Author: Ron McKeating Date: To: Tony Finch CC: Exim-Users \(E-mail\) Subject: Re: [exim] SSL SMTP
On Fri, 2004-12-03 at 11:35, Tony Finch wrote: > On Fri, 3 Dec 2004, Ron McKeating wrote:
> >
> > Tony thanks for this it explains quite a lot. So in our case having
> >
> > daemon_smtp_ports = 25 : 465 : 587
> > tls_on_connect_ports = 465
> >
> > in the config file is erroneous and should be changed to
> >
> > daemon_smtp_ports = 25 : 587
> > tls_on_connect_ports = 465
>
> No, the former is correct. tls_on_connect_ports must be a subset of
> daemon_smtp_ports.
>
> > Our problem comes in advising outlook users, some user of outlook where
> > the client reports as "Microsoft Office Outlook", work fine on port 465
> > but give the "protocol violation: synchronization error (input sent
> > without waiting for greeting)" if they try to use port 587.
>
> That is expected. Outlook will only do tls-on-connect if the port is not
> 25, so it must be configured to use port 465.
> Now I thought that was just outlook express.
> > Other versions of Outlook where the client reports as "Microsoft
> > Outlook" work fine on port 587 but do not work on port 465.
>
> I wasn't aware that these exist.
As you can see, using port 587 which does not support tls_on_connect and
working quite happily. But as I said. clients which give the clients ms
Office Outlook do not work on 587 but work on 465.
It's a mad world
>
> > It would seem we are going to have to advise Outlook users to try one
> > port or the other.
>
> If you do that, it's best to advise people to try port 587 first, in order
> to avoid the timeout problem which is particularly irritating for the
> user.
> Will do that then, though for most of ours I expect 465 will be the one.
> Tony. --
Ron McKeating
Senior IT Services Specialist
Internet Services and Software Solutions
Loughborough University
01509 222329