From owner-freebsd-isp@FreeBSD.ORG Mon Aug 21 07:57:09 2006 Return-Path: X-Original-To: freebsd-isp@freebsd.org Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D8F6D16A4DF for ; Mon, 21 Aug 2006 07:57:09 +0000 (UTC) (envelope-from vladgalu@gmail.com) Received: from nf-out-0910.google.com (nf-out-0910.google.com [64.233.182.187]) by mx1.FreeBSD.org (Postfix) with ESMTP id A90BE43D58 for ; Mon, 21 Aug 2006 07:57:08 +0000 (GMT) (envelope-from vladgalu@gmail.com) Received: by nf-out-0910.google.com with SMTP id n29so2021155nfc for ; Mon, 21 Aug 2006 00:57:07 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=Jlkc+66XFi8RGqQrB8yZNRhbf8pprhP5Xx295/YmzxEOmvcMIA6OuGpoeHrKXv0eXI5ZOLZpfko12abe8ZMrI3usw1V2S6qGLzRUq4YTOvoNcDFppWlrNdtevvSjHKMaljjn+oT0ztq8ophALRJJm1lVrnB69kKv1vXzItfujUo= Received: by 10.48.48.15 with SMTP id v15mr7423713nfv; Mon, 21 Aug 2006 00:57:07 -0700 (PDT) Received: by 10.78.141.6 with HTTP; Mon, 21 Aug 2006 00:57:07 -0700 (PDT) Message-ID: <79722fad0608210057m6676df83j6412f311fedeace1@mail.gmail.com> Date: Mon, 21 Aug 2006 10:57:07 +0300 From: "Vlad GALU" To: freebsd-isp@freebsd.org In-Reply-To: <44E65460.5030101@globalpc.net> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <44E4D6F2.60305@globalpc.net> <44E57966.6050100@bitfreak.org> <44E65460.5030101@globalpc.net> Subject: Re: Postfix + AUTH/TLS + Outlook/OE problem X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 21 Aug 2006 07:57:10 -0000 On 8/19/06, Adrian Gonzalez wrote: > > Hi Darren > > Comments below... > > Darren Pilgrim wrote: > > Adrian Gonzalez wrote: > > > Hello > > > > > > I'm seeing some very strange behavior with Outlook 2003 and Outlook > > > Express trying to send mail using TLS/SMTP Auth with Postfix 2.3 and > > > FreeBSD 6.1-STABLE > > > > > > It seems like Outlook/OE don't like the SSL handshake for some > > > reason. They connect to the server, issue STARTTLS, and disconnect > > > during the handshake, giving an "Error Number: 0x800CCC0B". I've > > > tried both STARTTLS and using 'wrapper mode' on port 465 with the > > > same results. > > Don't you have any antiviral software running on the Win32 box by any chance ? There are cases (such as with Avast) when the STARTTLS doesn't succeed due to the software's connection monitoring module refusing to let it pass due to encryption. > > Which version of Outlook Express were you using? Outlook Express 6 > > doesn't support STARTTLS, only wrapper-mode. OE6 also also has a broken > > SASL implementation (set broken_sasl_auth_clients=yes). Yay for Microsoft! > > Outlook Express 6 (6.00.2900.2180 according to the 'about' window). Basically, > the one that comes with Windows XP Pro + All current updates/service packs. It > does seem to be trying STARTTLS though. I did have the broken_sasl_auth_clients > option enabled, I believe it just causes postfix to 'advertise' AUTH in the > usual way along with outlook's broken way. > > > Have you modified your cipher settings in postfix? FYR, Outlook XP/2003 > > and Outlook Express 6 prefer 128-bit RC4-MD5 and do not support AES, > > whereas Thunderbird supports and prefers AES256-SHA. > > I suspect OE might not like what the server is offering, but I'm not qute sure > what to change. The postfix manual strongly advises against excluding ciphers. > Any suggestions? > > > On my own mail server, I can send email using all four clients through > > STARTTLS+SASL (Outlook and Thunderbird) or SMTPS+SASL (OE). The server > > is FreeBSD RELENG_6_1 with the stock OpenSSL and postfix 2.3.1 with > > default tls_*_cipherlist settings. > > I'm using 2.3.0,1 with the updated stable OpenSSL. I'll try updating my ports > tree and rebuilding the latest stable postfix and see what happens. > > > Be happy to compare configs off-list, postconf -n and the like. > > Thanks! > > > > > P.S. You may want to retry this question on postfix-users. You'll have > > better luck if you're willing to wade through the usual "ditch MS" rude > > commentary. > > > > > P.P.S. Please configure your mail client to wrap lines. > I normally do, but the postfix logs looked really bad with wrapping :) > _______________________________________________ > freebsd-isp@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-isp > To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org" > -- If it's there, and you can see it, it's real. If it's not there, and you can see it, it's virtual. If it's there, and you can't see it, it's transparent. If it's not there, and you can't see it, you erased it.