Unfortunately I can’t upgrade that server to v6.9 as it’s a legacy unit running CentOS 5. I had thought that 5.9 did actually have TLS 1.2 though. How would I determine that?
@diamondcomputer - many thanks. It is not IW that sets tls but OpenSSL.
You could run an external test from any browser using qualys- this would tell you your tls and cipher
Usually if tls cannot be found, would indicate the receiving mail server cannot use your tls as ciphers tend to show cannot agree tls or similar
Is it just on the v5 or is it on both
If you want to pm me a domain to test, I will let you know as it gives better details
Lastly, you have set a proper ssl on the mail server from nodeworx server ssl mail and have a correct RDNS on your IP used for mail
Also, to cover everything, have you fully restarted the server Incase something got stuck
@Jesse1 - your issue sounds different to Phil - I would open a support ticket with your host provider but first restart your server. If it cannot find IP it sounds likely more a routing issue rather then a mail issue
I took a bets guess at your domains and tested the following as below (Note - details have been changed to not show proper domains/IP addresses)
Based on these tests, I would consider best action woudl be to forward all outgoing email to the V6 server, which should allow normal email delivery as a short term solution.
Then I would apply a SSL cert to V5 server for mail and set the ciphers as HIGH:MEDIUM:!EXPORT:!SSLv2:!ADH:!aNULL:!eNULL:!NULL:!LOW as a test. Rememebr to restart mail services.
However, I maybe getting confused as I am not sure if spamfilter.domain.url is on your IW servers or provided through a third party. If third party, then they need to turn on TLS and set ciphers as it is not available at the moment
I hope that helps a little
IW-CP V5
seconds test stage and result
[000.000] Trying TLS on spamfilter.domain.url[IP-Removed] (10)
[000.024] Server answered
[000.086] <‑‑ 220 PTR-removed InterWorx-CP SMTP Server ESMTP
[000.086] We are allowed to connect
[000.086] ‑‑> EHLO www11-do.2domain.url
[000.178] <‑‑ 250-PTR-removed InterWorx-CP SMTP Server
250-AUTH LOGIN PLAIN
250-AUTH=LOGIN PLAIN
250-NOOP
250-SIZE 47185920
250 8BITMIME
[000.178] We can use this server
[000.179] TLS is not an option on this server
[000.179] ‑‑> MAIL FROM:test@2domain.url
[005.582] <‑‑ 250 ok
[005.582] Sender is OK
[005.582] ‑‑> QUIT
TLS is NOT available on this server
IW-CP V6
[000.564] <~~ 250-efa1.domain.url
250-PIPELINING
250-SIZE 10240000
250-ETRN
250-AUTH LOGIN PLAIN DIGEST-MD5 CRAM-MD5
250-AUTH=LOGIN PLAIN DIGEST-MD5 CRAM-MD5
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
[000.564] TLS successfully started on this server
TLS is WORKING on this server
@jesse1 - You were not clear over cannot find IP address, so it could be routing or it could be DNS not able to resolve sending mail MX or A. You or your hosting provider would need to check further, usually by SSH
I think those messages may end up being a limitation of CentOS 5, considering it has been EOL for so long. We had customers with similar errors in the past, and the only resolution that really worked for them was migrating to a CentOS 6 server. Being that repos for CentOS 5 no longer exist, and there are no longer even security patches being pushed through, the longer you try to use that OS, the more issues you will probably run into, unfortunately. We have not officially supported CentOS 5 for the better part of three years, now.
I did some googling for TLS 1.2 on CentOS 5. I’m seeing a lot of requests for it, but I’m not finding much indication that they ever applied it/updated their provided version of OpenSSL to include it. I found this one, where a staff member replied that it was really up to Red Hat because CentOS just rebuilt from RH, but since RHEL5 was nearing EOL at the time, it was very unlikely it would ever be included: https://forums.centos.org/viewtopic.php?t=57448
I would recommend looking into updating that server to CentOS 7, since CentOS 6 goes EOL this month. I know that, since it is a legacy server, that may not be possible, but it may be at least worth suggesting.
Thanks,
-Jenna
Friendly Neighborhood Support Manager
I would need to know more information as to the specific errors that you are receiving, as that is a bit vague.
However, if I recall correctly, I think you may be a ProfitHost customer? If so, if you reach out to them, they may be a better point of contact, as they would be able to see exactly what is happening on their servers.
@IWorx-Jenna - good posts and I have advised Phil the same, Centos 7 and IW-CP v7 - Phil did PM me and stated same so hopefully that should resolve issue with Phil
You are correct over jesse1 and profithost, I could not think of host company he used at the time sorry
Being that repos for CentOS 5 no longer exist, and there are no longer even security patches being pushed through, the longer you try to use that OS, the more issues you will probably run into, unfortunately. We have not officially supported CentOS 5 for the better part of three years, now.