Since I’m using Thunderbird for my emailing I didn’t know about that problem. But one site I’m hosting recently has Emailusers that are using Microsoft’s Outlook Express 6 (The one that ships with XP).

What I didn’t know is that OE6 neither handles SSL handshakes correctly, nor is able to authenticate the user properly via SASL auth.

So you either get an error saying the server doesn’t support SSL, but you see the server’s reply code being ‘250 OK’.
Or you get an error depending on sender-, helo-, and recipient restrictions you’ve got. In my case I have implemented various checks concerning the hostname of the qualified client and of course RBL. Both will reject the ‘normal’ user connecting with OE6.
Normally, when the client authenticates himself none of the above mentioned checks will be done, and for that matter none of the authenticated clients will be blocked.

But if you’re using OE, you will be. (Is that actually a bad thing? ;) )

So I hope the solution I’m going to test later on is going to work:

For the SSL thing you can add ssl_wrapper_mode to postfix’s main.cf and connect on port 465. That SHOULD be working.

The SASL Auth thing should be fixed by adding ‘broken_sasl-auth_clients = yes’ to main.cf .

I’ll post here whether it worked or not.