V6.16 TLS Issue

Jan 26 (3 months ago)
Darren Lawrence wrote
Whilst I know this is an old version but..

I have a client that only uses VPOP3 for sending, they have a web application that sends emails for an internal system, these emails used to be sent via SMTP directly to office365 but if o365 failed for any reason (and there are many apparently) it would loose any emails.

I persuaded them to use an intermediary server application so the web app would send and the app would deal with the queuing/resending attempts

This has been working for years, with the odd issue here and there but nothing for a long long time

Recently they had a problem with the o365 mailbox being full and emails stopped sending for obvious reason. I was asked to look at why and explained the mailbox full issue. However because I have now had to look into it I have noticed an issue that I cannot find information on.

VPOP3 will send (limit is now 50 at a time, used to be 5) it authenticates fine and sends any waiting, all good, however it then will fail to authenticate a few times and then will work again and send any waiting.

It logs the failures with a postmaster message as follows:-

VPOP3 has encountered an error logging onto the mail server smtp.office365.com for Mail Sender "LAN".
The response from the remote server was: 421 4.7.66 TLS 1.0 and 1.1 are not supported. Please upgrade/update your client to support TLS 1.2. Visit https://aka.ms/smtp_auth_tls. [LO4P123CA0437.GBRP123.PROD.OUTLOOK.COM]
This connection has failed, and no messages have been sent.

Now , why does it work sometimes and other times fails?

Also how can we force TLS 1.2 with VPOP3

Best Regards
Reply
4 Answers
Jan 26 (3 months ago)
Paul Smith agent wrote
VPOP3 6.16 is very old and uses a version of OpenSSL which didn't support all the features of TLS 1.2. I guess it works sometimes and not others because it will depend on which particular mail server at Microsoft that it hits - I guess some servers haven't had their configuration updated so still support TLS 1.1 or more basic types of TLS 1.2

So, upgrading to the latest VPOP3 is the simplest solution. I don't know the licence details of this particular instance, but if it's a 5 user VPOP3 Basic licence, the upgrade costs £25 +VAT. You can order it online at https://www.pscs.co.uk/products/vpop3/upgrade (remember to log in to our website first to get your reseller discount)

Alternatively, you may be able to use something like STUNNEL to 'wrap' VPOP3's connections in an SSL tunnel, but that is outside the scope of our free support.
Jan 26 (3 months ago)
Darren Lawrence wrote
Thanks for the quick reply, the server rotation would make total sense

I thought 6.16 supported TLS 1.2, when was 1.2 introduced to VPOP3

Can the OpenSSL be updated independantly (did this for some other application some time ago which worked but not sure how with VPOP3)
Jan 26 (3 months ago)
Darren Lawrence wrote
No matter, upgrade purchased, customer happy to pay
Jan 26 (3 months ago)
Paul Smith agent wrote
OK. That's the easiest option. :-)