Remote MacOS user unable to retrieve emails

[keat63]

I just had a call from a remote Imac user, couldn't retrieve his emails.
I had to disable ssl and use insecure password authentication on his device to get connected.
This must be related to me updating to 8.0.14, as he's had no issues of this sort in many years of use.

 

[cPanelMichael]

Hello @keat63,

I moved this post to it's own thread, as it does not appear to be related to CPANEL-27859.

I just had a call from a remote Imac user, couldn't retrieve his emails.
I had to disable ssl and use insecure password authentication on his device to get connected.
This must be related, as he's had no issues of this sort in many years of use.

Do you see anything in /var/log/maillog at the time the user was unable to retrieve email?

Thank you.

 

[keat63]

I don't really see anything that gives any indication why he couldn't connect.

Jun 13 09:39:36 leeds dovecot: pop3-login: Login: user=<[email protected]>, method=PLAIN, rip=118.173.xxx.xxx, lip=213.171.xxx.xxx, mpid=4709, session=<Tv9SeDCLisJ2raKn>
Jun 13 09:39:37 leeds dovecot: pop3([email protected])<4709><Tv9SeDCLisJ2raKn>: Disconnected: Logged out top=0/0, retr=0/0, del=0/485, size=4338053, bytes=6/34

This particular user is overseas.
I had to remote on to his Imac to try and figure out what was going on.
Only after disabling ssl and secure password authntication in his client software did emails start to come through again.
This user has been using his IOS device for 3 or more years, with not a single issue.
Seems too much of a coincidence that the same day I updated to 8.0.14, it stopped working.
Also consider that it seems like it may have something to do with SSL.
My issue with not being able to login to webmail and cpanel (previous post) also ssl related.

 

[cPanelMichael]

I had to remote on to his Imac to try and figure out what was going on.
Only after disabling ssl and secure password authntication in his client software did emails start to come through again.
This user has been using his IOS device for 3 or more years, with not a single issue.

Hello @keat63,

To clarify, was this behavior noticeable on both MacOS and iOS? Or, do you mean email was working well on the iOS device but not on the MacOS device (e.g. the iMAC)?

Can you confirm if the issue persists upon enabling SSL again in the email client?

Thank you.

 

[keat63]

Lets see if this makes more sense.

I updated the server from 78.x.x to 8.0.14
The next morning, I noticed that I couldn't log in to Cpanel or Webmail on any of my domains.
Pending Publication - [CPANEL-27859] TLS failure preventing access to /cpanel , /whm , and /webmail
I found that resetting the certificates in 'Manager Service SSL Certificates' fixed this problem.
Does this reset Cpaneld, ???
If so, it was probably the Cpaneld reset which actually cured the fault, and not me resetting the certs ???


Anyhow, later that morning i took a call from my remote offshore user (the boss).
He has a macbook air, utilisng 2 pop email accounts on his own private domain hosted on our corporate server.
He's had these accounts for 2 maybe 3 years and never had any issues.
I found that his device had trigged a block in CSF firewall. Removing the block only resulted in it getting blocked the moment he tried to send and receive.

I considered that it might be SSL related due to what I found earlier that morning, so I reset the SSL certificates on his domain.
This made no difference, he got locked out again.

For testing purposes, I whitelisted his IP in CSF (dynamic)

I took remote control of his MacBook and found that disabling SSL along with secure password authentication allowed his email client software to connect.
At this point his emails started to come through.

I removed the whitelist entry. Emails continue to this day.

I'm assuming that his domain had issues with SSL or TLS, however I could connect to his web page via https from my PC, so I'm not sure.
SSL and secure password authentication are still disabled on his device.

The boss is a technophobe, he wouldn't have played with any settings in his email client. I can say that with 1000% certainty, so I can rule out user error.

 

[cPanelMichael]

Hello @keat63,

I recommend enabling SSL in the email client again and checking to see if the issue persists. If it does, you can browse /var/log/maillog at the time of login failure to see if you notice anything in-particular that's leading to the authentication failure.

Or, you can provide us with the following information if you'd like us to try reproducing the issue on a test system:

Affected workstation OS (e.g. MacOS 10.14.5)
Affected workstation Email client name (e.g. Mail app)
Affected workstation Email client settings (e.g. protocol, ports, and SSL/TLS settings)

Thank you.

 

[keat63]

Unfortunately, the user is in another country, in a different time zone, so taking control of his device will prove to be extremely difficult.

 

[cPanelMichael]

Hello @keat63,

Looking at the reported symptoms, it seems to align with the issue reported on the thread below:

SOLVED - [CPANEL-28089] Dovecot TLS configuration reset upon update

I included some steps on how to check if the Dovecot SSL/TLS settings were reset if you have system backups available.

Thank you.

 

[keat63]

My backups don't go back that far unfortunately.
However, i looked at the thread you posted and followed the mailserver settings and i'm quite confident that I wouldn't have changed anything in there.
If mine defaulted back to base config, then it would have been at base config all along.

 

[cPanelMichael]

I found that resetting the certificates in 'Manager Service SSL Certificates' fixed this problem.

I considered that it might be SSL related due to what I found earlier that morning, so I reset the SSL certificates on his domain. This made no difference, he got locked out again.

I took remote control of his MacBook and found that disabling SSL along with secure password authentication allowed his email client software to connect. At this point his emails started to come through.

Hello @keat63,

Let's see if we can narrow down the cause of this issue.

When you use the Reset Certificate feature in WHM >> Manage Service SSL Certificates, a self-signed SSL certificate is installed initially. A free signed certificate is automatically installed for the services on your server's hostname the next time /usr/local/cpanel/scripts/upcp runs (it runs nightly as part of a cron job). You can read more about this here.

My suspicion is that the server's hostname is used for the Host Name field in the email client on the affected device, as opposed to "mail.domain.tld". Thus, when the hostname certificate was reset, the email client was no longer able to authenticate because it detected a self-signed SSL certificate instead of a signed SSL certificate.

Provided the signed SSL certificate for the server's hostname was later installed (you can confirm this in WHM >> Manage Service SSL Certificates), the errors in the email client should go away if SSL and Secure Password Authentication are enabled in the email client again.

Thank you.

 

[keat63]

I'm not 100% sure if resetting the SSL certificate is or was related.
I just put two and two together.

The evening before, I'd updated the server to 80.0.14.
When I came in to the office the next morning, I found that I personally couldn't log in to any webmail or any cpanels on the server.
In an attempt to figure out what was going on, I reset the services certificate.
This fixed the issue at my end, however, I've since leaned that resetting CpanelD, may have achieved the same result.
Does resetting the services certificate also reset CpanelD ???

A few hours later, I took an sms from the off shore user to say that his emails were not working.
He's 6 hours in front of me, I asked since when did he have this problem, his answer was 'all morning'
Consider that I updated the server while he was probably still in bed, it must be related.

I configured the email client about 2 -3 years ago when he was in the UK.
I purchased a URL specifically for this user, so I can guarantee that the host name in his client software is without doubt mail.domain.com, and not hostname.server.com.

For the short period of time I had control of his device, I created a new [email protected] on his cpanel, and couldn't authenticate through his macbook on this one either.

He's back in the UK in September, I might get a chance to play with it in front of me then.
In the mean time, he's receiving emails.

 

[cPanelMichael]

This fixed the issue at my end, however, I've since leaned that resetting CpanelD, may have achieved the same result.
Does resetting the services certificate also reset CpanelD ???

Yes, the Reset Certificate feature in WHM >> Manage Service SSL Certificates automatically restarts cpsrvd (i.e. /scripts/restartsrv_cpsrvd --restart) when you reset the certificate for Calendar, cPanel, WebDisk, Webmail, and WHM Services.

I considered that it might be SSL related due to what I found earlier that morning, so I reset the SSL certificates on his domain.

I purchased a URL specifically for this user, so I can guarantee that the host name in his client software is without doubt mail.domain.com, and not hostname.server.com.

Is AutoSSL enabled for this domain? If so, a self-signed SSL certificate could have been installed when you reset the certificate for the individual domain name. AutoSSL would have later automatically installed the signed SSL certificate. You can check WHM >> Manage AutoSSL >> Logs (if your AutoSSL logs go back far enough) to see if AutoSSL replaced a self-signed SSL certificate with a signed SSL certificate the date this occurred.

Thank you.