What imap ssl/auth settings work best with MS Outlook?
I repeatedly have a hell of a time getting clients' Outlook software working well with Dovecot. It's hard for me to test myself since I don't have Outlook and it would be impossible to keep up with all the different versions anyway.
I've got the following settings, currently:
disable_plaintext_auth = yes auth_username_format = %Ln auth_mechanisms = plain login ssl = yes
service imap-login { # inet_listener imap { # port = 143 # }
inet_listener imaps { port = 993 ssl = yes } }
service imap { client_limit = 1 }
It always seems to be hit or miss with outlook as to which encryption setting to use, which port to try, etc. With a recent client, I couldn't get them successfully logged in no matter what manual settings we tried. If someone can give me some tips on how to get most versions of Outlook cooperating well with Dovecot, I'd appreciate it.
On Wednesday, 28 April 2021 13:49:03 CDT Steve Dondley wrote:
I repeatedly have a hell of a time getting clients' Outlook software working well with Dovecot. It's hard for me to test myself since I don't have Outlook and it would be impossible to keep up with all the different versions anyway.
[snip]
It always seems to be hit or miss with outlook as to which encryption setting to use, which port to try, etc. With a recent client, I couldn't get them successfully logged in no matter what manual settings we tried. If someone can give me some tips on how to get most versions of Outlook cooperating well with Dovecot, I'd appreciate it.
Your best bet to make Outlook behave better as an IMAP client is to configure a mail "profile" via Control Pannel --> User Accounts --> Mail, and set all the particulars there. Recent versions of Outlook have a stripped down configuration interface that offers no flexibility. For example, from Outlook itself it's not possible to set an IMAP login name that's not an email address.
-- Greg
Your best bet to make Outlook behave better as an IMAP client is to configure a mail "profile" via Control Pannel --> User Accounts --> Mail, and set all the particulars there. Recent versions of Outlook have a stripped down configuration interface that offers no flexibility. For example, from Outlook itself it's not possible to set an IMAP login name that's not an email address.
Yes, this was a "holy shit" moment that I had today. I couldn't even see how to change the user name. Outlook has got to have the worst, most inconsistent user interface for a mail client I've ever seen. It's insane.
Thanks for the tip on the Mail settings. I wasn't aware of those.
I bit the bullet and got a free trial of MS Outlook as part of Office 365 so I could do some testing. It was super easy to set up and I had absolutely no issues logging into my client's IMAP account with. I spent an hour with the client today, who had a slightly older version of Outlook, and we could not get it working. It took 5 minutes just for Outlook to fail and finally tell us it couldn't log in.
As I think about this, it's probably some kind of encryption protocol issue. Is it possible some older versions of outlook are using outdated encryption methods that my server is not set up to work with?
On 2021-04-28 02:49 PM, Steve Dondley wrote:
I repeatedly have a hell of a time getting clients' Outlook software working well with Dovecot. It's hard for me to test myself since I don't have Outlook and it would be impossible to keep up with all the different versions anyway.
I've got the following settings, currently:
disable_plaintext_auth = yes auth_username_format = %Ln auth_mechanisms = plain login ssl = yes
I think my problem might be here. Instead of %Ln, maybe I should have %L%n?
I think my problem might be here. Instead of %Ln, maybe I should have %L%n?
On 28 Apr 2021, at 12:49, Steve Dondley <s@dondley.com> wrote:
I repeatedly have a hell of a time getting clients' Outlook software working well with Dovecot. It's hard for me to test myself since I don't have Outlook and it would be impossible to keep up with all the different versions anyway.
How old is the version of Outlook they are using? Office 2010 is a disaster, and if I recall correctly 2014 has many issues as well.
Even so, it's terrible software that is designed to 'encourage' users to use Exchange Servers for mail instead of real email servers.
-- Think of how stupid the average person is, and realize half of them are stupider than that.
On 2021-04-29 01:45 AM, @lbutlr wrote:
On 28 Apr 2021, at 12:49, Steve Dondley <s@dondley.com> wrote:
I repeatedly have a hell of a time getting clients' Outlook software working well with Dovecot. It's hard for me to test myself since I don't have Outlook and it would be impossible to keep up with all the different versions anyway.
How old is the version of Outlook they are using? Office 2010 is a disaster, and if I recall correctly 2014 has many issues as well.
I'm not sure. It's fairly recent though.
Some more nuttiness: I bit the bullet and downloaded a trial version of MS 365 and downloaded the Outlook desktop. On my mac, at least, there are two different interfaces/version of Outlook: the "old" Outlook and a "new," more minimalist version. You can switch between the versions easily.
On the "old" outlook, I was able to get things set up without issue. But with the "new" outlook, I couldn't send email or set up a new account.
It turns out I had to enable the smtp_tls_wrappermode setting to get it working with the "new" Outlook. See http://www.postfix.org/postconf.5.html#smtp_tls_wrappermode
I thought the wrapper setting was just for the long dead Outlook Express mail client. But now I'm wondering if I need this setting for some versions of Outlook.
Even so, it's terrible software that is designed to 'encourage' users to use Exchange Servers for mail instead of real email servers.
I'm not conspiracy theorist, but I can't help but come to the same conclusion.
I am totally unfamiliar with Exchange servers. What do they offer, exactly, that dovecot/postfix does not (besides a revenue stream for MS)?
On 29/04/2021 10:22, Steve Dondley wrote:
On 2021-04-29 01:45 AM, @lbutlr wrote:
On 28 Apr 2021, at 12:49, Steve Dondley <s@dondley.com> wrote:
I repeatedly have a hell of a time getting clients' Outlook software working well with Dovecot. It's hard for me to test myself since I don't have Outlook and it would be impossible to keep up with all the different versions anyway.
How old is the version of Outlook they are using? Office 2010 is a disaster, and if I recall correctly 2014 has many issues as well.
I'm not sure. It's fairly recent though.
Some more nuttiness: I bit the bullet and downloaded a trial version of MS 365 and downloaded the Outlook desktop. On my mac, at least, there are two different interfaces/version of Outlook: the "old" Outlook and a "new," more minimalist version. You can switch between the versions easily.
On the "old" outlook, I was able to get things set up without issue. But with the "new" outlook, I couldn't send email or set up a new account.
It turns out I had to enable the smtp_tls_wrappermode setting to get it working with the "new" Outlook. See http://www.postfix.org/postconf.5.html#smtp_tls_wrappermode
I thought the wrapper setting was just for the long dead Outlook Express mail client. But now I'm wondering if I need this setting for some versions of Outlook.
Even so, it's terrible software that is designed to 'encourage' users to use Exchange Servers for mail instead of real email servers.
I'm not conspiracy theorist, but I can't help but come to the same conclusion.
I am totally unfamiliar with Exchange servers. What do they offer, exactly, that dovecot/postfix does not (besides a revenue stream for MS)?
built in calander integration.
-- This email has been checked for viruses by AVG. https://www.avg.com
On Thu, 29 Apr 2021 05:22:45 -0400, Steve Dondley stated:
On 2021-04-29 01:45 AM, @lbutlr wrote:
On 28 Apr 2021, at 12:49, Steve Dondley <s@dondley.com> wrote:
I repeatedly have a hell of a time getting clients' Outlook software working well with Dovecot. It's hard for me to test myself since I don't have Outlook and it would be impossible to keep up with all the different versions anyway.
How old is the version of Outlook they are using? Office 2010 is a disaster, and if I recall correctly 2014 has many issues as well.
I'm not sure. It's fairly recent though.
Some more nuttiness: I bit the bullet and downloaded a trial version of MS 365 and downloaded the Outlook desktop. On my mac, at least, there are two different interfaces/version of Outlook: the "old" Outlook and a "new," more minimalist version. You can switch between the versions easily.
On the "old" outlook, I was able to get things set up without issue. But with the "new" outlook, I couldn't send email or set up a new account.
It turns out I had to enable the smtp_tls_wrappermode setting to get it working with the "new" Outlook. See http://www.postfix.org/postconf.5.html#smtp_tls_wrappermode
I thought the wrapper setting was just for the long dead Outlook Express mail client. But now I'm wondering if I need this setting for some versions of Outlook.
Even so, it's terrible software that is designed to 'encourage' users to use Exchange Servers for mail instead of real email servers.
I'm not conspiracy theorist, but I can't help but come to the same conclusion.
I am totally unfamiliar with Exchange servers. What do they offer, exactly, that dovecot/postfix does not (besides a revenue stream for MS)?
I am using Outlook without any problems what so ever.
It sounds to me like you are setting up Outlook to use port 465. In the setup screen, set the port to either "25" or "587". I am using "587" with "starttls" Your "incoming mail port" will depend on how you have Dovecot configured. I use port "143" with "starttls" for Outlook. YMMV depending on your configuration.
You might want to consider posting the output of "doveconf -a" and how you have Outlook configured.
-- Jerry
On 29 Apr 2021, at 05:57, Jerry <jerry@seibercom.net> wrote:
It sounds to me like you are setting up Outlook to use port 465. In the setup screen, set the port to either "25" or "587". I am using "587" with "starttls" Your "incoming mail port" will depend on how you have Dovecot configured. I use port "143" with "starttls" for Outlook. YMMV depending on your configuration.
I have both 465 ad 587 configured in postfix. If the settings for 465 are correct it seems to work, OTOH, Outlook users are thin on my server.
-- "Are you pondering what I'm pondering?" "I think so, Brain, but if we have nothing to fear but fear itself, why does Eleanor Roosevelt wear that spooky mask?"
I am using Outlook without any problems what so ever.
It sounds to me like you are setting up Outlook to use port 465. In the setup screen, set the port to either "25" or "587". I am using "587" with "starttls" Your "incoming mail port" will depend on how you have Dovecot configured. I use port "143" with "starttls" for Outlook. YMMV depending on your configuration.
You might want to consider posting the output of "doveconf -a" and how you have Outlook configured.
To get things working with the client I had to set "disable_plaintext_auth = no" and have them use port 143. Obviously, this is not ideal. I could not get 993 working at all with the client's version of outlook. However, on MS 365, outlook works just fine.
It's insane.
# 2.3.4.1 (f79e8e7e4): /etc/dovecot/dovecot.conf # Pigeonhole version 0.5.4 () # OS: Linux 4.19.0-16-cloud-amd64 x86_64 Debian 10.9 # NOTE: Send doveconf -n output instead when asking for help. auth_anonymous_username = anonymous auth_cache_negative_ttl = 1 hours auth_cache_size = 0 auth_cache_ttl = 1 hours auth_cache_verify_password_with_worker = no auth_debug = no auth_debug_passwords = no auth_default_realm = auth_failure_delay = 2 secs auth_gssapi_hostname = auth_krb5_keytab = auth_master_user_separator = auth_mechanisms = plain login auth_policy_check_after_auth = yes auth_policy_check_before_auth = yes auth_policy_hash_mech = sha256 auth_policy_hash_nonce = auth_policy_hash_truncate = 12 auth_policy_reject_on_fail = no auth_policy_report_after_auth = yes auth_policy_request_attributes = login=%{requested_username} pwhash=%{hashed_password} remote=%{rip} device_id=%{client_id} protocol=%s auth_policy_server_api_header = auth_policy_server_timeout_msecs = 2000 auth_policy_server_url = auth_proxy_self = auth_realms = auth_socket_path = auth-userdb auth_ssl_require_client_cert = no auth_ssl_username_from_cert = no auth_stats = no auth_use_winbind = no auth_username_chars = abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@ auth_username_format = %Ln auth_username_translation = auth_verbose = no auth_verbose_passwords = no auth_winbind_helper_path = /usr/bin/ntlm_auth auth_worker_max_count = 30 base_dir = /var/run/dovecot config_cache_size = 1 M debug_log_path = default_client_limit = 1000 default_idle_kill = 1 mins default_internal_group = dovecot default_internal_user = dovecot default_login_user = dovenull default_process_limit = 100 default_vsz_limit = 256 M deliver_log_format = msgid=%m: %$ dict_db_config = director_flush_socket = director_mail_servers = director_max_parallel_kicks = 100 director_max_parallel_moves = 100 director_output_buffer_size = 10 M director_ping_idle_timeout = 30 secs director_ping_max_timeout = 1 mins director_servers = director_user_expire = 15 mins director_user_kick_delay = 2 secs director_username_hash = %u disable_plaintext_auth = no dotlock_use_excl = yes doveadm_allowed_commands = doveadm_api_key = doveadm_http_rawlog_dir = doveadm_password = doveadm_port = 0 doveadm_socket_path = doveadm-server doveadm_username = doveadm doveadm_worker_count = 0 dsync_alt_char = _ dsync_commit_msgs_interval = 100 dsync_features = dsync_hashed_headers = Date Message-ID dsync_remote_cmd = ssh -l%{login} %{host} doveadm dsync-server -u%u -U first_valid_gid = 1 first_valid_uid = 500 haproxy_timeout = 3 secs haproxy_trusted_networks = hostname = imap_capability = imap_client_workarounds = imap_fetch_failure = disconnect-immediately imap_hibernate_timeout = 0 imap_id_log = imap_id_retain = no imap_id_send = name * imap_idle_notify_interval = 2 mins imap_literal_minus = no imap_logout_format = in=%i out=%o deleted=%{deleted} expunged=%{expunged} trashed=%{trashed} hdr_count=%{fetch_hdr_count} hdr_bytes=%{fetch_hdr_bytes} body_count=%{fetch_body_count} body_bytes=%{fetch_body_bytes} imap_max_line_length = 64 k imap_metadata = no imap_urlauth_host = imap_urlauth_logout_format = in=%i out=%o imap_urlauth_port = 143 imapc_cmd_timeout = 5 mins imapc_connection_retry_count = 1 imapc_connection_retry_interval = 1 secs imapc_features = imapc_host = imapc_list_prefix = imapc_master_user = imapc_max_idle_time = 29 mins imapc_max_line_length = 0 imapc_password = imapc_port = 143 imapc_rawlog_dir = imapc_sasl_mechanisms = imapc_ssl = no imapc_ssl_verify = yes imapc_user = import_environment = TZ CORE_OUTOFMEM CORE_ERROR LISTEN_PID LISTEN_FDS info_log_path = instance_name = dovecot last_valid_gid = 0 last_valid_uid = 0 lda_mailbox_autocreate = no lda_mailbox_autosubscribe = no lda_original_recipient_header = libexec_dir = /usr/lib/dovecot listen = *, :: lmtp_hdr_delivery_address = final lmtp_proxy = no lmtp_proxy_rawlog_dir = lmtp_rawlog_dir = lmtp_rcpt_check_quota = no lmtp_save_to_detail_mailbox = no lmtp_user_concurrency_limit = 0 lock_method = fcntl log_core_filter = log_debug = log_path = syslog log_timestamp = "%b %d %H:%M:%S " login_access_sockets = login_greeting = Dovecot (Debian) ready. login_log_format = %$: %s login_log_format_elements = user=<%u> method=%m rip=%r lip=%l mpid=%e %c session=<%{session}> login_plugin_dir = /usr/lib/dovecot/modules/login login_plugins = login_proxy_max_disconnect_delay = 0 login_proxy_notify_path = proxy-notify login_source_ips = login_trusted_networks = mail_access_groups = mail_always_cache_fields = mail_attachment_detection_options = mail_attachment_dir = mail_attachment_fs = sis posix mail_attachment_hash = %{sha1} mail_attachment_min_size = 128 k mail_attribute_dict = mail_cache_compress_continued_percentage = 200 mail_cache_compress_delete_percentage = 20 mail_cache_compress_header_continue_count = 4 mail_cache_compress_min_size = 32 k mail_cache_fields = flags mail_cache_min_mail_count = 0 mail_cache_record_max_size = 64 k mail_cache_unaccessed_field_drop = 30 days mail_chroot = mail_debug = no mail_fsync = optimized mail_full_filesystem_access = no mail_gid = mail_home = mail_index_log2_max_age = 2 days mail_index_log_rotate_max_size = 1 M mail_index_log_rotate_min_age = 5 mins mail_index_log_rotate_min_size = 32 k mail_index_rewrite_max_log_bytes = 128 k mail_index_rewrite_min_log_bytes = 8 k mail_location = maildir:~/Maildir mail_log_prefix = "%s(%u)<%{pid}><%{session}>: " mail_max_keyword_length = 50 mail_max_lock_timeout = 0 mail_max_userip_connections = 10 mail_never_cache_fields = imap.envelope mail_nfs_index = no mail_nfs_storage = no mail_plugin_dir = /usr/lib/dovecot/modules mail_plugins = " fts fts_solr" mail_prefetch_count = 0 mail_privileged_group = mail mail_save_crlf = no mail_server_admin = mail_server_comment = mail_shared_explicit_inbox = no mail_sort_max_read_count = 0 mail_temp_dir = /tmp mail_temp_scan_interval = 1 weeks mail_uid = mail_vsize_bg_after_count = 0 mailbox_idle_check_interval = 30 secs mailbox_list_index = yes mailbox_list_index_include_inbox = no mailbox_list_index_very_dirty_syncs = no maildir_broken_filename_sizes = no maildir_copy_with_hardlinks = yes maildir_empty_new = no maildir_stat_dirs = no maildir_very_dirty_syncs = no managesieve_client_workarounds = managesieve_implementation_string = Dovecot (Debian) Pigeonhole managesieve_logout_format = bytes=%i/%o managesieve_max_compile_errors = 5 managesieve_max_line_length = 65536 managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date index ihave duplicate mime foreverypart extracttext master_user_separator = mbox_dirty_syncs = yes mbox_dotlock_change_timeout = 2 mins mbox_lazy_writes = yes mbox_lock_timeout = 5 mins mbox_md5 = apop3d mbox_min_index_size = 0 mbox_read_locks = fcntl mbox_very_dirty_syncs = no mbox_write_locks = fcntl dotlock mdbox_preallocate_space = no mdbox_rotate_interval = 0 mdbox_rotate_size = 10 M mmap_disable = no namespace inbox { disabled = no hidden = no ignore_on_failure = no inbox = yes list = yes location = mailbox Drafts { auto = no autoexpunge = 0 autoexpunge_max_mails = 0 comment = driver = special_use = \Drafts } mailbox Junk { auto = no autoexpunge = 0 autoexpunge_max_mails = 0 comment = driver = special_use = \Junk } mailbox Sent { auto = no autoexpunge = 0 autoexpunge_max_mails = 0 comment = driver = special_use = \Sent } mailbox "Sent Messages" { auto = no autoexpunge = 0 autoexpunge_max_mails = 0 comment = driver = special_use = \Sent } mailbox Trash { auto = no autoexpunge = 0 autoexpunge_max_mails = 0 comment = driver = special_use = \Trash } order = 0 prefix = separator = subscriptions = yes type = private } old_stats_carbon_interval = 30 secs old_stats_carbon_name = old_stats_carbon_server = old_stats_command_min_time = 1 mins old_stats_domain_min_time = 12 hours old_stats_ip_min_time = 12 hours old_stats_memory_limit = 16 M old_stats_session_min_time = 15 mins old_stats_user_min_time = 1 hours passdb { args = /etc/dovecot/aliases auth_verbose = default default_fields = deny = no driver = passwd-file master = no mechanisms = name = override_fields = pass = no result_failure = continue result_internalfail = continue result_success = return-ok skip = never username_filter = } passdb { args = auth_verbose = default default_fields = deny = no driver = pam master = no mechanisms = name = override_fields = pass = no result_failure = continue result_internalfail = continue result_success = return-ok skip = never username_filter = } plugin { fts = solr fts_autoindex = yes fts_decoder = decode2text fts_solr = url=http://172.30.0.94:8983/solr/dovecot/ recipient_delimiter = + sieve = file:~/sieve;active=~/.dovecot.sieve sieve_default = /var/lib/dovecot/sieve/default.sieve sieve_default_name = Defaults sieve_global = /var/lib/dovecot/sieve } pop3_client_workarounds = outlook-no-nuls pop3_delete_type = default pop3_deleted_flag = pop3_enable_last = no pop3_fast_size_lookups = no pop3_lock_session = no pop3_logout_format = top=%t/%p, retr=%r/%b, del=%d/%m, size=%s pop3_no_flag_updates = no pop3_reuse_xuidl = no pop3_save_uidl = no pop3_uidl_duplicates = allow pop3_uidl_format = %08Xu%08Xv pop3c_features = pop3c_host = pop3c_master_user = pop3c_password = pop3c_port = 110 pop3c_quick_received_date = no pop3c_rawlog_dir = pop3c_ssl = no pop3c_ssl_verify = yes pop3c_user = %u postmaster_address = postmaster@%{if;%d;ne;;%d;%{hostname}} protocols = " imap lmtp sieve pop3 sieve" quota_full_tempfail = no rawlog_dir = recipient_delimiter = + rejection_reason = Your message to <%t> was automatically rejected:%n%r rejection_subject = Rejected: %s replication_dsync_parameters = -d -N -l 30 -U replication_full_sync_interval = 1 days replication_max_conns = 10 replicator_host = replicator replicator_port = 0 sendmail_path = /usr/sbin/sendmail service aggregator { chroot = . client_limit = 0 drop_priv_before_exec = no executable = aggregator extra_groups = fifo_listener replication-notify-fifo { group = mode = 0600 user = } group = idle_kill = 0 privileged_group = process_limit = 0 process_min_avail = 0 protocol = service_count = 0 type = unix_listener replication-notify { group = mode = 0600 user = } user = $default_internal_user vsz_limit = 18446744073709551615 B } service anvil { chroot = empty client_limit = 0 drop_priv_before_exec = no executable = anvil extra_groups = group = idle_kill = 4294967295 secs privileged_group = process_limit = 1 process_min_avail = 1 protocol = service_count = 0 type = anvil unix_listener anvil-auth-penalty { group = mode = 0600 user = } unix_listener anvil { group = mode = 0600 user = } user = $default_internal_user vsz_limit = 18446744073709551615 B } service auth-worker { chroot = client_limit = 1 drop_priv_before_exec = no executable = auth -w extra_groups = group = idle_kill = 0 privileged_group = process_limit = 0 process_min_avail = 0 protocol = service_count = 1 type = unix_listener auth-worker { group = mode = 0600 user = $default_internal_user } user = vsz_limit = 18446744073709551615 B } service auth { chroot = client_limit = 0 drop_priv_before_exec = no executable = auth extra_groups = group = idle_kill = 0 privileged_group = process_limit = 1 process_min_avail = 0 protocol = service_count = 0 type = unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0666 user = postfix } unix_listener auth-client { group = mode = 0600 user = $default_internal_user } unix_listener auth-login { group = mode = 0600 user = $default_internal_user } unix_listener auth-master { group = mode = 0600 user = } unix_listener auth-userdb { group = mode = 0666 user = $default_internal_user } unix_listener login/login { group = mode = 0666 user = } unix_listener token-login/tokenlogin { group = mode = 0666 user = } user = $default_internal_user vsz_limit = 18446744073709551615 B } service config { chroot = client_limit = 0 drop_priv_before_exec = no executable = config extra_groups = group = idle_kill = 4294967295 secs privileged_group = process_limit = 0 process_min_avail = 0 protocol = service_count = 0 type = config unix_listener config { group = mode = 0600 user = } user = vsz_limit = 18446744073709551615 B } service decode2text { chroot = client_limit = 0 drop_priv_before_exec = no executable = script /usr/share/doc/dovecot-core/examples/decode2text.sh extra_groups = group = idle_kill = 0 privileged_group = process_limit = 0 process_min_avail = 0 protocol = service_count = 0 type = unix_listener decode2text { group = mode = 0666 user = } user = dovecot vsz_limit = 18446744073709551615 B } service dict-async { chroot = client_limit = 0 drop_priv_before_exec = no executable = dict extra_groups = group = idle_kill = 0 privileged_group = process_limit = 0 process_min_avail = 0 protocol = service_count = 0 type = unix_listener dict-async { group = $default_internal_group mode = 0660 user = } user = $default_internal_user vsz_limit = 18446744073709551615 B } service dict { chroot = client_limit = 1 drop_priv_before_exec = no executable = dict extra_groups = group = idle_kill = 0 privileged_group = process_limit = 0 process_min_avail = 0 protocol = service_count = 0 type = unix_listener dict { group = $default_internal_group mode = 0660 user = } user = $default_internal_user vsz_limit = 18446744073709551615 B } service director { chroot = . client_limit = 0 drop_priv_before_exec = no executable = director extra_groups = fifo_listener login/proxy-notify { group = mode = 00 user = } group = idle_kill = 4294967295 secs inet_listener { address = haproxy = no port = 0 reuse_port = no ssl = no } privileged_group = process_limit = 1 process_min_avail = 0 protocol = service_count = 0 type = unix_listener director-admin { group = mode = 0600 user = } unix_listener director-userdb { group = mode = 0600 user = } unix_listener login/director { group = mode = 00 user = } user = $default_internal_user vsz_limit = 18446744073709551615 B } service dns_client { chroot = client_limit = 1 drop_priv_before_exec = no executable = dns-client extra_groups = group = idle_kill = 0 privileged_group = process_limit = 0 process_min_avail = 0 protocol = service_count = 0 type = unix_listener dns-client { group = mode = 0666 user = } user = $default_internal_user vsz_limit = 18446744073709551615 B } service doveadm { chroot = client_limit = 1 drop_priv_before_exec = no executable = doveadm-server extra_groups = $default_internal_group group = idle_kill = 0 privileged_group = process_limit = 0 process_min_avail = 0 protocol = service_count = 1 type = unix_listener doveadm-server { group = mode = 0600 user = } user = vsz_limit = 18446744073709551615 B } service imap-hibernate { chroot = client_limit = 0 drop_priv_before_exec = no executable = imap-hibernate extra_groups = group = idle_kill = 0 privileged_group = process_limit = 0 process_min_avail = 0 protocol = imap service_count = 0 type = unix_listener imap-hibernate { group = $default_internal_group mode = 0660 user = } user = $default_internal_user vsz_limit = 18446744073709551615 B } service imap-login { chroot = login client_limit = 0 drop_priv_before_exec = no executable = imap-login extra_groups = group = idle_kill = 0 inet_listener imap { address = haproxy = no port = 143 reuse_port = no ssl = no } inet_listener imaps { address = haproxy = no port = 993 reuse_port = no ssl = yes } privileged_group = process_limit = 0 process_min_avail = 0 protocol = imap service_count = 1 type = login user = $default_login_user vsz_limit = 18446744073709551615 B } service imap-urlauth-login { chroot = token-login client_limit = 0 drop_priv_before_exec = no executable = imap-urlauth-login extra_groups = group = idle_kill = 0 privileged_group = process_limit = 0 process_min_avail = 0 protocol = imap service_count = 1 type = login unix_listener imap-urlauth { group = mode = 0666 user = } user = $default_login_user vsz_limit = 18446744073709551615 B } service imap-urlauth-worker { chroot = client_limit = 1 drop_priv_before_exec = no executable = imap-urlauth-worker extra_groups = $default_internal_group group = idle_kill = 0 privileged_group = process_limit = 1024 process_min_avail = 0 protocol = imap service_count = 1 type = unix_listener imap-urlauth-worker { group = mode = 0600 user = $default_internal_user } user = vsz_limit = 18446744073709551615 B } service imap-urlauth { chroot = client_limit = 1 drop_priv_before_exec = no executable = imap-urlauth extra_groups = group = idle_kill = 0 privileged_group = process_limit = 1024 process_min_avail = 0 protocol = imap service_count = 1 type = unix_listener token-login/imap-urlauth { group = mode = 0666 user = } user = $default_internal_user vsz_limit = 18446744073709551615 B } service imap { chroot = client_limit = 1 drop_priv_before_exec = no executable = imap extra_groups = $default_internal_group group = idle_kill = 0 privileged_group = process_limit = 1024 process_min_avail = 0 protocol = imap service_count = 1 type = unix_listener imap-master { group = mode = 0600 user = } unix_listener login/imap { group = mode = 0666 user = } user = vsz_limit = 18446744073709551615 B } service indexer-worker { chroot = client_limit = 1 drop_priv_before_exec = no executable = indexer-worker extra_groups = $default_internal_group group = idle_kill = 0 privileged_group = process_limit = 10 process_min_avail = 0 protocol = service_count = 0 type = unix_listener indexer-worker { group = mode = 0600 user = $default_internal_user } user = vsz_limit = 18446744073709551615 B } service indexer { chroot = client_limit = 0 drop_priv_before_exec = no executable = indexer extra_groups = group = idle_kill = 0 privileged_group = process_limit = 1 process_min_avail = 0 protocol = service_count = 0 type = unix_listener indexer { group = mode = 0666 user = } user = $default_internal_user vsz_limit = 18446744073709551615 B } service ipc { chroot = empty client_limit = 0 drop_priv_before_exec = no executable = ipc extra_groups = group = idle_kill = 0 privileged_group = process_limit = 1 process_min_avail = 0 protocol = service_count = 0 type = unix_listener ipc { group = mode = 0600 user = $default_internal_user } unix_listener login/ipc-proxy { group = mode = 0600 user = $default_login_user } user = $default_internal_user vsz_limit = 18446744073709551615 B } service lmtp { chroot = client_limit = 1 drop_priv_before_exec = no executable = lmtp extra_groups = $default_internal_group group = idle_kill = 0 privileged_group = process_limit = 0 process_min_avail = 0 protocol = lmtp service_count = 0 type = unix_listener /var/spool/postfix/private/dovecot-lmtp { group = postfix mode = 0600 user = postfix } unix_listener lmtp { group = mode = 0666 user = } user = vsz_limit = 18446744073709551615 B } service log { chroot = client_limit = 0 drop_priv_before_exec = no executable = log extra_groups = group = idle_kill = 4294967295 secs privileged_group = process_limit = 1 process_min_avail = 0 protocol = service_count = 0 type = log unix_listener log-errors { group = mode = 0600 user = } user = vsz_limit = 18446744073709551615 B } service managesieve-login { chroot = login client_limit = 0 drop_priv_before_exec = no executable = managesieve-login extra_groups = group = idle_kill = 0 inet_listener sieve { address = haproxy = no port = 4190 reuse_port = no ssl = no } privileged_group = process_limit = 0 process_min_avail = 0 protocol = sieve service_count = 1 type = login user = $default_login_user vsz_limit = 18446744073709551615 B } service managesieve { chroot = client_limit = 1 drop_priv_before_exec = no executable = managesieve extra_groups = group = idle_kill = 0 privileged_group = process_limit = 0 process_min_avail = 0 protocol = sieve service_count = 1 type = unix_listener login/sieve { group = mode = 0666 user = } user = vsz_limit = 18446744073709551615 B } service old-stats { chroot = empty client_limit = 0 drop_priv_before_exec = no executable = old-stats extra_groups = fifo_listener old-stats-mail { group = mode = 0600 user = } fifo_listener old-stats-user { group = mode = 0600 user = } group = idle_kill = 4294967295 secs privileged_group = process_limit = 1 process_min_avail = 0 protocol = service_count = 0 type = unix_listener old-stats { group = mode = 0600 user = } user = $default_internal_user vsz_limit = 18446744073709551615 B } service pop3-login { chroot = login client_limit = 0 drop_priv_before_exec = no executable = pop3-login extra_groups = group = idle_kill = 0 inet_listener pop3 { address = haproxy = no port = 110 reuse_port = no ssl = no } inet_listener pop3s { address = haproxy = no port = 995 reuse_port = no ssl = yes } privileged_group = process_limit = 0 process_min_avail = 0 protocol = pop3 service_count = 1 type = login user = $default_login_user vsz_limit = 18446744073709551615 B } service pop3 { chroot = client_limit = 1 drop_priv_before_exec = no executable = pop3 extra_groups = $default_internal_group group = idle_kill = 0 privileged_group = process_limit = 1024 process_min_avail = 0 protocol = pop3 service_count = 1 type = unix_listener login/pop3 { group = mode = 0666 user = } user = vsz_limit = 18446744073709551615 B } service replicator { chroot = client_limit = 0 drop_priv_before_exec = no executable = replicator extra_groups = group = idle_kill = 4294967295 secs privileged_group = process_limit = 1 process_min_avail = 0 protocol = service_count = 0 type = unix_listener replicator-doveadm { group = mode = 00 user = $default_internal_user } unix_listener replicator { group = mode = 0600 user = $default_internal_user } user = vsz_limit = 18446744073709551615 B } service stats { chroot = empty client_limit = 0 drop_priv_before_exec = no executable = stats extra_groups = group = idle_kill = 4294967295 secs privileged_group = process_limit = 1 process_min_avail = 0 protocol = service_count = 0 type = unix_listener stats-reader { group = mode = 0600 user = } unix_listener stats-writer { group = $default_internal_group mode = 0660 user = } user = $default_internal_user vsz_limit = 18446744073709551615 B } service submission-login { chroot = login client_limit = 0 drop_priv_before_exec = no executable = submission-login extra_groups = group = idle_kill = 0 inet_listener submission { address = haproxy = no port = 587 reuse_port = no ssl = no } privileged_group = process_limit = 0 process_min_avail = 0 protocol = submission service_count = 1 type = login user = $default_login_user vsz_limit = 18446744073709551615 B } service submission { chroot = client_limit = 1 drop_priv_before_exec = no executable = submission extra_groups = $default_internal_group group = idle_kill = 0 privileged_group = process_limit = 1024 process_min_avail = 0 protocol = submission service_count = 1 type = unix_listener login/submission { group = mode = 0666 user = } user = vsz_limit = 18446744073709551615 B } service tcpwrap { chroot = client_limit = 1 drop_priv_before_exec = no executable = tcpwrap extra_groups = group = idle_kill = 0 privileged_group = process_limit = 0 process_min_avail = 0 protocol = service_count = 0 type = user = $default_internal_user vsz_limit = 18446744073709551615 B } shutdown_clients = yes ssl = required ssl_alt_cert = ssl_alt_key = ssl_ca = ssl_cert = </etc/letsencrypt/live/email.example.com/fullchain.pem ssl_cert_username_field = commonName ssl_cipher_list = ALL:!kRSA:!SRP:!kDHd:!DSS:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!RC4:!ADH:!LOW@STRENGTH ssl_client_ca_dir = /etc/ssl/certs ssl_client_ca_file = ssl_client_cert = ssl_client_key = ssl_crypto_device = ssl_curve_list = ssl_dh = # hidden, use -P to show it ssl_key = # hidden, use -P to show it ssl_key_password = ssl_min_protocol = TLSv1 ssl_options = ssl_prefer_server_ciphers = no ssl_require_crl = yes ssl_verify_client_cert = no state_dir = /var/lib/dovecot stats_writer_socket_path = stats-writer submission_client_workarounds = submission_host = submission_logout_format = in=%i out=%o submission_max_mail_size = 40 M submission_max_recipients = 0 submission_relay_command_timeout = 5 mins submission_relay_connect_timeout = 30 secs submission_relay_host = submission_relay_master_user = submission_relay_max_idle_time = 29 mins submission_relay_password = submission_relay_port = 25 submission_relay_rawlog_dir = submission_relay_ssl = no submission_relay_ssl_verify = yes submission_relay_trusted = no submission_relay_user = submission_ssl = no submission_timeout = 30 secs syslog_facility = mail userdb { args = auth_verbose = default default_fields = driver = passwd name = override_fields = result_failure = continue result_internalfail = continue result_success = return-ok skip = never } valid_chroot_dirs = verbose_proctitle = no verbose_ssl = no version_ignore = no protocol lmtp { mail_plugins = " fts fts_solr sieve" }
On 2021-04-29 09:40 AM, Steve Dondley wrote:
I am using Outlook without any problems what so ever.
It sounds to me like you are setting up Outlook to use port 465. In the setup screen, set the port to either "25" or "587". I am using "587" with "starttls" Your "incoming mail port" will depend on how you have Dovecot configured. I use port "143" with "starttls" for Outlook. YMMV depending on your configuration.
You might want to consider posting the output of "doveconf -a" and how you have Outlook configured.
To get things working with the client I had to set "disable_plaintext_auth = no" and have them use port 143. Obviously, this is not ideal. I could not get 993 working at all with the client's version of outlook. However, on MS 365, outlook works just fine.
It's insane.
OK, I had changed "ssl = yes" to "ssl = required" so having "disable_plaintext_auth" is not such a big deal.
But I would still love to know why port 993 wasn't working at all for this client.
On Thu, 29 Apr 2021 09:51:13 -0400, Steve Dondley stated:
On 2021-04-29 09:40 AM, Steve Dondley wrote:
I am using Outlook without any problems what so ever.
It sounds to me like you are setting up Outlook to use port 465. In the setup screen, set the port to either "25" or "587". I am using "587" with "starttls" Your "incoming mail port" will depend on how you have Dovecot configured. I use port "143" with "starttls" for Outlook. YMMV depending on your configuration.
You might want to consider posting the output of "doveconf -a" and how you have Outlook configured.
To get things working with the client I had to set "disable_plaintext_auth = no" and have them use port 143. Obviously, this is not ideal. I could not get 993 working at all with the client's version of outlook. However, on MS 365, outlook works just fine.
It's insane.
OK, I had changed "ssl = yes" to "ssl = required" so having "disable_plaintext_auth" is not such a big deal.
But I would still love to know why port 993 wasn't working at all for this client.
Posting the exact error message(s) would be helpful. Any logs would also be appreciated. I believe Outlook could be started in "debug" mode. Check this URL out: https://docs.microsoft.com/en-us/office/dev/add-ins/testing/attach-debugger-...
Good Luck
-- Jerry
On 29 Apr 2021, at 03:22, Steve Dondley <s@dondley.com> wrote:
I am totally unfamiliar with Exchange servers. What do they offer, exactly, that dovecot/postfix does not (besides a revenue stream for MS)?
A monthly stipend to Microsoft?
(I think they actuallyy do offer some useful tools for things like meetings and calendars and such, including the 'feature' of being able to automatically add people to your itinerary.)
-- "I hope someday you know the indescribable joy of having children, and of paying someone else to raise them."
On 29-04-2021 23:08, @lbutlr wrote:
On 29 Apr 2021, at 03:22, Steve Dondley wrote:
I am totally unfamiliar with Exchange servers. What do they offer, exactly, that dovecot/postfix does not (besides a revenue stream for MS)?
A monthly stipend to Microsoft?
(I think they actuallyy do offer some useful tools for things like meetings and calendars and such, including the 'feature' of being able to automatically add people to your itinerary.)
<rant importance=low noise_level=medium>
Fact: Exchange (especially hosted) is 2010-ish, Office365 is the buzzword these days. Microsoft have been trying their best for quite some time now to cripple the IMAP support in Outlook as much as they can so that the email users will move their email business with o365 which - surprise surprise! - is soooo easy to autodiscover, autoconfigure, autothis, autothat. It's all about integrated services run by few well known powerful monopolies and it's only gonna get worse.
</rant>
-- Adi Pircalabu
On 29 Apr 2021, at 19:48, Adi Pircalabu <adi@ddns.com.au> wrote:
<rant importance=low noise_level=medium>
Fact: Exchange (especially hosted) is 2010-ish, Office365 is the buzzword these days. Microsoft have been trying their best for quite some time now to cripple the IMAP support in Outlook as much as they can so that the email users will move their email business with o365 which - surprise surprise! - is soooo easy to autodiscover, autoconfigure, autothis, autothat. It's all about integrated services run by few well known powerful monopolies and it's only gonna get worse.
As an example of how MSFT (and others) make configuring real emails accounts more difficult:
When you enter your email address, it would be TRIVIAL to check the MX records for the domain and fill those in for the SMTP and IMAP servers, allowing users to more easily add (if needed) the domain prefix.
No one does this.
Not a big thing, of course, but a silly omission that is best explained by "Nah, if they are going to use real servers, let's not make it any easier."
</rant>
-- 'You know what the greatest tragedy is in the whole world?' said Ginger, not paying him the least attention. 'It's all the people who never find out what it is they really want to do or what it is they're really good at. It's all the sons who become blacksmiths because their fathers were blacksmiths. It's all the people who could be really fantastic flute players who grow old and die without ever seeing a musical instrument, so they become bad ploughmen instead. It's all the people with talents who never even find out. Maybe they are never born in a time when it is possible to find out.'
But whats specified for MX isn't neccessarly the endpoint endusers should use as their incoming/outgoing servers, especially if the MX is routed through a external spamfiltering service.
-----Ursprungligt meddelande----- Från: dovecot-bounces@dovecot.org <dovecot-bounces@dovecot.org> För @lbutlr Skickat: den 30 april 2021 09:14 Till: dovecot mailing list <dovecot@dovecot.org> Ämne: Re: What imap ssl/auth settings work best with MS Outlook?
<rant importance=low noise_level=medium>
Fact: Exchange (especially hosted) is 2010-ish, Office365 is the buzzword
On 29 Apr 2021, at 19:48, Adi Pircalabu <adi@ddns.com.au> wrote: these days. Microsoft have been trying their best for quite some time now to cripple the IMAP support in Outlook as much as they can so that the email users will move their email business with o365 which - surprise surprise! - is soooo easy to autodiscover, autoconfigure, autothis, autothat. It's all about integrated services run by few well known powerful monopolies and it's only gonna get worse.
As an example of how MSFT (and others) make configuring real emails accounts more difficult:
When you enter your email address, it would be TRIVIAL to check the MX records for the domain and fill those in for the SMTP and IMAP servers, allowing users to more easily add (if needed) the domain prefix.
No one does this.
Not a big thing, of course, but a silly omission that is best explained by "Nah, if they are going to use real servers, let's not make it any easier."
</rant>
-- 'You know what the greatest tragedy is in the whole world?' said Ginger, not paying him the least attention. 'It's all the people who never find out what it is they really want to do or what it is they're really good at. It's all the sons who become blacksmiths because their fathers were blacksmiths. It's all the people who could be really fantastic flute players who grow old and die without ever seeing a musical instrument, so they become bad ploughmen instead. It's all the people with talents who never even find out. Maybe they are never born in a time when it is possible to find out.'
- sebastian@sebbe.eu:
When you enter your email address, it would be TRIVIAL to check the MX records for the domain and fill those in for the SMTP and IMAP servers, allowing users to more easily add (if needed) the domain prefix.
As pointed out here before, that approach would not generally work. Many organisations split services over different IP addresses, and the IMAP server need not bear any relationship to MX (inbound) or MTA (outbound).
Vendors use different types of autodiscover/autoconfig mechanisms. I have written a service that implements some of them:
https://rseichter.github.io/automx2/
It may be overkill for domains with a very small user base with purely static data, but for medium sized organisations upwards or for those who need to lookup email addresses from LDAP (matching an unrelated login name), automx2 provides a means of handing out config data to iOS/macOS Mail, some Outlook versions, Thunderbird, KMail, and more.
The documentation I pointed to also includes a description of some of the mechanisms and RFCs behind it, in case you are interested.
-Ralph
Citeren "@lbutlr" <kremels@kreme.com>:
When you enter your email address, it would be TRIVIAL to check the
MX records for the domain and fill those in for the SMTP and IMAP
servers, allowing users to more easily add (if needed) the domain
prefix.No one does this.
Rightfully so. There is absolutely no guarantee that the server on the
inbound (MX) record also handles outbound and/or IMAP. In many cases,
these will be different systems.
On 30 Apr 2021, at 01:20, Arjen de Korte <build+dovecot@de-korte.org> wrote:
Citeren "@lbutlr" <kremels@kreme.com>:
When you enter your email address, it would be TRIVIAL to check the MX records for the domain and fill those in for the SMTP and IMAP servers, allowing users to more easily add (if needed) the domain prefix.
No one does this.
Rightfully so. There is absolutely no guarantee that the server on the inbound (MX) record also handles outbound and/or IMAP. In many cases, these will be different systems.
It is very very common. It's been at least a decade since I saw a configuration in which the SMTP/IMAP servers were on a different domain than the MX domain.
NB: I am not saying that if the MX is mail.example.net "mail.example.net" should be filled in, but that "example.net" should be pre-populated with the opportunity to add, say "IMAP." To the beginning.
-- 'Charity ain't giving people what you wants to give, it's giving people what they need to get.'
Citeren "@lbutlr" <kremels@kreme.com>:
On 30 Apr 2021, at 01:20, Arjen de Korte <build+dovecot@de-korte.org> wrote:
Citeren "@lbutlr" <kremels@kreme.com>:
When you enter your email address, it would be TRIVIAL to check
the MX records for the domain and fill those in for the SMTP and
IMAP servers, allowing users to more easily add (if needed) the
domain prefix.No one does this.
Rightfully so. There is absolutely no guarantee that the server on
the inbound (MX) record also handles outbound and/or IMAP. In many
cases, these will be different systems.It is very very common. It's been at least a decade since I saw a
configuration in which the SMTP/IMAP servers were on a different
domain than the MX domain.
It´s getting less and less common. I see plenty domains where e-mail
spam/virus protection is outsourced and where there is absolutely no
hope of guessing the correct hostnames for outbound or IMAP servers
based on the domain of the MX record. Configuring Autodiscover records
may help somewhat, but even then YMMV.
"@lbutlr" == @lbutlr <kremels@kreme.com> writes:
@lbutlr> On 30 Apr 2021, at 01:20, Arjen de Korte <build+dovecot@de-korte.org> wrote:
Citeren "@lbutlr" <kremels@kreme.com>:
When you enter your email address, it would be TRIVIAL to check the MX records for the domain and fill those in for the SMTP and IMAP servers, allowing users to more easily add (if needed) the domain prefix.
No one does this.
Rightfully so. There is absolutely no guarantee that the server on the inbound (MX) record also handles outbound and/or IMAP. In many cases, these will be different systems.
lbutlr> It is very very common. It's been at least a decade since I lbutlr> saw a configuration in which the SMTP/IMAP servers were on a lbutlr> different domain than the MX domain.
My current $WORK used to have different incoming MX servers vs the outgoing, since we used an external spam filtering service.
John
On 30.04.21 09:20, Arjen de Korte wrote:
Citeren "@lbutlr" <kremels@kreme.com>:
When you enter your email address, it would be TRIVIAL to check the MX records for the domain and fill those in for the SMTP and IMAP servers, allowing users to more easily add (if needed) the domain prefix.
Rightfully so. There is absolutely no guarantee that the server on the inbound (MX) record also handles outbound and/or IMAP. In many cases, these will be different systems.
There's no *guarantee* that any *other* guessing or discovery mechanism that comes built into any general-distribution MUA will be correct, either.
(Says the man who has to seriously beat even current versions of *Thunderbird* into accepting a manually-entered config and act as a test tool against the IMAPS servers we purpose-built and run for the appliances in the field. "How dare you NOT have an SMTP-out server for this account at all!" etc..)
Regards,
Jochen Bern Systemingenieur
Binect GmbH
On 2021-04-30 09:20, Arjen de Korte wrote:
Citeren "@lbutlr" <kremels@kreme.com>:
When you enter your email address, it would be TRIVIAL to check the
MX records for the domain and fill those in for the SMTP and IMAP
servers, allowing users to more easily add (if needed) the domain
prefix.No one does this.
Rightfully so. There is absolutely no guarantee that the server on the inbound (MX) record also handles outbound and/or IMAP. In many cases, these will be different systems.
tell that to ovh, amazon, google, dreamhost, microsoft that have client mta that belive in open ports to custommer only services, i just say go away in iptables
On 30/04/2021 08:13, @lbutlr wrote:
When you enter your email address, it would be TRIVIAL to check the MX records for the domain and fill those in for the SMTP and IMAP servers, allowing users to more easily add (if needed) the domain prefix.
Better to use DNS SVR records than guess from MX or domain. I provide email SVRs but does any mail client use them?
https://tools.ietf.org/html/rfc6186
There is config-v1.1.xml, again I do not know which clients use, hence what I should provide, maybe I carry on providing as many methods as I can.
Le 30/04/2021 à 11:47, James a écrit :
On 30/04/2021 08:13, @lbutlr wrote:
When you enter your email address, it would be TRIVIAL to check the MX records for the domain and fill those in for the SMTP and IMAP servers, allowing users to more easily add (if needed) the domain prefix.
Better to use DNS SVR records than guess from MX or domain. I provide email SVRs but does any mail client use them?
https://tools.ietf.org/html/rfc6186
There is config-v1.1.xml, again I do not know which clients use, hence what I should provide, maybe I carry on providing as many methods as I can.
Here is what Thunderbird does : https://developer.mozilla.org/en-US/docs/Mozilla/Thunderbird/Autoconfigurati...
No use of SRV Alas
On 2021-04-30 09:13, @lbutlr wrote:
When you enter your email address, it would be TRIVIAL to check the MX records for the domain and fill those in for the SMTP and IMAP servers, allowing users to more easily add (if needed) the domain prefix.
checking mx is simple, but it might not be the right server for imap, smtps, submission, this data would be better to check mx domain, and then use the mx domain to find srv ports used one this main domain, to find what server hosts is for imap, imaps, pop3, pop3s, smtps, submission, all that is custommer only ports, and plenty of vps hosters abuse this from ther mta setups
No one does this.
automx2 exists on github trying to be better world, but it needs ssl certs for all maildomains, with is imho more complicated then using srv dns
this would be more simple for the dns hoster to have all this then add all this to hosted domains
Not a big thing, of course, but a silly omission that is best explained by "Nah, if they are going to use real servers, let's not make it any easier."
agree, take my hat off as a small esp
On 2021-04-30 03:48, Adi Pircalabu wrote:
On 29-04-2021 23:08, @lbutlr wrote:
On 29 Apr 2021, at 03:22, Steve Dondley wrote:
I am totally unfamiliar with Exchange servers. What do they offer, exactly, that dovecot/postfix does not (besides a revenue stream for MS)?
A monthly stipend to Microsoft?
(I think they actuallyy do offer some useful tools for things like meetings and calendars and such, including the 'feature' of being able to automatically add people to your itinerary.)
<rant importance=low noise_level=medium>
Fact: Exchange (especially hosted) is 2010-ish, Office365 is the buzzword these days. Microsoft have been trying their best for quite some time now to cripple the IMAP support in Outlook as much as they can so that the email users will move their email business with o365 which - surprise surprise! - is soooo easy to autodiscover, autoconfigure, autothis, autothat. It's all about integrated services run by few well known powerful monopolies and it's only gonna get worse.
</rant>
<rant>
is mozilla thunderbird better in 2021 with no shareing or dokumented ical icard or shared adressbook
simply is seamonkey worse then firefox ?
</rant>
imho its not just microsoft
Le 30/04/2021 à 19:06, Benny Pedersen a écrit :
On 2021-04-30 03:48, Adi Pircalabu wrote:
On 29-04-2021 23:08, @lbutlr wrote:
On 29 Apr 2021, at 03:22, Steve Dondley wrote:
I am totally unfamiliar with Exchange servers. What do they offer, exactly, that dovecot/postfix does not (besides a revenue stream for MS)?
A monthly stipend to Microsoft?
(I think they actuallyy do offer some useful tools for things like meetings and calendars and such, including the 'feature' of being able to automatically add people to your itinerary.)
<rant importance=low noise_level=medium>
Fact: Exchange (especially hosted) is 2010-ish, Office365 is the buzzword these days. Microsoft have been trying their best for quite some time now to cripple the IMAP support in Outlook as much as they can so that the email users will move their email business with o365 which - surprise surprise! - is soooo easy to autodiscover, autoconfigure, autothis, autothat. It's all about integrated services run by few well known powerful monopolies and it's only gonna get worse.
</rant>
<rant>
is mozilla thunderbird better in 2021 with no shareing or dokumented ical icard or shared adressbook
simply is seamonkey worse then firefox ?
</rant>
imho its not just microsoft
Thunderbird has native caldav support, you get carddav with the cardbook extension, no problem.
On 4/29/21 2:22 AM, Steve Dondley wrote:
Some more nuttiness: I bit the bullet and downloaded a trial version of MS 365 and downloaded the Outlook desktop. On my mac, at least, there are two different interfaces/version of Outlook: the "old" Outlook and a "new," more minimalist version. You can switch between the versions easily.
On the "old" outlook, I was able to get things set up without issue. But with the "new" outlook, I couldn't send email or set up a new account.
I also have seen this. We had a customer within the last month report that the "new Outlook" did not work on port 143 with STARTTLS -- it shows a generic error that it has "a connection problem". I was able to buy a copy of it and duplicate it.
Switching back to "old Outlook" fixes it.
Switching "new Outlook" to port 993 with forced TLS/SSL also solves it. So does disabling STARTTLS on port 143 in "new Outlook".
The "new Outlook" is labeled as a work in progress -- it only received IMAP support at all within the last couple of months! -- so maybe they will fix this.
That said, there's a trend nowadays to avoid STARTTLS due to "STRIPTLS" attacks -- see the "Weaknesses and mitigations" section on <https://en.wikipedia.org/wiki/Opportunistic_TLS>. Port 993 with forced TLS is immune to this.
Because of this, I've changed my company's various email autoconfigure/autodiscover hints and help pages to recommend configuring new clients using port 993 for IMAP and port 465 for SMTP submission (rather than 143 and 587 with STARTTLS). I don't need the hassle of finding out the hard way that new programs are deprecating STARTTLS, if that's what they're doing.
-- Robert L Mathews, Tiger Technologies, http://www.tigertech.net/
On 30 Apr 2021, at 13:47, Robert L Mathews <lists@tigertech.com> wrote:
Because of this, I've changed my company's various email autoconfigure/autodiscover hints and help pages to recommend configuring new clients using port 993 for IMAP
The is the right choice, though port 993 is IMAPS, not IMAP. I did not even know starttls was allowed/supported/widely available on port 143. I haven’t allowed use of that port in nearly 20 years (people with old mail clients that didn’t support IMAPS could use webmail).
and port 465 for SMTP submission (rather than 143 and 587 with STARTTLS). I don't need the hassle of finding out the hard way that new programs are deprecating STARTTLS, if that's what they're doing.
Since port 587 is dedicated to submission with STARTTLS you should be fine, as anyone wanting yo use submissions will be using only port 465.
Unless you are concerned about STRIPTLS, but on most (all proper?) configurations of port 587, there is no fallback for STRIPTLS to exploit via a downgrade attack. And most newer (last half decade?) mail clients will try submissions it submission fails, or vice-versa. Or at least the clients used by most people.
-- 'Why are our people going out there?' said Mr Boggis of the Thieves' Guild. 'Because they are showing a brisk pioneering spirit and seeking wealth and... additional wealth in a new land,' said Lord Vetinari. 'What's in it for the Klatchians?' said Lord Downey. 'Oh, they've gone out there because they are a bunch of unprincipled opportunists always ready to grab something for nothing,' said Lord Vetinari. [...] The Patrician looked down again at his notes. 'Oh, I do beg your pardon,' he said. 'I seem to have read those last two sentences in the wrong order.
participants (15)
-
@lbutlr
-
Adi Pircalabu
-
Arjen de Korte
-
Benny Pedersen
-
Erwan David
-
Greg Rivers
-
James
-
Jerry
-
Jochen Bern
-
John Stoffel
-
Ralph Seichter
-
Robert L Mathews
-
Sebastian
-
Steve Dondley
-
Tim Dickson