Re: What imap ssl/auth settings work best with MS Outlook?

[John Stoffel]

> "@lbutlr" == @lbutlr   writes:

@lbutlr> On 30 Apr 2021, at 01:20, Arjen de Korte  
wrote:
>> Citeren "@lbutlr" :
>> 
>>> When you enter your email address, it would be TRIVIAL to check the MX 
>>> records for the domain and fill those in for the SMTP and IMAP servers, 
>>> allowing users to more easily add (if needed) the domain prefix.
>>> 
>>> No one does this.
>> 
>> Rightfully so. There is absolutely no guarantee that the server on the 
>> inbound (MX) record also handles outbound and/or IMAP. In many cases, these 
>> will be different systems.

lbutlr> It is very very common. It's been at least a decade since I
lbutlr> saw a configuration in which the SMTP/IMAP servers were on a
lbutlr> different domain than the MX domain.

My current $WORK used to have different incoming MX servers vs the
outgoing, since we used an external spam filtering service.  

John

Re: What imap ssl/auth settings work best with MS Outlook?

[@lbutlr]

On 30 Apr 2021, at 13:47, Robert L Mathews  wrote:
> Because of this, I've changed my company's various email
> autoconfigure/autodiscover hints and help pages to recommend configuring
> new clients using port 993 for IMAP

The is the right choice, though port 993 is IMAPS, not IMAP. I did not even 
know starttls was allowed/supported/widely available on port 143. I haven’t 
allowed use of that port in nearly 20 years (people with old mail clients that 
didn’t support IMAPS could use webmail).

> and port 465 for SMTP submission (rather than 143 and 587 with STARTTLS).
> I don't need the hassle of finding out the hard way that new programs are
> deprecating STARTTLS, if that's what they're doing.

Since port 587 is dedicated to submission with STARTTLS you should be fine, as 
anyone wanting yo use submissions will be using only port 465.

Unless you are concerned about STRIPTLS, but on most (all proper?) 
configurations of port 587, there is no fallback for STRIPTLS to exploit via a 
downgrade attack. And most newer (last half decade?) mail clients will try 
submissions it submission fails, or vice-versa. Or at least the clients used by 
most people.

-- 
'Why are our people going out there?' said Mr Boggis of the Thieves'
Guild. 'Because they are showing a brisk pioneering spirit and
seeking wealth and... additional wealth in a new land,' said Lord
Vetinari. 'What's in it for the Klatchians?' said Lord Downey.
'Oh, they've gone out there because they are a bunch of
unprincipled opportunists always ready to grab something for
nothing,' said Lord Vetinari. [...] The Patrician looked down
again at his notes. 'Oh, I do beg your pardon,' he said. 'I seem
to have read those last two sentences in the wrong order.

Re: What imap ssl/auth settings work best with MS Outlook?

[Robert L Mathews]

On 4/29/21 2:22 AM, Steve Dondley wrote:

> Some more nuttiness: I bit the bullet and downloaded a trial version of
> MS 365 and downloaded the Outlook desktop. On my mac, at least, there
> are two different interfaces/version of Outlook: the "old" Outlook and a
> "new," more minimalist version. You can switch between the versions easily.
> 
> On the "old" outlook, I was able to get things set up without issue. But
> with the "new" outlook, I couldn't send email or set up a new account.

I also have seen this. We had a customer within the last month report
that the "new Outlook" did not work on port 143 with STARTTLS -- it
shows a generic error that it has "a connection problem". I was able to
buy a copy of it and duplicate it.

Switching back to "old Outlook" fixes it.

Switching "new Outlook" to port 993 with forced TLS/SSL also solves it.
So does disabling STARTTLS on port 143 in "new Outlook".

The "new Outlook" is labeled as a work in progress -- it only received
IMAP support at all within the last couple of months! -- so maybe they
will fix this.

That said, there's a trend nowadays to avoid STARTTLS due to "STRIPTLS"
attacks -- see the "Weaknesses and mitigations" section on
. Port 993 with forced
TLS is immune to this.

Because of this, I've changed my company's various email
autoconfigure/autodiscover hints and help pages to recommend configuring
new clients using port 993 for IMAP and port 465 for SMTP submission
(rather than 143 and 587 with STARTTLS). I don't need the hassle of
finding out the hard way that new programs are deprecating STARTTLS, if
that's what they're doing.

-- 
Robert L Mathews, Tiger Technologies, http://www.tigertech.net/

Re: What imap ssl/auth settings work best with MS Outlook?

[Benny Pedersen]

On 2021-04-30 09:20, Arjen de Korte wrote:

Citeren "@lbutlr" :

When you enter your email address, it would be TRIVIAL to check the  
MX records for the domain and fill those in for the SMTP and IMAP  
servers, allowing users to more easily add (if needed) the domain  
prefix.


No one does this.


Rightfully so. There is absolutely no guarantee that the server on the
 inbound (MX) record also handles outbound and/or IMAP. In many cases,
 these will be different systems.


tell that to ovh, amazon, google, dreamhost, microsoft that have client 
mta that belive in open ports to custommer only services, i just say go 
away in iptables

Re: What imap ssl/auth settings work best with MS Outlook?

[Benny Pedersen]

On 2021-04-30 09:13, @lbutlr wrote:


When you enter your email address, it would be TRIVIAL to check the MX
records for the domain and fill those in for the SMTP and IMAP
servers, allowing users to more easily add (if needed) the domain
prefix.


checking mx is simple, but it might not be the right server for imap, 
smtps, submission, this data would be better to check mx domain, and 
then use the mx domain to find srv ports used one this main domain, to 
find what server hosts is for imap, imaps, pop3, pop3s, smtps, 
submission, all that is custommer only ports, and plenty of vps hosters 
abuse this from ther mta setups



No one does this.


automx2 exists on github trying to be better world, but it needs ssl 
certs for all maildomains, with is imho more complicated then using srv 
dns


this would be more simple for the dns hoster to have all this then add 
all this to hosted domains



Not a big thing, of course, but a silly omission that is best
explained by "Nah, if they are going to use real servers, let's not
make it any easier."


agree, take my hat off as a small esp

Re: What imap ssl/auth settings work best with MS Outlook?

[Erwan David]

Le 30/04/2021 à 19:06, Benny Pedersen a écrit :
> On 2021-04-30 03:48, Adi Pircalabu wrote:
>> On 29-04-2021 23:08, @lbutlr wrote:
>>> On 29 Apr 2021, at 03:22, Steve Dondley wrote:
 I am totally unfamiliar with Exchange servers. What do they offer,
 exactly, that dovecot/postfix does not (besides a revenue stream
 for MS)?
>>>
>>> A monthly stipend to Microsoft?
>>>
>>> (I think they actuallyy do offer some useful tools for things like
>>> meetings and calendars and such, including the 'feature' of being able
>>> to automatically add people to your itinerary.)
>>
>> 
>>
>> Fact: Exchange (especially hosted) is 2010-ish, Office365 is the
>> buzzword these days. Microsoft have been trying their best for quite
>> some time now to cripple the IMAP support in Outlook as much as they
>> can so that the email users will move their email business with o365
>> which - surprise surprise! - is s easy to autodiscover,
>> autoconfigure, autothis, autothat. It's all about integrated services
>> run by few well known powerful monopolies and it's only gonna get
>> worse.
>>
>> 
>
> 
>
> is mozilla thunderbird better in 2021 with no shareing or dokumented
> ical icard or shared adressbook
>
> simply is seamonkey worse then firefox ?
>
> 
>
> imho its not just microsoft
>

Thunderbird has native caldav support, you get carddav with the cardbook
extension, no problem.

Re: What imap ssl/auth settings work best with MS Outlook?

[Benny Pedersen]

On 2021-04-30 03:48, Adi Pircalabu wrote:

On 29-04-2021 23:08, @lbutlr wrote:

On 29 Apr 2021, at 03:22, Steve Dondley wrote:
I am totally unfamiliar with Exchange servers. What do they offer, 
exactly, that dovecot/postfix does not (besides a revenue stream for 
MS)?


A monthly stipend to Microsoft?

(I think they actuallyy do offer some useful tools for things like
meetings and calendars and such, including the 'feature' of being able
to automatically add people to your itinerary.)




Fact: Exchange (especially hosted) is 2010-ish, Office365 is the
buzzword these days. Microsoft have been trying their best for quite
some time now to cripple the IMAP support in Outlook as much as they
can so that the email users will move their email business with o365
which - surprise surprise! - is s easy to autodiscover,
autoconfigure, autothis, autothat. It's all about integrated services
run by few well known powerful monopolies and it's only gonna get
worse.






is mozilla thunderbird better in 2021 with no shareing or dokumented 
ical icard or shared adressbook


simply is seamonkey worse then firefox ?



imho its not just microsoft

Re: What imap ssl/auth settings work best with MS Outlook?

[James]

On 30/04/2021 08:13, @lbutlr wrote:


When you enter your email address, it would be TRIVIAL to check the MX records 
for the domain and fill those in for the SMTP and IMAP servers, allowing users 
to more easily add (if needed) the domain prefix.


Better to use DNS SVR records than guess from MX or domain.  I provide 
email SVRs but does any mail client use them?


https://tools.ietf.org/html/rfc6186


There is config-v1.1.xml, again I do not know which clients use, hence 
what I should provide, maybe I carry on providing as many methods as I can.

automx2 (Re: What imap ssl/auth settings work best with MS Outlook?)

[Ralph Seichter]

* sebast...@sebbe.eu:

> When you enter your email address, it would be TRIVIAL to check the
> MX records for the domain and fill those in for the SMTP and IMAP
> servers, allowing users to more easily add (if needed) the domain
> prefix.

As pointed out here before, that approach would not generally work. Many
organisations split services over different IP addresses, and the IMAP
server need not bear any relationship to MX (inbound) or MTA (outbound).

Vendors use different types of autodiscover/autoconfig mechanisms. I
have written a service that implements some of them:

  https://rseichter.github.io/automx2/

It may be overkill for domains with a very small user base with purely
static data, but for medium sized organisations upwards or for those who
need to lookup email addresses from LDAP (matching an unrelated login
name), automx2 provides a means of handing out config data to iOS/macOS
Mail, some Outlook versions, Thunderbird, KMail, and more.

The documentation I pointed to also includes a description of some of
the mechanisms and RFCs behind it, in case you are interested.

-Ralph

Re: What imap ssl/auth settings work best with MS Outlook?

[Erwan David]

Le 30/04/2021 à 11:47, James a écrit :

On 30/04/2021 08:13, @lbutlr wrote:

When you enter your email address, it would be TRIVIAL to check the MX 
records for the domain and fill those in for the SMTP and IMAP 
servers, allowing users to more easily add (if needed) the domain prefix.


Better to use DNS SVR records than guess from MX or domain.  I provide 
email SVRs but does any mail client use them?


https://tools.ietf.org/html/rfc6186


There is config-v1.1.xml, again I do not know which clients use, hence 
what I should provide, maybe I carry on providing as many methods as I can.





Here is what Thunderbird does : 
https://developer.mozilla.org/en-US/docs/Mozilla/Thunderbird/Autoconfiguration


No use of SRV Alas

Re: What imap ssl/auth settings work best with MS Outlook?

[Jochen Bern]

On 30.04.21 09:20, Arjen de Korte wrote:
> Citeren "@lbutlr" :
>> When you enter your email address, it would be TRIVIAL to check the MX
>> records for the domain and fill those in for the SMTP and IMAP
>> servers, allowing users to more easily add (if needed) the domain prefix.
> 
> Rightfully so. There is absolutely no guarantee that the server on the
> inbound (MX) record also handles outbound and/or IMAP. In many cases,
> these will be different systems.

There's no *guarantee* that any *other* guessing or discovery mechanism
that comes built into any general-distribution MUA will be correct, either.

(Says the man who has to seriously beat even current versions of
*Thunderbird* into accepting a manually-entered config and act as a test
tool against the IMAPS servers we purpose-built and run for the
appliances in the field. "How dare you NOT have an SMTP-out server for
this account at all!" etc..)

Regards,
-- 
Jochen Bern
Systemingenieur

Binect GmbH



smime.p7s
Description: S/MIME Cryptographic Signature

Re: What imap ssl/auth settings work best with MS Outlook?

[Arjen de Korte]

Citeren "@lbutlr" :


On 30 Apr 2021, at 01:20, Arjen de Korte  wrote:

Citeren "@lbutlr" :

When you enter your email address, it would be TRIVIAL to check  
the MX records for the domain and fill those in for the SMTP and  
IMAP servers, allowing users to more easily add (if needed) the  
domain prefix.


No one does this.


Rightfully so. There is absolutely no guarantee that the server on  
the inbound (MX) record also handles outbound and/or IMAP. In many  
cases, these will be different systems.


It is very very common. It's been at least a decade since I saw a  
configuration in which the SMTP/IMAP servers were on a different  
domain than the MX domain.


It´s getting less and less common. I see plenty domains where e-mail  
spam/virus protection is outsourced and where there is absolutely no  
hope of guessing the correct hostnames for outbound or IMAP servers  
based on the domain of the MX record. Configuring Autodiscover records  
may help somewhat, but even then YMMV.

Re: What imap ssl/auth settings work best with MS Outlook?

[@lbutlr]

On 30 Apr 2021, at 01:20, Arjen de Korte  wrote:
> Citeren "@lbutlr" :
> 
>> When you enter your email address, it would be TRIVIAL to check the MX 
>> records for the domain and fill those in for the SMTP and IMAP servers, 
>> allowing users to more easily add (if needed) the domain prefix.
>> 
>> No one does this.
> 
> Rightfully so. There is absolutely no guarantee that the server on the 
> inbound (MX) record also handles outbound and/or IMAP. In many cases, these 
> will be different systems.

It is very very common. It's been at least a decade since I saw a configuration 
in which the SMTP/IMAP servers were on a different domain than the MX domain.

NB: I am not saying that if the MX is mail.example.net "mail.example.net" 
should be filled in, but that "example.net" should be pre-populated with the 
opportunity to add, say "IMAP." To the beginning.


-- 
'Charity ain't giving people what you wants to give, it's giving
people what they need to get.'

Re: What imap ssl/auth settings work best with MS Outlook?

[Arjen de Korte]

Citeren "@lbutlr" :

When you enter your email address, it would be TRIVIAL to check the  
MX records for the domain and fill those in for the SMTP and IMAP  
servers, allowing users to more easily add (if needed) the domain  
prefix.


No one does this.


Rightfully so. There is absolutely no guarantee that the server on the  
inbound (MX) record also handles outbound and/or IMAP. In many cases,  
these will be different systems.

Re: What imap ssl/auth settings work best with MS Outlook?

[@lbutlr]

On 29 Apr 2021, at 19:48, Adi Pircalabu  wrote:
> 
> 
> Fact: Exchange (especially hosted) is 2010-ish, Office365 is the buzzword 
> these days. Microsoft have been trying their best for quite some time now to 
> cripple the IMAP support in Outlook as much as they can so that the email 
> users will move their email business with o365 which - surprise surprise! - 
> is s easy to autodiscover, autoconfigure, autothis, autothat. It's all 
> about integrated services run by few well known powerful monopolies and it's 
> only gonna get worse.

As an example of how MSFT (and others) make configuring real emails accounts 
more difficult:

When you enter your email address, it would be TRIVIAL to check the MX records 
for the domain and fill those in for the SMTP and IMAP servers, allowing users 
to more easily add (if needed) the domain prefix.

No one does this.

Not a big thing, of course, but a silly omission that is best explained by 
"Nah, if they are going to use real servers, let's not make it any easier."

> 


-- 
'You know what the greatest tragedy is in the whole world?' said
Ginger, not paying him the least attention. 'It's all the people
who never find out what it is they really want to do or what it
is they're really good at. It's all the sons who become
blacksmiths because their fathers were blacksmiths. It's all the
people who could be really fantastic flute players who grow old
and die without ever seeing a musical instrument, so they become
bad ploughmen instead. It's all the people with talents who never
even find out. Maybe they are never born in a time when it is
possible to find out.'

Re: What imap ssl/auth settings work best with MS Outlook?

[Adi Pircalabu]

On 29-04-2021 23:08, @lbutlr wrote:

On 29 Apr 2021, at 03:22, Steve Dondley wrote:
I am totally unfamiliar with Exchange servers. What do they offer, 
exactly, that dovecot/postfix does not (besides a revenue stream for 
MS)?


A monthly stipend to Microsoft?

(I think they actuallyy do offer some useful tools for things like
meetings and calendars and such, including the 'feature' of being able
to automatically add people to your itinerary.)




Fact: Exchange (especially hosted) is 2010-ish, Office365 is the 
buzzword these days. Microsoft have been trying their best for quite 
some time now to cripple the IMAP support in Outlook as much as they can 
so that the email users will move their email business with o365 which - 
surprise surprise! - is s easy to autodiscover, autoconfigure, 
autothis, autothat. It's all about integrated services run by few well 
known powerful monopolies and it's only gonna get worse.




--
Adi Pircalabu

Re: What imap ssl/auth settings work best with MS Outlook?

[Jerry]

On Thu, 29 Apr 2021 09:51:13 -0400, Steve Dondley stated:
>On 2021-04-29 09:40 AM, Steve Dondley wrote:
>>> I am using Outlook without any problems what so ever.
>>> 
>>> It sounds to me like you are setting up Outlook to use port 465. In 
>>> the
>>> setup screen, set the port to either "25" or "587". I am using "587"
>>> with "starttls" Your "incoming mail port" will depend on how you
>>> have Dovecot configured. I use port "143" with "starttls" for
>>> Outlook. YMMV depending on your configuration.
>>> 
>>> You might want to consider posting the output of "doveconf -a" and
>>> how you have Outlook configured.  
>> 
>> To get things working with the client I had to set
>> "disable_plaintext_auth = no" and have them use port 143. Obviously,
>> this is not ideal. I could not get 993 working at all with the
>> client's version of outlook. However, on MS 365, outlook works just
>> fine.
>> 
>> It's insane.  
>
>OK, I had changed "ssl = yes" to "ssl = required" so having 
>"disable_plaintext_auth" is not such a big deal.
>
>But I would still love to know why port 993 wasn't working at all for 
>this client.

Posting the exact error message(s) would be helpful. Any logs would
also be appreciated. I believe Outlook could be started in "debug"
mode. Check this URL out:
https://docs.microsoft.com/en-us/office/dev/add-ins/testing/attach-debugger-from-task-pane

Good Luck

-- 
Jerry


pgpvdTCvY4b9K.pgp
Description: OpenPGP digital signature

Re: What imap ssl/auth settings work best with MS Outlook?

[Steve Dondley]

On 2021-04-29 09:40 AM, Steve Dondley wrote:

I am using Outlook without any problems what so ever.

It sounds to me like you are setting up Outlook to use port 465. In 
the

setup screen, set the port to either "25" or "587". I am using "587"
with "starttls" Your "incoming mail port" will depend on how you have
Dovecot configured. I use port "143" with "starttls" for Outlook. YMMV
depending on your configuration.

You might want to consider posting the output of "doveconf -a" and how
you have Outlook configured.


To get things working with the client I had to set
"disable_plaintext_auth = no" and have them use port 143. Obviously,
this is not ideal. I could not get 993 working at all with the
client's version of outlook. However, on MS 365, outlook works just
fine.

It's insane.


OK, I had changed "ssl = yes" to "ssl = required" so having 
"disable_plaintext_auth" is not such a big deal.


But I would still love to know why port 993 wasn't working at all for 
this client.

Re: What imap ssl/auth settings work best with MS Outlook?

[Steve Dondley]

I am using Outlook without any problems what so ever.

It sounds to me like you are setting up Outlook to use port 465. In the
setup screen, set the port to either "25" or "587". I am using "587"
with "starttls" Your "incoming mail port" will depend on how you have
Dovecot configured. I use port "143" with "starttls" for Outlook. YMMV
depending on your configuration.

You might want to consider posting the output of "doveconf -a" and how
you have Outlook configured.


To get things working with the client I had to set 
"disable_plaintext_auth = no" and have them use port 143. Obviously, 
this is not ideal. I could not get 993 working at all with the client's 
version of outlook. However, on MS 365, outlook works just fine.


It's insane.

# 2.3.4.1 (f79e8e7e4): /etc/dovecot/dovecot.conf
# Pigeonhole version 0.5.4 ()
# OS: Linux 4.19.0-16-cloud-amd64 x86_64 Debian 10.9
# NOTE: Send doveconf -n output instead when asking for help.
auth_anonymous_username = anonymous
auth_cache_negative_ttl = 1 hours
auth_cache_size = 0
auth_cache_ttl = 1 hours
auth_cache_verify_password_with_worker = no
auth_debug = no
auth_debug_passwords = no
auth_default_realm =
auth_failure_delay = 2 secs
auth_gssapi_hostname =
auth_krb5_keytab =
auth_master_user_separator =
auth_mechanisms = plain login
auth_policy_check_after_auth = yes
auth_policy_check_before_auth = yes
auth_policy_hash_mech = sha256
auth_policy_hash_nonce =
auth_policy_hash_truncate = 12
auth_policy_reject_on_fail = no
auth_policy_report_after_auth = yes
auth_policy_request_attributes = login=%{requested_username} 
pwhash=%{hashed_password} remote=%{rip} device_id=%{client_id} 
protocol=%s

auth_policy_server_api_header =
auth_policy_server_timeout_msecs = 2000
auth_policy_server_url =
auth_proxy_self =
auth_realms =
auth_socket_path = auth-userdb
auth_ssl_require_client_cert = no
auth_ssl_username_from_cert = no
auth_stats = no
auth_use_winbind = no
auth_username_chars = 
abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@

auth_username_format = %Ln
auth_username_translation =
auth_verbose = no
auth_verbose_passwords = no
auth_winbind_helper_path = /usr/bin/ntlm_auth
auth_worker_max_count = 30
base_dir = /var/run/dovecot
config_cache_size = 1 M
debug_log_path =
default_client_limit = 1000
default_idle_kill = 1 mins
default_internal_group = dovecot
default_internal_user = dovecot
default_login_user = dovenull
default_process_limit = 100
default_vsz_limit = 256 M
deliver_log_format = msgid=%m: %$
dict_db_config =
director_flush_socket =
director_mail_servers =
director_max_parallel_kicks = 100
director_max_parallel_moves = 100
director_output_buffer_size = 10 M
director_ping_idle_timeout = 30 secs
director_ping_max_timeout = 1 mins
director_servers =
director_user_expire = 15 mins
director_user_kick_delay = 2 secs
director_username_hash = %u
disable_plaintext_auth = no
dotlock_use_excl = yes
doveadm_allowed_commands =
doveadm_api_key =
doveadm_http_rawlog_dir =
doveadm_password =
doveadm_port = 0
doveadm_socket_path = doveadm-server
doveadm_username = doveadm
doveadm_worker_count = 0
dsync_alt_char = _
dsync_commit_msgs_interval = 100
dsync_features =
dsync_hashed_headers = Date Message-ID
dsync_remote_cmd = ssh -l%{login} %{host} doveadm dsync-server -u%u -U
first_valid_gid = 1
first_valid_uid = 500
haproxy_timeout = 3 secs
haproxy_trusted_networks =
hostname =
imap_capability =
imap_client_workarounds =
imap_fetch_failure = disconnect-immediately
imap_hibernate_timeout = 0
imap_id_log =
imap_id_retain = no
imap_id_send = name *
imap_idle_notify_interval = 2 mins
imap_literal_minus = no
imap_logout_format = in=%i out=%o deleted=%{deleted} 
expunged=%{expunged} trashed=%{trashed} hdr_count=%{fetch_hdr_count} 
hdr_bytes=%{fetch_hdr_bytes} body_count=%{fetch_body_count} 
body_bytes=%{fetch_body_bytes}

imap_max_line_length = 64 k
imap_metadata = no
imap_urlauth_host =
imap_urlauth_logout_format = in=%i out=%o
imap_urlauth_port = 143
imapc_cmd_timeout = 5 mins
imapc_connection_retry_count = 1
imapc_connection_retry_interval = 1 secs
imapc_features =
imapc_host =
imapc_list_prefix =
imapc_master_user =
imapc_max_idle_time = 29 mins
imapc_max_line_length = 0
imapc_password =
imapc_port = 143
imapc_rawlog_dir =
imapc_sasl_mechanisms =
imapc_ssl = no
imapc_ssl_verify = yes
imapc_user =
import_environment = TZ CORE_OUTOFMEM CORE_ERROR LISTEN_PID LISTEN_FDS
info_log_path =
instance_name = dovecot
last_valid_gid = 0
last_valid_uid = 0
lda_mailbox_autocreate = no
lda_mailbox_autosubscribe = no
lda_original_recipient_header =
libexec_dir = /usr/lib/dovecot
listen = *, ::
lmtp_hdr_delivery_address = final
lmtp_proxy = no
lmtp_proxy_rawlog_dir =
lmtp_rawlog_dir =
lmtp_rcpt_check_quota = no
lmtp_save_to_detail_mailbox = no
lmtp_user_concurrency_limit = 0
lock_method = fcntl
log_core_filter =
log_debug =
log_path = syslog
log_timestamp = "%b %d %H:%M:%S "
login_access_sockets =
login_greeting = Dovecot (Debian) ready.
login_log_format = %$: %s

Re: What imap ssl/auth settings work best with MS Outlook?

[@lbutlr]

On 29 Apr 2021, at 05:57, Jerry  wrote:
> It sounds to me like you are setting up Outlook to use port 465. In the
> setup screen, set the port to either "25" or "587". I am using "587"
> with "starttls" Your "incoming mail port" will depend on how you have
> Dovecot configured. I use port "143" with "starttls" for Outlook. YMMV
> depending on your configuration.

I have both 465 ad 587 configured in postfix. If the settings for 465 are 
correct it seems to work, OTOH, Outlook users are thin on my server.


-- 
"Are you pondering what I'm pondering?"
"I think so, Brain, but if we have nothing to fear but fear itself,
why does Eleanor Roosevelt wear that spooky mask?"

Re: What imap ssl/auth settings work best with MS Outlook?

[@lbutlr]

On 29 Apr 2021, at 03:22, Steve Dondley  wrote:
> I am totally unfamiliar with Exchange servers. What do they offer, exactly, 
> that dovecot/postfix does not (besides a revenue stream for MS)?

A monthly stipend to Microsoft?

(I think they actuallyy do offer some useful tools for things like meetings and 
calendars and such, including the 'feature' of being able to automatically add 
people to your itinerary.)

-- 
"I hope someday you know the indescribable joy of having children,
and of paying someone else to raise them."

Re: What imap ssl/auth settings work best with MS Outlook?

[Jerry]

On Thu, 29 Apr 2021 05:22:45 -0400, Steve Dondley stated:
>On 2021-04-29 01:45 AM, @lbutlr wrote:
>> On 28 Apr 2021, at 12:49, Steve Dondley  wrote:  
>>> I repeatedly have a hell of a time getting clients' Outlook
>>> software working well with Dovecot. It's hard for me to test myself
>>> since I don't have Outlook and it would be impossible to keep up
>>> with all the different versions anyway.  
>> 
>> How old is the version of Outlook they are using? Office 2010 is a
>> disaster, and if I recall correctly 2014 has many issues as well.  
>
>I'm not sure. It's fairly recent though.
>
>Some more nuttiness: I bit the bullet and downloaded a trial version
>of MS 365 and downloaded the Outlook desktop. On my mac, at least,
>there are two different interfaces/version of Outlook: the "old"
>Outlook and a "new," more minimalist version. You can switch between
>the versions easily.
>
>On the "old" outlook, I was able to get things set up without issue.
>But with the "new" outlook, I couldn't send email or set up a new
>account.
>
>It turns out I had to enable the smtp_tls_wrappermode setting to get
>it working with the "new" Outlook. See 
>http://www.postfix.org/postconf.5.html#smtp_tls_wrappermode
>
>I thought the wrapper setting was just for the long dead Outlook
>Express mail client. But now I'm wondering if I need this setting for
>some versions of Outlook.
>
>
>> Even so, it's terrible software that is designed to 'encourage' users
>> to use Exchange Servers for mail instead of real email servers.  
>
>I'm not conspiracy theorist, but I can't help but come to the same 
>conclusion.
>
>I am totally unfamiliar with Exchange servers. What do they offer, 
>exactly, that dovecot/postfix does not (besides a revenue stream for 
>MS)?

I am using Outlook without any problems what so ever.

It sounds to me like you are setting up Outlook to use port 465. In the
setup screen, set the port to either "25" or "587". I am using "587"
with "starttls" Your "incoming mail port" will depend on how you have
Dovecot configured. I use port "143" with "starttls" for Outlook. YMMV
depending on your configuration.

You might want to consider posting the output of "doveconf -a" and how
you have Outlook configured.

-- 
Jerry


pgp1CQlXpKV_Z.pgp
Description: OpenPGP digital signature

Re: What imap ssl/auth settings work best with MS Outlook?

[Tim Dickson]

On 29/04/2021 10:22, Steve Dondley wrote:

On 2021-04-29 01:45 AM, @lbutlr wrote:

On 28 Apr 2021, at 12:49, Steve Dondley  wrote:
I repeatedly have a hell of a time getting clients' Outlook software 
working well with Dovecot. It's hard for me to test myself since I 
don't have Outlook and it would be impossible to keep up with all 
the different versions anyway.


How old is the version of Outlook they are using? Office 2010 is a
disaster, and if I recall correctly 2014 has many issues as well.


I'm not sure. It's fairly recent though.

Some more nuttiness: I bit the bullet and downloaded a trial version 
of MS 365 and downloaded the Outlook desktop. On my mac, at least, 
there are two different interfaces/version of Outlook: the "old" 
Outlook and a "new," more minimalist version. You can switch between 
the versions easily.


On the "old" outlook, I was able to get things set up without issue. 
But with the "new" outlook, I couldn't send email or set up a new 
account.


It turns out I had to enable the smtp_tls_wrappermode setting to get 
it working with the "new" Outlook. See 
http://www.postfix.org/postconf.5.html#smtp_tls_wrappermode


I thought the wrapper setting was just for the long dead Outlook 
Express mail client. But now I'm wondering if I need this setting for 
some versions of Outlook.




Even so, it's terrible software that is designed to 'encourage' users
to use Exchange Servers for mail instead of real email servers.


I'm not conspiracy theorist, but I can't help but come to the same 
conclusion.


I am totally unfamiliar with Exchange servers. What do they offer, 
exactly, that dovecot/postfix does not (besides a revenue stream for MS)?



built in calander integration.

--
This email has been checked for viruses by AVG.
https://www.avg.com

Re: What imap ssl/auth settings work best with MS Outlook?

[Steve Dondley]

On 2021-04-29 01:45 AM, @lbutlr wrote:

On 28 Apr 2021, at 12:49, Steve Dondley  wrote:
I repeatedly have a hell of a time getting clients' Outlook software 
working well with Dovecot. It's hard for me to test myself since I 
don't have Outlook and it would be impossible to keep up with all the 
different versions anyway.


How old is the version of Outlook they are using? Office 2010 is a
disaster, and if I recall correctly 2014 has many issues as well.


I'm not sure. It's fairly recent though.

Some more nuttiness: I bit the bullet and downloaded a trial version of 
MS 365 and downloaded the Outlook desktop. On my mac, at least, there 
are two different interfaces/version of Outlook: the "old" Outlook and a 
"new," more minimalist version. You can switch between the versions 
easily.


On the "old" outlook, I was able to get things set up without issue. But 
with the "new" outlook, I couldn't send email or set up a new account.


It turns out I had to enable the smtp_tls_wrappermode setting to get it 
working with the "new" Outlook. See 
http://www.postfix.org/postconf.5.html#smtp_tls_wrappermode


I thought the wrapper setting was just for the long dead Outlook Express 
mail client. But now I'm wondering if I need this setting for some 
versions of Outlook.




Even so, it's terrible software that is designed to 'encourage' users
to use Exchange Servers for mail instead of real email servers.


I'm not conspiracy theorist, but I can't help but come to the same 
conclusion.


I am totally unfamiliar with Exchange servers. What do they offer, 
exactly, that dovecot/postfix does not (besides a revenue stream for 
MS)?

Re: What imap ssl/auth settings work best with MS Outlook?

[@lbutlr]

On 28 Apr 2021, at 12:49, Steve Dondley  wrote:
> I repeatedly have a hell of a time getting clients' Outlook software working 
> well with Dovecot. It's hard for me to test myself since I don't have Outlook 
> and it would be impossible to keep up with all the different versions anyway.

How old is the version of Outlook they are using? Office 2010 is a disaster, 
and if I recall correctly 2014 has many issues as well.

Even so, it's terrible software that is designed to 'encourage' users to use 
Exchange Servers for mail instead of real email servers.

-- 
Think of how stupid the average person is, and realize half of them
are stupider than that.

Re: What imap ssl/auth settings work best with MS Outlook?

[Steve Dondley]

I think my problem might be here. Instead of %Ln, maybe I should have 
%L%n?


Nope: https://wiki.dovecot.org/DomainLost

Re: What imap ssl/auth settings work best with MS Outlook?

[Steve Dondley]

On 2021-04-28 02:49 PM, Steve Dondley wrote:

I repeatedly have a hell of a time getting clients' Outlook software
working well with Dovecot. It's hard for me to test myself since I
don't have Outlook and it would be impossible to keep up with all the
different versions anyway.

I've got the following settings, currently:

disable_plaintext_auth = yes
auth_username_format = %Ln
auth_mechanisms = plain login
ssl = yes


I think my problem might be here. Instead of %Ln, maybe I should have 
%L%n?

Re: What imap ssl/auth settings work best with MS Outlook?

[Steve Dondley]

Your best bet to make Outlook behave better as an IMAP client is to
configure a mail "profile" via
Control Pannel --> User Accounts --> Mail, and set all the particulars
there. Recent versions of Outlook have a stripped down configuration
interface that offers no flexibility. For example, from Outlook itself
it's not possible to set an IMAP login name that's not an email
address.


Yes, this was a "holy shit" moment that I had today. I couldn't even see 
how to change the user name. Outlook has got to have the worst, most 
inconsistent user interface for a mail client I've ever seen. It's 
insane.


Thanks for the tip on the Mail settings. I wasn't aware of those.

I bit the bullet and got a free trial of MS Outlook as part of Office 
365 so I could do some testing. It was super easy to set up and I had 
absolutely no issues logging into my client's IMAP account with. I spent 
an hour with the client today, who had a slightly older version of 
Outlook, and we could not get it working. It took 5 minutes just for 
Outlook to fail and finally tell us it couldn't log in.


As I think about this, it's probably some kind of encryption protocol 
issue. Is it possible some older versions of outlook are using outdated 
encryption methods that my server is not set up to work with?

Re: What imap ssl/auth settings work best with MS Outlook?

[Greg Rivers]

On Wednesday, 28 April 2021 13:49:03 CDT Steve Dondley wrote:
> I repeatedly have a hell of a time getting clients' Outlook software 
> working well with Dovecot. It's hard for me to test myself since I don't 
> have Outlook and it would be impossible to keep up with all the 
> different versions anyway.
> 
> [snip]
> 
> It always seems to be hit or miss with outlook as to which encryption 
> setting to use, which port to try, etc. With a recent client, I couldn't 
> get them successfully logged in no matter what manual settings we tried. 
> If someone can give me some tips on how to get most versions of Outlook 
> cooperating well with Dovecot, I'd appreciate it.
> 
Your best bet to make Outlook behave better as an IMAP client is to configure a 
mail "profile" via
Control Pannel --> User Accounts --> Mail, and set all the particulars there. 
Recent versions of Outlook have a stripped down configuration interface that 
offers no flexibility. For example, from Outlook itself it's not possible to 
set an IMAP login name that's not an email address.

-- 
Greg