SMTP relay error with 66.0.19 update?

Hello Folks!

Sorry to ask here, but by any chance version 66.0.19 introduced a SMTP relay error?
I noticed that 66.0.22 was released today. and after installing the issue seem to be gone.

Any confirmation?

I do not see any minor revision announcements around.

 

I think I might..

Peer1COGECO were useless on solving this issue.


Lets just say that after updating to 66.0.19
All my emails were being rejected like this:

Code:

XXX@EMAIL.COM
   host cp1.mail.protection.outlook.com [216.32.180.74]
   SMTP error from remote mail server after RCPT TO:<XXX@EMAIL.COM>:
   550-Please turn on SMTP Authentication in your mail client.  xxxxxx.com
   550-(main3.XXXXXXX.com) [x.x.x.x]:33518 is not permitted to relay
   550 through this server without authentication.

Problem?
I'm using authentication (aka TLS)
All the emails systems, PHP emailers, etc.. were throwing that error on EVERYTHING and ALL accounts.

Installing v66.0.22 seems to alleviate the issue. Still getting some.

 

I've opened a ticket related to this. But I'm very far in the queue.
We'll see how it goes.

So far seems that the emails that came, do not appear in the mail sender log. Which makes me think these bounces were queued after the V66.0.19's problems started.
I'm now on V66.0.22

 

Hello guys!

The issue was then resolved but its back.
Now the weird part is.. I had set the security relay turned off in WHM and turned on in the firewall as recommended by the WHM/cPanel support.

Yet the same error happened today a few hours ago. I'm scratching my head why this is happening.

Same problem.. EVERY.. SINGLE.. EMAIL even when we're clearly using TLS/SSL.. says we're not authorized to "relay" emails without authorization.


We never had this problem before and seems to have started with the V66 series (after V66.0.19 )

*edit*

Ok, this is getting worse.

Emails are BEING SENT.
But we're still getting the bouncebacks emails!!!
What the hell is going on!!!!

 

Update on the issue.
The issue seems to repeat around the SAME hour (between 9 am and 10am US CENTRAL ) over and over and over.
I've cleaned the firewall block list, removed the security measures.. and still does the same error. Which makes no sense.. AT ALL.

 

Sorry to revive this thread.. I had fixed this issue with the help of the cpanel staff and fixing my godaddy and RDNS configuration.
And the problem was gone for a few months.

But now after a goddamn WHM update(which triggered yesterday), the error is back in full force.
Again more than 500 emails+ bounced, all saying "rejected" because of the "Please turn on SMTP Authentication in your mail client." error.

and again, all accounts are on TLS.

Should reopen the ticket?

I also noticed that with this patch, when checking the SMTP settings in WHM.
There is a very quick url with an image address and says the image is either corrupt or invalid and then the script loads fine on top.

 

I just removed the security that alleviated the problem before, but its not working anymore, its till bouncing EVERY SINGLE EMAIL.

This is insane.

 

8871051

 

Thanks again Michael.

This is so frustrating (even more since I havent changed the configuration since the fix)

So this is definitively solely on the update pushed by cpanel.

At this point I wonder if the "curated" copy installed by peer1cogeco is actually to blame.

*edit*

A very helpful admin from Cpanel located the issue and made some changes. (Thanks Ricardo!)

Turns out, the new problem is related to openssl dropping TLS 1.1 and 1.0.
68 Release Notes - Version 68 Documentation - cPanel Documentation


So Probably means the email server was not sending any kind of security because it could not use openssl (aka the clients were not using TLS 1.2 and were refused, thus sending as plain text.. and this in turn caused the cascade of relay error from every other server trying to receive from us).

 

Now I wonder.

Is there a command or log to see which application,installed program or client is NOT using TLS 1.2?

I want to see and remove or replace the affected programs in question. This is baffling.