[6467] in Release_7.7_team

home help back first fref pref prev next nref lref last post

Problem with username.mail.mit.edu for Exchange

daemon@ATHENA.MIT.EDU (Evan Broder)
Mon Oct 12 14:44:49 2009

Message-ID: <4AD37917.2040800@mit.edu>
Date: Mon, 12 Oct 2009 14:44:39 -0400
From: Evan Broder <broder@MIT.EDU>
MIME-Version: 1.0
To: "release-team@mit.edu" <release-team@mit.edu>
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
X-Spam-Flag: NO
X-Spam-Score: 0.00

I noticed today that username.mail.mit.edu doesn't work for Exchange
users, because mail clients are expecting an SSL certificate that
matches username.mail.mit.edu, and imap.exchange is serving up a
*.exchange.mit.edu cert.

None of Thunderbird, alpine, or mutt are as fascist about certificate
validation as Firefox - they all provide a single click/keypress to get
through the error, but it's still kind of unfortunate.

We could potentially work around this in all of our clients by testing
if the user is on Exchange and doing things differently.

We could also declare that we don't support anything but OWA on Athena.

But I think the best solution would be for user.mail.mit.edu to point to
a different IP address than imap.exchange.mit.edu, and have that
separate daemon present a *.mail.mit.edu certificate. This has the
advantage of not being an Athena-specific solution, since any Exchange
user using user.mail is affected by this. On the other hand, it is not a
simple solution.

Anybody have thoughts on which we should go for?

In other news, I think we need a /much/ more formal policy on testing
mail changes, given how regularly we've screwed it up.

- Evan

home help back first fref pref prev next nref lref last post