[exim] Outlook and SSL behaviour

Etusivu
Poista viesti
Vastaa
Lähettäjä: Mike Richardson
Päiväys:  
Vastaanottaja: exim-users
Aihe: [exim] Outlook and SSL behaviour
Hiya,

Most of this will be familiar to anyone running authentciated/encrypted mail
systems but some of it I've not seen mentioned and I thought some people on
here might be interested. We have well over a thousand authenticated mail
users and about three quarters are Outlook users. We run the system with
three available ports (the exim config is available through the exim website
under the user contributed examples) 25, 465 and 587. 25 and 587 are
configured as STARTTLS ports and 465 as tls-on-connect. The default
configurations, as laid out on our user support website, is that Outlook
should use 465 and the other clients should use 587. Encryption on 25 and
587 is not mandatory but strongly encouraged. Until we fully understand the
behaviour of Outlook it is hard to justify making it mandatory when some
users simply can't see to enable encryption at all.

Anyway, the behaviour we've seen is that all versions of Outlook (references
to Outlook imply Outlook Express too) are happy with authentication on any
port when unencrypted.

In general:

All versions are happy to use encryption on port 25 (STARTTLS).

Most versions are happy to use encryption on port 465 (tls-on-connect)

Most versions are unhappy using encryption on port 587 (STARTTLS - never
tried tls-on-connect). Sometimes they don't work from the start, sometimes
they fail to work after a period of working (hours, days, weeks).

In more detail:

Outlook Express and Outlook 2000 seems to share the same code base so behave
very similarly, as above.

Outlook 2002 seems to be the start of a new code base and the very first
version (2627) will NOT use encryption on port 465 but will reliably use
encryption on port 587. This is a rather big exception to the normal Outlook
rule.

Outlook 2002 SP1 and SP2 will NOT reliably use encryption on port 587 but
WILL use it reliably on 465.

Outlook 2002 SP3 is supposed to fix the instability in using port 587
encrypted however it isn't something we've tried to prove.

Much of this evidence is empirical so I'd be interested in
counter-experiences, refinement or confirmation. The big difference that the
service packs make to the behaviour of Outlook 2002 has been throwing me for
a long time. It was only when I was looking through the logs of
X-Mailer/User-Agent that the pattern threw it self at me.

Thanks

Mike
--
Mike Richardson
80% Messaging and Collaboration / 20% Networks
Manchester Computing
Email: mike.richardson@???
ICON FAQ: www.icon.man.ac.uk/support/faqs.php
*Plain text only please - attachments stripped on arrival*