Microsoft are famous for ignoring standards and inventing their own so-called standards, and over the years we’ve seen evidence of that in Outlook.
Numerous clients today report that the following applies to Outlook, at least Outlook 2016:
There is no option for STARTTLS for incoming (POP/IMAP) settings. As such, you need to use the older and deprecated option of using port 995 (POP) and 993 (IMAP) over SSL.
Here are the promised screenshots that show how an email program like Thunderbird should be configured.
We will have Outlook screenshots available as soon as possible.
We suspect that clients having problems sending or receiving email have very old legacy configuration settings. Please see the “Email server settings” section below for the definitively correct settings.
Over the weekend we took a deep breath and stepped back to re-analyse this problem, and consult with a number of you. Between…
.. we were awash in red herrings to an extent I have never seen in 22 years.
We’ve taken a look at the behaviour of two of the most used email programs (Thunderbird and Outlook) and come to some conclusions about what might be happening:
So, if you’re having problems sending, it will likely be worth your while to check your SMTP (outgoing) settings; if you’re having problems receiving, it will likely be worth your time to check your POP or IMAP (incoming) settings. I wanted to have some screenshots ready for this post, but I’d rather get the words up now and post screenshots shortly afterwards, so here are the settings you need to use:
I can’t emphasise strongly enough how important it is for you to be precise in setting up this configuration. No setting is “close enough”, and your computer is not smart enough to figure it out; it will just tell you there is an error. Although, having said that, I’d like to emphasise that the niner.net sub-domains with “27” in them — i.e., pop27.niner.net, imap27.niner.net and smtp27.niner.net — do still also work, but they will be phased out; do not use them.
In the case of those email programs that like to railroad you into sending all email through a single SMTP account by default, we suggest that you start with a clean slate there too by deleting all of the saved SMTP accounts (unless you have some on systems that are completely separate from NinerNet) and creating a new one for each of your email accounts. Because your email program may not let you delete the “default” SMTP account, you’ll need to make a new SMTP account the new default, and then delete the old default.
We will post helpful screenshots as soon as possible. In the meantime, please check (and, if necessary, update) your email account settings and ensure that they are correct.
Thank-you.
I have just got off the phone with someone in IT security at MTN head office in Lusaka, and they confirm that they have been blocking our new mail server as part of a wrong-headed plan to prevent MTN users from sending spam. It is likely that the first new mail server was also being actively blocked. He says that our IP addresses will be unblocked within the next ten minutes.
This raises the significant question of whether or not this is now an Africa-wide policy with many other ISPs. Other countries manage to prevent their users from sending spam without holding the keys to a gateway to the Internet, forcing companies like NinerNet to supplicate themselves to the likes of big companies like MTN when we find our businesses held hostage.
This is why we sent the questionnaire out yesterday asking you for details on whether nor not you are still having problems, and for the details of your ISP. Please reply to those emails so that we may determine which ISPs are actively blocking our servers and take the appropriate action.
We have had this report from a client:
I have now reset my LTE unit in our office to factory default and mails are working again on MTN, weird…We will monitor and see if it goes off again
We continue to track the intermittent connections in Zambia. They simply don’t make sense. For example, some MTN customers have no problems connecting, but some do. And some people can connect on MTN, but not Realtime/HAI, or they can connect on Paratus, but not MTN.
But we are slowly managing to narrow things down with a resolution in mind.
We did receive a call from a client who has talked to at least one ISP up on the Copperbelt, and they informed him that they allow some connections but not others, and they allow some connections intermittently such that it works one minute and stops working the next. This is exactly the behaviour our clients are seeing, and it seems to be intentional on the part of at least one Zambian ISP! Now, these are very vague statements, but our client asked us for an email explaining how our system works and is configured that he could send to them. Herewith a copy of our email:
Thanks for your phone call. As I said on the phone, this mail server operates in exactly the same way as the old mail server. There is simply no way to operate a mail server on the Internet that does not conform to the same interoperability standards as every other mail server on the Internet. Sure, the are minor variations on how some things are done internally on all servers, but for server A to talk to server B and deliver an email — or for a personal computer or phone to get that email to server A in the first place — they all have to be talking the same language.
Also, I find it very difficult to understand an ISP saying that they allow some standard behaviour and disallow other standard behaviour. And it’s even more bizarre that they say they allow some behaviour intermittently; what’s the point of that?!
With that editorial out of the way, this is the configuration of both the old and new mail servers:
SOFTWARE:
- MTA (mail transfer agent, i.e., mail server software, SMTP): Postfix
- MDA (mail delivery agent, i.e., POP and IMAP): Dovecot
- Web server (control panel and webmail): Nginx
PORTS (all TLS/SSL):
- POP: 110/995
- IMAP: 143/993
- SMTP: 587
- Web: 443
This is a 100% standard configuration, and as I’ve said before, is exactly the same as it was on the old server … EXACTLY the same.
Any ISP is welcome to contact me directly, by email or phone, to explain why users on our system should be subject to some sort of arbitrary blocking of anything. And they’re welcome to contact me just to ask questions or for a friendly chat. Everyone in the world (barring repressive dictatorships, which I don’t think Zambia has become just yet) uses these same port numbers and configurations.
Please keep me informed. Thanks.
Craig
Are you wondering if our mail server is really up or if we’re “having problems”? We could be lying, but this third-party service will uncover our lies:
Every time we check, mail.niner.net and webmail.niner.net are up. Please check for yourself. In fact, we suggest contacting your ISP and asking them why you cannot reach a server that is alive and well.
You can also check the pop, imap and smtp sub-domains of niner.net, as well as the old pop27, imap27 and smtp27 sub-domains, all of which are working.
We actually do strongly urge you to contact your ISP about the fact that you can only intermittently connect to our mail server. They are the only ones who can help you with your connection to the Internet when it is not working properly.
| Loc. | System | Status | Ping |
|---|---|---|---|
 | NC023 | Operational | Up? |
 | NC028 | Internal | Up? |
 | NC031 | Internal | Up? |
| NC033 | Operational | Up? |
 | NC034 | Internal | Up? |
 | NC035 | Operational | Up? |
 | NC036 | Operational | Up? |
| NC037 | Operational | Up? |
| NC040 | Internal | Up? |
| NC041 | Operational | Up? |
| NC042 | Operational | Up? |
