> On 07 Jun 2014, at 10:39 , li...@rhsoft.net wrote: > > > > Am 07.06.2014 18:29, schrieb LuKreme: >> >> On 07 Jun 2014, at 09:53 , li...@rhsoft.net wrote: >> >>> i condsidered that but it would take weeks and months to >>> explain all customers that they have to fix their client configs >>> and i see even new configured clients using 25 because the idiotic >>> MUA's still default to 25 and burrie the port setting somewhere >>> under "expert" or "extended" settings, so you can't do that if >>> you have hundrets of customers with all sort of devices >> >> Don't most modern clients try 25 first, then fall back to other ports (587 >> and the stupid one I forget and don't support)? > > the stupidity is trying 25 first
That is still what most servers support or even require. >> When I eliminated connecting on port 25 for clients it was pretty seamless, >> albeit most of them are Mac users, so they never even noticed the change. > > define "modern client" > > i had *recently* one which client did not work after we > switched to a 4096/SHA-256 cert, guess what, Eudora on > a Apple machine, yes i answered with "i don't care" Eudora? Eudora hasn’t been supported for many many years,a nd hasn’t had much if any envelopment on it for a decade. Certainly not modern in any sense of the word. > >>> iPhones and Apple Mail permanently disable SASL auth for unknown >>> reasons or in case of password changes need to re-configure the >>> outgoing mailserver seperated from the incoming creating enough >>> work for a sysadmins lifetime >> >> I have no idea what you are talking about; I've never had any issue with >> secure connections from iOS or OS X to my mail server > > did i say anything about secure connections? You said SASL auth. > * the setting for using authentication get lost repeatly > if you haven't seen that you have to few Apple users > the iPhones try again and again after that send unautheticated Never seen that. Run OS X and iOS all day every day, as do many users. > * after heartblead we forced all users to change their passwords > on the stupid Apple clients you need to change the password seperatly > for incoming and outgoing mail while even Outlook for a decase has > a checkbox "use same credentials as for incoming mail” Since incoming and outgoing can be different, that’s really not that big a deal. > * and not the f**ing Apple clients don't ask for the new password > after the first error That’s certainly not true. I get asked for my Gmail password all the damn time (because Google app specific password for 2-factor users don;t work well). > * frankly a trained monkey could develop the code to enter only username and > password and try the same credentials on 587 by default instead try first 25 > or send unauthenticated Sorry, this is not what happens unless, maybe, you allow unauthenticated submission on port 25? Dunno, I never did that. Mail.app and iOS first try port 25, then try 587, then try… I think it’s 465? > the Apple user *never takes notice* if sending fails *never* That is not true. If sending fails it tells you and asks if you want to use a different server (if more than one is configured) or asks you ant you want to do, including try-again or edit the message. > if you want i can give you a log where the same iPhone for > weeks tried every 5 minutes send to "somebody[at]gmail.com" > resulting in 150000 error messages If you server reject the email, both iOS and OS X do not retry. I have no idea what you (or your user) did to generate 150,000 error messages, but that is not what has ever happened here. You cannot send a mail from Apple mail or iOS to “someone[at]gmail.com. It will reject it before sending. https://www.dropbox.com/s/tm6bvy7v8t1kuu9/Screenshot%202014-06-07%2014.48.53.PNG If you try to send it anyway, you get: https://www.dropbox.com/s/wwpvycgcopn8q7u/Screenshot%202014-06-07%2014.50.38.PNG The behavior of iOS is similar, though i does not ask you for another server, it just says the address was rejected by the server and the message was not sent. > on the server side and the user even needed 5 mails and finally a phone call > asking what exectly he don't understand in my mails and why t**uck he don't > ask or just stop copy blindly protected mail adresses So your user is dumb? > in a client developed by monkeys You sound a lot like an anti-Apple bigot with an axe to grind. > unable to verify if a addresscan be valid at all by not containing a @ Again, I don’t know what happened, but what you describe is simply not at all how anything works. -- 'Are you Death?' IT'S THE SCYTHE, ISN'T IT? PEOPLE ALWAYS NOTICE THE SCYTHE.