Unitrends and Office365
-
@ajstringham said:
@scottalanmiller I understand. But he was saying that changing some settings was supposed to allow you to use Office365 like someone uses their on-premise Exchange, which is confirmed to work natively no problem (on-premise Exchange). That's what I'm saying.
Even on premise doesn't work properly. You have to disable security for it to work. Office 365 just doesn't allow to violate that best practice.
-
@scottalanmiller I've never seen you have to disable security for on-premise Exchange. I would know.
-
@ajstringham said:
@scottalanmiller I've never seen you have to disable security for on-premise Exchange. I would know.
You do. Obviously, as the issue is lacking TLS.
-
@scottalanmiller said:
@ajstringham said:
@scottalanmiller I've never seen you have to disable security for on-premise Exchange. I would know.
You do. Obviously, as the issue is lacking TLS.
That would be an interesting question to bring up among the installations team. I'm going to get some confirmation on this. I'll update back shortly.
-
Scott, what do you mean disable security? Surely Office 365 does not require TLS for email?
Do you mean that the Unitrends can't act as a client of O365 because it can't send via TLS? So the disabling of security in an on premise Exchange setup you mean to say that you have to allow unauthenticated (or at least plain text authentication) for on prem to work? -
As far as Office365 goes:
http://office.microsoft.com/en-us/outlook-help/settings-for-pop-and-imap-access-HA102908389.aspxAs far as on-premise Exchange goes, I've never seen or been told you have to disable security of any kind. That's what's confusing me. Why would on-premise work but not Office365? Something just isn't adding up. Working on getting definite answers now.
-
@ajstringham I bet that it's because the Unitrends box can't do secure POP, only insecure POP. It all hinges on the fact that Unitrends probably doesn't have the features installed to allow TLS connections.
-
@Dashrender said:
@ajstringham I bet that it's because the Unitrends box can't do secure POP, only insecure POP. It all hinges on the fact that Unitrends probably doesn't have the features installed to allow TLS connections.
Unitrends has no reason to use POP. It doesn't receive email. Only sends out reports.
-
@ajstringham said:
@Dashrender said:
@ajstringham I bet that it's because the Unitrends box can't do secure POP, only insecure POP. It all hinges on the fact that Unitrends probably doesn't have the features installed to allow TLS connections.
Unitrends has no reason to use POP. It doesn't receive email. Only sends out reports.
Which leads to something I've never really understood. When using POP/SMTP clients, SMTP is used to send the email to a local(ish) server. Why can't the client send directly to the receiving side? This implies some sort of difference in client SMTP vs Server SMTP.
??
-
@Dashrender said:
Scott, what do you mean disable security? Surely Office 365 does not require TLS for email?
Do you mean that the Unitrends can't act as a client of O365 because it can't send via TLS? So the disabling of security in an on premise Exchange setup you mean to say that you have to allow unauthenticated (or at least plain text authentication) for on prem to work?Office 365 certainly does require TLS. And on premise should always have to. That's been best practice for a long time.
-
@Dashrender said:
Scott, what do you mean disable security? Surely Office 365 does not require TLS for email?
Do you mean that the Unitrends can't act as a client of O365 because it can't send via TLS? So the disabling of security in an on premise Exchange setup you mean to say that you have to allow unauthenticated (or at least plain text authentication) for on prem to work?Yes. For Unitrends only clear text works.
-
@ajstringham said:
As far as Office365 goes:
http://office.microsoft.com/en-us/outlook-help/settings-for-pop-and-imap-access-HA102908389.aspxAs far as on-premise Exchange goes, I've never seen or been told you have to disable security of any kind. That's what's confusing me. Why would on-premise work but not Office365? Something just isn't adding up. Working on getting definite answers now.
@ajstringham said:
As far as Office365 goes:
http://office.microsoft.com/en-us/outlook-help/settings-for-pop-and-imap-access-HA102908389.aspxAs far as on-premise Exchange goes, I've never seen or been told you have to disable security of any kind. That's what's confusing me. Why would on-premise work but not Office365? Something just isn't adding up. Working on getting definite answers now.
Lots of details are left out. You know that TLS isn't supported. So you know that requiring it has to be disabled. So just put two and two together. You already have the answer, just not spelled out.
-
@Dashrender said:
@ajstringham said:
@Dashrender said:
@ajstringham I bet that it's because the Unitrends box can't do secure POP, only insecure POP. It all hinges on the fact that Unitrends probably doesn't have the features installed to allow TLS connections.
Unitrends has no reason to use POP. It doesn't receive email. Only sends out reports.
Which leads to something I've never really understood. When using POP/SMTP clients, SMTP is used to send the email to a local(ish) server. Why can't the client send directly to the receiving side? This implies some sort of difference in client SMTP vs Server SMTP.
??
I don't follow your question. SMTP is SMTP. What is the client and receiving sides in your question?
-
If I'm using Thunderbird as an email client, I have to setup a POP3 and a SMTP server - why do I need an SMTP server setup? Why doesn't Thunderbird try to make and SMTP connection directly with the server that's responsible for the email I'm sending to? i.e. I'm sending one to you at NTG why doesn't Thunderbird do an MX lookup for NTG.CO, connect and send?
-
@Dashrender The SMTP server does that. You're talking about a P2P setup and that's just not possible. SMTP does the sending. No way around that.
-
@scottalanmiller said:
@ajstringham said:
As far as Office365 goes:
http://office.microsoft.com/en-us/outlook-help/settings-for-pop-and-imap-access-HA102908389.aspxAs far as on-premise Exchange goes, I've never seen or been told you have to disable security of any kind. That's what's confusing me. Why would on-premise work but not Office365? Something just isn't adding up. Working on getting definite answers now.
@ajstringham said:
As far as Office365 goes:
http://office.microsoft.com/en-us/outlook-help/settings-for-pop-and-imap-access-HA102908389.aspxAs far as on-premise Exchange goes, I've never seen or been told you have to disable security of any kind. That's what's confusing me. Why would on-premise work but not Office365? Something just isn't adding up. Working on getting definite answers now.
Lots of details are left out. You know that TLS isn't supported. So you know that requiring it has to be disabled. So just put two and two together. You already have the answer, just not spelled out.
Scott, what I'm saying is I've never seen it anywhere in writing or been verbally told that when a client uses on-premise Exchange that they must disable TLS/security. It seems to me if that was the case that Unitrends would automatically be eliminated as an option by anyone in any kind of field with sensitive data (healthcare, finance, government, etc).
-
And I know for a fact they have clients with sensitive data. I've done the setup. They had on-premise Exchange. They checked to use authentication against the email server.
-
@ajstringham I understand that it's P2P but the protocol Thunderbird and tons of other clients is using is called SMTP, the same that Exchange, Domino and every other email server use to send messages to each other.
-
Then again, perhaps that's why it works with on-premise and not hosted. On-premise may be authenticating locally via AD so Kerberos, etc and bypassing authenticating against SMTP directly. Almost a relay workaround?
-
@ajstringham said:
And I know for a fact they have clients with sensitive data. I've done the setup. They had on-premise Exchange. They checked to use authentication against the email server.
Sure they use authentication, but it's probably in clear text, not over SSL/TLS.
I'm guessing that on premise Exchange does not require TLS connections from clients by default - you are suppose to enable it because Best Practices tell you to.
I know I use authentication from my copy machines to send email, etc.. but they don't support TLS either, so I know internally my clients don't have to use TLS to connect to Exchange.