Skip to main content

Strange problem with outgoing mail in old Mac

Comments

7 comments

  • cPanelMichael
    Hello @wonder_wonder, Can you share the specific MacOS version installed on the affected systems? Thank you.
    0
  • wonder_wonder
    Hello @cPanelMichael ! Yes, of course: OS X Yosemite (ver: 10.10.5). Thanks!
    0
  • kdean
    Yosemite and older do not have support for TLS 1.2 so that's likely the problem is you're connecting securely. cPanel by default only does TLS 1.2 or later. There are threads around here that help you add TLS 1.1 support back. Although if it's just that old computer, they should just upgrade (MacOS upgrades are free to the latest version supported by the hardware).
    0
  • wonder_wonder
    Yosemite and older do not have support for TLS 1.2 so that's likely the problem is you're connecting securely. cPanel by default only does TLS 1.2 or later.

    Ok, thanks for explanation. I search in WHM-Service Configuration-Mailserver configuration, in this, are SSL Minimum Protocol, bu default is set to TLS 1.2, I changed to TLS1.1 and indicate to my client try now, when he indicate to me the results, I post here. [quote]There are threads around here that help you add TLS 1.1 support back. Although if it's just that old computer, they should just upgrade (MacOS upgrades are free to the latest version supported by the hardware).
    No, is not possible upgrade this computer, I try, but her hardware is not supported for upgrade (are of 2008 year). Thank you very much!
    0
  • wonder_wonder
    Solved the "issue" :) Aren't like indicate in my last reply, I need made this changes: WHM-Service Configuration-Exim Configuration Manager->Tab Security -> Change Options for OpenSSL to: +no_sslv2 +no_sslv3
    And SSL/TLS Cipher Suite List change to: 1 ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS
    After this, my client can send mail from her older Mac :) but....can't connect to inbox xD. Them I go to WHM-Service Configuration-Mailserver Configuration and set SSL Minimum Protocol to TLSv1 and SSL Cipher List set to: ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS
    And now, all work fine (with mail) with my client with her older Mac :) Thank you very much!
    0
  • cPanelMichael
    Hello @wonder_wonder, Keep in mind the workaround allows for the use of weaker ciphers. This means greater compatibility with outdated operating systems, but it comes at the cost of reduced security. You should consider reaching out to the individuals using the outdated hardware and see if you can encourage a hardware upgrade at some point in the future. Thank you.
    0
  • wonder_wonder
    Hello @cPanelMichael ! Yes, I think in this, and you have reasson. For me is not the best option or solution (I was described in my last reply how solved this problem for if other user have the same problem) but for me, is not the best option... My client, seeing that now works ... I think it will take a while to upgrrade the hardware. That, or that there is a problem before and then ... yes, it will update it. I will tell you / asking you to update it as soon as possible. We have solved your "problem" with obsolete mail client, but we have lowered security on the server, and in the end, I am responsible for that security and server, so if finally something happens ... I take the opportunity to ask; I set to TLS 1.0, but I do not know if I can set it in TLS 1.1. I guess the best option is to try. That yes, I will insist very much, in that upgrade the hardware. And if he can not upgrade the hardware, there are other email clients (like thunderbird for example) that work great (I've been using it for so many years that I do not remember, and it's a real luxury). Thank you for your comments!
    0

Please sign in to leave a comment.