SOLVED Unable to send emails properly

Aug 24, 2017
3
1
1
Doha
cPanel Access Level
Root Administrator
Hello, there.

From morning our domain user who are using Windows XP with Office 2007 are not able to send emails however they are able to receive all the incoming mail in their outlook.

Initially, we tried to send the emails through webmail & it was successful.

Then, tried reinstalling and re-configuring Outlook, profile etc.. all basic stuffs.

Then, we got to know that only the Windows XP + Office 2007 users are facing this issue.

I had a check with our service provider and they said, they have updated Cpanel from 11.64.0.36 to 11.66.0.14 & they suggest us to contact Windows technical support.

Please help me out to resolve this issue. Thanks in advance.
 

Attachments

rpvw

Well-Known Member
Jul 18, 2013
1,101
465
113
UK
cPanel Access Level
Root Administrator
Please see I receive error report 0x800CCC1A

You might want to try sending your emails from such an old platform by switching OFF any encryption or SSL/TLS - it is possible that the encryption method you selected is no longer supported by cPanel, or is disabled for security reasons.
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,904
2,218
463
Hello,

It's possible this relates to the following change in cPanel version 66:

Fixed case CPANEL-11108: Remove Triple DES from default cipher suite.

You can browse to "WHM >> Exim Configuration Manager >> Advanced Editor" and change the "tls_require_ciphers" value to the following value that was issued by default in cPanel version 64:

Code:
ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS
However, keep in mind this is unsupported and not recommended due to the negative impact on the server's security. Instead, the recommended solution is to upgrade systems using Windows XP to a supported OS (Microsoft no longer provides security updates or technical support for the Windows XP operating system).

Thank you.
 
  • Like
Reactions: blackwidow02
Aug 24, 2017
3
1
1
Doha
cPanel Access Level
Root Administrator
Please see I receive error report 0x800CCC1A

You might want to try sending your emails from such an old platform by switching OFF any encryption or SSL/TLS - it is possible that the encryption method you selected is no longer supported by cPanel, or is disabled for security reasons.
Thank you for your response.

I'm afraid the above solution didn't work.

But still thanks for the time & support.
 
Aug 24, 2017
3
1
1
Doha
cPanel Access Level
Root Administrator
Hello,

It's possible this relates to the following change in cPanel version 66:

Fixed case CPANEL-11108: Remove Triple DES from default cipher suite.

You can browse to "WHM >> Exim Configuration Manager >> Advanced Editor" and change the "tls_require_ciphers" value to the following value that was issued by default in cPanel version 64:

Code:
ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS
However, keep in mind this is unsupported and not recommended due to the negative impact on the server's security. Instead, the recommended solution is to upgrade systems using Windows XP to a supported OS (Microsoft no longer provides security updates or technical support for the Windows XP operating system).

Thank you.
Thank you very much, Mr. Michael.

You made my day. We were able to send the emails after updating the value.

Sure, I'll keep in mind regarding the Windows XP security issues; also will recommend our clients to upgrade the Operating system to a higher one.

I appreciate your help & support.
 
  • Like
Reactions: cPanelMichael

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,904
2,218
463
Hello,

I'm glad to see the workaround helped. Thank you for updating us with the outcome.
 

ethical

Well-Known Member
Apr 7, 2009
96
8
58
I have created a ticket but would like to say this does NOT solve the problem, it solves the problem the first time i retry to send the message out but after that it stops working again. Also note this is ALSO affecting some MAC computers and versions of mail as well, not just PC. will post back more info from my ticket once they look at it.
 

ethical

Well-Known Member
Apr 7, 2009
96
8
58
so far no real update except the tech turned off spam assassin, reset my exim config and this didnt solve the problem for windows systems but may have for mac...possibly. it did lead to a deluge of spam overnight and a little extra work for me this morning.

so far all i can see is if i enable Allow weak SSL/TLS ciphers it works. if I disable this it does not and setting the above cipher doesnt work either (except for 1 time)
 

ozione

Member
Mar 26, 2013
7
1
3
cPanel Access Level
Root Administrator
hi!

i am also having exact same issues and I suspect these came in with latest 68.09.
my issues with costumers began few days ago and are exactly the same; mails not going out but going in no problem.
- i have tester numerous variations of combining settings, none work, not even these mentioned here
- i have not tried the option to change the value of "tls_require_ciphers", because I found it not recommended
- my clients have issues regarding the platform (Windows, OSX, iOS) and email client (Outlook, different versions)

I found such notices in the logs file:
"
2017-11-06 12:08:48 TLS error on connection from [xx.xx.xx.xx]:53072 (SSL_accept): error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol
2017-11-06 12:08:48 TLS client disconnected cleanly (rejected our certificate?)
"

I am lost. :(
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,904
2,218
463
Hi @ethical,

Could you let us know the ticket number?

Thank you.
 

ozione

Member
Mar 26, 2013
7
1
3
cPanel Access Level
Root Administrator
there is indeed a compatibility issue (see ticket ID #9007705).
here's the problem described perfectly from Cameron:
As for the email, your clients might be trying to access your server using
an older connection type -- TLS1 or TLS1.1. These 2 options were enabled by
default in versions prior to 68.

For an immediate fix, you can turn the security of your email server down to
the old defaults by going to WHM >> Service Configuration >> Exim Service
Manager and searching for the "Options for OpenSSL" parameter.

Setting this option to " +no_sslv2 +no_sslv3 " will give you older, less
secure v66 defaults.
this solved problems. i have to agree that it's users' responsibility to upgrade their SW so that they contribute to safer environments.
 
  • Like
Reactions: cPanelMichael

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,904
2,218
463
  • Like
Reactions: blackwidow02

ethical

Well-Known Member
Apr 7, 2009
96
8
58
Hi @ethical,

Could you let us know the ticket number?

Thank you.
ticket 9000817 looks like a combination of errors let to my issue and that ASSP (my old spam filter) was doing something to somehow turn off STARTTLS support. it is actually now working with standard (new) cpanel ciphers even on win 7 without the patch from what i can tell in my test right now and no more complaints from mac users or gmail users)
 
  • Like
Reactions: cPanelMichael