subject:"Re\: \[mailop\] Office365 STARTTLS not working anymore\?"

Re: [mailop] Office365 STARTTLS not working anymore?

2023-07-18 Thread Gellner, Oliver via mailop

> On 18.07.2023 at 16:21 Benoit Panizzon wrote:
>
>> As far as I know Microsoft never officially supported or advertised STARTTLS 
>> for its mail submission services. Given that RFC8314 "Use of Transport Layer 
>> Security for Email Submission and Access" basically deprecates STARTTLS in 
>> favor of implicit TLS for submission services, I wouldn't expect that 
>> STARTTLS is coming back if it's currently broken.
>> Maybe Michael Wise can shed some more light on this.
>
> They definitely advertise STARTTLS as a supported CAPABILITY, check
> yourself:

By „advertised“ I was referring to the documentation, where STARTTLS support is 
not mentioned.
Their IMAP service on the server is obviously broken, I just have low hopes for 
the mentioned reasons that STARTTLS support is going to be restored.

> Weird... if somebody could point me to what I'm doing wrong...
>
> Our Postfix:
>
> Jul 18 08:04:53 asterix postfix/smtp[81902]: Untrusted TLS connection 
> established to hotmail-com.olc.protection.outlook.com[104.47.51.33]:25: 
> TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
>
> Is very capable to STARTTLS with Microsoft...
>
> So trying again:
>
> $ openssl s_client -starttls smtp -connect 
> hotmail-com.olc.protection.outlook.com:25
> [cert validation stuff]
> 250 SMTPUTF8
> ehlo example.com
> rset
> quit
>
> => Nothing!

I think you’re mixing up MTA to MTA connections and email submission.

If you want to deliver messages to hotmail.com for local recipients:
hotmail-com.olc.protection.outlook.com:25 with optional STARTTLS

If you want to submit emails from a MUA:
smtp-mail.outlook.com:587 with mandatory STARTTLS

If you want to fetch emails via IMAP:
outlook.office365.com:993 with implicit TLS

You cannot interchange those hostnames or ports.

—
BR Oliver

dmTECH GmbH
Am dm-Platz 1, 76227 Karlsruhe * Postfach 10 02 34, 76232 Karlsruhe
Telefon 0721 5592-2500 Telefax 0721 5592-2777
dmt...@dm.de * www.dmTECH.de
GmbH: Sitz Karlsruhe, Registergericht Mannheim, HRB 104927
Geschäftsführer: Christoph Werner, Martin Dallmeier, Roman Melcher

Datenschutzrechtliche Informationen
Wenn Sie mit uns in Kontakt treten, beispielsweise wenn Sie an unser 
ServiceCenter Fragen haben, bei uns einkaufen oder unser dialogicum in 
Karlsruhe besuchen, mit uns in einer geschäftlichen Verbindung stehen oder sich 
bei uns bewerben, verarbeiten wir personenbezogene Daten. Informationen unter 
anderem zu den konkreten Datenverarbeitungen, Löschfristen, Ihren Rechten sowie 
die Kontaktdaten unserer Datenschutzbeauftragten finden Sie 
hier.
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Office365 STARTTLS not working anymore?

2023-07-18 Thread Benoit Panizzon via mailop

Hi..

Weird... if somebody could point me to what I'm doing wrong...

Our Postfix:

Jul 18 08:04:53 asterix postfix/smtp[81902]: Untrusted TLS connection 
established to hotmail-com.olc.protection.outlook.com[104.47.51.33]:25: TLSv1.2 
with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)

Is very capable to STARTTLS with Microsoft...

So trying again:

$ openssl s_client -starttls smtp -connect 
hotmail-com.olc.protection.outlook.com:25
[cert validation stuff]
250 SMTPUTF8
ehlo example.com
rset
quit

=> Nothing!

If I try any other MX that supports TLS, like our postfix MX, I can have
a nice SMTP converstation using openssl s_client as above.

What am I missing? What is Claws-Mail missing?


Mit freundlichen Grüssen

-Benoît Panizzon-
-- 
I m p r o W a r e   A G-Leiter Commerce Kunden
__

Zurlindenstrasse 29 Tel  +41 61 826 93 00
CH-4133 PrattelnFax  +41 61 826 93 01
Schweiz Web  http://www.imp.ch
__
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Office365 STARTTLS not working anymore?

2023-07-18 Thread Benoit Panizzon via mailop

Hi Oliver

> As far as I know Microsoft never officially supported or advertised STARTTLS 
> for its mail submission services. Given that RFC8314 "Use of Transport Layer 
> Security for Email Submission and Access" basically deprecates STARTTLS in 
> favor of implicit TLS for submission services, I wouldn't expect that 
> STARTTLS is coming back if it's currently broken.
> Maybe Michael Wise can shed some more light on this.

They definitely advertise STARTTLS as a supported CAPABILITY, check
yourself:

$ telnet outlook.office365.com 143
Trying 2603:1026:c0b:1c::2...
Connected to outlook.office365.com.
Escape character is '^]'.
* OK The Microsoft Exchange IMAP4 service is ready. 
[WgBSADAAUAAyADcAOABDAEEAMAAwADIAOAAuAEMASABFAFAAMgA3ADgALgBQAFIATwBEAC4ATwBVAFQATABPAE8ASwAuAEMATwBNAA==]
. CAPABILITY
* CAPABILITY IMAP4 IMAP4rev1 LOGINDISABLED STARTTLS SASL-IR UIDPLUS ID UNSELECT 
CHILDREN IDLE NAMESPACE LITERAL+
. OK CAPABILITY completed.


Mit freundlichen Grüssen

-Benoît Panizzon-
-- 
I m p r o W a r e   A G-Leiter Commerce Kunden
__

Zurlindenstrasse 29 Tel  +41 61 826 93 00
CH-4133 PrattelnFax  +41 61 826 93 01
Schweiz Web  http://www.imp.ch
__
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Office365 STARTTLS not working anymore?

2023-07-18 Thread Gellner, Oliver via mailop

On 18.07.2023 at 13:07 Benoit Panizzon via mailop wrote:

> My client connects to Port 143 and performs STARTTLS but is not getting 
> anything in reply.
>
> Is there a known outage? Hast Microsoft discontinued STARTTLS?

As far as I know Microsoft never officially supported or advertised STARTTLS 
for its mail submission services. Given that RFC8314 "Use of Transport Layer 
Security for Email Submission and Access" basically deprecates STARTTLS in 
favor of implicit TLS for submission services, I wouldn't expect that STARTTLS 
is coming back if it's currently broken.
Maybe Michael Wise can shed some more light on this.

--
BR Oliver

dmTECH GmbH
Am dm-Platz 1, 76227 Karlsruhe * Postfach 10 02 34, 76232 Karlsruhe
Telefon 0721 5592-2500 Telefax 0721 5592-2777
dmt...@dm.de * www.dmTECH.de
GmbH: Sitz Karlsruhe, Registergericht Mannheim, HRB 104927
Geschäftsführer: Christoph Werner, Martin Dallmeier, Roman Melcher

Datenschutzrechtliche Informationen
Wenn Sie mit uns in Kontakt treten, beispielsweise wenn Sie an unser 
ServiceCenter Fragen haben, bei uns einkaufen oder unser dialogicum in 
Karlsruhe besuchen, mit uns in einer geschäftlichen Verbindung stehen oder sich 
bei uns bewerben, verarbeiten wir personenbezogene Daten. Informationen unter 
anderem zu den konkreten Datenverarbeitungen, Löschfristen, Ihren Rechten sowie 
die Kontaktdaten unserer Datenschutzbeauftragten finden Sie 
hier.
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Office365 STARTTLS not working anymore?

Re: [mailop] Office365 STARTTLS not working anymore?

Re: [mailop] Office365 STARTTLS not working anymore?

Re: [mailop] Office365 STARTTLS not working anymore?

4 matches

Site Navigation

Mail list logo

Footer information