Mind Dump, Tech And Life Blog
written by Ivan Alenko
published under license CC4-BY
posted at 19. Oct '22

Tak Microsoft rozjebal SSL spojenie v Outlooku pre Postfix

Tak som dnes riešil, že Outlook 2013 začal vypisovať pri odosielaní pošty chybu:

Úloha ‘jebemnato@myrtana.sk - odosiela sa’ ohlásila chybu (0x800CCC80): ‘Server nepodporuje žiadnu metódu autentifikácie, ktorú podporuje tento klient.’

Postfix písal:

Oct 19 21:05:40 orava postfix/submission/smtpd[33433]: connect from unknown[320.0.0.1]
Oct 19 21:05:41 orava postfix/submission/smtpd[33433]: SSL_accept error from unknown[320.0.0.1]: lost connection
Oct 19 21:05:41 orava postfix/submission/smtpd[33433]: lost connection after STARTTLS from unknown[320.0.0.1]
Oct 19 21:05:41 orava postfix/submission/smtpd[33433]: disconnect from unknown[320.0.0.1] ehlo=1 starttls=0/1 commands=1/2
Oct 19 21:05:41 orava postfix/submission/smtpd[33433]: connect from unknown[320.0.0.1]
Oct 19 21:05:41 orava postfix/submission/smtpd[33433]: lost connection after EHLO from unknown[320.0.0.1]
Oct 19 21:05:41 orava postfix/submission/smtpd[33433]: disconnect from unknown[320.0.0.1] ehlo=1 commands=1

Roundcube v pohode, K9 Mail…v pohode.

S trochou hľadania po nete som zistil, že Microsoft vydal aktualizáciu, ktorá to pokazila. Na to, že nedávno prepustil 1% ľudí, čo bolo nejakých 1000 - stačilo by, ak by alokoval pol človeka, ktorý by otestoval, že veci idú nielen s Exchange, ale aj inými štandardnými SMTP servermi a certifikátom (Let’s Encrypt), čo použiva asi tak 90% internetu.

A potom tu človek číta, že MS sa chce vysrať na štandardy už za pár mesiacov, lebo akonáhle docieli dominanciu, tak sa snaží zničiť všetko ostatné…ako vždy.

MS is trying to push Outlook users into their Office 365 subscriptions. They are retiring “basic authentication” for their O365 service since October and only allow basic authentication until January 31st 2023 when users explicitely re-enable the feature. “Basic authentication” in MS terminology is nothing else than ordinary IMAP, POP and SMTP authentication as all people outside the MS world are using it. MS argues that IMAPS, POPS and SMTPS are no safe methods to authenticate and transmit emails.

Beyond January 2023, no IMAPS, POPS, SMTPS etc. connects will be possible to O365 accounts. As of now they will still work with normal mail servers. But on O365, all users are being forced to stick to “modern authentication”, which “accidentally” happens to work flawlessly with MS Exchange only. To my current knowledge, MS does not provide any support articles that show solutions on how to keep using IMAP, POP or SMTP along with O365 accounts. Also, Outlook in all the modern versions 2xxx never worked right with IMAP outside O365, specificially with folder management, and there are no plans to make it work correctly. It’s moving away from being a good email client and more towards becoming a proprietary Unified Messaging Client for the MS Exchange environment. And we have all seen the long discussions here on the forum on autoconfig failures of Outlook, too. It’s a nice tool, but reality seems to be that MS does not care about normal mail servers much, at least not with Outlook. They do a lot to push their proprietary solution to bind subscribers. Once support for IMAP, POP and SMTP with basic auth to O365 accounts is dropped we can expect their removal for “security reasons” in general. There are no plans made public on that so far, but seeing the path that their ecosystem has taken in the past, I think there is some likelihood that this will be a next step.

So for all of you who want a free mail world, you may want to recommend your customers a migration away from Outlook to other mail clients. It may be difficult to explain, but at least personally I still think it is important that the IT experts are aware of it and are watching this development closely so that they can advise their customers accordingly.

– Peter Debik, https://talk.plesk.com/threads/smtp-encrypted-no-longer-works-since-the-latest-windows-update-kb5018410-at-all-customers.366702/

Neviem nakoľko je to presné, ale nejak by ma to neprekvapilo. Asi sa snažia budovať nejakú utopickú komunikačnú sieť pre viac druhov správ. Načo udržiavať kompatibilitu, že? Ale ja mám rád svoje SMTPs, IMAPs a POP3s. A vlastne aj svoj linuxový server. A svätý kľud.

Druhá vec, čo ma serie je, že vydali mimoriadnu aktualizáciu, ale nie pre Windows 10 22H2, iba staršie verzie. A nie je vo Windows Update, ale iba v korporátnych nástrojoch. No tak si budeme musieť pár týždňov počkať. Mimochodom, prečo má MS také jebnuté stránky, že text v zozname položiek je ok, ale keď rozkliknem danú položku, tak podstatné informácie tam nie sú a je tam iba bordel okolo?

Haha, fakt si niekto myslí, že ľudia budú chcieť čakať pár týždňov a používať Roundcube? Nehrozí, vznikla panika a namiesto používania niečoho iného, začali rozmýšľať, že sa to musí nejak opraviť.

No tak som to “opravil” s:

submission inet n - n - - smtpd
...
-o tls_ssl_options=NO_TICKET
...

Zdroj: https://hodza.net/2022/10/16/kb5018410-outlook-error-0x800ccc1a-postfix-ssl_accepterror/

V niektorých oblastiach MS funguje celkom otvorene, ale časť Office je horor. Už sa teším, kedy mi zrušia Skype a nahradia MS Teams 365 (to má byť vtip). A nikdy ma nanatlačia do ich cloudu.

Add Comment