Niels K.Jun 28, 2024
Don’t use “Outlook (new)” in #Windows 11. I just did a tcpdump and looked also at my #mail servers when setting up an account in there. The mail client only spoke with Microsoft-servers, never with my mail-servers and I saw on my mail-servers only connections from Microsoft-IPs.
Show threadMartin ███████Jun 28, 2024
@nielsk So would it make sense to block MS on submission and IMAP ports? What legitimate business could they have?
Show threadNiels K.
@unixtippse If your users use the new Outlook which will replace Windows Mail you can’t block them.
Jun 28, 2024 at 10:06amMona for iPhone
Show threadMartin ███████Jun 28, 2024
@nielsk You haven't tested whether it falls back to direct communication, though, have you?
Show threadNiels K.Jun 28, 2024
@unixtippse No, I didn’t. I just had a support team member telling me that Outlook didn’t work and if we can make it work (it worked for him after a reboot) and that’s why I did what I did.
Show threadJ$Jun 28, 2024
@nielsk @unixtippse yes you can. And should.
Show threadNiels K.Jun 28, 2024
@js @unixtippse Well, I operate a mail-platform for external users. I can’t do that because the support-team will kill me.
Show threadJ$Jun 28, 2024
@nielsk @unixtippse Well, I’d say its not up to you to break your spine to create workarounds for broken-by-design end user software. They have plenty of working clients to choose from.
Show threadEndlessMasonJun 29, 2024
@js
That's literally what a support engineer's job is lol
@nielsk @unixtippse
Show threadWolf480plJun 29, 2024
@nielsk @unixtippse I think from a security point of view, it's better when it doesn't work. More than that, every time your server sees a user successfully log in from a Microsoft IP, it should reset (or disable) that user's password, since you have to assume it's compromised.