Postfix + AUTH/TLS + Outlook/OE problem

Vlad GALU vladgalu at gmail.com
Mon Aug 21 07:57:10 UTC 2006 

On 8/19/06, Adrian Gonzalez <adrianbsd at globalpc.net> wrote:
>
> Hi Darren
>
> Comments below...
>
> Darren Pilgrim wrote:
> > Adrian Gonzalez wrote:
> >  > Hello
> >  >
> >  > I'm seeing some very strange behavior with Outlook 2003 and Outlook
> >  > Express trying to send mail using TLS/SMTP Auth with Postfix 2.3 and
> >  > FreeBSD 6.1-STABLE
> >  >
> >  > It seems like Outlook/OE don't like the SSL handshake for some
> >  > reason.  They connect to the server, issue STARTTLS, and disconnect
> >  > during the handshake, giving an "Error Number: 0x800CCC0B".  I've
> >  > tried both STARTTLS and using 'wrapper mode' on port 465 with the
> >  > same results.
> >

   Don't you have any antiviral software running on the Win32 box by
any chance ? There are cases (such as with Avast) when the STARTTLS
doesn't succeed due to the software's connection monitoring module
refusing to let it pass due to encryption.


> > Which version of Outlook Express were you using?  Outlook Express 6
> > doesn't support STARTTLS, only wrapper-mode.  OE6 also also has a broken
> > SASL implementation (set broken_sasl_auth_clients=yes).  Yay for Microsoft!
>
> Outlook Express 6 (6.00.2900.2180 according to the 'about' window).  Basically,
> the one that comes with Windows XP Pro + All current updates/service packs.  It
> does seem to be trying STARTTLS though.  I did have the broken_sasl_auth_clients
>   option enabled, I believe it just causes postfix to 'advertise' AUTH in the
> usual way along with outlook's broken way.
>
> > Have you modified your cipher settings in postfix?  FYR, Outlook XP/2003
> > and Outlook Express 6 prefer 128-bit RC4-MD5 and do not support AES,
> > whereas Thunderbird supports and prefers AES256-SHA.
>
> I suspect OE might not like what the server is offering, but I'm not qute sure
> what to change.  The postfix manual strongly advises against excluding ciphers.
>   Any suggestions?
>
> > On my own mail server, I can send email using all four clients through
> > STARTTLS+SASL (Outlook and Thunderbird) or SMTPS+SASL (OE).  The server
> > is FreeBSD RELENG_6_1 with the stock OpenSSL and postfix 2.3.1 with
> > default tls_*_cipherlist settings.
>
> I'm using 2.3.0,1 with the updated stable OpenSSL.  I'll try updating my ports
> tree and rebuilding the latest stable postfix and see what happens.
>
> > Be happy to compare configs off-list, postconf -n and the like.
>
> Thanks!
>
> >
> > P.S. You may want to retry this question on postfix-users.  You'll have
> > better luck if you're willing to wade through the usual "ditch MS" rude
> > commentary.
> >
>
> > P.P.S. Please configure your mail client to wrap lines.
> I normally do, but the postfix logs looked really bad with wrapping :)
> _______________________________________________
> freebsd-isp at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-isp
> To unsubscribe, send any mail to "freebsd-isp-unsubscribe at freebsd.org"
>


-- 
If it's there, and you can see it, it's real.
If it's not there, and you can see it, it's virtual.
If it's there, and you can't see it, it's transparent.
If it's not there, and you can't see it, you erased it.

More information about the freebsd-isp mailing list