Knowledge Base

Outlook 2007 and other old mail clients not able to use SSL/TLS connection

Symptoms

Old mail client such as Outlook 2007 is not able to send a mail via SSL/TLS.
The log file /var/log/maillog contains one of the following error messages from Postfix or Courier:

courier-imaps: couriertls: accept: error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number
postfix/smtpd[17918]: warning: TLS library problem: 21146:error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number:s3_pkt.c:340:

postfix/smtpd: warning: TLS library problem: 7346:error:1408F10B:SSL routlines: SSL3_GET_CLIENT_HELLO:no shared cipher:s3_srvr.c:1387

Cause

SSLv3 support was disabled.

Note: SSLv3 was removed from the core crypto libraries since RHEL 8. See the official documentation for details.

Resolution

Apply on of the following alternatives:

Upgrade Outlook version.
Connect to the server using SSH and enable backward compatibility with old mail clients:
1. Set TLS_PROTOCOL=SSL23 in /etc/courier-imap/pop3d-ssl and /etc/courier-imap/imapd-ssl .
  
  Note: SSL23 will enable all SSL/TLS protocols.
2. Edit /etc/postfix/main.cf and set the following:
  
  smtp_tls_security_level = may
  tls_medium_cipherlist = MEDIUM:!aNULL:!MD5
3. Reload both Postfix and Courier services:
  
  # service postfix reload && service courier reload

Related Posts

Choosing the Best MTA: Postfix vs Sendmail vs Exim: a Comprehensive Comparison

Exploring Plesk’s Added Value Solutions So Far in 2023

Unveiling Sitejet Builder: The Perfect Match for Your Effortless Website Creation Needs

Knowledge Base

Mail delivery does not work: do not list domain in BOTH mydestination and virtual_mailbox_domains

Let’s Encrypt notification mail: Your certificate (or certificates) for the names listed below will expire in days

Unable to send mail from Plesk server: deferred (delivery temporarily suspended: connect to 127.0.0.1[127.0.0.1]:10024: Connection refused)

Can’t access mail: Warning: Inotify instance limit for user exceeded

Hosting Wiki