 +0100, Robert Schetterer stated:
Am 21.11.2014 um 22:29 schrieb Reindl Harald:
Am 21.11.2014 um 22:24 schrieb Robert Schetterer:
Am 21.11.2014 um 20:59 schrieb Robert Moskowitz:
I have one user that uses Outlook Express. Not only do I not use it, I don't have any systems here that can easily use it. I bit of a challenge.
I am strictly enforcing STARTTLS or TLS for SMTP/POP3/IMAP connections.
SO far a google search has not shown me how to configure this for a user. Anyone have a pointer to instructions so I can talk the person through the changes?
you shouldnt support outdated stuff
http://en.wikipedia.org/wiki/Outlook_Express
Included with Windows 98, Windows Me, Windows 2000, Windows XP, Windows Server 2003
the situation for Outlook (not OE) and TLS is not much better
some versions support STARTTLS on SMTP but not for IMAP/POP3 and "you shouldnt support" is not that easy to do - if i could i would shut down so much outdated clients while i can't in case of business customers having other business companies as their customers
yes i know that problem, but outdated os may hacked anytime and then it will not be a client/user problem only
You can always post a suggestion to Microsoft here. I do it all the all the time.
http://mymfe.microsoft.com/Office/feedback.aspx?formID=375
-- Jerry
On 11/22/2014 01:17 AM, Robert Schetterer wrote:
Am 21.11.2014 um 22:29 schrieb Reindl Harald:
Am 21.11.2014 um 22:24 schrieb Robert Schetterer:
Am 21.11.2014 um 20:59 schrieb Robert Moskowitz:
I have one user that uses Outlook Express. Not only do I not use it, I don't have any systems here that can easily use it. I bit of a challenge.
I am strictly enforcing STARTTLS or TLS for SMTP/POP3/IMAP connections.
SO far a google search has not shown me how to configure this for a user. Anyone have a pointer to instructions so I can talk the person through the changes? you shouldnt support outdated stuff
http://en.wikipedia.org/wiki/Outlook_Express
Included with Windows 98, Windows Me, Windows 2000, Windows XP, Windows Server 2003 the situation for Outlook (not OE) and TLS is not much better
some versions support STARTTLS on SMTP but not for IMAP/POP3 and "you shouldnt support" is not that easy to do - if i could i would shut down so much outdated clients while i can't in case of business customers having other business companies as their customers
yes i know that problem, but outdated os may hacked anytime and then it will not be a client/user problem only
I have one user that I have to deal with this, and I will probably have
them come over so I can 'fix' their notebook, and see what I might do.
Thing is this is a charity organization where we do things for them
because. So whatever old notebook they have, I have to support what it
can do.
Am 23.11.2014 um 03:17 schrieb Robert Moskowitz:
On 11/22/2014 01:17 AM, Robert Schetterer wrote:
Am 21.11.2014 um 22:29 schrieb Reindl Harald:
Am 21.11.2014 um 22:24 schrieb Robert Schetterer:
Am 21.11.2014 um 20:59 schrieb Robert Moskowitz:
I have one user that uses Outlook Express. Not only do I not use it, I don't have any systems here that can easily use it. I bit of a challenge.
I am strictly enforcing STARTTLS or TLS for SMTP/POP3/IMAP connections.
SO far a google search has not shown me how to configure this for a user. Anyone have a pointer to instructions so I can talk the person through the changes? you shouldnt support outdated stuff
http://en.wikipedia.org/wiki/Outlook_Express
Included with Windows 98, Windows Me, Windows 2000, Windows XP, Windows Server 2003 the situation for Outlook (not OE) and TLS is not much better
some versions support STARTTLS on SMTP but not for IMAP/POP3 and "you shouldnt support" is not that easy to do - if i could i would shut down so much outdated clients while i can't in case of business customers having other business companies as their customers
yes i know that problem, but outdated os may hacked anytime and then it will not be a client/user problem only
I have one user that I have to deal with this, and I will probably have them come over so I can 'fix' their notebook, and see what I might do. Thing is this is a charity organization where we do things for them because. So whatever old notebook they have, I have to support what it can do.
Its your policy, but if you have webmail, the user may use this, no need to support outdated clients
Best Regards MfG Robert Schetterer
-- [*] sys4 AG
http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstraße 15, 81669 München
Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein
participants (6)
-
Gedalya
-
Jerry
-
Oscar del Rio
-
Reindl Harald
-
Robert Moskowitz
-
Robert Schetterer