On Sat, 2009-10-10 at 10:47 +0800, W B Hacker wrote: > Ted Cooper wrote: > > I've found I can't use this method with Outlook clients - if I don't > > advertise all the time, Outlook will never attempt to authenticate even > > after it has started an encrypted session. > > I've not seen that.
Google "outlook bug STARTTLS 587" <quote> Note Outlook will only do STARTTLS on port 25, not 587. Since many providers now block use of the that port, people who use Outlook and need to use encryption and authenticated SMTP should use SSL and port 465 as an Advanced Setting </quote> Which kinda holds true - as I said, if you advertise LOGIN before STARTTLS, outlook will do STARTTLS on port 587. One buggy big expensive program. > > My end solution was to allow > > users to authenticate without encryption but reject all authenticated, > > non-encrypted attempts in acl_smtp_mail. > > > > Bass-ackwards, IMNSHO. > > First you encourage en-claire exposure of the UID:PWD ,,, then (little else > matters...) I don't encourage it, hence rejecting all mail from clients that have provided their details in the clear. It was just the only way I could get Outlook and all the other mail clients to work properly. The only attempts I've had of credentials in the clear have been brute force attempts by bots. -- The Exim manual - http://docs.exim.org -- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
