Postfix + AUTH/TLS + Outlook/OE problem

Adrian Gonzalez adrianbsd at globalpc.net
Fri Aug 18 23:59:24 UTC 2006 

Hi Darren

Comments below...

Darren Pilgrim wrote:
> Adrian Gonzalez wrote:
>  > Hello
>  >
>  > I'm seeing some very strange behavior with Outlook 2003 and Outlook
>  > Express trying to send mail using TLS/SMTP Auth with Postfix 2.3 and
>  > FreeBSD 6.1-STABLE
>  >
>  > It seems like Outlook/OE don't like the SSL handshake for some
>  > reason.  They connect to the server, issue STARTTLS, and disconnect
>  > during the handshake, giving an "Error Number: 0x800CCC0B".  I've
>  > tried both STARTTLS and using 'wrapper mode' on port 465 with the
>  > same results.
> 
> Which version of Outlook Express were you using?  Outlook Express 6 
> doesn't support STARTTLS, only wrapper-mode.  OE6 also also has a broken 
> SASL implementation (set broken_sasl_auth_clients=yes).  Yay for Microsoft!

Outlook Express 6 (6.00.2900.2180 according to the 'about' window).  Basically, 
the one that comes with Windows XP Pro + All current updates/service packs.  It 
does seem to be trying STARTTLS though.  I did have the broken_sasl_auth_clients 
  option enabled, I believe it just causes postfix to 'advertise' AUTH in the 
usual way along with outlook's broken way.

> Have you modified your cipher settings in postfix?  FYR, Outlook XP/2003 
> and Outlook Express 6 prefer 128-bit RC4-MD5 and do not support AES, 
> whereas Thunderbird supports and prefers AES256-SHA.

I suspect OE might not like what the server is offering, but I'm not qute sure 
what to change.  The postfix manual strongly advises against excluding ciphers. 
  Any suggestions?

> On my own mail server, I can send email using all four clients through 
> STARTTLS+SASL (Outlook and Thunderbird) or SMTPS+SASL (OE).  The server 
> is FreeBSD RELENG_6_1 with the stock OpenSSL and postfix 2.3.1 with 
> default tls_*_cipherlist settings.

I'm using 2.3.0,1 with the updated stable OpenSSL.  I'll try updating my ports 
tree and rebuilding the latest stable postfix and see what happens.

> Be happy to compare configs off-list, postconf -n and the like.

Thanks!

> 
> P.S. You may want to retry this question on postfix-users.  You'll have 
> better luck if you're willing to wade through the usual "ditch MS" rude 
> commentary.
> 

> P.P.S. Please configure your mail client to wrap lines.
I normally do, but the postfix logs looked really bad with wrapping :)

More information about the freebsd-isp mailing list