SOLVED Unable to send emails properly

[Vignesh Balakrishnan]

Hello, there.

From morning our domain user who are using Windows XP with Office 2007 are not able to send emails however they are able to receive all the incoming mail in their outlook.

Initially, we tried to send the emails through webmail & it was successful.

Then, tried reinstalling and re-configuring Outlook, profile etc.. all basic stuffs.

Then, we got to know that only the Windows XP + Office 2007 users are facing this issue.

I had a check with our service provider and they said, they have updated Cpanel from 11.64.0.36 to 11.66.0.14 & they suggest us to contact Windows technical support.

Please help me out to resolve this issue. Thanks in advance.

 

[rpvw]

Please see I receive error report 0x800CCC1A

You might want to try sending your emails from such an old platform by switching OFF any encryption or SSL/TLS - it is possible that the encryption method you selected is no longer supported by cPanel, or is disabled for security reasons.

 

[cPanelMichael]

Hello,

It's possible this relates to the following change in cPanel version 66:

Fixed case CPANEL-11108: Remove Triple DES from default cipher suite.

You can browse to "WHM >> Exim Configuration Manager >> Advanced Editor" and change the "tls_require_ciphers" value to the following value that was issued by default in cPanel version 64:

ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS

However, keep in mind this is unsupported and not recommended due to the negative impact on the server's security. Instead, the recommended solution is to upgrade systems using Windows XP to a supported OS (Microsoft no longer provides security updates or technical support for the Windows XP operating system).

Thank you.

 

[Vignesh Balakrishnan]

Please see I receive error report 0x800CCC1A

You might want to try sending your emails from such an old platform by switching OFF any encryption or SSL/TLS - it is possible that the encryption method you selected is no longer supported by cPanel, or is disabled for security reasons.

Thank you for your response.

I'm afraid the above solution didn't work.

But still thanks for the time & support.

 

[Vignesh Balakrishnan]

Hello,

It's possible this relates to the following change in cPanel version 66:

Fixed case CPANEL-11108: Remove Triple DES from default cipher suite.

You can browse to "WHM >> Exim Configuration Manager >> Advanced Editor" and change the "tls_require_ciphers" value to the following value that was issued by default in cPanel version 64:

ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS

However, keep in mind this is unsupported and not recommended due to the negative impact on the server's security. Instead, the recommended solution is to upgrade systems using Windows XP to a supported OS (Microsoft no longer provides security updates or technical support for the Windows XP operating system).

Thank you.

Thank you very much, Mr. Michael.

You made my day. We were able to send the emails after updating the value.

Sure, I'll keep in mind regarding the Windows XP security issues; also will recommend our clients to upgrade the Operating system to a higher one.

I appreciate your help & support.

 

[cPanelMichael]

Hello,

I'm glad to see the workaround helped. Thank you for updating us with the outcome.

 

[ethical]

I have created a ticket but would like to say this does NOT solve the problem, it solves the problem the first time i retry to send the message out but after that it stops working again. Also note this is ALSO affecting some MAC computers and versions of mail as well, not just PC. will post back more info from my ticket once they look at it.

 

[ethical]

so far no real update except the tech turned off spam assassin, reset my exim config and this didnt solve the problem for windows systems but may have for mac...possibly. it did lead to a deluge of spam overnight and a little extra work for me this morning.

so far all i can see is if i enable Allow weak SSL/TLS ciphers it works. if I disable this it does not and setting the above cipher doesnt work either (except for 1 time)

 

[ozione]

hi!

i am also having exact same issues and I suspect these came in with latest 68.09.
my issues with costumers began few days ago and are exactly the same; mails not going out but going in no problem.
- i have tester numerous variations of combining settings, none work, not even these mentioned here
- i have not tried the option to change the value of "tls_require_ciphers", because I found it not recommended
- my clients have issues regarding the platform (Windows, OSX, iOS) and email client (Outlook, different versions)

I found such notices in the logs file:
"
2017-11-06 12:08:48 TLS error on connection from [xx.xx.xx.xx]:53072 (SSL_accept): error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol
2017-11-06 12:08:48 TLS client disconnected cleanly (rejected our certificate?)
"

I am lost.

 

[cPanelMichael]

Hi @ethical,

Could you let us know the ticket number?

Thank you.

 

[ozione]

there is indeed a compatibility issue (see ticket ID #9007705).
here's the problem described perfectly from Cameron:

As for the email, your clients might be trying to access your server using
an older connection type -- TLS1 or TLS1.1. These 2 options were enabled by
default in versions prior to 68.

For an immediate fix, you can turn the security of your email server down to
the old defaults by going to WHM >> Service Configuration >> Exim Service
Manager and searching for the "Options for OpenSSL" parameter.

Setting this option to " +no_sslv2 +no_sslv3 " will give you older, less
secure v66 defaults.

this solved problems. i have to agree that it's users' responsibility to upgrade their SW so that they contribute to safer environments.

 

[cPanelMichael]

Hi @ozione,

Thank you for updating this thread with the outcome of the support ticket. Note that for Windows 7, Microsoft created a patch to enable 1.1 and 1.2 on the encryption service used by Outlook. It's available at:

https://support.microsoft.com/en-us...-and-tls-1-2-as-a-default-secure-protocols-in

Thank you.

 

[ethical]

Hi @ethical,

Could you let us know the ticket number?

Thank you.

ticket 9000817 looks like a combination of errors let to my issue and that ASSP (my old spam filter) was doing something to somehow turn off STARTTLS support. it is actually now working with standard (new) cpanel ciphers even on win 7 without the patch from what i can tell in my test right now and no more complaints from mac users or gmail users)