Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


Skip to content
  • Categories
  • Recent
  • Tags
  • Popular
  • Bookmarks
  • Search
Skins
  • Light
  • Cerulean
  • Cosmo
  • Flatly
  • Journal
  • Litera
  • Lumen
  • Lux
  • Materia
  • Minty
  • Morph
  • Pulse
  • Sandstone
  • Simplex
  • Sketchy
  • Spacelab
  • United
  • Yeti
  • Zephyr
  • Dark
  • Cyborg
  • Darkly
  • Quartz
  • Slate
  • Solar
  • Superhero
  • Vapor

  • Default (No Skin)
  • No Skin
Collapse
Brand Logo

Cloudron Forum

Apps | Demo | Docs | Install
  1. Cloudron Forum
  2. Support
  3. Cannot send email from Outlook 2007 with 5.2.4 -- Connection error SSL routines TLS

Cannot send email from Outlook 2007 with 5.2.4 -- Connection error SSL routines TLS

Scheduled Pinned Locked Moved Solved Support
mailoutlooktlstlsv1
8 Posts 4 Posters 1.7k Views 4 Watching
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R Offline
      R Offline
      rfg
      wrote on last edited by girish
      #1

      Hi

      Since update 5.2.4, we are experience problems to sent mail from Outlook 2007 (running on win7)

      Outlook Error message: 0x800CCC80 – None of the authentication methods supported by this client are supported by your server

      Log error on email server says:

      client [187.188.xxx.xxx] connection error: Error: 140072188094336:error:14209102:SSL routines:tls_early_post_process_client_hello:unsupported
      

      Not sure if it's related, but we had similar problem past march and fixed in this way:
      https://forum.cloudron.io/topic/2221/cloudron-5-released/13

      I've returned the setting to TRUE but the problem persists.

      Complete log:

      Jun 01 17:47:44 [INFO] [8B8B81F3-5B6B-48A1-ABE1-DEC2ADED8DA1] [spf] identity=helo ip=187.188.xxx.xxx domain="PROYECTOS01" mfrom=<postmaster@PROYECTOS01> result=None
      Jun 01 17:47:44 [INFO] [8B8B81F3-5B6B-48A1-ABE1-DEC2ADED8DA1] [spf] scope: helo, result: None, domain: PROYECTOS01
      Jun 01 17:47:44 [INFO] [8B8B81F3-5B6B-48A1-ABE1-DEC2ADED8DA1] [core] client [187.188.xxx.xxx] connection error: Error: 140072188094336:error:14209102:SSL routines:tls_early_post_process_client_hello:unsupported protocol:../deps/openssl/openssl/ssl/statem/statem_srvr.c:1686:
      Jun 01 17:47:44 [NOTICE] [8B8B81F3-5B6B-48A1-ABE1-DEC2ADED8DA1] [core] disconnect ip=187.188.xxx.xxx rdns=fixed-187-188-143-228.totalplay.net helo=PROYECTOS01 relay=N early=N esmtp=Y tls=N pipe=N errors=0 txns=0 rcpts=0/0/0 msgs=0/0/0 bytes=0 lr="" time=0.184
      Jun 01 17:47:45 [NOTICE] [BC430C61-CB61-44B6-A2C6-EBB2F79CDBA4] [core] connect ip=187.188.xxx.xxx port=54382 local_ip=:: local_port=2525
      Jun 01 17:47:45 [INFO] [BC430C61-CB61-44B6-A2C6-EBB2F79CDBA4] [helo.checks] helo_host: PROYECTOS01, pass:bare_ip, host_mismatch, fail:valid_hostname(no_dot), rdns_match, skip:dynamic(no dots)
      

      Thanks for your help

      murgeroM 1 Reply Last reply
      0
      • girishG Offline
        girishG Offline
        girish
        Staff
        wrote on last edited by
        #2

        I think the issue is that we removed TLS 1.0 support. Can you enable TLS 1.2 support in Outlook using one of the following articles:

        • https://www.siteground.com/kb/how-to-enable-tls-1-1-and-1-2-in-outlook-on-windows-7/
        • https://support.microsoft.com/en-us/help/3140245/update-to-enable-tls-1-1-and-tls-1-2-as-default-secure-protocols-in-wi
        • https://www.greengeeks.com/tutorials/article/how-to-enable-tls-1-1-and-1-2-in-outlook-windows-7/
        d19dotcaD 1 Reply Last reply
        0
        • R Offline
          R Offline
          rfg
          wrote on last edited by
          #3

          Thanks @girish

          Just for the record, besides to install the KB and set the DefaultSecureProtocols registry entries, I also need to add the following keys:

          [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client]
          “DisabledByDefault”=dword:00000000
          [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client]
          “DisabledByDefault”=dword:00000000
          
          1 Reply Last reply
          1
          • girishG Offline
            girishG Offline
            girish
            Staff
            wrote on last edited by
            #4

            @rfg Thanks for the update!

            1 Reply Last reply
            0
            • R rfg

              Hi

              Since update 5.2.4, we are experience problems to sent mail from Outlook 2007 (running on win7)

              Outlook Error message: 0x800CCC80 – None of the authentication methods supported by this client are supported by your server

              Log error on email server says:

              client [187.188.xxx.xxx] connection error: Error: 140072188094336:error:14209102:SSL routines:tls_early_post_process_client_hello:unsupported
              

              Not sure if it's related, but we had similar problem past march and fixed in this way:
              https://forum.cloudron.io/topic/2221/cloudron-5-released/13

              I've returned the setting to TRUE but the problem persists.

              Complete log:

              Jun 01 17:47:44 [INFO] [8B8B81F3-5B6B-48A1-ABE1-DEC2ADED8DA1] [spf] identity=helo ip=187.188.xxx.xxx domain="PROYECTOS01" mfrom=<postmaster@PROYECTOS01> result=None
              Jun 01 17:47:44 [INFO] [8B8B81F3-5B6B-48A1-ABE1-DEC2ADED8DA1] [spf] scope: helo, result: None, domain: PROYECTOS01
              Jun 01 17:47:44 [INFO] [8B8B81F3-5B6B-48A1-ABE1-DEC2ADED8DA1] [core] client [187.188.xxx.xxx] connection error: Error: 140072188094336:error:14209102:SSL routines:tls_early_post_process_client_hello:unsupported protocol:../deps/openssl/openssl/ssl/statem/statem_srvr.c:1686:
              Jun 01 17:47:44 [NOTICE] [8B8B81F3-5B6B-48A1-ABE1-DEC2ADED8DA1] [core] disconnect ip=187.188.xxx.xxx rdns=fixed-187-188-143-228.totalplay.net helo=PROYECTOS01 relay=N early=N esmtp=Y tls=N pipe=N errors=0 txns=0 rcpts=0/0/0 msgs=0/0/0 bytes=0 lr="" time=0.184
              Jun 01 17:47:45 [NOTICE] [BC430C61-CB61-44B6-A2C6-EBB2F79CDBA4] [core] connect ip=187.188.xxx.xxx port=54382 local_ip=:: local_port=2525
              Jun 01 17:47:45 [INFO] [BC430C61-CB61-44B6-A2C6-EBB2F79CDBA4] [helo.checks] helo_host: PROYECTOS01, pass:bare_ip, host_mismatch, fail:valid_hostname(no_dot), rdns_match, skip:dynamic(no dots)
              

              Thanks for your help

              murgeroM Offline
              murgeroM Offline
              murgero
              App Dev
              wrote on last edited by
              #5

              @rfg You should upgrade to Windows 10 (It's free for crying out loud 😉 ) and Office 365. I have no issues using the latest.

              Also, can you please amend your title to say "Outlook 2007" so users using the latest Outlook program do not get confused and follow the wrong directions to fix an issue?

              If you would like, I can help you find an upgrade path to Win10 + O365 as well. Let me know!

              --
              https://urgero.org
              ~ Professional Nerd. Freelance Programmer. ~

              1 Reply Last reply
              1
              • girishG girish

                I think the issue is that we removed TLS 1.0 support. Can you enable TLS 1.2 support in Outlook using one of the following articles:

                • https://www.siteground.com/kb/how-to-enable-tls-1-1-and-1-2-in-outlook-on-windows-7/
                • https://support.microsoft.com/en-us/help/3140245/update-to-enable-tls-1-1-and-tls-1-2-as-default-secure-protocols-in-wi
                • https://www.greengeeks.com/tutorials/article/how-to-enable-tls-1-1-and-1-2-in-outlook-windows-7/
                d19dotcaD Offline
                d19dotcaD Offline
                d19dotca
                wrote on last edited by
                #6

                @girish This has come to bite me too now for one of my clients, after we got past the blacklisted IP on Spamhaus, we determined that the second issue is that they are on an old version of macOS and it seems to not support TLSv1.1 nor TLSv1.2.

                Logs:

                Jun 10 21:31:33 [INFO] [096611F0-ACB5-4CC0-8D6C-42395E10661B] [access] whitelist: true, pass:connect.rdns_access.whitelist
                Jun 10 21:31:34 [INFO] [096611F0-ACB5-4CC0-8D6C-42395E10661B] [helo.checks] helo_host: [10.0.0.183], pass:bare_ip, host_mismatch, fail:rdns_match(literal), skip:dynamic(literal), valid_hostname(literal)
                Jun 10 21:31:35 [INFO] [096611F0-ACB5-4CC0-8D6C-42395E10661B] [core] client [<ClientIPaddress>] connection error: Error: 140689161090944:error:14209102:SSL routines:tls_early_post_process_client_hello:unsupported protocol:../deps/openssl/openssl/ssl/statem/statem_srvr.c:1686:
                Jun 10 21:31:35 [NOTICE] [096611F0-ACB5-4CC0-8D6C-42395E10661B] [core] disconnect ip=<ClientIPaddress> rdns=<ISPhostname> helo=[10.0.0.183] relay=N early=N esmtp=Y tls=N pipe=N errors=0 txns=0 rcpts=0/0/0 msgs=0/0/0 bytes=0 lr="" time=1.967
                

                While I can recommend they upgrade (and I will be recommending it for sure, I didn't realize they were so behind in macOS versions), it's also kind of hard to dictate what OS my clients run (at least at this stage since I didn't exactly have that in any contracts before). Is there a way I can temporarily enable TLSv1.0 support for them until they are done upgrading?

                --
                Dustin Dauncey
                www.d19.ca

                1 Reply Last reply
                0
                • girishG Offline
                  girishG Offline
                  girish
                  Staff
                  wrote on last edited by
                  #7

                  @d19dotca Maybe you can try something like this:

                  1. docker exec -ti mail /bin/bash
                  2. Edit /run/haraka/config/tls.ini
                  3. Add the secureProtocol line like below (be careful not to add it to the end since it has to be outside any section):
                  ; default tls version and ciphers come from node (better to upgade node than set them here)
                  
                  secureProtocol = TLSv1_method
                  
                  [no_tls_hosts]
                  172.18.0.0/16
                  127.0.0.1
                  
                  1. supervisorctl restart haraka

                  Does it work after that?

                  Unfortunately, the above changes are not persisted. So, you have to make the changes on server restart and sometimes on cloudron update (if we updated the mail container).

                  1 Reply Last reply
                  1
                  • girishG Offline
                    girishG Offline
                    girish
                    Staff
                    wrote on last edited by
                    #8

                    https://help.nexcess.net/77209-third-party-email-clients/how-to-allow-outlook-to-connect-over-tls-1112 has the registry instructions.

                    1 Reply Last reply
                    0
                    Reply
                    • Reply as topic
                    Log in to reply
                    • Oldest to Newest
                    • Newest to Oldest
                    • Most Votes


                      • Login

                      • Don't have an account? Register

                      • Login or register to search.
                      • First post
                        Last post
                      0
                      • Categories
                      • Recent
                      • Tags
                      • Popular
                      • Bookmarks
                      • Search