Auteur: Jim Roberts Date: À: Mike Richardson, Steffen Heil CC: exim-users Sujet: Re: AW: [exim] TLS and Outlook
----- Original Message -----
From: "Mike Richardson" <doctor@???>
To: "Steffen Heil" <lists@???> > On Sun, Aug 29, 2004 at 10:57:24AM +0200, Steffen Heil wrote:
> > Hi
> >
> > > With 2K it doesn't work on a port other than 25. On 2002 it works for a > > while then seems to stop (randomly). On 2003 it works for longer but still > > seems to have problems. This is from a sample of about 200 Outlook users. > > Eventually I had to recommend using port 25 for all version of Outlook.
> >
> > > I'd like to know what 'random' in this case really means but I don't have > > time to do all the testing required.
> >
> > Is there anything I can do about it?
> > Port 25 is not an option here, since it is blocked by our campus firewall, > > which is not under my control.
>
> Hit Microsoft hard and fast with a major leaflet campaign?
>
> We have port 25 open. Given that this is an authenticated service it
> shouldn't pose a security risk really.
>
> The problem really kicks in when people are sending via ISPs which block, or > transparently proxy, port 25. Then Outlook users are screwed from a security > point of view (forgive me for stating the obvious) because they just can't
> use TLS no matter what.
>
> If I had the time I'd be looking at testing Outlook, SSL and stunnel on
> other ports because I believe that Outlook can manage that.
>
> Mike
The solution typically used has been to tell Outlook users to connect to the
"smtps" port, and have a spare instance of Exim listening on that port with
the "tls-on-connect" option set. Sorry I don't have time to check the
spelling on that. Basically, with that command line option set, Exim can
handle incoming SMTPS protocol connections, which is what Outlook will be
using on ports other than 25, when the "use SSL" option is set.
Search the archives for greater details, this comes up fairly regularly.