Outlook fails to connect to Dovecot submission server
Dovecot 2.3.20 including it's submission server works well with all sorts of clients, but Outlook.
Outlook works / can connect to Dovecot IMAP service with same certificate TLS config, but it fails to connect using SMTPs on port 465. Other clients connect and send mails without problem, also openssl s_client can connect and reports no problems.
I tried with Outlook Version 365 on Windows 11 (no cloud) and "Microsoft® Outlook® 2021 MSO (Version 2304 Build 16.0.16327.20200) 64-bit".
I already enabled all submission_client_workarounds and lowered min_ssl_version from TLSv1.2 to TLSv1, but that changed nothing.
I can see nothing failing in the logs, thought the OL connection wizard always check IMAP and SMTP together, so it's hard to say what the problem is.
The same two Outlook version connect without a problem to Postfix authenticating via SASL to Dovecot also requiring a minimum TLS version of 1.2. They just wont connect with Dovecot submission server.
Any ideas what's wrong, or how to debug that further?
Ralf
--
Ralf Becker EGroupware GmbH [www.egroupware.org] Handelsregister HRB Kaiserslautern 3587 Geschäftsführer Birgit und Ralf Becker Leibnizstr. 17, 67663 Kaiserslautern, Germany Telefon +49 631 31657-0
Dovecot ... submission server works well with all sorts of clients, but Outlook.
I thought that was M$ intent. They purposefully design their ecosystem to not play well with others so the average person will think something is wrong with the competitor's software, give up and just continue to use outlook with M$ services.
Remember how IE didn't render pages properly, but had a larger market share so most webmasters designed sites to look best in IE. Making sites not work well in Netscape, causing the average person to think Netscape sucked so they continued to use IE which in turn caused more webmasters to only develop sites for IE.
Am 17.05.23 um 20:03 schrieb dovecot--- via dovecot:
Dovecot ... submission server works well with all sorts of clients, but Outlook.
I thought that was M$ intent. They purposefully design their ecosystem to not play well with others so the average person will think something is wrong with the competitor's software, give up and just continue to use outlook with M$ services.
Remember how IE didn't render pages properly, but had a larger market share so most webmasters designed sites to look best in IE. Making sites not work well in Netscape, causing the average person to think Netscape sucked so they continued to use IE which in turn caused more webmasters to only develop sites for IE.
dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-leave@dovecot.org
As an open-source activist I can understand the sentiment, thought for regular users this always seems to be broken in the server :(
@Aki and @Timo: is that a known problem with submission server you plan to address, or if not, how can I help to debug that further?
Obviously I can get back to the traditional setup using Postfix and SASL, if that's the only way to support Outlook ...
Ralf
-- Ralf Becker EGroupware GmbH [www.egroupware.org] Handelsregister HRB Kaiserslautern 3587 Geschäftsführer Birgit und Ralf Becker Leibnizstr. 17, 67663 Kaiserslautern, Germany Telefon +49 631 31657-0
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
On Fri, 19 May 2023 09:53:02 +0200, Ralf Becker via dovecot stated:
Am 17.05.23 um 20:03 schrieb dovecot--- via dovecot:
Dovecot ... submission server works well with all sorts of clients, but Outlook.
I thought that was M$ intent. They purposefully design their ecosystem to not play well with others so the average person will think something is wrong with the competitor's software, give up and just continue to use outlook with M$ services.
Remember how IE didn't render pages properly, but had a larger market share so most webmasters designed sites to look best in IE. Making sites not work well in Netscape, causing the average person to think Netscape sucked so they continued to use IE which in turn caused more webmasters to only develop sites for IE.
dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-leave@dovecot.org
As an open-source activist I can understand the sentiment, thought for regular users this always seems to be broken in the server :(
@Aki and @Timo: is that a known problem with submission server you plan to address, or if not, how can I help to debug that further?
Obviously I can get back to the traditional setup using Postfix and SASL, if that's the only way to support Outlook ...
Ralf
Have you tried posting this question on an MS Outlook forum. I have used this one with good results in the past.
https://answers.microsoft.com/en-us
Choose OUTLOOK and proceed from there.
Jerry -----BEGIN PGP SIGNATURE-----
iQGzBAEBCAAdFiEECVMyN8UcMOe+4YCFeTpjHWQv0I8FAmRqP4gACgkQeTpjHWQv 0I94kgv/fAzA10z946pmrZiPLkXYmjez7GlEBq6FX3zyOojehDXyMG5MVNexusXb BezzFbWRliZ2mjqP269ieXz/EjV6QtNBZhdWc8fuNLVql5LtasdzSy31kQ7emwRD CLLFvoZO13QelOArGTxdiFHsPvO4IWhA/MEN+LGKfoVMLKYtOQ5e7UOmUefBAqMw oqfb+OBvhKW6AFcOObPz51r2wHXzO77xqP/0qDn0zWRU4PVkR94XU/bO8EVligjt cndYw8Trt6l9nBHE7yQktSpdBFggffPE5rA5Eb/cCSQ6+8wNwVkKfqfJSWfYEcY/ duwlwsmvDbY5zc5DAXBspt60mpGNjAXBvXr8Gv/78gcvHFR/QK2gNZ3ET84PbONn rhfTBT0H2yMfp+Ed4pbRLhPIONa9aJEWj0V/O+H0BHPe9ndytQzyg2yJ/DJP5/hc By56nNp7iynAcKR+I1RunLgN2joQ54lOMKpf5Dp8qC5QsEqvVQe3G5VSYM1ubqdV 6WWbvVPn =hzDZ -----END PGP SIGNATURE-----
Hello, I may be mistaken, but I don't see "auth_mechanism = plain login" in your configuration. It's possible that you are using something different for authentication, but I don't see it in the configuration.
On Wed, May 17, 2023 at 4:04 PM Ralf Becker via dovecot dovecot@dovecot.org wrote:
Dovecot 2.3.20 including it's submission server works well with all sorts of clients, but Outlook.
Outlook works / can connect to Dovecot IMAP service with same certificate TLS config, but it fails to connect using SMTPs on port 465. Other clients connect and send mails without problem, also openssl s_client can connect and reports no problems.
I tried with Outlook Version 365 on Windows 11 (no cloud) and "Microsoft® Outlook® 2021 MSO (Version 2304 Build 16.0.16327.20200) 64-bit".
I already enabled all submission_client_workarounds and lowered min_ssl_version from TLSv1.2 to TLSv1, but that changed nothing.
I can see nothing failing in the logs, thought the OL connection wizard always check IMAP and SMTP together, so it's hard to say what the problem is.
The same two Outlook version connect without a problem to Postfix authenticating via SASL to Dovecot also requiring a minimum TLS version of 1.2. They just wont connect with Dovecot submission server.
Any ideas what's wrong, or how to debug that further?
Ralf
--
Ralf Becker EGroupware GmbH [www.egroupware.org] Handelsregister HRB Kaiserslautern 3587 Geschäftsführer Birgit und Ralf Becker Leibnizstr. 17, 67663 Kaiserslautern, Germany Telefon +49 631 31657-0
dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-leave@dovecot.org
-- Andrzej
Hi Andrzej,
Am 19.05.23 um 17:17 schrieb Andrzej Milewski:
Hello, I may be mistaken, but I don't see "auth_mechanism = plain login" in your configuration. It's possible that you are using something different for authentication, but I don't see it in the configuration.
The config file was output with doveadm config -n, that only shows non-default values. The default is auth_mechanism = plain, and that is explicitly set in conf.d/10-auth.conf.
I'll try Monday if additionally enabling login makes any difference, but I doubt it.
Ralf
On Wed, May 17, 2023 at 4:04 PM Ralf Becker via dovecot dovecot@dovecot.org wrote:
Dovecot 2.3.20 including it's submission server works well with all sorts of clients, but Outlook. Outlook works / can connect to Dovecot IMAP service with same certificate TLS config, but it fails to connect using SMTPs on port 465. Other clients connect and send mails without problem, also openssl s_client can connect and reports no problems. I tried with Outlook Version 365 on Windows 11 (no cloud) and "Microsoft® Outlook® 2021 MSO (Version 2304 Build 16.0.16327.20200) 64-bit". I already enabled all submission_client_workarounds and lowered min_ssl_version from TLSv1.2 to TLSv1, but that changed nothing. I can see nothing failing in the logs, thought the OL connection wizard always check IMAP and SMTP together, so it's hard to say what the problem is. The same two Outlook version connect without a problem to Postfix authenticating via SASL to Dovecot also requiring a minimum TLS version of 1.2. They just wont connect with Dovecot submission server. Any ideas what's wrong, or how to debug that further? Ralf -- Ralf Becker EGroupware GmbH [www.egroupware.org <http://www.egroupware.org>] Handelsregister HRB Kaiserslautern 3587 Geschäftsführer Birgit und Ralf Becker Leibnizstr. 17, 67663 Kaiserslautern, Germany Telefon +49 631 31657-0 _______________________________________________ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-leave@dovecot.org-- Andrzej
dovecot mailing list --dovecot@dovecot.org To unsubscribe send an email todovecot-leave@dovecot.org
-- Ralf Becker EGroupware GmbH [www.egroupware.org] Handelsregister HRB Kaiserslautern 3587 Geschäftsführer Birgit und Ralf Becker Leibnizstr. 17, 67663 Kaiserslautern, Germany Telefon +49 631 31657-0
Have you tried adding the line below to your submision config?
submission_client_workarounds = whitespace-before-path
Hi Nikolaos,
Am 22.05.23 um 15:25 schrieb Nikolaos Pyrgiotis:
Have you tried adding the line below to your submision config?
submission_client_workarounds = whitespace-before-path
I tried, also with all other workarounds, unfortunately that (alone) does not help :(
Ralf
-- Ralf Becker EGroupware GmbH [www.egroupware.org] Handelsregister HRB Kaiserslautern 3587 Geschäftsführer Birgit und Ralf Becker Leibnizstr. 17, 67663 Kaiserslautern, Germany Telefon +49 631 31657-0
Hi Ralf,
We had the same problem few months back and i remember that was the action we took to mitigate the issue. I will state our dovecot `s submission proxy relevant config and hope that it will help.
auth_mechanisms = plain login
submission_max_mail_size = 30720000
submission_relay_host = smtp_ip
submission_relay_port = 587
submission_relay_trusted = yes
submission_relay_ssl = starttls
submission_relay_ssl_verify = no
submission_client_workarounds = whitespace-before-path
Our smtp server is running postfix. We use the following configuration for postfix`s master.cnf submission(port 587)
submission inet n - y - - smtpd
-o syslog_name=postfix/submission
-o smtpd_tls_security_level=encrypt
-o smtpd_sasl_auth_enable=yes
-o smtpd_tls_auth_only=yes
-o smtpd_reject_unlisted_recipient=no
# -o smtpd_client_restrictions=$mua_client_restrictions
# -o smtpd_helo_restrictions=$mua_helo_restrictions
-o smtpd_sender_restrictions=$mua_sender_restrictions
-o smtpd_recipient_restrictions=$mua_recipient_restrictions
-o smtpd_relay_restrictions=$mua_relay_restrictions
-o milter_macro_daemon_name=ORIGINATING
-o smtpd_authorized_xclient_hosts=dovecot_host1_ip,dovecot_host2_ip
-o smtpd_sasl_authenticated_header=no
-o smtpd_sasl_path=smtpd
-o smtpd_sasl_security_options=noanonymous
-o smtpd_sasl_type=cyrus
-o smtpd_sender_login_maps=$mua_sender_login_maps
-o smtpd_tls_ciphers=high
-o smtpd_tls_exclude_ciphers=$mua_exclude_ciphers
-o smtpd_tls_mandatory_ciphers=high
-o smtpd_tls_mandatory_exclude_ciphers=$mua_exclude_ciphers
-o smtpd_tls_mandatory_protocols=$mua_tls_protocols
-o smtpd_tls_protocols=$mua_tls_protocols
-o smtpd_tls_received_header=yes
-o tls_preempt_cipherlist=yes
On 22/5/23 16:25, Nikolaos Pyrgiotis wrote:
Have you tried adding the line below to your submision config?
submission_client_workarounds = whitespace-before-path
participants (5)
-
Andrzej Milewski
-
dovecot@ptld.com
-
Gerard E. Seibert
-
Nikolaos Pyrgiotis
-
Ralf Becker