Mac Outlook 2016 login pop3d-ssl merkwürdig

  • Moin,


    ich habe seit ca. einem Jahr ein komisches Login Problem
    Rechner ist ein Mac Pro mit Office Home & Business 2016 für Mac (Outlook)


    ein normaler pop3d-ssl Login von einem Win 10 oder Win 7 Rechner mit Outlook 2013 oder 2016 auf dem Debian (9) Server schaut so aus:


    Feb 5 13:18:56 man1 pop3d-ssl: Connection, ip=[::ffff:2xx.xx.xx.xxx]
    Feb 5 13:18:56 man1 pop3d-ssl: LOGIN, user=xxxxxx @ domain. com, ip=[::ffff:2xx.xx.xx.xxx], port=[53719]
    Feb 5 13:18:56 man1 pop3d-ssl: LOGOUT, user=xxxxxx @ domain. com, ip=[::ffff:2xx.xx.xx.xxx], port=[53719], top=0, retr=0, rcvd=24, sent=10383, time=0, stls=1


    der gleiche Vorgang vom Mac aus wirft dieses Log beim Server raus (Debian 9):


    Mar 4 10:48:45 man1 pop3d-ssl: Connection, ip=[::ffff:2xx.xx.xx.xxx]
    Mar 4 10:48:45 man1 pop3d-ssl: The TLS connection was non-properly terminated.
    Mar 4 10:48:45 man1 pop3d-ssl: Disconnected, ip=[::ffff:2xx.xx.xx.xxx]
    Mar 4 10:48:45 man1 pop3d-ssl: Connection, ip=[::ffff:2xx.xx.xx.xxx]
    Mar 4 10:48:45 man1 pop3d-ssl: The TLS connection was non-properly terminated.
    Mar 4 10:48:45 man1 pop3d-ssl: Disconnected, ip=[::ffff:2xx.xx.xx.xxx]
    Mar 4 10:48:46 man1 pop3d-ssl: Connection, ip=[::ffff:2xx.xx.xx.xxx]
    Mar 4 10:48:46 man1 pop3d-ssl: The TLS connection was non-properly terminated.
    Mar 4 10:48:46 man1 pop3d-ssl: Disconnected, ip=[::ffff:2xx.xx.xx.xxx]
    Mar 4 10:48:46 man1 pop3d-ssl: Connection, ip=[::ffff:2xx.xx.xx.xxx]
    Mar 4 10:48:46 man1 pop3d-ssl: The TLS connection was non-properly terminated.
    Mar 4 10:48:46 man1 pop3d-ssl: Disconnected, ip=[::ffff:2xx.xx.xx.xxx]
    Mar 4 10:48:46 man1 pop3d-ssl: Connection, ip=[::ffff:2xx.xx.xx.xxx]
    Mar 4 10:48:46 man1 pop3d-ssl: LOGIN, user=xxxxxx @ domain. com, iip=[::ffff:2xx.xx.xx.xxx], port=[60570]
    Mar 4 10:48:46 man1 pop3d-ssl: LOGOUT, user=xxxxxx @ domain. com, ip=[::ffff:2xx.xx.xx.xxx], port=[60570], top=0, retr=0, rcvd=18, sent=48, time=0, stls=1



    kennt jemand dieses Verhalten und kann mir vielleicht sagen wie ich das abstellen kann oder woran das liegt?
    Das abfragen der Mails funktioniert ja, nur kommt der Login nicht beim ersten mal zustande


    Debian 9
    IMSCP 1.5.1
    LetsEncrypt Version 3.3.0 (Build 2017070300)
    PolicydSPF Version 1.2.0 (Build 2017070300)
    PolicydWeight Version 1.2.0 (Build 2017070300)
    Postgrey Version 1.2.0 (Build 2017070300)


    Mit freundlichen Grüßen


    Akinos

  • @Akinos


    • PO server in use: Courier? Dovecot?
    • Do you use a valid SSL certificate and in mail client, do you use the correct hostname, that is, the one listed in subject alternative name of your SSL certificate?
    • Error message from your mail client?

    badge.php?id=1239063037&bid=2518&key=1747635596&format=png&z=547451206

  • Hi nuxwin, first of all thanks for the quick response!


    1. Courier
    2. Yes, I use a valid SSL cert and use the correct hostname.
    3. Fetching mail works eventually, it just takes a lot longer than normal. Outlook on Windows or any other Mail client is much faster and doesn't produce all these failed connections.


    I'm happy to provide SSH access to the server if you want to take a closer look.

  • @Akinos


    Please provide us with error full error message from your mail client.


    See also: https://youtrack.i-mscp.net/issue/IP-1401

    badge.php?id=1239063037&bid=2518&key=1747635596&format=png&z=547451206

  • Hi nuxwin,


    I have re-generated the dhparam file as indicated in the ticket, and restarted the mail server. Sadly, it did not resolve the issue for me.


    This is a log excerpt from the macOS Console application, which matches the log entries on the server side. Hope this helps - and again, thank you for your assistance.


  • Please provide us with the exact parameters you're using in your mail client for the pop3 server connection (a screenshot of your parameters would be welcome (in english)).
    Also please make sure that courier-pop-ssl service is running and the result of the following command: netstat -plunt | grep couriertcpd

    badge.php?id=1239063037&bid=2518&key=1747635596&format=png&z=547451206

  • Hi Nuxwin



    root@man1:~# netstat -plunt | grep couriertcpd
    tcp6 0 0 :::995 :::* LISTEN 157/couriertcpd
    tcp6 0 0 :::110 :::* LISTEN 158/couriertcpd
    tcp6 0 0 :::143 :::* LISTEN 174/couriertcpd
    tcp6 0 0 :::993 :::* LISTEN 175/couriertcpd


    @Nuxwin


    I have now taken to test a new I-MSCP
    There I have created a new email address and made some pictures
    Unfortunately, I have found no option to switch Outlook in English
    sorry for my bad english, google translator


    step 1


    Bildschirmfoto 2018-03-05 um 08.57.36.png


    step 2 select pop


    Bildschirmfoto 2018-03-05 um 08.58.03.png


    step 3


    Bildschirmfoto 2018-03-05 um 08.58.31.png


    step 4 enter server address and add account


    Bildschirmfoto 2018-03-05 um 08.59.png


    step 5 check in the console


    Bildschirmfoto 2018-03-05 um 09.00.15.png


    step 6 check in Outlook


    Bildschirmfoto 2018-03-05 um 09.00.png


    step 7 change the port in Outlook


    Bildschirmfoto 2018-03-05 um 09.01.09.png


    step 8 check in the console


    Bildschirmfoto 2018-03-05 um 09.01.26.png



    greeting Akinos

    Edited 3 times, last by Akinos: Added pictures ().

  • Hello Akinos, you can experiment with
    TLS_CIPHER_LIST=
    in /etc/courier/pop3d-ssl



    Check out the commented lines in pop3d-ssl for available options



    Some lame mail client will require something like



    Code
    1. TLS_CIPHER_LIST="ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS"
  • Hi @momo ,


    thanks for your suggestion! Sadly, it seems like that wasn't the solution. Both your suggested cipher list as well as the one suggested by Mozilla’s generator ( https://mozilla.github.io/server-side-tls/ssl-config-generator/ ) for „old“ compatibility did not get rid of all the failed connections from Outlook. We even tried allowing TLS_PROTOCOL="SSL3", that didn't help either.


    At this point, I have to admit I'm pretty out of ideas. I'll try switching from courier to dovecot later to see if that helps any.


    Regards,


    Akinos

  • @flames could you perform some test regarding that issue. ive not the mac client...


    Envoyé de mon SM-A510F en utilisant Tapatalk

    badge.php?id=1239063037&bid=2518&key=1747635596&format=png&z=547451206