dovecot 2.4 and Outlook
Since I don't remember seeing *this* mentioned here so far, but *do* remember people asking about Outlook-dovecot compatibility issues every now and then, here's a potential cause for seeing more of those in the immediate future:
https://fedoramagazine.org/fedora-43-upgrade-revealed-20-years-old-outlook-s...
Kind regards,
Jochen Bern Systemingenieur Binect GmbH
On 08/06/2026 16:19 EEST Jochen Bern via dovecot <dovecot@dovecot.org> wrote:
Since I don't remember seeing *this* mentioned here so far, but *do* remember people asking about Outlook-dovecot compatibility issues every now and then, here's a potential cause for seeing more of those in the immediate future:
https://fedoramagazine.org/fedora-43-upgrade-revealed-20-years-old-outlook-s...
Kind regards,
Jochen Bern Systemingenieur Binect GmbH
One thing to mention right off the bat is that Dovecot has not allowed unencrypted logins by default, even if Outlook has.
This has required, even in the past, that you set disable_plaintext_auth = no, which allows you to log in w/o SSL. So I wonder if half of this issue is about using that option, and now that it has been renamed as allow_cleartext_auth, it has became more obvious why it should not be used.
Aki
Am 08.06.26 um 15:24 schrieb Aki Tuomi:
One thing to mention right off the bat is that Dovecot has not allowed unencrypted logins by default, even if Outlook has.
This has required, even in the past, that you set
disable_plaintext_auth = no, which allows you to log in w/o SSL. Hmmm, the author wrote that port 110 was left open for the sake of clients wanting to do STARTTLS, so which kind of "w/o SSL" are we talking here ... ?
(I admit that there's no clear demonstration - a la tcpdump or wireshark
- in any versions of the report I've seen *proving* beyond doubt that auth+e-mails went through the wire *un*encrypted ... other than Outlook versions apparently being affected that are said to *predate* STARTTLS.)
Kind regards,
Jochen Bern Systemingenieur Binect GmbH
On 08/06/2026 16:41 EEST Jochen Bern via dovecot <dovecot@dovecot.org> wrote:
Am 08.06.26 um 15:24 schrieb Aki Tuomi:
One thing to mention right off the bat is that Dovecot has not allowed unencrypted logins by default, even if Outlook has.
This has required, even in the past, that you set
disable_plaintext_auth = no, which allows you to log in w/o SSL. Hmmm, the author wrote that port 110 was left open for the sake of clients wanting to do STARTTLS, so which kind of "w/o SSL" are we talking here ... ?(I admit that there's no clear demonstration - a la tcpdump or wireshark
- in any versions of the report I've seen *proving* beyond doubt that auth+e-mails went through the wire *un*encrypted ... other than Outlook versions apparently being affected that are said to *predate* STARTTLS.)
Kind regards,
Jochen Bern Systemingenieur Binect GmbH
Without the setting, you have to use either STARTTLS or direct TLS (your connection must be secured/encrypted), or dovecot will not let you in, and will give an error. It does not matter if you use 110 or 993.
Aki
participants (2)
-
Aki Tuomi
-
Jochen Bern