Outlook 2007 authentication issue

[reliablepenguin]

good suggestion

faris,
I think you're correct that setting up an instance of smtp_psa on an alternate port without relay lock would provide a workaround.

If I understand correctly, relaylock passes and environment variable to qmail_smtpd which signals if a user has been externally authenticated by POP before SMTP. Qmail is then deciding not to advertise SMTP AUTH since the user is already authenticated. If relaylock is not being used then there's not external authentication and SMTP AUTH is advertised.

I'd still like to see Parallels fix this problem. We've got too many email users to move them to different ports depending on their client software configuration. A real solution would involve patching qmail to change the behavior.

Thanks,
Lee

 

[roguepacket]

i have 4 plesk machines, two of which are plesk 8.3 and the other two are plesk 8.2.

ive tried method 2 above (disabling pop3 lock time) on all 4 of the machines, and have even restarted xinetd/qmail, yet none of them mention the auth line in the EHLO response

can anyone tell me what ive done wrong, or is there a step i have missed out?

 

[sbillis]

For Apple Mail and others when using Plesk 8.3 smtp authentication will work if you have enabled mail submission and changed the email port in the client to 587. Qmail will then issue the correct AUTH statements in the email welcome.

 

[jchost]

No outlook users anywhere using my mail service can currently send mail. What in the world is going on?

 

[sbillis]

Can you provide more information please, starting with the version of plesk and also the error if any that your outlook users are getting and the settings on the server.

 

[jchost]

Using Plesk 8.4

This issue is extremely difficult to troubleshoot since I am unable to be at my client's site. However they are continuing to receive "Enter Network Password" messages across the board over and over again. This is happening with Outlook 2000 and 2007, Thunderbird and webmail clients work with no problem. It simply won't AUTH an outlook user.

 

[jchost]

AUTH_LOGIN won't accept any legitimate logins.

however any clients suing AUTH CRAM-MD5 or similar works (WHICH ISNT OUTLOOK).

Test with telnet across the wire:

AUTH LOGIN
334 ************
*******
334 ***********
*********
535 auth failure

and according to my admin yes this is base 64 encoded

 

[jchost]

Someone needs to fix this it is a serious problem I can't believe more people are not complaining right now.

 

[sbillis]

I have experienced this also. The way that I solved it was to turn off the relaying capabilities of the server and then re enable it one at a time. It appears that during the upgrade that this gets broken.

 

[spikestabber]

The cause was the silly package naming scheme swsoft uses for their packages, so qmail never got upgraded for ages. OS version string should be last like on any other RPM package, to avoid this issue in the future.

Also a HUGE request, please add the bindroutes patch for qmail to qmail-remote in the plesk packages. I SHOULD BE ABLE TO SEND MAIL FROM WHATEVER IP I NEED TO RATHER THAN THE DEFAULT THE MACHINE HAS. People do use different mail hosts in many applications, especially if your netblock is overrun by spammers and every RBL under the sun innocently bans your hosting providers entire netblock, its good to use a different clean IP that wont be.

package courier-imap-3.0.8-rhel4.build80060613.20 (which is newer than courier-imap-3.0.8-cos4.build84080425.21) is already installed

package psa-qmail-1.03-rhel4.build80060613.20 (which is newer than psa-qmail-1.03-cos4.build84080425.21) is already installed

package psa-qmail-rblsmtpd-0.70-rhel4.build80060613.20 (which is newer than psa-qmail-rblsmtpd-0.70-cos4.build84080514.18) is already installed

As RHEL4 and COS4 are basically the same thing, and converting from RHEL4 to the other is as simple as yum upgrading, this is a change that often gets overlooked. Although the original primary reason for why this happened is because we used CentOS long before SWSoft supported it, but they supported RHEL just fine and getting Plesk to think it was installing on RHEL worked just fine for any CentOS installation.

 

[sergius]

Gentlemen,

Thank you for the reports.

We attend to investigating and solving the issue. The bugfix is scheduled for the future patches.

 

[paulmasri]

Any news on when the new patch will be available? And will you be notifying us when it is? This is a major problem for us now. Thanks, Paul.

 

[DaveNET@]

Anyone know if this issue has been resolved in any of the recent updates (8.4 or 8.6)?

David

 

[paulmasri]

We've just upgraded to 8.6 and no, it's not fixed yet.
We've tested the above workarounds for Outlook 2007 (not yet tested for Entourage 2004).
Both methods work, but the port 587 solution is understandably faster and that's our preferred workaround.

So, Parallels/swsoft, how soon is the patch coming out? And will it be clear from the documentation? Current documentation saying things like "core upgrade" are very uninformative.

Paul.

 

[jhuedder]

I would also like to ask for a quick patch since this problem must be solved due to correct server operation with many clients on one server

 

[usbusi]

simple workaround

There is one person who provided a simple workaround mid-way through this thread which I think some people have not listened to. I have been using the workaround myself since Outlook 2007 was released, and it works for all my customers who upgrade to Outlook 2007.

It is simply to tell the customer to uncheck the box "my outgoing smtp server requires authentication."

Even when your server is of course requiring authentication, this works around the bug in Outlook 2007 and still authenticates.