[Bug] SMTP Error 296 (Handshake failure) on Exim 4.98 (cPanel) - Fails on both SSL/TLS and STARTTLS
Description
I am unable to send emails using Mailspring with a corporate account hosted on a cPanel server running Exim 4.98.2. IMAP works perfectly, but SMTP fails immediately after the handshake with mailsmtp Last Error Code: 296 (Auth/Handshake failure).
I have performed extensive troubleshooting with the server administrator (root access), ruling out firewall blocking, IP reputation, or credential issues.
To Reproduce…
Steps to reproduce the behavior:
-
Add an IMAP/SMTP account hosted on cPanel/Exim 4.98.
-
Configure SMTP with either:
Port 465 (SSL/TLS) + PLAIN Auth
Port 587 (STARTTLS) + PLAIN/LOGIN Auth -
Attempt to send an email.
-
Sending fails immediately.
Expected Behavior
The email should be sent. Other clients like Outlook and Thunderbird work perfectly with the exact same settings and network environment.
Screenshots
Setup
Scenario 1: Port 465 (SSL/TLS) The client connects but seems to disconnect right after receiving capabilities, refusing to send credentials.
----------SMTP----------
220-server.domain.com ESMTP Exim 4.98.2 #2 Mon, 26 Jan 2026
220-We do not authorize the use of this system to transport unsolicited,
220 and/or bulk e-mail.
OpenSSL version: OpenSSL 3.6.0 1 Oct 2025
init
EHLO [CLIENT_HOSTNAME]
250-server.domain.com Hello [CLIENT_IP]
250-SIZE 52428800
250-LIMITS MAILMAX=1000 RCPTMAX=50000
250-8BITMIME
250-PIPELINING
250-PIPECONNECT
250-AUTH PLAIN LOGIN
250 HELP
SASL_PATH:
SMTP Last Response Code: 250
mailsmtp Last Error Code: 296
mailsmtp Last Error Explanation: Unknown
mailsmtp Last Error Location: 10
mailsmtp Last Auth Type: 2
Scenario 2: Port 587 (STARTTLS) TLS negotiation succeeds (220 TLS go ahead), but it fails again at the Auth stage.
----------SMTP----------
connect server.domain.com 587
…
start TLS
STARTTLS
220 TLS go ahead
done
init after starttls
EHLO [CLIENT_HOSTNAME]
250-server.domain.com Hello [CLIENT_IP]
…
250-AUTH PLAIN LOGIN
250 HELP
mailsmtp Last Error Code: 296
- OS and Version: Windows 10/11
- Installation Method: website donwloaded
- Mailspring Version: latest 1.17.2
Additional Context
OS: Windows 10/11
Mailspring Version: Latest
Server: cPanel / Exim 4.98.2
Verification:
We verified the server logs (Exim). When using Mailspring, the connection drops or times out.
We tested disabling SMTPUTF8 on the server side (Exim config), but Mailspring still returns Error 296.
Outlook Log (Success on same machine): Outlook connects via esmtpsa using TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256 and authenticates successfully (A=dovecot_login), proving the server and credentials are valid.
It appears to be an incompatibility within MailCore2 regarding the handshake/cipher negotiation with newer Exim versions.
