From owner-freebsd-isp@FreeBSD.ORG Fri Aug 18 08:29:02 2006 Return-Path: X-Original-To: freebsd-isp@freebsd.org Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9F80F16A4DE for ; Fri, 18 Aug 2006 08:29:02 +0000 (UTC) (envelope-from darren.pilgrim@bitfreak.org) Received: from mail.twinthornes.com (mail.twinthornes.com [65.75.198.147]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3F6F643D53 for ; Fri, 18 Aug 2006 08:29:01 +0000 (GMT) (envelope-from darren.pilgrim@bitfreak.org) Received: from [10.242.169.24] (c-67-171-135-169.hsd1.or.comcast.net [67.171.135.169]) by mail.twinthornes.com (Postfix) with ESMTP id E98361332; Fri, 18 Aug 2006 01:29:00 -0700 (PDT) Message-ID: <44E57966.6050100@bitfreak.org> Date: Fri, 18 Aug 2006 01:25:10 -0700 From: Darren Pilgrim User-Agent: Thunderbird 1.5.0.5 (Windows/20060719) MIME-Version: 1.0 To: Adrian Gonzalez References: <44E4D6F2.60305@globalpc.net> In-Reply-To: <44E4D6F2.60305@globalpc.net> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-isp@freebsd.org Subject: Re: Postfix + AUTH/TLS + Outlook/OE problem X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 18 Aug 2006 08:29:02 -0000 Adrian Gonzalez wrote: > Hello > > I'm seeing some very strange behavior with Outlook 2003 and Outlook > Express trying to send mail using TLS/SMTP Auth with Postfix 2.3 and > FreeBSD 6.1-STABLE > > It seems like Outlook/OE don't like the SSL handshake for some > reason. They connect to the server, issue STARTTLS, and disconnect > during the handshake, giving an "Error Number: 0x800CCC0B". I've > tried both STARTTLS and using 'wrapper mode' on port 465 with the > same results. Which version of Outlook Express were you using? Outlook Express 6 doesn't support STARTTLS, only wrapper-mode. OE6 also also has a broken SASL implementation (set broken_sasl_auth_clients=yes). Yay for Microsoft! Have you modified your cipher settings in postfix? FYR, Outlook XP/2003 and Outlook Express 6 prefer 128-bit RC4-MD5 and do not support AES, whereas Thunderbird supports and prefers AES256-SHA. On my own mail server, I can send email using all four clients through STARTTLS+SASL (Outlook and Thunderbird) or SMTPS+SASL (OE). The server is FreeBSD RELENG_6_1 with the stock OpenSSL and postfix 2.3.1 with default tls_*_cipherlist settings. Be happy to compare configs off-list, postconf -n and the like. P.S. You may want to retry this question on postfix-users. You'll have better luck if you're willing to wade through the usual "ditch MS" rude commentary. P.P.S. Please configure your mail client to wrap lines. -- Darren Pilgrim