SSL/TLS problem on POP3 and SMTP / Dreamhost<->Outlook.com


#1

I have a domain that I’m migrating from Google Apps to Outlook.com. I’ve hosted the email for the domain at Dreamhost and can successfully POP3/SMTP the email to Outlook.com using the following settings:

POP3 - mail..com port 110
SMTP - mail..com port 587

The problem arises when I try to “require an SSL connection” in the options on Outlook.com. When checking this option, I get an error that says, “there was a problem connecting to the POP3 or SMTP server” (unfortunately, there are no additional details.) I’ve tried the following:

using port 995 for POP3 for SSL/TLS
using port 25/465 for SMTP for SSL/TLS

These fail with the same error as well.

I’ve read that there’s a certificate issue with Dreamhost and some SSL/TSL connections so I repeated all the above steps but substituted:

sub3.homie.mail.dreamhost.com for mail..com

After I do this, I’m can get a non-SSL/TSL connection to the Dreamhost POP3/SMTP server from Outlook.com but still can’t get TLS/SSL to work (again, trying all the different ports.)

Two more points:

  • this is Outlook.com not Outlook or Outlook Express
  • 995/25/465 are the only other options that Outlook.com provides in addition to the defaults of 110/587

So, any ideas? Has anyone been able to get SSL/TLS POP3-SMTP connections to work between Outlook.com and Dreamhost?

Thanks in advance - David


#2

This probably doesn’t help you but I checked an office365 account (i.e. outlook.office365.com) that POPs email from a dreamhost email box.

When you set up the account it auto configures with SSL by itself by simply providing the email address and password. Then if I edit that config it shows me that it’s using 993 as the inbound port but doesn’t show me how the smtp is configured. I know however from other configurations that port 587 does work for smtp using SSL.


#3

Thanks for the reply. BTW, I think you meant 995 vs. 993, right?

Unfortunately, there isn’t an auto-config in Outlook.com (you have to specify the port.) I’ve tried to switch to 995 and 587 but no luck w/SSL/TLS.

I suspect this is a Dreamhost certificate problem but what I really need is some diagnostic info from the Outlook.com side of the POP3/SMTP negotiation. Unlike Outlook/Outlook Express, there isn’t much any other than, “there was a problem…”


#4

No I meant 993, technically that’s an IMAP port tho, not POP3

Actually I have an outlook.com account and just went and played with it (sorry I was short on time earlier).

There is an auto-configure, and it works, but it doesn’t auto-configure for SSL. To use it just type the email address and password without touching the “Advanced options” link, and it will find the dreamhost mail server and configure correctly but without SSL.

Once I got that working, I started editing and found that if I use the alternate server address (which bypasses the certificate issue) mail still connects. So then I switched to ports 995 for POP and 587 and checked the SSL boxes, retested, and it worked.

The ONLY differences from what you typed and what I did are:
– I’m on a different dreamhost mail cluster than you so I used a different alt address. Those addresses can be found here: http://wiki.dreamhost.com/Certificate_Domain_Mismatch_Error
– I used baby steps: autoconfigued, tested, then changed the servername and tested again, then changed ports and added the SSL check-box and retested.

If you’re still having trouble, one relevant test that you should make if you can is to configure outlook (the client) or TB using POP3, sub3.homie.mail.dreamhost.com, SSL and 995/587 and see if THAT works. If it won’t there, then there could be a problem with sub3.homie.mail.dreamhost.com that doesn’t exist on my mail cluster.


#5

Thanks a bunch! Just checked and I’m on sub4 after all. I just deleted my settings at Outlook.com and will try to re-add the email account in a few minutes using your step (e.g. autoconfig, etc.)

Will post results – thanks again for drilling into this.

David
[hr]

No luck :frowning:

Did your steps as follows:

Error is: There’s a problem connecting to the POP3 mail server.

Weird.


#6

Between 2 and 3 did you actually send and receive or just rely on “it saved without error”? I only say that because sending/receiving may be updating something on the outlook.com server, that then allows it to like the dreamhost server with ssl and port 995.

FWIW when I went in and tried to configure manually all at once (which I did before taking baby steps to find out where it failed) I did get the error message you reported.

The other thing that you can do (as I said before) is to try and get it working with a local client first to find out if there are any oddities on your mail cluster preventing 995 from working. Then at least you know who to open a support ticked with (dreamhost if it won’t configure with a local client and MS if the dreamhost side seems to behave properly). Not saying that you have to USE the local client (your obviously interested in a webmail client) just do it to find out what works and what’s broken.


#7

Yes, I sent an email and received an email between steps 2/3 but it didn’t help. I now think it’s a Dreamhost problem.

I installed Thunderbird and see the following behavior:

  • POP3/SMTP 110/587 work without encryption
  • I get a cert error so I use sub4.homie.mail.dreamhost.com
  • When I try to select 995/587 and select SSL/TLS, I get the following error:

Thunderbird failed to find the settings for your email account.

Which is weird because the settings for my account are found when I don’t use SSL/TLS.

Since Outlook.com and Thunderbird are both failing to make the TLS/SSL connection, I think that’s pointing to Dreamhost.

I’ll open a ticket.


#8

One more post on this. I took a different domain hosted by Dreamhost, tried to access POP3/SMTP via SSL/TLS with Outlook.com and no luck.

Same failure even when I tried the step-by-step approach.

Ticket is in – will let you know if there’s any resolution.


#9

One final reply for anyone else who’s been reading/tracking this thread.

The short version is that I’m convinced this is a Dreamhost issue/limitation but I’ve been unable to convince the tech staff.

The (slightly) longer version is:

  • I have two domains hosted at Dreamhost and I can send/receive email from these accounts from Outlook.com and Thunderbird if I’m not using SSL/TLS
  • when I attempt to turn on SSL/TLS, both Outlook.com and Thunderbird fail with errors
  • I’m confident that I’m using the correct ports
  • Finally, a co-worker confirmed he could use Outlook.com to SSL/TLS access POP3/SMTP email hosted at GoDaddy

The fact that both Outlook.com and Thunderbird fail would seem to point to a Dreamhost issue (plus my co-worker’s demonstration) but Dreamhost suggested I contact Microsoft and Thunderbird for resolution.

Clearly something weird is going on here (i.e. Lake Rat was able to get POP3/SMTP working over SSL/TLS to the same mail cluster but it wasn’t straightforward and involved turning on the options in a particular order) and while I give Dreamhost some credit for their quickly reply via Twitter last night, I still think the issue is on their end.

Bottom line, this is blocking a migration from Google Apps.


#10

https://sabrextreme.com/mailserver/


#11

ding…ding…ding. Winner!

Thanks – apparently, Dreamhost uses one domain for non-encrypted POP3/SMTP connections and a different domain for TLS/SSL POP3/SMTP.

For example, for non-encrypted connections, it’s - sub4.homie.mail.dreamhost.com

For TLS/SSL, it’s -

sub4.mail.dreamhost.com

As far as I can tell, this isn’t documented and Dreamhost tech support didn’t know it. Dropping them an email right now.

Anyway, it’s now working – thanks sXi!!!


#12

The problem you ran into is that RFC compliant clients and systems will accept a Wildcard SSL without issue on a 1st level sub, but baulk at anything deeper due to a rule that the “*” character in a certificate may represent only a single domain component or fragment.

It’s a pesky rule that is not entirely obvious.


#13

Yep, but it’s poor documentation as well. I’d guessed that I had a certificate issue when mail..com didn’t work. Unfortunately, the Dreamhost documentation said to try:

sub#.homie.mail.dreamhost.com

but made no mention that sub#.mail.dreamhost.com was the correct address for SSL connections (of if it did, I sure didn’t see it.)