Outlook 2007 Unable to connect to Email IMAP/POP

Operating System & Version
Centos 7.8
cPanel & WHM Version
90.0.10

Vs Nu

Well-Known Member
Jul 17, 2015
73
4
58
India
cPanel Access Level
Root Administrator
One of my client want to use outlook 2007 on windows 7 os but the incoming mails are working

outgoing mails giving the following error its not being connected

Do we need to change any
Options for OpenSSL and SSL/TLS Cipher Suite List to make it work with Outlook 2007

because i heard once from an cPanel team to make some changes

Please assist
 

Attachments

Last edited by a moderator:

Vs Nu

Well-Known Member
Jul 17, 2015
73
4
58
India
cPanel Access Level
Root Administrator
Hi @Vs Nu,

Yes, you would have to make changes to the cipher suite list but I'd recommend telling the client to upgrade their mail client.

Hope that helps!
Client does not want to upgrade could you please help me with what changes i need to do
 

keat63

Well-Known Member
Nov 20, 2014
1,790
203
93
cPanel Access Level
Root Administrator
These work for me.

in exim config, make a copy of your current rules for :-
Options for SSL and SSL/TLS Cipher Suite List.

This will allow you to roll back if anything goes wrong.

In options for SSL input:

+no_sslv2 +no_sslv3

In SSL/TLS Cipher Suite input:

ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:!DSS
 

Vs Nu

Well-Known Member
Jul 17, 2015
73
4
58
India
cPanel Access Level
Root Administrator
These work for me.

in exim config, make a copy of your current rules for :-
Options for SSL and SSL/TLS Cipher Suite List.

This will allow you to roll back if anything goes wrong.

In options for SSL input:

+no_sslv2 +no_sslv3

In SSL/TLS Cipher Suite input:

ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:!DSS
Still I'm getting the same error
 

cPRex

Jurassic Moderator
Staff member
Oct 19, 2014
232
43
153
cPanel Access Level
Root Administrator
As Windows 7 hasn't been supported by Microsoft since January 2020, it would be best for the client to update or they could end up experiencing other security issues down the road.

Here are the details we have been providing clients that are experiencing this issue:

1 - (RECOMMENDED)

The most straightforward way to resolve this issue is to either upgrade to a supported operating system, or utilize a mail client that uses modern security protocols.

Windows 8.1 and newer, as well as MacOS 11.12 "Sierra" and newer fully support the newer ciphers and protocols which will allow fully secure connections. In the case of Apple, they are providing free operating system updates and there would be no cost to your end users. This is the preferred option as it increases the security of your user's systems while keeping your system secure at the server level.

Other email clients such as the free and open-source Thunderbird client by the Mozilla foundation offer full support of modern TLS protocols, even on older machines running Windows 7 or OS X 10.11.

Installing this and using it to connect to your email server rather than Outlook should allow your clients to receive mail locally on their computers without having to use insecure methods. You can read more about and download Thunderbird from their website here:

https://www.mozilla.org/en-US/thunderbird/

2 - (NOT RECOMMENDED)

To enable TLS 1.2 for Windows 7, you will need to patch your system to modify the registry. Be sure your system is fully updated through the update center, then download and install the patch from Microsoft's website here:

https://docs.microsoft.com/en-us/ar...bling-tls-1-1-and-1-2-in-outlook-on-windows-7

After the patch is installed, be sure to reboot your local computer to ensure the patch was applied. Once your system is back online, please try to connect to the cPanel server again.

Please note that this option is NOT available for Apple OSX computers.

3 - (NOT RECOMMENDED)

If you must enable TLS 1.0 on the WHM/cPanel server for compatibility, do the following in WHM >> Home >> Service Configuration >> Exim Configuration Manager > Basic Settings:
  1. Ensure that "Allow weak SSL/TLS ciphers" is "Off".

  2. Change "SSL/TLS Cipher Suite List" to (this is one long line):

    ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS
  3. Change "Options for OpenSSL" to the following:

    +no_sslv2 +no_sslv3
  4. Click "Save" at the bottom of the page.

These changes will enable TLS 1.0, 1.1, and 1.2 and should provide compatibility with older mail servers and clients that only support TLS 1.0.

To make these changes for Dovecot, go to WHM >> Home >> Service Configuration >> Mailserver Configuration, and do the following:

  1. Change "SSL Cipher List" to this (in one long line) :

    ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS

  2. Change "SSL Minimum Protocol" to this:

    TLS1
Once you have made these changes to the server, or you have fully patched your Windows system, Windows should be able to connect to the server again.