-
-
Notifications
You must be signed in to change notification settings - Fork 789
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Outlook 2016 login error #2905
Comments
What is your TLS_FLAVOR set to? Do you use a reverse proxy? Can you confirm which version of Mailu and Windows this is with please? |
Hello, TLS_FLAVOR is letsencrypt, mailu 2.0, window7, this is my mailu.env Mailu main configuration fileThis file is autogenerated by the configuration management wizard for compose flavor.For a detailed list of configuration variables, see the documentation athttps://mailu.io################################### Common configuration variables################################### Set to a randomly generated 16 bytes stringSECRET_KEY=K1OZYJRLMWYNX7 Subnet of the docker network. This should not conflict with any networks to which your system is connected. (Internal and external!)SUBNET=192.168.203.0/24 Main mail domainDOMAIN=mailu.v5.cn Hostnames for this server, separated with comasHOSTNAMES=mailu.v5.cn Postmaster local part (will append the main mail domain)POSTMASTER=admin Choose how secure connections will behave (value: letsencrypt, cert, notls, mail, mail-letsencrypt)TLS_FLAVOR=letsencrypt Authentication rate limit per IP (per /24 on ipv4 and /48 on ipv6)AUTH_RATELIMIT_IP=5/hour Authentication rate limit per user (regardless of the source-IP)AUTH_RATELIMIT_USER=50/day Opt-out of statistics, replace with "True" to opt outDISABLE_STATISTICS=False ################################### Optional features################################### Expose the admin interface (value: true, false)ADMIN=true Choose which webmail to run if any (values: roundcube, snappymail, none)WEBMAIL=roundcube Expose the API interface (value: true, false)API=false Dav server implementation (value: radicale, none)WEBDAV=radicale Antivirus solution (value: clamav, none)ANTIVIRUS=clamav Scan Macros solution (value: true, false)SCAN_MACROS=true ################################### Mail settings################################### Message size limit in bytesDefault: accept messages up to 50MBMax attachment size will be 33% smallerMESSAGE_SIZE_LIMIT=400000000 Message rate limit (per user)MESSAGE_RATELIMIT=200/day Networks granted relay permissionsUse this with care, all hosts in this networks will be able to send mail without authentication!RELAYNETS= Will relay all outgoing mails if configuredRELAYHOST= Enable fetchmailFETCHMAIL_ENABLED=true Fetchmail delayFETCHMAIL_DELAY=600 Recipient delimiter, character used to delimiter localpart from custom address partRECIPIENT_DELIMITER=+ DMARC rua and ruf emailDMARC_RUA=admin Welcome email, enable and set a topic and body if you wish to send welcomeemails to all users.WELCOME=false Maildir Compressionchoose compression-method, default: none (value: gz, bz2)COMPRESSION= change compression-level, default: 6 (value: 1-9)COMPRESSION_LEVEL= IMAP full-text search is enabled by default. Set the following variable to off in order to disable the feature.FULL_TEXT_SEARCH=off################################### Web settings################################### Path to redirect / toWEBROOT_REDIRECT=/webmail Path to the admin interface if enabledWEB_ADMIN=/admin Path to the webmail if enabledWEB_WEBMAIL=/webmail Path to the API interface if enabledWEB_API= Website nameSITENAME=测试邮箱 Linked Website URLWEBSITE=https://mailu.v5.cn ################################### Advanced settings################################### Docker-compose project name, this will prepended to containers names.COMPOSE_PROJECT_NAME=mailu Number of rounds used by the password hashing schemeCREDENTIAL_ROUNDS=12 Header to take the real ip fromREAL_IP_HEADER=X-Real-IP IPs for nginx set_real_ip_from (CIDR list separated by commas)REAL_IP_FROM=172.1.1.180 choose wether mailu bounces (no) or rejects (yes) mail when recipient is unknown (value: yes, no)REJECT_UNLISTED_RECIPIENT= Log level threshold in start.py (value: CRITICAL, ERROR, WARNING, INFO, DEBUG, NOTSET)LOG_LEVEL=WARNING Timezone for the Mailu containers. See this link for all possible values https://en.wikipedia.org/wiki/List_of_tz_database_time_zones#TZ=Etc/UTC Default spam threshold used for new usersDEFAULT_SPAM_THRESHOLD=80 API token required for authenticating to the RESTful API.This is a mandatory setting for using the RESTful API.API_TOKEN=7DV0GDJD18PI51ORZY67J************** |
Thank you for the information. Odds are your Windows installation is not configured to use TLS1.2. Please ensure you have applied all outstanding updates and if that does not work, follow the steps at: https://my.kualo.com/knowledgebase/33_windows---configuring-email/1403_how-to-enable-tls-v1.1v1.2-for-windows-78-and-outlook-200720102013.html If none of this work, please visit https://clienttest.ssllabs.com:8443/ssltest/viewMyClient.html and send us a screenshot of the "Protocol Features" part of that page |
thank you, do mailu support TLS1.1, how to configuration it? |
No it does not. If you want to configure it, you can tweak the settings in the file at |
Hello, I had set tls.conf, and reload nginx, but still not work! my tls.conf is below: ssl_certificate /certs/letsencrypt/live/mailu-ecdsa/nginx-chain.pem; ssl_session_timeout 1d; |
Do you still get the same error in the logs? |
yes, it's still the same error |
Does it work with other clients? (that are not Outlook) If not, can you share the IP address of the server? "no application protocol" is very weird. The client is not supposed to request one for IMAPS and the server should just disregard what it doesn't know about without making it an error. Do you have any device that may man-in-the-middle the client and server? |
I am seeing also a similar error |
@outbackdingo please open a different ticket. This one is about "SSL routines::no application protocol", you seem to be experiencing "SSL routines::no shared cipher" |
oddly enough, mines fixed on a redeploy of them helm charts... |
do you share your website's(test.mailu.io) nginx.conf and tls.conf, Let me refer to it |
The config is at https://github.com/Mailu/infra/tree/master It's different though as we use a reverse proxy |
|
try the same command without |
I found the error code in : https://www.rfc-editor.org/rfc/rfc7301.html |
Can you capture the network traffic of what outlook sends please? We need the ClientHello to find out what is going on here. |
Transport Layer Security |
file_outlook_mail_tls1.2_112301.zip |
I am sorry but I am having problems understanding what is going on with the capture here. Which IP address is the outlook client? I can see some unencrypted pop3 ... The only SSL transaction that fails with "No application protocol" does not look like it could be outlook: the ALPN is set to |
client: 180.102.32.202 |
There is a client connecting to POP3 (port 110) where the transcript reads:
And then the TCP session ends and gets reset. That could be outlook. Is that what we are looking for? |
Which version of Windows do you run outlook from? Outlook likely uses Schannel which is updated via windows update. |
win7 outlook2016 |
when I login with we work(ios client) is steel the same error |
Let's do one client at a time please. Can you post screenshots of how the client is configured? |
I am sorry but this does not make sense to me. Which client is that? It does not look like win7/outlook2016. |
Issues not for bugs, enhancement requests or discussion go stale after 21 days of inactivity. This issue will be automatically closed after 14 days. Mark the issue as fresh by simply adding a comment to the issue. |
That is probably the chinese outlook operated by 21vianet |
when i login with outlook 2016, IMAP 993 SMTP 465
front_1 | 2023-08-13T16:38:30.456819297+08:00 2023/08/13 16:38:30 [info] 34#34: *828 client 221.226.197.207:35162 connected to 0.0.0.0:993
front_1 | 2023-08-13T16:38:30.457377125+08:00 2023/08/13 16:38:30 [info] 35#35: *829 client 221.226.197.207:35161 connected to 0.0.0.0:993
front_1 | 2023-08-13T16:38:30.457640854+08:00 2023/08/13 16:38:30 [info] 34#34: *828 SSL_do_handshake() failed (SSL: error:0A0000EB:SSL routines::no application protocol) while SSL handshaking, client: 221.226.197.207, server: 0.0.0.0:993
front_1 | 2023-08-13T16:38:30.460083870+08:00 2023/08/13 16:38:30 [info] 35#35: *829 SSL_do_handshake() failed (SSL: error:0A0000EB:SSL routines::no application protocol) while SSL handshaking, client: 221.226.197.207, server: 0.0.0.0:993
The text was updated successfully, but these errors were encountered: