Questions about older versions of Outlook support connections

Community Support Mail
1

Hello everyone.
I’ve been using Hestia for more than a month, and I’ve learned a lot from DOCS and FORUM, and I’ve solved some problems.

At present, I still have some unresolved questions, such as:
Outlook 2010 I can’t use SSL encrypted connection and Outlook prompts my server not to support the specified connection encryption type.

I realized that maybe my Outlook version is too old because now Thunderbird and Iphone and Webmail work fine.

So, what should I do in a situation like this?

I also have a lot of people around me who use Outlook 2010 and even Outlook 2007/2003 and I hope to find a way to work even in the old Outlook.

Thank you very much.

2

Update /etc/dovecot/conf.d/10-ssl.conf

Change ssl_min_protocal to
ssl_min_protocol = TLSv1.1

4

Thank you so much. :+1:
I’ll try it right away.

5

Hello.

Before the update (Outlook 2003/2010):
POP3 SSL does not work
SMTP SSL is not working

After making the update (Outlook 2003):
POP3 SSL works
SMTP SSL is not working

After making the update (Outlook 2010):
POP3 SSL does not work
SMTP SSL is not working

Thunderbird and Iphone have been working normally.

In the past three hours, I have consulted a lot of information, but I still can’t solve it, even though this problem has bothered me for almost a month, and I have consulted countless materials, of course, my technical level is still very lacking.

6

You changed your Dovecot config to support an obsolete and vulnerable version of TLS on your POP connections, but you did not make a similar change to your SMTP server, Exim.

7

Hello.

In order to take care of the old version of Outlook users, I am also very helpless.
Where is the similar modification of SMTP?

Thank you.

8

Is it to modify exim4.conf.template?
tls_require_ciphers = PERFORMANCE:+VERS-TLS1.1:+VERS-TLS1.2:+VERS-TLS1.3:%SERVER_PRECEDENCE

I added:
+VERS-TLS1.1

9

Probably. I dont use Exim or allow my clients to run obsolete versions of Outlook, so I cannot advise you on how to implement your security downgrade plan.

10

Thank you for your help, I found the information you provided half an hour ago and read it but I still don’t understand.
I’m sorry.

11

hello.

I’m now using Outlook 2003 as the basis for testing.

Re-tested today and found surprising results:
ssl_min_protocol = TLSv1.1
Or revert to pre-update
ssl_min_protocol = TLSv1.2

Outlook 2003 pop3 is not working.

12

That software hasn’t seen any security updates in a decade. No one should be using it on the internet. You do both your users and the internet a great disservice by encouraging people to use vulnerable software. Your time would be better spent migrating your users to secure modern client software.

https://us-cert.cisa.gov/ncas/alerts/TA14-069A-0

1 Like
13

Hello.

I’m well aware of the security implications that these past versions may have, but I can’t change most of the people around me, they need or even ask me to do so.

14

Sure you can. Stop enabling the bad behavior and incentivize the better options. A mutually exclusive choice between using an obsolete version of Outlook and sending or receiving email should be an easy choice for anyone who actually wants their email.

Economic factors are also great motivators. Make the costs so painful and unsustainable that no one will persist in their folly. Raise your rates by 1000% for anyone that refuses to use supported versions of software. Let the problem solve itself.

2 Likes
15

Oh.
Good job.

Thank you.

16

I dont think we should support outdated software, also for office you can get a key for 1-2 USD from ebay or similar software resellers. At least for private usage and without any warranty. And well, @linkp is honestly just right here…