Am 07.06.2014 22:53, schrieb LuKreme: >> On 07 Jun 2014, at 10:39 , li...@rhsoft.net wrote: >> >> Am 07.06.2014 18:29, schrieb LuKreme: >>> >>> On 07 Jun 2014, at 09:53 , li...@rhsoft.net wrote: >>> >>>> i condsidered that but it would take weeks and months to >>>> explain all customers that they have to fix their client configs >>>> and i see even new configured clients using 25 because the idiotic >>>> MUA's still default to 25 and burrie the port setting somewhere >>>> under "expert" or "extended" settings, so you can't do that if >>>> you have hundrets of customers with all sort of devices >>> >>> Don't most modern clients try 25 first, then fall back to other ports (587 >>> and the stupid one I forget and don't support)? >> >> the stupidity is trying 25 first > > That is still what most servers support or even require.
well, and now tell me a valid reason that a mail-client while setup a new account could not do a simple check if 587 is available and only in case it's not available fall back to 25 >>> When I eliminated connecting on port 25 for clients it was pretty seamless, >>> albeit most of them are Mac users, so they never even noticed the change. >> >> define "modern client" >> >> i had *recently* one which client did not work after we >> switched to a 4096/SHA-256 cert, guess what, Eudora on >> a Apple machine, yes i answered with "i don't care" > > Eudora? Eudora hasn’t been supported for many many years,a nd hasn’t had > much if any envelopment on it for a decade. Certainly not modern in any > sense of the word. i know that you know that now the customer knows fine if something affects only a few customers but that don't change the fact taht if you have to support hundrets of them you can chose between be careful or face a support nightmare after changes >>>> iPhones and Apple Mail permanently disable SASL auth for unknown >>>> reasons or in case of password changes need to re-configure the >>>> outgoing mailserver seperated from the incoming creating enough >>>> work for a sysadmins lifetime >>> >>> I have no idea what you are talking about; I've never had any issue with >>> secure connections from iOS or OS X to my mail server >> >> did i say anything about secure connections? > > You said SASL auth in the world i live SASL has nothing to do with the connection a secure connection by defintion is encrypted with TLS >> * the setting for using authentication get lost repeatly >> if you haven't seen that you have to few Apple users >> the iPhones try again and again after that send unautheticated > > Never seen that. Run OS X and iOS all day every day, as do many users. fine for you, i have that problem mutiple times each month for multiple customers as well as sometimes even for people in the own company which for sure have no new iPhone >> * after heartblead we forced all users to change their passwords >> on the stupid Apple clients you need to change the password seperatly >> for incoming and outgoing mail while even Outlook for a decase has >> a checkbox "use same credentials as for incoming mail” > > Since incoming and outgoing can be different, that’s really not that big a > deal. it *can* be different, most time it is not and even if POP3/IMAP is not the same server the user database is shared i know nobody on this planet maintaining different user databases for SMTP and IMAP/POP3 >> * and not the f**ing Apple clients don't ask for the new password >> after the first error > > That’s certainly not true. I get asked for my Gmail password all the > damn time (because Google app specific password for 2-factor users don;t work > well). it is true otherwise you can't explain why people in the same room had that problem >> * frankly a trained monkey could develop the code to enter only username and >> password and try the same credentials on 587 by default instead try first 25 >> or send unauthenticated > > Sorry, this is not what happens unless, maybe, you allow unauthenticated > submission on port 25? Dunno, I never did that. surely, i allow that from my_networks otherwise any switch, heat sensor and what not would need SASL accounts > Mail.app and iOS first try port 25, then try 587, then try… I think it’s 465? and *that* is plain stupid first 587 and *then* 25 is the way to go >> the Apple user *never takes notice* if sending fails *never* > > That is not true. If sending fails it tells you and asks if you want to use a > different > server (if more than one is configured) or asks you ant you want to do, > including > try-again or edit the message. ah so you explain me all the thousands of lines in my maillog from iPhones using invalid RCPT's, no authentication at all and trying over weeks every 5 minutes did not happen - than the postfix log lies or you have only very few users >> if you want i can give you a log where the same iPhone for >> weeks tried every 5 minutes send to "somebody[at]gmail.com" >> resulting in 150000 error messages > > If you server reject the email, both iOS and OS X do not retry. I have no > idea > what you (or your user) did to generate 150,000 error messages, but that is > not > what has ever happened here. You cannot send a mail from Apple mail or > iOS to “someone[at]gmail.com. It will reject it before sending. it will *not* reject it before sending the **** with his iPhone needed even handholding to remove hat message from the outgoing folder and tried to explain me he can't delete it the other one tried over *6 months* again and again send unauthenticated after this crap device got stolen and i was even able to tell him day and time when it was stolen from the maillog > https://www.dropbox.com/s/tm6bvy7v8t1kuu9/Screenshot%202014-06-07%2014.48.53.PNG > > If you try to send it anyway, you get: > > https://www.dropbox.com/s/wwpvycgcopn8q7u/Screenshot%202014-06-07%2014.50.38.PNG that screen is hardly an iphone > The behavior of iOS is similar, though i does not ask you for another server, > it just says the address was rejected by the server and the message was not > sent. yes, because my postfix rejects such messages but what happens is that it is retried again and again proven by psotfix logs and after call the user bad names it stopped *weeks* before the first attempt >> on the server side and the user even needed 5 mails and finally a phone call >> asking what >> exectly he don't understand in my mails and why t**uck he don't ask or just >> stop copy >> blindly protected mail adresses > > So your user is dumb? he is just an Apple user and i face that problems with around 5 up to 10 users each month - now guess if all the users are dumb or Apple is to dumb for create a sane mail client >> in a client developed by monkeys > > You sound a lot like an anti-Apple bigot with an axe to grind. guess why - *because* that crap devices are stealing my time for years >> unable to verify if a addresscan be valid at all by not containing a @ > > Again, I don’t know what happened, but what you describe is simply not at all > how anything works. i know my server logs, they are real
