Am 07.06.2014 18:29, schrieb LuKreme: > > On 07 Jun 2014, at 09:53 , li...@rhsoft.net wrote: > >> i condsidered that but it would take weeks and months to >> explain all customers that they have to fix their client configs >> and i see even new configured clients using 25 because the idiotic >> MUA's still default to 25 and burrie the port setting somewhere >> under "expert" or "extended" settings, so you can't do that if >> you have hundrets of customers with all sort of devices > > Don't most modern clients try 25 first, then fall back to other ports (587 > and the stupid one I forget and don't support)?
the stupidity is trying 25 first > When I eliminated connecting on port 25 for clients it was pretty seamless, > albeit most of them are Mac users, so they never even noticed the change. define "modern client" i had *recently* one which client did not work after we switched to a 4096/SHA-256 cert, guess what, Eudora on a Apple machine, yes i answered with "i don't care" *but* i can't answer that all day long for all sort of cases >> iPhones and Apple Mail permanently disable SASL auth for unknown >> reasons or in case of password changes need to re-configure the >> outgoing mailserver seperated from the incoming creating enough >> work for a sysadmins lifetime > > I have no idea what you are talking about; I've never had any issue with > secure connections from iOS or OS X to my mail server did i say anything about secure connections? * the setting for using authentication get lost repeatly if you haven't seen that you have to few Apple users the iPhones try again and again after that send unautheticated * after heartblead we forced all users to change their passwords on the stupid Apple clients you need to change the password seperatly for incoming and outgoing mail while even Outlook for a decase has a checkbox "use same credentials as for incoming mail" * and not the f**ing Apple clients don't ask for the new password after the first error * frankly a trained monkey could develop the code to enter only username and password and try the same credentials on 587 by default instead try first 25 or send unauthenticated the Apple user *never takes notice* if sending fails *never* if you want i can give you a log where the same iPhone for weeks tried every 5 minutes send to "somebody[at]gmail.com" resulting in 150000 error messages on the server side and the user even needed 5 mails and finally a phone call asking what exectly he don't understand in my mails and why t**uck he don't ask or just stop copy blindly protected mail adresses in a client developed by monkeys unable to verify if a address can be valid at all by not containing a @
