PHP encryption, stopped receiving emails via 365

[t4Chippy]

Hi Guys, I have a webshop running thirtybees 1.0.7 and around a month ago i stopped receiving "contact us" emails from my site. 

My email account is with microsoft office 365, and is the same domain as my site. My email was configured with "Use PHP's mail() function". This has been working fine since Christmas when the site went live, but as said, just stopped working on the 4th of May. 

I tried switching the customer services email to a gmail account and it comes through just fine, switch back to my domain email with 365 and it stops again. I contacted microsoft and they said to switch it over to SMTP but that refuses to even connect. 

I've read a few bits on bobs online that prestashop used to have a conflict with office 365 and something to do with presta not being STARTTLS compatable, and something to do with the swiftmailer? could this possibly be the issue with thirtybees too?

 

I'm not the most technically gifted individual but i can get a grasp of things and do have a friend who can can fill in the gaps in my knowledge so i thought I'd reach out to you guys and see if we can get this thing going again with your help.

Thanks in advance!

 

[t4Chippy]

2 hours ago, t4Chippy said:

I Have asked the MS technician to verify the above so will report back as soon as i hear anything. 

Okay, so I've spoken to MS and he gave me a link https://sender.office.com/ to de-list the server so fingers crossed it's all going through :) 

 

[Factor]

On 6/5/2019 at 3:30 PM, Brent Dacus said:

 

I wouldn't use PHP sending.  Alot of places block that as spam.

 

Yep. I some how felt it would come to this. In this day and age php mail really shouldn’t be an option.  MS will hopefully delist your IP within 48 hrs. 

@dynambee the Japan/Tennessee connection tag team is real...  great work all around. 

Its great to think a guy in Tennessee, a guy in Japan can help a guy in England (assumed). 

[t4Chippy]

5 minutes ago, Brent Dacus said:

Yep. I some how felt it would come to this. In this day and age php mail really shouldn’t be an option.  MS will hopefully delist your IP within 48 hrs. 

@dynambee the Japan/Tennessee connection tag team is real...  great work all around. 

Its great to think a guy in Tennessee, a guy in Japan can help a guy in England (assumed). 

Yea I'm going to have a word with my friend on the same server if this works to set up all sites with SMTP. 

Great work though guys!

@Brent Dacus I can confirm i am from England, it's raining outside 

Edited June 10, 2019 by t4Chippy

[t4Chippy]

Okay, I've tried a few times via SMTP not and it's still having none of it. Switch back to PHP and it's now working as it used to??

 

[Factor]

So they unblocked you? Already 

did the server guy fix the reverse mail and the dmarc as well

Edited June 10, 2019 by Brent Dacus

[t4Chippy]

Just now, Brent Dacus said:

So they unblocked you? Already 

did the server guy fix the reverse mail and the smart as well?

It looks that way, but i really want to get this smtp sorted if thats what caused it in the first place. 

[t4Chippy]

14 minutes ago, Brent Dacus said:

So they unblocked you? Already 

did the server guy fix the reverse mail and the dmarc as well

Ah DNS, thats for me to do 🙂
 

I sorted the dmarc myself, just wasn't sure how to do the other, doing that now 🙂

 

[Factor]

I think you don't need the domain registrars MX records in the mix.  I removed the various IPs.  I would get rid of the 123 ones.  So its not confused.  They are ranked but by Priority.  

https://intodns.com/  shows them there.

Duplicate MX A records

OK. You have some duplicate MX records (MX records with the same IPs). This is not that good but if you know what you are doing than it's ok.

MX Records

Your MX records that were reported by your nameservers are: 20   mx1.123-reg.co.uk   1   chippysworkshop-co-uk.mail.protection.outlook.com   10   mx0.123-reg.co.uk    [These are all the MX records that I found. If there are some non common MX records at your nameservers you should see them below. ]

Your reverse (PTR) record:
..in-addr.arpa ->  mx1.123-reg.co.uk
..in-addr.arpa ->  mail-db5eur010036.inbound.protection.outlook.com
..in-addr.arpa ->  mailex.mailcore.me
..in-addr.arpa ->  mx1.123-reg.co.uk
.in-addr.arpa ->  mx1.123-reg.co.uk
.in-addr.arpa ->  mx1.123-reg.co.uk
.in-addr.arpa ->  mail-he1eur010036.inbound.protection.outlook.com
.in-addr.arpa ->  mx1.123-reg.co.uk

 

My vendor has a template for Office 365 looks like this.  Make sure you add these and not delete the WWW ones

Edited June 10, 2019 by Brent Dacus

[Factor]

What is your sender score now?  is it better?

[Factor]

Still blacklisted 

did you go here and do this one to?

https://www.senderscore.org/rtbl/

[t4Chippy]

6 minutes ago, Brent Dacus said:

I think you don't need the domain registrars MX records in the mix.  I removed the various IPs.  I would get rid of the 123 ones.  So its not confused.  They are ranked but by Priority.  

Duplicate MX A records

OK. You have some duplicate MX records (MX records with the same IPs). This is not that good but if you know what you are doing than it's ok.

MX Records

Your MX records that were reported by your nameservers are: 20   mx1.123-reg.co.uk   1   chippysworkshop-co-uk.mail.protection.outlook.com   10   mx0.123-reg.co.uk    [These are all the MX records that I found. If there are some non common MX records at your nameservers you should see them below. ]

Your reverse (PTR) record:
..in-addr.arpa ->  mx1.123-reg.co.uk
..in-addr.arpa ->  mail-db5eur010036.inbound.protection.outlook.com
..in-addr.arpa ->  mailex.mailcore.me
..in-addr.arpa ->  mx1.123-reg.co.uk
.in-addr.arpa ->  mx1.123-reg.co.uk
.in-addr.arpa ->  mx1.123-reg.co.uk
.in-addr.arpa ->  mail-he1eur010036.inbound.protection.outlook.com
.in-addr.arpa ->  mx1.123-reg.co.uk

 

My vendor has a template for Office 365 looks like this.  Make sure you add these and not delete the WWW ones

deleted the two 123 ones, thanks for that, and i do seem to have a large number of those in the template, albeit not Dacus US, wonder if i need UK specific ones?

[t4Chippy]

2 minutes ago, Brent Dacus said:

Still blacklisted 

did you go here and do this one to?

https://www.senderscore.org/rtbl/

I hadn't but i have now 😄

[Factor]

10 minutes ago, t4Chippy said:

albeit not Dacus US,

HAHA that is my domain... Dacus is the last name.   its an example.   You can move to Tennessee anytime Mate..  Currently not raining here...

[Factor]

awesome

Duplicate MX A records	OK. I have not found duplicate IP(s) for your MX records. This is a good thing.
	Reverse MX A records (PTR)	Your reverse (PTR) record: .in-addr.arpa ->  mail-db5eur010036.inbound.protection.outlook.com .in-addr.arpa ->  mail-ve1eur010036.inbound.protection.outlook.com You have reverse (PTR) records for all your IPs, that is a good thing.
WWW		WWW A Record

[Factor]

Blacklist seem to be gone now...

OK	Sender Score Reputation Network

 

Try it..

Edited June 10, 2019 by Brent Dacus

[Factor]

You want me to register on you site and see if I get an email..

[t4Chippy]

2 minutes ago, Brent Dacus said:

Blacklist seem to be gone now...

Try it..

nope still getting an error on the contact page, but i think we're getting somewhere 🙂

[t4Chippy]

3 minutes ago, Brent Dacus said:

You want me to register on you site and see if I get an email..

Can do if you like 🙂

Edited June 10, 2019 by t4Chippy

[musicmaster]

I had similar problem. In the end I gave up and started sending via Sendgrid. It is free up to a certain volume. They make money with mass mailings but you can do your normal mails via them too.

[Factor]

22 minutes ago, t4Chippy said:

nope still getting an error on the contact page, but i think we're getting somewhere 🙂

ok in the backend  below the settings section.

 TEST YOUR EMAIL CONFIGURATION 

put in some email that is yours.  like a personal one test it.  what happens?

[Factor]

7 minutes ago, musicmaster said:

I had similar problem. In the end I gave up and started sending via Sendgrid. It is free up to a certain volume. They make money with mass mailings but you can do your normal mails via them too.

Yeah I just have my email setup on my Hosted VPS.  I use Mailscanner for filtering.  I use Cpanel so the Way to the web service is great.  https://www.configserver.com/cp/msfe.html

[t4Chippy]

3 minutes ago, Brent Dacus said:

ok in the backend  below the settings section.

 TEST YOUR EMAIL CONFIGURATION 

put in some email that is yours.  like a personal one test it.  what happens?

thats what i get 🙂

 

Error: Please check your configuration
Unable to connect with TLS encryption

[musicmaster]

7 minutes ago, Brent Dacus said:

Yeah I just have my email setup on my Hosted VPS.  I use Mailscanner for filtering.  I use Cpanel so the Way to the web service is great.  https://www.configserver.com/cp/msfe.html

I used to have something similar for years. And then suddenly the blacklisters became aggressive. Sendgrid just serves as an alternative SMTP server (see https://sendgrid.com/docs/for-developers/sending-email/joomla/).

[dynambee]

Try running the test script on your server again to see if it can connect to the MS SMTP server or if it still gives the same error. If the test script works then you have a TB config problem. If the test script doesn't work then you are still blacklisted.

[Factor]

on the cpanel server can we check this... might be worth a shot.

 

In WHM, search for "cPanel Web Services Configuration" located under "Service Configuration".

Mine is SSLv23:!SSLv2:!SSLv3:!TLSv1:!TLSv1_1

default is SSLv23:!SSLv2:!SSLv3

You'll want to add :!TLSv1_1 at the end of the protocol string. This forces it to use newer version.

Ideally you'll want to test this on a development server 1st, as it may break your SSL/payment processing if the server is not up to date and cannot use the newer version. There is fallbacks, but it's always best to test 1st!

While you are here as well, you can harden your ciphers. Great tutorial on this can be found here:https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/

cPanel Official Documentation:https://documentation.cpanel.net/display/CKB/How+to+Adjust+Cipher+Protocols

 

Edited June 11, 2019 by Brent Dacus
correct numbers for tls