Trouble sending email with apple mail

globcom

Well-Known Member
May 24, 2008
57
3
58
Hello,

on new serveur
  • CLOUDLINUX 7.5 standard [ici]
  • v74.0.6
  • with CSF
It's impossible to send mail (SMTP) on older versions of apple mail.
It's OK with newer versions of Apple mail (high sierra)
No problem with windows 10

I tried all the possibilities (with SSL, without SSL
I activated SMTP port 26

Telnet is ok for all ports tested

I don't know how to configure the server or apple mail versions.

Could you help me ?

Thanks
Eric
 
Last edited by a moderator:

cPanelLauren

Product Owner
Staff member
Nov 14, 2017
13,296
1,269
313
Houston
Hello @globcom

In v68 of cPanel we disabled SSLv2 and SSLv3 as well as any TLS protocol besides TLSv1.2 by default. We also updated the Cipher Suites. The only way around this if the application you're using does not support modern ciphers or TLSv1.2 (which all modern email clients should) is to allow SSL and/or weaker ciphers depending on the issue. I wouldn't recommend doing any of these. The most favorable option would be to use an updated mail client.
 

globcom

Well-Known Member
May 24, 2008
57
3
58
Thank you Lauren, but in the real world, all customers can't change their mail client. :(
That's why I wrote "May be an other solution ?"

Regards,
Eric
 

cPanelLauren

Product Owner
Staff member
Nov 14, 2017
13,296
1,269
313
Houston
Hi @globcom

While I understand this causes an issue for clients in some circumstances, unfortunately backing away from this compromises security. There are free mail clients available (for example Thunderbird) that are using TLSv1.2 as the standard as well as webmail clients so there's no real reason to continue using old softwares.

If you must accept them as I mentioned in my previous response though not recommended you'd need to either allow weaker ciphers or SSL protocols opposed to TLS only. There is no alternate solution to this, we disabled all SSL protocols, in order to workaround this you'd need to enable at least SSLv2 or SSLv3

Keep in mind though that you leave yourself vulnerable to the following with these protocols:

SSL 3.0 Protocol Vulnerability and POODLE Attack | US-CERT

Impact
The POODLE attack can be used against any system or application that supports SSL 3.0 with CBC mode ciphers. This affects most current browsers and websites, but also includes any software that either references a vulnerable SSL/TLS library (e.g. OpenSSL) or implements the SSL/TLS protocol suite itself. By exploiting this vulnerability in a likely web-based scenario, an attacker can gain access to sensitive data passed within the encrypted web session, such as passwords, cookies and other authentication tokens that can then be used to gain more complete access to a website (impersonating that user, accessing
DROWN Attack

A server is vulnerable to DROWN if:

  • It allows SSLv2 connections. This is surprisingly common, due to misconfiguration and inappropriate default settings. Our measurements show that 17% of HTTPS servers still allow SSLv2 connections.
Thanks!
 

nosajix

Well-Known Member
Jul 30, 2005
66
4
158
Surely Yahoo, google, Outlook etc are not using these insecure protocols... Why are they still able to be used with older clients?

Also,can we get a list of what doesn't work now, so far pre Yosemite Mac mail, Outlook 2016 and older, and it seems now windows 10 mail dont want to establish a connection with cpanel based email with the new settings.