[Dovecot] Authentication in outlook
Hi all,
I have instaled dovecot 1.0.rc10, and my configuration works fine if I get the mail with Evolution mail client, bu if I try to use outlook to get mails the authentication fail and I can't pass through the logon window. The maillog appear this message: dovecot: pop3-login: Disconnected: rip=192.168.0.22, lip=192.168.0.1 My dovecot configuration is: protocols = pop3 ssl_disable = yes mail_extra_groups = mail protocol imap { } protocol pop3 { pop3_uidl_format = %v.%u } protocol lda { postmaster_address = postmaster@example.com } auth_username_translation = "@." auth default { mechanisms = plain passdb pam { } userdb passwd { } user = root } dict { } plugin { }
any idea to solve.
thanks
Paul
On Sat, 2006-10-28 at 08:10 -0700, Paul Aguirre wrote:
Hi all,
I have instaled dovecot 1.0.rc10, and my configuration works fine if I get the mail with Evolution mail client, bu if I try to use outlook to get mails the authentication fail and I can't pass through the logon window. The maillog appear this message: dovecot: pop3-login: Disconnected: rip=192.168.0.22, lip=192.168.0.1
auth_debug=yes setting will help you.
On Sat, 2006-10-28 at 08:10 -0700, Paul Aguirre wrote:
Hi all,
I have instaled dovecot 1.0.rc10, and my configuration works fine if I get the mail with Evolution mail client, bu if I try to use outlook to get mails the authentication fail and I can't pass through
The maillog appear this message: dovecot: pop3-login: Disconnected: rip=192.168.0.22,
On Donnerstag 02 November 2006 20:41, Timo Sirainen wrote: the logon window. lip=192.168.0.1
auth_debug=yes setting will help you.
By default Outlook uses plaintext authentication. You can either enable it with disable_plaintext_auth = no in your Dovecot config, or you can make Outlook use SSL. Look into Outlook's extra options for your mail account.
Unfortunately, Outlook makes trouble with self signed SSL certs: It requires to accept the certificate again after every restart, what is very annoying for the users and makes it hard to recognize forged certs. So you will have the choice to allow password sniffing, annoy your users, buy an official cert - or to get a decent mail client installed.
Amon.
http://www.rsbac.org - GnuPG: 2048g/5DEAAA30 2002-10-22
On Friday November 03, 2006 at 03:49:15 (AM) Amon Ott wrote:
Unfortunately, Outlook makes trouble with self signed SSL certs: It requires to accept the certificate again after every restart, what is very annoying for the users and makes it hard to recognize forged certs. So you will have the choice to allow password sniffing, annoy your users, buy an official cert - or to get a decent mail client installed.
I would vote for the 'Official Cert' option. Seriously, unless you are running a home based operation, why would you not be employing a properly signed certificate. After all, if you are offering SSL on your mail server, you are going to need a signed certificate or else risk having problems with other servers that are going to flag your server form using self signed certificates.
By the way, I think Outlook's alerting users of the use of self signed certificates is a good idea, although it should also have a mechanism in place to stop those warnings on a permanent basis. Then again, if they did, someone would complain about that. You cannot make everyone happy.
Just my 2¢.
-- Gerard
On Freitag 03 November 2006 11:00, Gerard Seibert wrote:
On Friday November 03, 2006 at 03:49:15 (AM) Amon Ott wrote:
Unfortunately, Outlook makes trouble with self signed SSL certs: It requires to accept the certificate again after every restart, what is very annoying for the users and makes it hard to recognize forged certs. So you will have the choice to allow password sniffing, annoy your users, buy an official cert - or to get a decent mail client installed.
I would vote for the 'Official Cert' option. Seriously, unless you are running a home based operation, why would you not be employing a properly signed certificate. After all, if you are offering SSL on your mail server, you are going to need a signed certificate or else risk having problems with other servers that are going to flag your server form using self signed certificates.
I am only speaking about IMAP/POP3 servers here. What other server is supposed to access an IMAP or POP3 server? Sure an official cert is better, but it also costs extra money.
As long as an IMAP/POP3 server is only accessed from inside a company and not available from outside, self signed is fine for me. Most clients will only warn when the cert has changed. If the cert has been renewed after a year or such, people can still verify the signature from other sources, but not every day.
Amon.
http://www.rsbac.org - GnuPG: 2048g/5DEAAA30 2002-10-22
On Friday 03 November 2006 05:00, Gerard Seibert wrote:
On Friday November 03, 2006 at 03:49:15 (AM) Amon Ott wrote:
Unfortunately, Outlook makes trouble with self signed SSL certs: It requires to accept the certificate again after every restart, what is very annoying for the users and makes it hard to recognize forged certs. So you will have the choice to allow password sniffing, annoy your users, buy an official cert - or to get a decent mail client installed.
I would vote for the 'Official Cert' option. Seriously, unless you are running a home based operation, why would you not be employing a properly signed certificate. After all, if you are offering SSL on your mail server, you are going to need a signed certificate or else risk having problems with other servers that are going to flag your server form using self signed certificates.
If you're going to go the self-signed route, you may as well create your own
CA as I did. It's only a few more steps and then you can supply the CA's
certificate to the clients accessing your server for inclusion in
their "trusted root certificates". After all, I can trust my certificates
even more than I trust Verisign. The annoying messages then go away. After
all it's only your clients accessing your pop server, not the general public.
Not that I've ever had a problem with the smtp side with that setup.
By the way, I think Outlook's alerting users of the use of self signed certificates is a good idea, although it should also have a mechanism in place to stop those warnings on a permanent basis. Then again, if they did, someone would complain about that. You cannot make everyone happy.
You mean like Thunderbird, as well as most non-Microsoft clients I've tried.
Most people I know are happy with that solution.
My 2c too.
Mike
On Friday 03 November 2006 08:16, Michael Surette wrote:
After all, I can trust my certificates even more than I trust Verisign.
Hmmm, I can trust a rattlesnake more than I trust Verisign.
Offlist mail to this address is discarded unless
"/dev/rob0" or "not-spam" is in Subject: headerOn Saturday 28 October 2006 11:10, Paul Aguirre wrote:
Hi all,
I have instaled dovecot 1.0.rc10, and my configuration works fine if I get the mail with Evolution mail client, bu if I try to use outlook to get mails the authentication fail and I can't pass through the logon window. The maillog appear this message:
Here's the configuration file I use on 1.0.beta9 that works with Outlook using
pop3s (port 995). I really don't like unencrypted plaintext authentication.
I run Slackware, so no pam.
# basic settings base_dir = /var/run/dovecot #protocols = imap imaps pop3 pop3s protocols = imap imaps pop3s listen = *
# SSL settings ssl_cert_file = /etc/ssl/certs/host-cert.pem ssl_key_file = /etc/ssl/certs/host-key.pem ssl_ca_file = /etc/ssl/certs/domain-ca.pem disable_plaintext_auth = no
# mail process settings mail_extra_groups = smmsp
# mail storage default_mail_env = maildir:/srv/imap/%u:INDEX=MEMORY
# file control maildir_copy_with_hardlinks = yes
# imap settings protocol imap { imap_client_workarounds = outlook-idle }
# pop3 settings protocol pop3 { pop3_uidl_format = %08Xv%08Xu pop3_client_workarounds = outlook-no-nuls oe-ns-eoh }
# authentication settings auth default { mechanisms = plain userdb passwd { } passdb shadow { } }
participants (6)
-
/dev/rob0
-
Amon Ott
-
Gerard Seibert
-
Michael Surette
-
Paul Aguirre
-
Timo Sirainen