Outlook Express and STARTTLS

Fri Nov 21 21:04:09 UTC 2014

Am 21.11.2014 um 21:51 schrieb Robert Moskowitz:
> On 11/21/2014 03:38 PM, Gedalya wrote:
>> On 11/21/2014 03:32 PM, Robert Moskowitz wrote:
>>>
>>> On 11/21/2014 03:09 PM, Reindl Harald wrote:
>>>>
>>>> Am 21.11.2014 um 20:59 schrieb Robert Moskowitz:
>>>>> I have one user that uses Outlook Express.   Not only do I not use
>>>>> it, I
>>>>> don't have any systems here that can easily use it.  I bit of a
>>>>> challenge.
>>>>>
>>>>> I am strictly enforcing STARTTLS or TLS for SMTP/POP3/IMAP
>>>>> connections.
>>>>>
>>>>> SO far a google search has not shown me how to configure this for a
>>>>> user.  Anyone have a pointer to instructions so I can talk the person
>>>>> through the changes?
>>>>
>>>> it can't as well as Outlook for POP3/IMAP
>>>> you need 993/995 *without* STARTTLS - period
>>>>
>>>> and that's why a sane mailserver needs to support
>>>> 110,143,993,995,587 *and* 465 to support every client, that won't
>>>> change in the near future
>>>>
>>> I missed 465; got the rest.  Will have to look THAT one up. Thanks
>>> for the tip, Harald.
>> That's just implicit TLS for SMTP submission, instead of 587. OE needs
>> that.
>>
> Which is way IETF has made a major pushback against every transport
> wanting a second port number for TLS.  There just are not enough port
> numbers for this purpose

well, if we could tun back time 15 years ago many things would be 
different - IMHO the decision to deprecate 465 in favour to STARTTLS is 
plain wrong - it is much easier for a MITM to strip out the STARTTLS in 
the still unencrypted connection (given a client falls back to 
unencrypted in that cse) before the TLS handshake ever happens

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: OpenPGP digital signature
URL: <http://dovecot.org/pipermail/dovecot/attachments/20141121/b4d457f3/attachment.sig>