Date: Fri, 18 Aug 2006 18:59:28 -0500 From: Adrian Gonzalez <adrianbsd@globalpc.net> To: Darren Pilgrim <darren.pilgrim@bitfreak.org> Cc: freebsd-isp@freebsd.org Subject: Re: Postfix + AUTH/TLS + Outlook/OE problem Message-ID: <44E65460.5030101@globalpc.net> In-Reply-To: <44E57966.6050100@bitfreak.org> References: <44E4D6F2.60305@globalpc.net> <44E57966.6050100@bitfreak.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi Darren Comments below... Darren Pilgrim wrote: > Adrian Gonzalez wrote: > > Hello > > > > I'm seeing some very strange behavior with Outlook 2003 and Outlook > > Express trying to send mail using TLS/SMTP Auth with Postfix 2.3 and > > FreeBSD 6.1-STABLE > > > > It seems like Outlook/OE don't like the SSL handshake for some > > reason. They connect to the server, issue STARTTLS, and disconnect > > during the handshake, giving an "Error Number: 0x800CCC0B". I've > > tried both STARTTLS and using 'wrapper mode' on port 465 with the > > same results. > > Which version of Outlook Express were you using? Outlook Express 6 > doesn't support STARTTLS, only wrapper-mode. OE6 also also has a broken > SASL implementation (set broken_sasl_auth_clients=yes). Yay for Microsoft! Outlook Express 6 (6.00.2900.2180 according to the 'about' window). Basically, the one that comes with Windows XP Pro + All current updates/service packs. It does seem to be trying STARTTLS though. I did have the broken_sasl_auth_clients option enabled, I believe it just causes postfix to 'advertise' AUTH in the usual way along with outlook's broken way. > Have you modified your cipher settings in postfix? FYR, Outlook XP/2003 > and Outlook Express 6 prefer 128-bit RC4-MD5 and do not support AES, > whereas Thunderbird supports and prefers AES256-SHA. I suspect OE might not like what the server is offering, but I'm not qute sure what to change. The postfix manual strongly advises against excluding ciphers. Any suggestions? > On my own mail server, I can send email using all four clients through > STARTTLS+SASL (Outlook and Thunderbird) or SMTPS+SASL (OE). The server > is FreeBSD RELENG_6_1 with the stock OpenSSL and postfix 2.3.1 with > default tls_*_cipherlist settings. I'm using 2.3.0,1 with the updated stable OpenSSL. I'll try updating my ports tree and rebuilding the latest stable postfix and see what happens. > Be happy to compare configs off-list, postconf -n and the like. Thanks! > > P.S. You may want to retry this question on postfix-users. You'll have > better luck if you're willing to wade through the usual "ditch MS" rude > commentary. > > P.P.S. Please configure your mail client to wrap lines. I normally do, but the postfix logs looked really bad with wrapping :)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?44E65460.5030101>