Knowledge Base

Outlook 2007 and other old mail clients not able to use SSL/TLS connection

Symptoms

Old mail client such as Outlook 2007 is not able to send a mail via SSL/TLS.
The log file /var/log/maillog contains one of the following error messages from Postfix or Courier:

courier-imaps: couriertls: accept: error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number
postfix/smtpd[17918]: warning: TLS library problem: 21146:error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number:s3_pkt.c:340:

postfix/smtpd: warning: TLS library problem: 7346:error:1408F10B:SSL routlines: SSL3_GET_CLIENT_HELLO:no shared cipher:s3_srvr.c:1387

Cause

SSLv3 support was disabled.

Note: SSLv3 was removed from the core crypto libraries since RHEL 8. See the official documentation for details.

Resolution

Apply on of the following alternatives:

Upgrade Outlook version.
Connect to the server using SSH and enable backward compatibility with old mail clients:
1. Set TLS_PROTOCOL=SSL23 in /etc/courier-imap/pop3d-ssl and /etc/courier-imap/imapd-ssl .
  
  Note: SSL23 will enable all SSL/TLS protocols.
2. Edit /etc/postfix/main.cf and set the following:
  
  smtp_tls_security_level = may
  tls_medium_cipherlist = MEDIUM:!aNULL:!MD5
3. Reload both Postfix and Courier services:
  
  # service postfix reload && service courier reload

Related Posts

Setting Up and Configuring a Linux Mail Server

CheckPassword authentication in Dovecot: a practical example in Shell

Dovecot in Plesk for Linux 12.0!

Knowledge Base

Unable to accept or send emails on Plesk server via SendGrid with forwarding enabled: 550 The from address does not match a verified Sender Identity.

Unable to send mail: deferred (delivery temporarily suspended: connect to 127.0.0.1[127.0.0.1]:10024: Connection refused)

Mail delivery does not work: do not list domain in BOTH mydestination and virtual_mailbox_domains

Unable to access mail: Warning: Inotify instance limit for user exceeded

Hosting Wiki