NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Postfix Discussion> 2007-01

RE: SASL vs. M$ Outlook and Outlook Express

From: Tom Kovar (postfix_listkovarovi.org)
Date: Mon Jan 01 2007 - 12:08:54 CST

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

So, thank you all.
Problem solved, it is really the LOGIN method, that is required for SMTP
SASL. But the key thing is the "broken_sasl_auth_clients" story, i.e.
what matters is the **order** of proposed methods. The M$ clients really
need to see 250-AUTH=LOGIN in the message.

What I tried earlier was dovecot proposing methods "PLAIN" and "LOGIN".
This leads to the SMTP server response to client's EHLO message
250-AUTH=PLAIN LOGIN
which is not recognised by the M$ clients (without any comment or
message, anyway) - even if broken_sasl_auth_clients is set to yes all
the time. If my dovecot proposes the methods in the reversed order, i.e.
"LOGIN" and "PLAIN", Bill Gates seems satisfied.

My love towards this damned Micro$oft grows stronger and deeper. Cashing
big money for delivering scrap. Well well.

Once again, thanks for the extensive help.

Best regards,
--- Tom

-----Original Message-----
From: owner-postfix-userspostfix.org
[mailto:owner-postfix-userspostfix.org] On Behalf Of Tony Earnshaw
Sent: Monday, January 01, 2007 3:09 PM
To: postfix-userspostfix.org
Subject: Re: SASL vs. M$ Outlook and Outlook Express

Tom Kovar wrote:

> I have tried it with enabling PLAIN and LOGIN, nothing changed. If I
> remove PLAIN and have only LOGIN, the Outlook client exits
immediately,
> stating that the server does not offer a mechanism supported by
Outlook
> - so this will not be the problem, either.

Oh yes, it is. We have MS Outlook Express and Outlook clients and they
connect without problems. Do two things:

1: telnet mail.barlaeus.nl 25
ehlo mydomain.net

See what it says.

2: openssl s_client -starttls smtp -connect mail.barlaeus.nl:25

See what it says.

You need the "AUTH=LOGIN" for the MS client to recognize it. You
therefore need broken_sasl_auth_clients = yes in main.cf.

> Btw., with IMAP, Outlook sends "AUTH PLAIN" without any problem...

What the bleeding heck does that have to do with the price of fish?

--Tonni

--
Tony Earnshaw
Email: tonni at hetnet.nl

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]