RE: [squid-users] Exchange Server 2007 + Outlook 2007 + Squid Proxy

From: Jason Staudenmayer <jasons_at_adventureaquarium.com>
Date: Fri, 13 Aug 2010 14:19:49 -0400

And there's one more reason for me not to upgrade to MS Exchange 07. I'd love to ditch it.

> -----Original Message-----
> From: Kale D. Michels [mailto:kmichels_at_HRI-DHO.com]
> Sent: Friday, August 13, 2010 2:12 PM
> To: Jason Staudenmayer
> Cc: squid-users_at_squid-cache.org
> Subject: RE: [squid-users] Exchange Server 2007 + Outlook
> 2007 + Squid Proxy
>
>
> Thanks. That does sound like a solid explanation to the
> issue. I don't recall ever having any issues with msft
> exchange 2003 but as soon as we upgraded all of these issues
> arose. Thanks for your help on this.
>
> ~Kale
>
> -----Original Message-----
> From: Jason Staudenmayer [mailto:jasons_at_adventureaquarium.com]
> Sent: Friday, August 13, 2010 1:08 PM
> To: Kale D. Michels
> Cc: squid-users_at_squid-cache.org
> Subject: RE: [squid-users] Exchange Server 2007 + Outlook
> 2007 + Squid Proxy
>
> Do you use ntlm auth for the proxy? If your not set for any
> auth then the path the client is using to resolve might be
> breaking the link.
>
> Like this maybe -
> Outlook connects to exchange to get your email, the email
> contains a web image. Outlook uses IE to render the page, IE
> goes through the proxy the outlook types to get the rest of
> the mail through IE which is now using the proxy. Exchange
> thinks you changed IP's so it need a new token.
>
> > -----Original Message-----
> > From: Kale D. Michels [mailto:kmichels_at_HRI-DHO.com]
> > Sent: Friday, August 13, 2010 1:46 PM
> > To: Jason Staudenmayer
> > Cc: squid-users_at_squid-cache.org
> > Subject: RE: [squid-users] Exchange Server 2007 + Outlook
> > 2007 + Squid Proxy
> >
> >
> > Thanks a lot for your help on this one Jason. I think we are
> > definitely on the right track now. My only concern is that I
> > do not have my proxy server setup to require authentication
> > to navigate to the web. However I think from the way you are
> > describing it to me.. they open the email > attempt to view
> > image > navigate through proxy to get image > ... somehow it
> > gets back to requiring the network authentication (domain
> > authentication) in order to place the found image into the
> > email for view.?
> >
> > Or maybe something like that...
> >
> > I just wanted to make sure you didn't think that the proxy
> > server was requesting for authentication to the proxy server
> > which is an optional configuration of the squid.
> >
> > Thanks again,
> >
> > Kale
> >
> > -----Original Message-----
> > From: Jason Staudenmayer [mailto:jasons_at_adventureaquarium.com]
> > Sent: Friday, August 13, 2010 11:50 AM
> > To: Nick Cairncross
> > Cc: squid-users_at_squid-cache.org; Kale D. Michels
> > Subject: RE: [squid-users] Exchange Server 2007 + Outlook
> > 2007 + Squid Proxy
> >
> > I use a PAC file for all internals but the issue he's seeing
> > is from HTML email from outside the LAN with images being
> > pulled from the web (through IE and therefore through the
> > proxy server). When you open an email the server doesn't
> > parse the content for you over your LAN the client must do
> > that on it's own. Each element in that email will need an
> > auth for the proxy server. I've been dealing with this
> > situation for 8 years. They only way around it is to allow
> > outlook/IE to save the password (sometimes the box isn't
> > there) or allow users to bypass the proxy which defeats the purpose.
> >
> > Kale, check to see that this only happen when viewing an HTML
> > email with web based images link in it. You shouldn't have
> > any issues with RTF or plain text emails asking for auth to
> > the proxy since those would be encoded in the email as a
> mime section.
> >
> > Jason
> >
> >
> >
> > ..·><((((º>
> >
> >
> > > -----Original Message-----
> > > From: Nick Cairncross [mailto:Nick.Cairncross_at_condenast.co.uk]
> > > Sent: Friday, August 13, 2010 12:33 PM
> > > To: Jason Staudenmayer
> > > Cc: Kale D. Michels; squid-users_at_squid-cache.org
> > > Subject: Re: [squid-users] Exchange Server 2007 + Outlook
> > > 2007 + Squid Proxy
> > >
> > >
> > > Not really on topic for squid now but...
> > >
> > > My setup being different I cant really add much to help you
> > > here, other than I would have thought NOT passing your
> > > requests through a proxy server if it's your own internal
> > > mail servers is the way to go. Send it direct to your CASs.
> > >
> > > Example: have isa in a DMZ forwarding the
> > > autodiscover.domain, OWA etc for your mail.domain for
> > > external and a split horizon internal DNS. Clients within
> > > your LAN use internal dns servers to resolve the above and
> > > hence using a PAC file to say 'if my mail.domain send direct'
> > > and don't use proxy.
> > >
> > > As for the prompting for external HTML that sounds like a
> > > browser/auth issue. I don't see that for my ie users. Macs
> > > however are a different matter...
> > >
> > > Nick
> > >
> > > On 13 Aug 2010, at 16:55, "Jason Staudenmayer"
> > > <jasons_at_adventureaquarium.com> wrote:
> > >
> > > >> -----Original Message-----
> > > >> From: Nick Cairncross [mailto:Nick.Cairncross_at_condenast.co.uk]
> > > >> Sent: Friday, August 13, 2010 11:28 AM
> > > >> To: Kale D. Michels; squid-users_at_squid-cache.org
> > > >> Subject: Re: [squid-users] Exchange Server 2007 + Outlook
> > > >> 2007 + Squid Proxy
> > > >>
> > > >>
> > > >> By-pass proxy for local/exchange URL/host, no?
> > > >>
> > > >> Easiest if you use a pac file also and specify the local
> > > >> addresses/subnets i.e send direct and don't touch the proxy
> > > >>
> > > >> Nick
> > > >>
> > > >>
> > > >> On 13/08/2010 14:49, "Kale D. Michels"
> > > <kmichels_at_HRI-DHO.com> wrote:
> > > >>
> > > >> I have my proxy server set to be used by the majority of my
> > > >> internal users. The problem I am running into is that now
> > > >> that I've upgraded (some time ago) to Exchange Server 2007 I
> > > >> am now having issues between the Outlook 2007 client and the
> > > >> Exchange 2007 server for those users that are configured to
> > > >> pass to the internet through the proxy. The error that shows
> > > >> up just requests for the username and password of the person
> > > >> like it forgot the users credentials that were used to
> > > >> connect to the exchange server. It appears that the emails
> > > >> can be sent and received but it will repeatedly ask users for
> > > >> their credentials. This is not a virus or anything in
> > > >> relation to a malware infection but can be reproduced by
> > > >> turning off the use of the proxy (IE Browser - proxy settings
> > > >> turned off) and outlook will not ask for credentials, and
> > > >> then turn the proxy back on (reverse) and the problem will
> > > >> start again. Let me know if there is a quick fix (port,
> > > >> protocol, acl rule) that can be put into place or an
> > > >> exchange/outlook modification that can be made to resolve
> > > this issue.
> > > >>
> > > >> Thank you,
> > > >>
> > > >> Kale
> > > >
> > > >
> > > > That sounds like the situation I have here. All users go
> > > through a proxy, any email that come in with web based images
> > > gets a popup. If IE doesn't have the proxy set then no images
> > > are shown in the email. It's only html email that pull images
> > > from the web. AFAIK there's no way around this other then
> > > allowing users to bypass the proxy, which kinda defeets
> the purpose.
> > > >
> > > > Jason
> > > >
> > > >
> > > >
> > > > ..·><((((º>
> > >
> > > The information contained in this e-mail is of a confidential
> > > nature and is intended only for the addressee. If you are
> > > not the intended addressee, any disclosure, copying or
> > > distribution by you is prohibited and may be unlawful.
> > > Disclosure to any party other than the addressee, whether
> > > inadvertent or otherwise, is not intended to waive privilege
> > > or confidentiality. Internet communications are not secure
> > > and therefore Conde Nast does not accept legal responsibility
> > > for the contents of this message. Any views or opinions
> > > expressed are those of the author.
> > >
> > > The Conde Nast Publications Ltd (No. 226900), Vogue House,
> > > Hanover Square, London W1S 1JU
> > >
> >
>
Received on Fri Aug 13 2010 - 18:21:28 MDT

This archive was generated by hypermail 2.2.0 : Sat Aug 14 2010 - 12:00:02 MDT