From owner-freebsd-isp@FreeBSD.ORG Fri Aug 18 23:59:24 2006 Return-Path: X-Original-To: freebsd-isp@freebsd.org Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9D78D16A4DF for ; Fri, 18 Aug 2006 23:59:24 +0000 (UTC) (envelope-from adrianbsd@globalpc.net) Received: from cube.globalpc.net (cube.globalpc.net [207.193.249.10]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5278743D45 for ; Fri, 18 Aug 2006 23:59:24 +0000 (GMT) (envelope-from adrianbsd@globalpc.net) Received: from [192.168.0.211] (unknown [216.60.63.113]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by cube.globalpc.net (Postfix) with ESMTP id 929B09B427; Fri, 18 Aug 2006 19:00:08 -0500 (CDT) Message-ID: <44E65460.5030101@globalpc.net> Date: Fri, 18 Aug 2006 18:59:28 -0500 From: Adrian Gonzalez User-Agent: Thunderbird 1.5.0.2 (Windows/20060308) MIME-Version: 1.0 To: Darren Pilgrim References: <44E4D6F2.60305@globalpc.net> <44E57966.6050100@bitfreak.org> In-Reply-To: <44E57966.6050100@bitfreak.org> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-isp@freebsd.org Subject: Re: Postfix + AUTH/TLS + Outlook/OE problem X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 18 Aug 2006 23:59:24 -0000 Hi Darren Comments below... Darren Pilgrim wrote: > Adrian Gonzalez wrote: > > Hello > > > > I'm seeing some very strange behavior with Outlook 2003 and Outlook > > Express trying to send mail using TLS/SMTP Auth with Postfix 2.3 and > > FreeBSD 6.1-STABLE > > > > It seems like Outlook/OE don't like the SSL handshake for some > > reason. They connect to the server, issue STARTTLS, and disconnect > > during the handshake, giving an "Error Number: 0x800CCC0B". I've > > tried both STARTTLS and using 'wrapper mode' on port 465 with the > > same results. > > Which version of Outlook Express were you using? Outlook Express 6 > doesn't support STARTTLS, only wrapper-mode. OE6 also also has a broken > SASL implementation (set broken_sasl_auth_clients=yes). Yay for Microsoft! Outlook Express 6 (6.00.2900.2180 according to the 'about' window). Basically, the one that comes with Windows XP Pro + All current updates/service packs. It does seem to be trying STARTTLS though. I did have the broken_sasl_auth_clients option enabled, I believe it just causes postfix to 'advertise' AUTH in the usual way along with outlook's broken way. > Have you modified your cipher settings in postfix? FYR, Outlook XP/2003 > and Outlook Express 6 prefer 128-bit RC4-MD5 and do not support AES, > whereas Thunderbird supports and prefers AES256-SHA. I suspect OE might not like what the server is offering, but I'm not qute sure what to change. The postfix manual strongly advises against excluding ciphers. Any suggestions? > On my own mail server, I can send email using all four clients through > STARTTLS+SASL (Outlook and Thunderbird) or SMTPS+SASL (OE). The server > is FreeBSD RELENG_6_1 with the stock OpenSSL and postfix 2.3.1 with > default tls_*_cipherlist settings. I'm using 2.3.0,1 with the updated stable OpenSSL. I'll try updating my ports tree and rebuilding the latest stable postfix and see what happens. > Be happy to compare configs off-list, postconf -n and the like. Thanks! > > P.S. You may want to retry this question on postfix-users. You'll have > better luck if you're willing to wade through the usual "ditch MS" rude > commentary. > > P.P.S. Please configure your mail client to wrap lines. I normally do, but the postfix logs looked really bad with wrapping :)