TUHH > Service > Computer Centre > Well-known errors and troubles

Well-known errors and bugs

Data security

To encrypt the communication to the mail server, Outlook Express, Outlook 2000, Outlook XP and Outlook 2003 are using the outdated and not recommended encryption algorithm RC4. Only if you use Outlook 2007 in conjunction with Windows Vista or later the much safer encryption AES128 is being used. But even though Windows does not use ephemeral keys for encryption. That means that captured network traffic between our server and your outlook can be decrypted even after years, if our privat server key ever gets to the wrong people.

In contrast: Mozilla and Thunderbird use AES256 with Diffie-Hellmann Ephemeral Key Exchange for a long time now. That means that for every connection a new session key is generated which is thrown away at the end of the connection. As far as known, decrytion of network capture afterwards is not possible.

Conclusion: If you are security aware and do not want to use Thunderbird, upgrade at least to Outlook 2007 and Windows Vista.

Sending email with SMTP and STARTTLS to Port 587

Outlook 2000

To my experience OL 2000 cannot send emails using SMTP and STARTTLS through any other port than the standard port 25. This is a well-known bug in Outlook 2000 (MS: This behavior is by design.), see also http://support.microsoft.com/default.aspx?scid=kb;en-us;Q307772.

Reason: Microsoft supports the standard procedure first starting with Outlook 2002.

Conclusion: For some time we are able to support the outdated and not standardized protocol "SMTP over SSL" on port 465. According to our experience OL2000 does not have problems when using this port and protocol. So please enable encryption and use port 465 with these programs.

Outlook XP/2002

Outlook 2002 should support STARTTLS on any port. However due to a race condition in the code it doesn't do it very reliable. Especially after installation of office servicepack 1, 2 or 3 it almost never works on ports other than 25.

Microsoft has confirmed this bug and has released a Hotfix for us: KB829346

In the meantime this Hotfix has been integrated into a so called "Outlook 2002 post-Service Pack 3 hotfix package". As long as there is no Service Pack 4, search in the Knowledge Base for "KB829346" and download and install the post-service-pack-hotfix-package.

Outlook 2003

OL2003 has had the same problems as OL2002. The hotfix which was required in the past to fix it is not necessary any more because it was integrated into the service pack 2 and later.

Please install the latest Office 2003 Service Pack!

You can find Office updates at http://office.microsoft.com/

The behavior of Outlook is still not perfect: When sending mails encrypted to the SMTP server and the SMTP server is unreachable, e.g. due to mobile internet connection and a dead spot, or the SMTP server is down or has closed Port 587 (or Port 25) e.g. due to high system load, OL get's into a state, where it cannot send out any mail any more. In such a case you get strange error messages like: 

Task 'xyz - Sending' reported error (0x800CCC7D) : 'Your outgoing
(SMTP) server does not support SSL-secured connections. If SSL-secured connections
have worked in the past, contact your server administrator or Internet service
provider (ISP).'
and 
Task 'xyz - Sending' reported error (0x8004210B) : 'The operation timed
out waiting for a response from the sending (SMTP) server. If you continue to receive
this message, contact your server administrator or Internet service provider (ISP).'
In such a case you need to wait for your network connection coming back or the SMTP server to open the port again. Then you need to restart Outlook 2003!

The reason for all these trouble seems to be that OL tries to autodetect if SSL is spoken on the port immediately (SMTPS) or after negotiation with STARTTLS. It does so by first initiating a raw SSL connection to the port. If this connection attempt has failed for two times, it will initiate a third connection attempt without SSL to see if SMTP is spoken.

This autodections seems to be complicated and fails e.g. if the mailserver is unreachable or has the port closed.

Outlook 2007

Usage of Outlook 2007 is strongly recommended as none of the above problems are known.