os x update 10.10.4; mail won't send 6/30/15

That didnt work for me though :-(

Its clearly something they changed in the update as those with 10.10.3 or iOS 8.3 using the same settings on the server are fine.

I tried both "Automatically detect and maintain account settings" box (on and off) did not make a difference.

Neither did the SSL/MD5 option. The logs clearly show mail issues a STARTTLS and receives a 220 from the server but than Mail.app simply does nothing until about a minute later when it reports an error, which I don't know what that error even means.

What worked for me was to switch from Gmail Application Passwords to two-factor authentication, which is supported since OS X 10.10.3 (and iOS 8.3): Deleted all GMail SMTP accounts in Key Chain, Removed Google Account from System Preferences, Internet Accounts and set up a new account for Google, providing a token from the Google Authenticator app (others may work, too). Now, SMTP outgoing is working in Apple Mail.

Problem I have is that its not GMAIL but our own mail server.

I've talked with a couple of different people at Apple phone support, and seems like there is no solution yet they can give me. I also have our own mail server. My Gmail works, but not my company mail for outgoing mails. Very frustrating..

TBH, Can't understand how Apple can release an official OS update in this condition. Unbelievable....

Our Mail server is fixed.

Basically our network company had to reconfigure Sendmail to accept a higher level encryption.

We used a 2048 bit SSL Cert for mail however the DH key was 256 bit - Apples changes needs at least 768 bit.

The guys then needed to use Open SSL to generate a higher DH Key and then configure Sendmail to use it as its default is 256 bit

Not entirely sure that makes sense but I am sure if you manage a server it may help.

I've reverted to 10.10.3 using my Time Capsule and now mail is working perfectly again. I've alerted the system administrator to the problem and the mention in a later post that it might be that the level of encryption on the SSL needs to be adjusted.

This actually helped me. Before changing anything I checked the connection initiation with my server by using the openssl tool and that one threw a warning about the length of the dhparam key.

I increased the length of the dhparam key in my courier installation. Important to remark is, that 768bit is not enough, you have to go to 1024.

The sad side is, that this is so typical apple again, that it hurts. Why is it not possible to tell that to the user? At least give a warning? Instead this annoying "your internet is broken! By a new one at your closest genius bar!"-Message.

OS X and iOS work for me 85% of the time really really good, otherwise I would be long gone. But it has something of a drug addiction...

Quams wrote:

The sad side is, that this is so typical apple again, that it hurts. Why is it not possible to tell that to the user? At least give a warning? Instead this annoying "your internet is broken! By a new one at your closest genius bar!"-Message.

OS X and iOS work for me 85% of the time really really good, otherwise I would be long gone. But it has something of a drug addiction...

I agree. Addiction is where you're compelled to take ill-advised action before submitting it to a rational calculus, right? Like installing a system update on the first day it's available. Five, six, seven years ago I was more cautious with system updates, as unexpected turbulence was common. But more recently Apple got better and I've let my guard down, excited to see what the engineers have come up with. This is a throw-back to the bad old days; Mail is the app I use most, and now mine's unusable. I'm not techie enough to try tweaking the "dhparam key," whatever that is, so instead I'm waiting five hours while Time Machine restores me to my last 10.10.3 state.

It all gives new meaning to the phrase "user group," no?

I've verified that we use 1024 bits... but this has lead me to wonder if it's not a SHA1 vs. SHA256 issue. I know SHA1 as suppose to be phased out in 2016 by Google et al... I wonder if Apple has done the same thing.

I'm checking into that now. Our mail server has been around for some time and is long in the tooth. I would hate to be forced into an upgrade at this point in a rush :S

I don't think it's that. This isn't a question of the length of the private key itself, like you'd see here:

[root@host private]# openssl rsa -in localhost.key -text -noout

Private-Key: (1024 bit)

I'd venture a guess that this is Apple responding to Logjam (or, more accurately, Apple nudging system administrators to patching/fixing their systems):

https://weakdh.org/

From there, you'll see a link to what you might need to do to address the problem with various common server software packages, including Sendmail and the like.

So we just have to wait for a fix now? Should I contact Apple about it? I don't remember ever having a bad update since maybe Panther or Tiger days.

Smart idea to roll back. I might have to do that or rely on web based mail instead.

elbles wrote:

(...)

I'd venture a guess that this is Apple responding to Logjam (or, more accurately, Apple nudging system administrators to patching/fixing their systems):

That is exactly what annoys me. It is not nudging it is bullying in the worst way. The aforementioned fix, which helped me as well, is something we sort off found out by listening to the grapevine and tray&error. That is not a professional behaviour in any way! Because out of the available reactions OS X gives you, one can not deduce the fix.

There should be something popping up like "vulnerable TLS - I won't connect", and not the "Your internet is broken" from the connection doctor.

So all those who don't control their mail server (and that is most likely somewhere around 10% of the people having problems) and can do the fix themselves, they have to contact their servers administrator with something like "My Apple mail doesn't work anymore and there is this thread where some geeks say it is some dh-thingy which has to be bigger. Nobody really knows if it is the problem, but can you fix it please!" instead of "Apple addresses the logjam problem, lease upgrade your system according to the current standards"

But hey, it is not like as if email is an important part while using computers these days...😉