CCS C Software and Maintenance Offers
FAQFAQ   FAQForum Help   FAQOfficial CCS Support   SearchSearch  RegisterRegister 

ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

CCS does not monitor this forum on a regular basis.

Please do not post bug reports on this forum. Send them to CCS Technical Support

[OffTopic] Mail problem from CCS?
Goto page 1, 2  Next
 
Post new topic   Reply to topic    CCS Forum Index -> General CCS C Discussion
View previous topic :: View next topic  
Author Message
hmmpic



Joined: 09 Mar 2010
Posts: 314
Location: Denmark

View user's profile Send private message

[OffTopic] Mail problem from CCS?
PostPosted: Tue Nov 02, 2021 1:12 pm     Reply with quote

Mail problem from CCS?

Anyone having random problem receiving some mail from CCS?
CCS sometime use old protocol like TLS1.0 & TLS1.1 and SSLv2 and SSLv3. Today most mail-servers will reject tease for security.
https://www.tbs-certificates.co.uk/FAQ/en/protocoles-obsoletes.html

1) Anyone having random problem receiving mail from CCS?

2) Anyone having a header from there mail received from CCS?

The log entry when CCS was rejected look like this (They use SSLv2 or SSLv3 not secure and rejected):
SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol

When there are no problem there header look like this (xxx is where i have removed information): Received: from [192.168.100.xxx] (helo=MARK) by xxx.ccsinfo.com with esmtp


Last edited by hmmpic on Wed Nov 03, 2021 12:47 am; edited 1 time in total
temtronic



Joined: 01 Jul 2010
Posts: 9228
Location: Greensville,Ontario

View user's profile Send private message

PostPosted: Tue Nov 02, 2021 1:44 pm     Reply with quote

No problems for me, just got one the other day.
I use Mozilla Thunderbird as my email program, WIN7ultimate.
Ttelmah



Joined: 11 Mar 2010
Posts: 19515

View user's profile Send private message

PostPosted: Tue Nov 02, 2021 11:50 pm     Reply with quote

'Most servers', most certainly do not reject SS (as a generic term)..
You can usually tell you server to reject unvalidated SSL connections,
but this is a setting that you can adjust.
SSL as a term, usually generically includes all the updated layers below
this.
TLS1.0, definitely would be a problem. Things are moving now to TLS1.3,
and if the mail comes in through an Office365 based portal, these won't
accept TLS1.0 (or 1.1) transactions now.
So the SSL error might be an error that the protocol 'below' this is one
that is not supported. Though your error message seems to suggest
that the older SSL protocol is what is being used.
Who are you talking to at CCS?. The programmers and people there all
seem to use their own mail clients. Sounds as if you may be talking to
somebody who has not updated their settings.
Must admit if they are using a main server that still validates using one of
original SSL protocols, that is 'scarey'...
Thinking about it most of the servers use Unix based code, and this would
be updated as standard. The lower SSL layers were deprecated years
ago. Now the server at your end, and the server at CCS, will use the
'highest' protocol that both support, and is supported all the way between
them. Wonder if you are routing through some intermediate that is
blocking the higher protocols?.
Had no problems 'generically' with stuff from CCS.
hmmpic



Joined: 09 Mar 2010
Posts: 314
Location: Denmark

View user's profile Send private message

PostPosted: Wed Nov 03, 2021 3:40 am     Reply with quote

Problem is random, some mail are sent without encryption these mail are received ok, but some are sent with old SSLv2 or SSLv3 and they fail.

I have informed CCS about there mail server and old protocol, but no reply...

In Denmark most mail servers only accept no encryption or use TLS1.2 and some also support TLS1.3. Problem is when someone use old mail servers there worked some years back, and is not updated for years...

All this because the pointer bug in 5.105:-)
hmmpic



Joined: 09 Mar 2010
Posts: 314
Location: Denmark

View user's profile Send private message

PostPosted: Wed Nov 03, 2021 5:00 am     Reply with quote

When mail are received the header named Received have "esmtp" can you maybe check some mail from CCS and see if you have some encryption esmtps in the Received line...
The Received must be read from the button and up. Find some where you see a CCS public ip address like 98.100.x.x

This is one mail from ebay:
mxphxxxx.ebay.com ([66.211.xxx.xxx]:51459)
by serverxxx.xxx.dk with esmtps (TLS1.2) tls TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384

This is from CCS:
Received: from xxxx.ccsinfo.com ([98.100.xxx.xxx]:35753)
by serverxx.xxx.dk with esmtp
Ttelmah



Joined: 11 Mar 2010
Posts: 19515

View user's profile Send private message

PostPosted: Wed Nov 03, 2021 7:38 am     Reply with quote

I'd actually suspect it is one of the international gateway systems that is
not accepting the higher level security. Would explain the randomness.
If it was CCS's server, it'd happen all the time. What is happening is
that when the negotiation takes place between the mail at your end
and the CCS server if it happens to go through a gateway that refuses
the higher security, then both ends turn down to a lower level....
I had this years ago, and used to force a default global router to be used.
hmmpic



Joined: 09 Mar 2010
Posts: 314
Location: Denmark

View user's profile Send private message

PostPosted: Fri Nov 12, 2021 4:33 am     Reply with quote

This explain a lot: (version=TLS1 cipher=AES128-SHA bits=128/128 )
Received : from mail2.ccsinfo.com (mail2.ccsinfo.com. [98.100.152.38]) by mx.google.com with ESMTPS for xxx@gmail.com (version=TLS1 cipher=AES128-SHA bits=128/128 );

So many years ago this was used, totally old (1999).
https://endoflife.software/protocols/encryption/tls

About one month ago CCS was sending with ESMTP. But now they use ESMTPS with (version=TLS1 cipher=AES128-SHA bits=128/128).

It's only a matter of time before others experience the same problem. CCS wont listen at all about this.
jeremiah



Joined: 20 Jul 2010
Posts: 1349

View user's profile Send private message

PostPosted: Fri Nov 12, 2021 3:53 pm     Reply with quote

hmmpic wrote:
This explain a lot: (version=TLS1 cipher=AES128-SHA bits=128/128 )
Received : from mail2.ccsinfo.com (mail2.ccsinfo.com. [98.100.152.38]) by mx.google.com with ESMTPS for xxx@gmail.com (version=TLS1 cipher=AES128-SHA bits=128/128 );

So many years ago this was used, totally old (1999).
https://endoflife.software/protocols/encryption/tls

About one month ago CCS was sending with ESMTP. But now they use ESMTPS with (version=TLS1 cipher=AES128-SHA bits=128/128).

It's only a matter of time before others experience the same problem. CCS won't listen at all about this.


Did you call them and chat with them about it?
hmmpic



Joined: 09 Mar 2010
Posts: 314
Location: Denmark

View user's profile Send private message

PostPosted: Sat Nov 13, 2021 4:28 am     Reply with quote

YES they are informed about the issue! But they don't care Rolling Eyes
Ttelmah



Joined: 11 Mar 2010
Posts: 19515

View user's profile Send private message

PostPosted: Sat Nov 13, 2021 7:38 am     Reply with quote

As I have already pointed out, I don't think the issue is with them.
Key to understand is that when you talk to eBay, they have a server
close to where you are. However when you talk to CCS, you are going
through one or more international gateway servers.

Now when such a mail connection is established, the servers at each end
say what security they support, and the link propagates through each
gateway, with it either accepting or rejecting the particular security levels.
The link gets established with the highest security _that is supported by
every link in the connection_. It only takes one of the gateway servers
to be rejecting a higher level for the security to turn down.

Now the reason I don't think the issue is with CCS, is I have emails back
from May, that are using a higher security level than you are showing.
I think the issue is with the gateways being used. The reason it has
switched up a month ago, may well be that there was an update to
one of the gateways.

I have seen exactly this with a gateway in the Azores that was used
for a lot of the UK links a while back.
hmmpic



Joined: 09 Mar 2010
Posts: 314
Location: Denmark

View user's profile Send private message

PostPosted: Sat Nov 13, 2021 8:56 am     Reply with quote

hmmm, when i see this:
Received : from mail2.ccsinfo.com (mail2.ccsinfo.com. [98.100.152.38]) by mx.google.com with ESMTPS for xxx@gmail.com (version=TLS1 cipher=AES128-SHA bits=128/128 );

Is is because the sender use TLS1...

I have mail years back from CCS and all sent as ESMTP. About 14 days back they start to be rejected by our hosted mailserver, this is when they use ESMTPS and TLS1.

To do a long story short, in DK a lot of hosts only support TLS1.2, and up. That's the case.

If you have any mail received from CCS showing they use any security please post the "Received" line.
newguy



Joined: 24 Jun 2004
Posts: 1908

View user's profile Send private message

PostPosted: Sat Nov 13, 2021 9:50 am     Reply with quote

Code:
Received: from ...
 (...:...:...:...::...) by ...
 (...:...:....:...::...) with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384)


This is from an email I received from CCS back in mid September.
hmmpic



Joined: 09 Mar 2010
Posts: 314
Location: Denmark

View user's profile Send private message

PostPosted: Sat Nov 13, 2021 10:16 am     Reply with quote

Sorry but the line you show can be a wrong one. You need to understand the header "Received". Please find the one in most top there have CCS public IP and display and show it all.

What i see is:

The Exim used by CCS is so old. Exim 4.69 is from late 2007.

CCS to their outgoing SMTP server:
Received: from [192.168.100.111] (helo=MARK) by mail2.ccsinfo.com with esmtp (Exim 4.69) (envelope-from <support@ccsinfo.com>)

Google receive is from (CCS) outgoing SMTP server:
Received: from mail2.ccsinfo.com (mail2.ccsinfo.com. [98.100.152.38]) by mx.google.com with ESMTPS for <xxx@gmail.com> (version=TLS1 cipher=AES128-SHA bits=128/128);

Our mail server receiver the mail from google as it is forwarded from my account at google til my local mail....:
Received: from mail-io1-f51.google.com ([209.85.166.51]:38699) by server.xxx.dk with esmtps (TLS1.2) tls TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256)

As you see Google and CCS's deal with the low TLS1, maybe because CCS won't accept any higher.
jeremiah



Joined: 20 Jul 2010
Posts: 1349

View user's profile Send private message

PostPosted: Sat Nov 13, 2021 9:25 pm     Reply with quote

hmmpic wrote:
YES they are informed about the issue! But they don't care Rolling Eyes


They said they refuse to fix it or that they didn't believe it was a problem? or some other response? I'm curious what their thinking is.
hmmpic



Joined: 09 Mar 2010
Posts: 314
Location: Denmark

View user's profile Send private message

PostPosted: Sun Nov 14, 2021 10:10 am     Reply with quote

Sent 3 nice mail no response at all. And they have my Gmail addr😉 Really think they won't do anything before they have bigger problems🤔

Maybe someone can post some correct Received line, just to compare...
Display posts from previous:   
Post new topic   Reply to topic    CCS Forum Index -> General CCS C Discussion All times are GMT - 6 Hours
Goto page 1, 2  Next
Page 1 of 2

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB © 2001, 2005 phpBB Group