SMTP email issue - Need TLS1.2 or higher support on port 587

1

Hi,
@lubos
First off great work with the software.

With the changes to use our own SMTP relay credentials (great improvement) I have noticed most servers don’t allow for the old TLS1 and TLS1.1 and SSL v2 and SSL v3 (Disabled on purpose at server level due to vulnerability concerns).

Example cPanel/WHM Servers EXIM Config = +no_sslv2 +no_sslv3 +no_tlsv1 +no_tlsv1_1 (default setting)

Is it possible to upgrade Manager to support TLS1.2 or TLS1.3 on port 587 to prevent authentication issues on servers that have implemented and blocked old versions from authenticating?

Thanks

2

@lubos , this is the error while sending email

System.IO.IOException: System.IO.IOException: Unable to read data from the transport connection: net_io_connectionclosed.
at System.Net.Mail.SmtpReplyReaderFactory.ProcessRead(Byte buffer, Int32 offset, Int32 read, Boolean readLine)
at System.Net.Mail.SmtpReplyReaderFactory.ReadLines(SmtpReplyReader caller, Boolean oneLine)
at System.Net.Mail.SmtpReplyReaderFactory.ReadLine(SmtpReplyReader caller)
at System.Net.Mail.CheckCommand.Send(SmtpConnection conn, String& response)
at System.Net.Mail.MailCommand.Send(SmtpConnection conn, Byte command, MailAddress from, Boolean allowUnicode)
at System.Net.Mail.SmtpTransport.SendMail(MailAddress sender, MailAddressCollection recipients, String deliveryNotify, Boolean allowUnicode, SmtpFailedRecipientException& exception)
at System.Net.Mail.SmtpClient.Send(MailMessage message)

3

@MarkAussie I’m pretty sure Manager supports TLS 1.2. How did you determine it doesn’t?

4

@lubos Thanks for the reply.
Emails work on port 587 when TLSv1 is enabled to authenticate and allow weak SSL/TLS ciphers.

Note:
When I disable blocking TLS v1 only authentication on a server and Allow weak SSL/TLS ciphers emails work fine.

When I disable blocking TLS v1_1 only authentication on a server and Allow weak SSL/TLS ciphers email fails with authentication error.

Thanks

5

What operating system are you using Manager with?

6

Windows 10.
I can see in the server logs emails being blocked due to authentication.
Server error: error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol

7

Could you try the latest version (19.6.78)? I changed something which could solve this issue.

2 Likes
8

Perfect.
Thank you for your time and effort in resolving this (so late in the evening as well).
I hope this resolves other peoples mail issues using there own SMTP relay credentials as well.
GREAT WORK.

9

I’m using 19.6.80 on Ubuntu and cant use the custom SMTP settings. Port 587. Server logs give:
2019-07-05 16:25:16 TLS error on connection from (office) [213.205.###.##]:42967 (SSL_accept): error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol

Is the Windows version more up to date?

11

Following on, here is the error manager give:

System.IO.IOException: System.IO.IOException: The authentication or decryption has failed. ---> System.IO.IOException: The authentication or decryption has failed. ---> Mono.Security.Protocol.Tls.TlsException: The authentication or decryption has failed.
at Mono.Security.Protocol.Tls.RecordProtocol.EndReceiveRecord (System.IAsyncResult asyncResult) [0x00040] in <1d0bb82c94e7435eb09324cf5ef20e36>:0 
at Mono.Security.Protocol.Tls.SslClientStream.SafeEndReceiveRecord (System.IAsyncResult ar, System.Boolean ignoreEmpty) [0x00000] in <1d0bb82c94e7435eb09324cf5ef20e36>:0 
at Mono.Security.Protocol.Tls.SslClientStream.NegotiateAsyncWorker (System.IAsyncResult result) [0x00071] in <1d0bb82c94e7435eb09324cf5ef20e36>:0 
--- End of inner exception stack trace ---
at Mono.Security.Protocol.Tls.SslClientStream.EndNegotiateHandshake (System.IAsyncResult result) [0x0003b] in <1d0bb82c94e7435eb09324cf5ef20e36>:0 
at Mono.Security.Protocol.Tls.SslStreamBase.AsyncHandshakeCallback (System.IAsyncResult asyncResult) [0x0000c] in <1d0bb82c94e7435eb09324cf5ef20e36>:0 
--- End of inner exception stack trace ---
at Mono.Security.Protocol.Tls.SslStreamBase.EndRead (System.IAsyncResult asyncResult) [0x00057] in <1d0bb82c94e7435eb09324cf5ef20e36>:0 
at Mono.Net.Security.Private.LegacySslStream.EndAuthenticateAsClient (System.IAsyncResult asyncResult) [0x00011] in :0 
at Mono.Net.Security.Private.LegacySslStream.AuthenticateAsClient (System.String targetHost, System.Security.Cryptography.X509Certificates.X509CertificateCollection clientCertificates, System.Security.Authentication.SslProtocols enabledSslProtocols, System.Boolean checkCertificateRevocation) [0x0000e] in :0 
at System.Net.Mail.SmtpClient.InitiateSecureConnection () [0x0005e] in :0 
at System.Net.Mail.SmtpClient.SendCore (System.Net.Mail.MailMessage message) [0x000b9] in :0 
at System.Net.Mail.SmtpClient.SendInternal (System.Net.Mail.MailMessage message) [0x00050] in :0 
at System.Net.Mail.SmtpClient.Send (System.Net.Mail.MailMessage message) [0x0009c] in :0
12

@weird, we are using Mono on Linux and Mac. I’m not sure about how it is with TLS 1.2 support on Mono. Are you running your own SMTP relay? If so, what happens when you allow your SMTP relay to use TLS 1.0, TLS 1.1 or SSL 3? Does it work then?