Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


  • Categories
  • Recent
  • Tags
  • Popular
  • Bookmarks
Skins
  • Light
  • Cerulean
  • Cosmo
  • Flatly
  • Journal
  • Litera
  • Lumen
  • Lux
  • Materia
  • Minty
  • Morph
  • Pulse
  • Sandstone
  • Simplex
  • Sketchy
  • Spacelab
  • United
  • Yeti
  • Zephyr
  • Dark
  • Cyborg
  • Darkly
  • Quartz
  • Slate
  • Solar
  • Superhero
  • Vapor

  • Default (No Skin)
  • No Skin
Collapse

Cloudron Forum

Apps | Demo | Docs | Install

Cannot send email from Outlook 2007 with 5.2.4 -- Connection error SSL routines TLS

Scheduled Pinned Locked Moved Solved Support
mailoutlooktlstlsv1
8 Posts 4 Posters 715 Views
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • R Offline
    R Offline
    rfg
    wrote on last edited by girish
    #1

    Hi

    Since update 5.2.4, we are experience problems to sent mail from Outlook 2007 (running on win7)

    Outlook Error message: 0x800CCC80 – None of the authentication methods supported by this client are supported by your server

    Log error on email server says:

    client [187.188.xxx.xxx] connection error: Error: 140072188094336:error:14209102:SSL routines:tls_early_post_process_client_hello:unsupported
    

    Not sure if it's related, but we had similar problem past march and fixed in this way:
    https://forum.cloudron.io/topic/2221/cloudron-5-released/13

    I've returned the setting to TRUE but the problem persists.

    Complete log:

    Jun 01 17:47:44 [INFO] [8B8B81F3-5B6B-48A1-ABE1-DEC2ADED8DA1] [spf] identity=helo ip=187.188.xxx.xxx domain="PROYECTOS01" mfrom=<postmaster@PROYECTOS01> result=None
    Jun 01 17:47:44 [INFO] [8B8B81F3-5B6B-48A1-ABE1-DEC2ADED8DA1] [spf] scope: helo, result: None, domain: PROYECTOS01
    Jun 01 17:47:44 [INFO] [8B8B81F3-5B6B-48A1-ABE1-DEC2ADED8DA1] [core] client [187.188.xxx.xxx] connection error: Error: 140072188094336:error:14209102:SSL routines:tls_early_post_process_client_hello:unsupported protocol:../deps/openssl/openssl/ssl/statem/statem_srvr.c:1686:
    Jun 01 17:47:44 [NOTICE] [8B8B81F3-5B6B-48A1-ABE1-DEC2ADED8DA1] [core] disconnect ip=187.188.xxx.xxx rdns=fixed-187-188-143-228.totalplay.net helo=PROYECTOS01 relay=N early=N esmtp=Y tls=N pipe=N errors=0 txns=0 rcpts=0/0/0 msgs=0/0/0 bytes=0 lr="" time=0.184
    Jun 01 17:47:45 [NOTICE] [BC430C61-CB61-44B6-A2C6-EBB2F79CDBA4] [core] connect ip=187.188.xxx.xxx port=54382 local_ip=:: local_port=2525
    Jun 01 17:47:45 [INFO] [BC430C61-CB61-44B6-A2C6-EBB2F79CDBA4] [helo.checks] helo_host: PROYECTOS01, pass:bare_ip, host_mismatch, fail:valid_hostname(no_dot), rdns_match, skip:dynamic(no dots)
    

    Thanks for your help

    murgeroM 1 Reply Last reply
    0
  • girishG Offline
    girishG Offline
    girish Staff
    wrote on last edited by
    #2

    I think the issue is that we removed TLS 1.0 support. Can you enable TLS 1.2 support in Outlook using one of the following articles:

    • https://www.siteground.com/kb/how-to-enable-tls-1-1-and-1-2-in-outlook-on-windows-7/
    • https://support.microsoft.com/en-us/help/3140245/update-to-enable-tls-1-1-and-tls-1-2-as-default-secure-protocols-in-wi
    • https://www.greengeeks.com/tutorials/article/how-to-enable-tls-1-1-and-1-2-in-outlook-windows-7/
    d19dotcaD 1 Reply Last reply
    0
  • R Offline
    R Offline
    rfg
    wrote on last edited by
    #3

    Thanks @girish

    Just for the record, besides to install the KB and set the DefaultSecureProtocols registry entries, I also need to add the following keys:

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client]
    “DisabledByDefault”=dword:00000000
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client]
    “DisabledByDefault”=dword:00000000
    
    1 Reply Last reply
    1
  • girishG Offline
    girishG Offline
    girish Staff
    wrote on last edited by
    #4

    @rfg Thanks for the update!

    1 Reply Last reply
    0
  • murgeroM Offline
    murgeroM Offline
    murgero App Dev
    replied to rfg on last edited by
    #5

    @rfg You should upgrade to Windows 10 (It's free for crying out loud 😉 ) and Office 365. I have no issues using the latest.

    Also, can you please amend your title to say "Outlook 2007" so users using the latest Outlook program do not get confused and follow the wrong directions to fix an issue?

    If you would like, I can help you find an upgrade path to Win10 + O365 as well. Let me know!

    --
    https://urgero.org
    ~ Professional Nerd. Freelance Programmer. ~
    Matrix: @murgero:urgero.org

    1 Reply Last reply
    1
  • d19dotcaD Offline
    d19dotcaD Offline
    d19dotca
    replied to girish on last edited by
    #6

    @girish This has come to bite me too now for one of my clients, after we got past the blacklisted IP on Spamhaus, we determined that the second issue is that they are on an old version of macOS and it seems to not support TLSv1.1 nor TLSv1.2.

    Logs:

    Jun 10 21:31:33 [INFO] [096611F0-ACB5-4CC0-8D6C-42395E10661B] [access] whitelist: true, pass:connect.rdns_access.whitelist
    Jun 10 21:31:34 [INFO] [096611F0-ACB5-4CC0-8D6C-42395E10661B] [helo.checks] helo_host: [10.0.0.183], pass:bare_ip, host_mismatch, fail:rdns_match(literal), skip:dynamic(literal), valid_hostname(literal)
    Jun 10 21:31:35 [INFO] [096611F0-ACB5-4CC0-8D6C-42395E10661B] [core] client [<ClientIPaddress>] connection error: Error: 140689161090944:error:14209102:SSL routines:tls_early_post_process_client_hello:unsupported protocol:../deps/openssl/openssl/ssl/statem/statem_srvr.c:1686:
    Jun 10 21:31:35 [NOTICE] [096611F0-ACB5-4CC0-8D6C-42395E10661B] [core] disconnect ip=<ClientIPaddress> rdns=<ISPhostname> helo=[10.0.0.183] relay=N early=N esmtp=Y tls=N pipe=N errors=0 txns=0 rcpts=0/0/0 msgs=0/0/0 bytes=0 lr="" time=1.967
    

    While I can recommend they upgrade (and I will be recommending it for sure, I didn't realize they were so behind in macOS versions), it's also kind of hard to dictate what OS my clients run (at least at this stage since I didn't exactly have that in any contracts before). Is there a way I can temporarily enable TLSv1.0 support for them until they are done upgrading?

    --
    Dustin Dauncey
    www.d19.ca

    1 Reply Last reply
    0
  • girishG Offline
    girishG Offline
    girish Staff
    wrote on last edited by
    #7

    @d19dotca Maybe you can try something like this:

    1. docker exec -ti mail /bin/bash
    2. Edit /run/haraka/config/tls.ini
    3. Add the secureProtocol line like below (be careful not to add it to the end since it has to be outside any section):
    ; default tls version and ciphers come from node (better to upgade node than set them here)
    
    secureProtocol = TLSv1_method
    
    [no_tls_hosts]
    172.18.0.0/16
    127.0.0.1
    
    1. supervisorctl restart haraka

    Does it work after that?

    Unfortunately, the above changes are not persisted. So, you have to make the changes on server restart and sometimes on cloudron update (if we updated the mail container).

    1 Reply Last reply
    1
  • girishG Offline
    girishG Offline
    girish Staff
    wrote on last edited by
    #8

    https://help.nexcess.net/77209-third-party-email-clients/how-to-allow-outlook-to-connect-over-tls-1112 has the registry instructions.

    1 Reply Last reply
    0

  • Login

  • Don't have an account? Register

  • Login or register to search.
  • First post
    Last post
0
  • Categories
  • Recent
  • Tags
  • Popular
  • Bookmarks
  • Login

  • Don't have an account? Register

  • Login or register to search.