Strange problem with outgoing mail in old Mac

wonder_wonder

Well-Known Member
Jan 16, 2019
54
25
18
Spain
cPanel Access Level
Root Administrator
Hi. I have a problem, for me very strange, that I have been trying to solve for weeks and there is no way ...
I have a client, there are several mail accounts on the server, they all work perfectly, but my client has a mac (old) using the mac mail manager, he can receive but not send (always from imap), he receives them, but when you want to send it gives you error.
We have tested on another mac (also old) and have the same problem.
We have tried on a more modern mac, everything is perfect.
We use other managers (like thunderbird or directly access via web) and everything is perfect.
Under this, I commented that the problem lies in the mail program of the mac, which is old and for some reason gives this ruling, he gave the ok, but .... one day he spoke with someone who also had the same problem, and from the server, they solved it.
And that asks me now :)
I have searched, I have reconfigured, I have done everything that occurs to me, but I am not able to solve the problem.
Comment that we have tested both 465 and 587 outbound ports.
Do you know what may be happening?
Even if that Mac's mail manager program is old, it should be able to work ...

Thanks in advance!
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,917
2,248
363
Hello @wonder_wonder,

Can you share the specific MacOS version installed on the affected systems?

Thank you.
 
  • Like
Reactions: wonder_wonder

kdean

Well-Known Member
Oct 19, 2012
321
37
28
Orlando, FL
cPanel Access Level
Root Administrator
Yosemite and older do not have support for TLS 1.2 so that's likely the problem is you're connecting securely. cPanel by default only does TLS 1.2 or later. There are threads around here that help you add TLS 1.1 support back. Although if it's just that old computer, they should just upgrade (MacOS upgrades are free to the latest version supported by the hardware).
 

wonder_wonder

Well-Known Member
Jan 16, 2019
54
25
18
Spain
cPanel Access Level
Root Administrator
Yosemite and older do not have support for TLS 1.2 so that's likely the problem is you're connecting securely. cPanel by default only does TLS 1.2 or later.
Ok, thanks for explanation.
I search in WHM-Service Configuration-Mailserver configuration, in this, are SSL Minimum Protocol, bu default is set to TLS 1.2, I changed to TLS1.1 and indicate to my client try now, when he indicate to me the results, I post here.
There are threads around here that help you add TLS 1.1 support back. Although if it's just that old computer, they should just upgrade (MacOS upgrades are free to the latest version supported by the hardware).
No, is not possible upgrade this computer, I try, but her hardware is not supported for upgrade (are of 2008 year).

Thank you very much!
 

wonder_wonder

Well-Known Member
Jan 16, 2019
54
25
18
Spain
cPanel Access Level
Root Administrator
Solved the "issue" :)

Aren't like indicate in my last reply, I need made this changes:

WHM-Service Configuration-Exim Configuration Manager->Tab Security -> Change Options for OpenSSL to:
Code:
 +no_sslv2 +no_sslv3
And SSL/TLS Cipher Suite List change to:
Code:
 1 ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS
After this, my client can send mail from her older Mac :) but....can't connect to inbox xD.
Them I go to WHM-Service Configuration-Mailserver Configuration and set SSL Minimum Protocol to TLSv1 and SSL Cipher List set to:
Code:
ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS
And now, all work fine (with mail) with my client with her older Mac :)

Thank you very much!
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,917
2,248
363
Hello @wonder_wonder,

Keep in mind the workaround allows for the use of weaker ciphers. This means greater compatibility with outdated operating systems, but it comes at the cost of reduced security. You should consider reaching out to the individuals using the outdated hardware and see if you can encourage a hardware upgrade at some point in the future.

Thank you.
 
  • Like
Reactions: wonder_wonder

wonder_wonder

Well-Known Member
Jan 16, 2019
54
25
18
Spain
cPanel Access Level
Root Administrator
Hello @cPanelMichael !
Yes, I think in this, and you have reasson.
For me is not the best option or solution (I was described in my last reply how solved this problem for if other user have the same problem) but for me, is not the best option...
My client, seeing that now works ... I think it will take a while to upgrrade the hardware.
That, or that there is a problem before and then ... yes, it will update it.
I will tell you / asking you to update it as soon as possible.
We have solved your "problem" with obsolete mail client, but we have lowered security on the server, and in the end, I am responsible for that security and server, so if finally something happens ...
I take the opportunity to ask; I set to TLS 1.0, but I do not know if I can set it in TLS 1.1. I guess the best option is to try.
That yes, I will insist very much, in that upgrade the hardware.
And if he can not upgrade the hardware, there are other email clients (like thunderbird for example) that work great (I've been using it for so many years that I do not remember, and it's a real luxury).

Thank you for your comments!
 
Last edited:
  • Like
Reactions: cPanelMichael