Got a client that usually uses Outlook I think 2010. This person tends to move their e-mails to certain folers. On Thunderbird, the move shows. Not on Outlook. Any explanation? -- Member - Liberal International This is doctor@@nl2k.ab.ca Ici doctor@@nl2k.ab.ca Yahweh, Queen & country!Never Satan President Republic!Beware AntiChrist rising! https://www.empire.kred/ROOTNK?t=94a1f39b A full cup must be carried steadily. -English proverb
On 7. Jul 2020, at 0.48, The Doctor <doctor@doctor.nl2k.ab.ca> wrote:
Got a client that usually uses Outlook I think 2010. This person tends to move their e-mails to certain folers. On Thunderbird, the move shows.
Not on Outlook.Any explanation?
Really sorry but I do not understand this question at all. Can you please rephrase?
Sami
On Tue, Jul 07, 2020 at 01:45:06AM +0300, Sami Ketola wrote:
On 7. Jul 2020, at 0.48, The Doctor <doctor@doctor.nl2k.ab.ca> wrote:
Got a client that usually uses Outlook I think 2010. This person tends to move their e-mails to certain folers. On Thunderbird, the move shows. Not on Outlook.
Any explanation?
Using IMAp, most folders should sync client and server. Just wondering if an old version of Outlook has passed its time.
Really sorry but I do not understand this question at all. Can you please rephrase?
Sami
-- Member - Liberal International This is doctor@@nl2k.ab.ca Ici doctor@@nl2k.ab.ca Yahweh, Queen & country!Never Satan President Republic!Beware AntiChrist rising! https://www.empire.kred/ROOTNK?t=94a1f39b A full cup must be carried steadily. -English proverb
On 7/7/20 12:16 pm, The Doctor wrote:
Got a client that usually uses Outlook I think 2010. This person tends to move their e-mails to certain folers. On Thunderbird, the move shows. Not on Outlook. Any explanation?
Using IMAp, most folders should sync client and server. Just wondering if an old version of Outlook has passed its time.
FWIW if they happen to be using Windows7 and dovecot has been updated recently then you could try disabling SSL/STARTTLS on port 143.
-- Mark Constable 0419 530 037 https://spiderweb.com.au
On 06 Jul 2020, at 20:30, Mark Constable <markc@renta.net> wrote:
you could try disabling SSL/STARTTLS on port 143.
What? I’ve never seen SSL/StARTTLS on port 143,a dn I doubt that would work?
-- Rumour is information distilled so finely that it can filter through anything. It does not need doors and windows -- sometimes it does not need people. It can exist free and wild, running from ear to ear without ever touching lips.
On 7/7/20 3:50 pm, @lbutlr wrote:
you could try disabling SSL/STARTTLS on port 143.
What? I’ve never seen SSL/StARTTLS on port 143,a dn I doubt that would work?
I thought you had a problem picking up IMAP mail. I see now you mean you move messages within Thunderbird and the Outlook 2010 app does not sync those changes. My mistake.
FWIW I meant if the client is Windows7/old-Outlook then changing either 993/SSL or 143/STARTTLS to 143/NONE could help pick up the mail. We had to do this for a 100 or so clients a few months ago after upgrading to Ubuntu 20.04.
Am 07.07.2020 um 08:07 schrieb Mark Constable:
FWIW I meant if the client is Windows7/old-Outlook then changing either 993/SSL or 143/STARTTLS to 143/NONE could help pick up the mail. We had to do this for a 100 or so clients a few months ago after upgrading to Ubuntu 20.04.
Curious, what's the rationale behind that move? Is it because that old beast of Outlook does not have the capabilities modern TLS/STARTTLS implementations require regarding TLS minimal version and ciphers?
But plaintext auth for mail access, seriously?
Alexander
Plaintext access is no problem if the connection is secured via other means - for example internal network or VPN. If the IMAP server cannot be accessed from the outside, and the traffic don't travel over wifi or public networks, no danger.
-----Ursprungligt meddelande----- Från: dovecot-bounces@dovecot.org <dovecot-bounces@dovecot.org> För Alexander Dalloz Skickat: den 7 juli 2020 18:05 Till: dovecot@dovecot.org Ämne: Re: Outlook vs Thunderbird
Am 07.07.2020 um 08:07 schrieb Mark Constable:
FWIW I meant if the client is Windows7/old-Outlook then changing either 993/SSL or 143/STARTTLS to 143/NONE could help pick up the mail. We had to do this for a 100 or so clients a few months ago after upgrading to Ubuntu 20.04.
Curious, what's the rationale behind that move? Is it because that old beast of Outlook does not have the capabilities modern TLS/STARTTLS implementations require regarding TLS minimal version and ciphers?
But plaintext auth for mail access, seriously?
Alexander
Am 07.07.2020 um 18:11 schrieb Sebastian Nielsen:
Plaintext access is no problem if the connection is secured via other means - for example internal network or VPN. If the IMAP server cannot be accessed from the outside, and the traffic don't travel over wifi or public networks, no danger.
First of all, please keep answers on the mailing list only. Obviously I am subscribe and I don't need to get your reply twice, by list distribution and in addition to my personal address.
And top-posting is another thing you should avoid.
To your answer: I disagree and see that you have a false understanding of security. You want service protocol encryption (here for IMAP or POP3) from end to end. Nothing which breaks up encryption in between.
That's valid for any size of environment. You may judge the risk is tolerable in case you run you own small setup where you are the only user. But I replied to Mark's note where he wrote about ~100 clients. So he either running an IMAP service for clients - where it is inresponsible to not teach them about security and instead lower the protection to none - or administering a company network for which end to end service encryption is a must too.
Alexander
Sorry about that, its just outlook that does that by default. But manually deleted your adress now in reply. I don't know what you mean with "top posting"?
What I mean is that if you have another security on the connection (be it physical security - the connection doesn't go over public means, or VPN - connection level encryption) then you don't need another encryption on top of that.
Of course you must judge other risks in the physical enviroment - if a hacker connects his laptop to a guest wifi or reception RJ45 port and ARP spoofs - whats gonna happen? So you must of course segment and separate those networks from your internal LAN (so a hacker is now gonna need a access badge to even get a foot into the internal LAN), and also activate static ARP in your switches so even if a hacker ARP spoofs (from an infected client inside internal LAN), nothing gonna come out of the pipe.
-----Ursprungligt meddelande----- Från: dovecot-bounces@dovecot.org <dovecot-bounces@dovecot.org> För Alexander Dalloz Skickat: den 7 juli 2020 18:30 Till: dovecot@dovecot.org Ämne: Re: SV: Outlook vs Thunderbird
Am 07.07.2020 um 18:11 schrieb Sebastian Nielsen:
Plaintext access is no problem if the connection is secured via other means - for example internal network or VPN. If the IMAP server cannot be accessed from the outside, and the traffic don't travel over wifi or public networks, no danger.
First of all, please keep answers on the mailing list only. Obviously I am subscribe and I don't need to get your reply twice, by list distribution and in addition to my personal address.
And top-posting is another thing you should avoid.
To your answer: I disagree and see that you have a false understanding of security. You want service protocol encryption (here for IMAP or POP3) from end to end. Nothing which breaks up encryption in between.
That's valid for any size of environment. You may judge the risk is tolerable in case you run you own small setup where you are the only user. But I replied to Mark's note where he wrote about ~100 clients. So he either running an IMAP service for clients - where it is inresponsible to not teach them about security and instead lower the protection to none - or administering a company network for which end to end service encryption is a must too.
Alexander
On Tue, Jul 07, 2020 at 07:00:23PM +0200, Sebastian Nielsen wrote:
Sorry about that, its just outlook that does that by default.
Consider migrating to a MUA that, unlike Outlook, understands mailing lists.
For example, Mutt (which definitely sucks less than Outlook): http://www.mutt.org/doc/manual/#using-lists
I don't know what you mean with "top posting"?
Read this: https://www.netmeister.org/news/learn2quote2.html#ss2.3
That FAQ was written for Usenet, but also applies to email.
-- A: When it messes up the order in which people normally read text. Q: When is top-posting a bad thing?
() ASCII ribbon campaign. Please avoid HTML emails & proprietary /\ file formats. (Why? See e.g. https://v.gd/jrmGbS ). Thank you.
On 07 Jul 2020, at 10:11, Sebastian Nielsen <sebastian@sebbe.eu> wrote:
If the IMAP server cannot be accessed from the outside, and the traffic don't travel over wifi or public networks, no danger.
No, not no danger, but certainly less danger. The most obvious dangers even in a closed environment is if someone can monitor the network, they gather all the passwords. Of course, more common albeit harder is for a bad actor to gain access inside your network.
It is simple enough to use encrypted connections and good password policies<1> everywhere that there is really no reason to not do so. And supporting EOLed software, especially when it's little more than an attempt to save a little money, is a foolish reason to not use security IMO.
As soon as you start thinking that your network is inviolate, you find yourself in a Sony situation where everything on your network has been taken by someone else. Just because someone gets in is no reason to give them the keys to everything you have.
<1> actual good policies, not the idiotic ones most corporations use, of course.
On 8/7/20 2:04 am, Alexander Dalloz wrote:
FWIW I meant if the client is Windows7/old-Outlook then changing either 993/SSL or 143/STARTTLS to 143/NONE could help pick up the mail. We had to do this for a 100 or so clients a few months ago after upgrading to Ubuntu 20.04.
Curious, what's the rationale behind that move? Is it because that old beast of Outlook does not have the capabilities modern TLS/STARTTLS implementations require regarding TLS minimal version and ciphers?
It involved Windows7 customers and older Apple device users.
Recent versions of Thunderbird on Win7 still worked fine but even Outlook 2016 on Win7 could no longer pick up mail with SSL enabled. It happened after a Ubuntu server update to Dovecot and Openssl about 3 or 4 months ago.
But plaintext auth for mail access, seriously?
Tell me about it! We spent YEARS getting these same folks to change to secure settings (some of them have been with us for 20+ years) so it was heartbreaking to contact each one of them and talk them through disabling SSL.
I spent a week trying every cypher combination I could find via Google for Dovecot but with the phone going off the hook from complaints by customers not being able to pick up their mail. We had to respond with some solution so, after a week, disabling SSL was very reluctantly the only option left. We lost ~40 customers to outlook.com because of this.
Actually, there is a regedit "trick" for Win7 but that is beyond the ability of our customers to apply, and that doesn't help the older Apple device users.
FWIW.
Actually, there is a regedit "trick" for Win7 but that is beyond the ability of our customers to apply, and that doesn't help the older Apple device users.
You could build a .reg file with the trick inside, and then distribute it to your users. However it wont solve the Apple problem.
On Wed, Jul 08, 2020 at 12:05:55PM +1000, Mark Constable wrote:
I spent a week trying every cypher combination I could find via Google for Dovecot but with the phone going off the hook from complaints by customers not being able to pick up their mail. We had to respond with some solution so, after a week, disabling SSL was very reluctantly the only option left. We lost ~40 customers to outlook.com because of this.
Ouch. But does outlook.com not require TLS? (I don't currently have an outlook.com account.)
If so, then why would customers be able to solve their problem by moving to outlook.com? Maybe by using outlook.com's webmail interface, I guess, but you could presumably compete with this by offering Squirrelmail or Roundcube.
Yet another possible workaround for customers using email clients or operating systems that don't speak recent versions of TLS is to have them install stunnel on their PC, or else to send them a box (e.g. Raspberry Pi) running stunnel that they can put on their LAN/WLAN:
https://joewein.net/blog/2018/07/04/outlook-express-error-0x800ccc0b-and-the...
https://en.wikipedia.org/wiki/Stunnel
Of course, the main problem with sending a box is that it would periodically require software updates & reboots. If you already have a routine for upgrading software on boxes on customer premises, then include the boxes in that routine; otherwise, it's a headache.
Also, the stunnel approach would not help for non-jailbroken iOS devices except while they are downstream of an stunnel box. So, OK over the WLAN but no good while on mobile data.
Anyway, good luck!
-- A: When it messes up the order in which people normally read text. Q: When is top-posting a bad thing?
() ASCII ribbon campaign. Please avoid HTML emails & proprietary /\ file formats. (Why? See e.g. https://v.gd/jrmGbS ). Thank you.
On Tue Jul 07 2020 02:07:08 GMT-0400 (Eastern Standard Time), Mark Constable <markc@renta.net> wrote:
FWIW I meant if the client is Windows7/old-Outlook then changing either 993/SSL or 143/STARTTLS to 143/NONE could help pick up the mail. We had to do this for a 100 or so clients a few months ago after upgrading to Ubuntu 20.04.
Really, really bad idea. You just disabled an/all security on your imap connection.
Tanstaafl skrev den 2020-07-15 21:28:
On Tue Jul 07 2020 02:07:08 GMT-0400 (Eastern Standard Time), Mark Constable <markc@renta.net> wrote:
FWIW I meant if the client is Windows7/old-Outlook then changing either 993/SSL or 143/STARTTLS to 143/NONE could help pick up the mail. We had to do this for a 100 or so clients a few months ago after upgrading to Ubuntu 20.04.
Really, really bad idea. You just disabled an/all security on your imap connection.
windows 7 just need tls 1.0, why its need to disabled all, is aswell beyong me, do not disable tls 1.0 in dovecot aslong one have windows 7 clients
upgrade all clients to windows 10, then tls 1.0 and more weak tls 1.1 can be disabled in dovecot
hope the best for all
On 16/7/20 5:54 am, Benny Pedersen wrote:
FWIW I meant if the client is Windows7/old-Outlook then changing either 993/SSL or 143/STARTTLS to 143/NONE could help pick up the mail.
windows 7 just need tls 1.0, why its need to disabled all, is as well beyong me, do not disable tls 1.0 in dovecot aslong one have windows 7 clients
Would anyone with Windows7 clients be able to provide me with the EXACT set of ssl_* settings that should work with W7 please?
I tried for a week with various combinations but nothing worked short of disabling SSL altogether. These are the remnants of some attempts...
# 20200531 suggested by Aki Tuomi #ssl_min_protocol = TLSv1.0 #ssl_ciphers = ALL:!LOW:!SSLv2:!EXP:!aNULL
# https://ssl-config.mozilla.org OLD # openssl dhparam -dsaparam 1024 > /etc/dovecot/dh.pem ssl_prefer_server_ciphers = yes #ssl_min_protocol = TLSv1 #ssl_cipher_list = ECDHE-ECDSA****
# https://ssl-config.mozilla.org MEDIUM # openssl dhparam -dsaparam 2048 > /etc/dovecot/dh.pem #ssl_prefer_server_ciphers = no #ssl_min_protocol = TLSv1.2 #ssl_cipher_list = ECDHE-ECDSA****
~ dovecot --version 2.3.7.2 (3c910f64b)
Apologies to the OP for hijacking this thread.
-- Mark Constable 0419 530 037 https://spiderweb.com.au
On Thu, Jul 16, 2020 at 12:16:19PM +1000, Mark Constable wrote:
Would anyone with Windows7 clients be able to provide me with the EXACT set of ssl_* settings that should work with W7 please?
Also consider improving Windows 7 TLS usage:
https://support.microsoft.com/en-us/help/3140245/update-to-enable-tls-1-1-an...
-- Emmanuel Dreyfus manu@netbsd.org
On 2020.07.16. 5:16, Mark Constable wrote:
On 16/7/20 5:54 am, Benny Pedersen wrote:
FWIW I meant if the client is Windows7/old-Outlook then changing either 993/SSL or 143/STARTTLS to 143/NONE could help pick up the mail.
windows 7 just need tls 1.0, why its need to disabled all, is as well beyong me, do not disable tls 1.0 in dovecot aslong one have windows 7 clients
Would anyone with Windows7 clients be able to provide me with the EXACT set of ssl_* settings that should work with W7 please?
I tried for a week with various combinations but nothing worked short of disabling SSL altogether. These are the remnants of some attempts...
# 20200531 suggested by Aki Tuomi #ssl_min_protocol = TLSv1.0 #ssl_ciphers = ALL:!LOW:!SSLv2:!EXP:!aNULL
# https://ssl-config.mozilla.org OLD # openssl dhparam -dsaparam 1024 > /etc/dovecot/dh.pem ssl_prefer_server_ciphers = yes #ssl_min_protocol = TLSv1 #ssl_cipher_list = ECDHE-ECDSA****
# https://ssl-config.mozilla.org MEDIUM # openssl dhparam -dsaparam 2048 > /etc/dovecot/dh.pem #ssl_prefer_server_ciphers = no #ssl_min_protocol = TLSv1.2 #ssl_cipher_list = ECDHE-ECDSA****
~ dovecot --version 2.3.7.2 (3c910f64b)
Apologies to the OP for hijacking this thread.
Are you sure, your operating system's SSL library (OpenSSL or whatever) supports TLS 1.0?
-- KSB
On 06 Jul 2020, at 15:48, The Doctor <doctor@doctor.nl2k.ab.ca> wrote:
Got a client that usually uses Outlook I think 2010. This person tends to move their e-mails to certain folers. On Thunderbird, the move shows.
Not on Outlook.Any explanation?
Since the move works fine in Thunderbrd (and I assume any other client will see the same), the problem is with Outlook 2010. Perhaps a gentle reminder that it is currently 2020?
I moved the last holdout client off 2010 about 2 or 3 yers ago after having many many problems with it that could not be easily fixed because the software was no longer supported and I pointed out they were sending more money paying me to try to fix it than it would cost them to pay for Office 365 (small business, obviously).
-- Silence filled the University in the same way that air fills a hole. Night spread across the Disk like plum jam, or possibly blackberry preserve. But there would be a morning. There would always be another morning. --Sourcery
On Mon, 6 Jul 2020 23:49:08 -0600, @lbutlr <kremels@kreme.com> stated:
On 06 Jul 2020, at 15:48, The Doctor <doctor@doctor.nl2k.ab.ca> wrote:
Got a client that usually uses Outlook I think 2010. This person tends to move their e-mails to certain folers. On Thunderbird, the move shows. Not on Outlook.
Any explanation?
Since the move works fine in Thunderbrd (and I assume any other client will see the same), the problem is with Outlook 2010. Perhaps a gentle reminder that it is currently 2020?
I moved the last holdout client off 2010 about 2 or 3 yers ago after having many many problems with it that could not be easily fixed because the software was no longer supported and I pointed out they were sending more money paying me to try to fix it than it would cost them to pay for Office 365 (small business, obviously).
+1
-- Jerry
participants (12)
-
@lbutlr
-
Alexander Dalloz
-
Benny Pedersen
-
Emmanuel Dreyfus
-
Jerry
-
KSB
-
Mark Constable
-
Sam Kuper
-
Sami Ketola
-
Sebastian Nielsen
-
Tanstaafl
-
The Doctor