Well, looks like you are confusing SMTPD with SMTP. These two beast has different purpose in postfix terms. smtpd
was SMTP server used for receiving email, it bind to specific port (for example 25, 587, 465). smtp
was SMTP client used for sending email, it connect to SMTP server port.
Another confusion here is about STARTTLS, SMTPS and unencryption email. By default postfix will send and receive email without encryption. For encryption method, SMTP has two schema: STARTTLS and SMTPS. With STARTTLS, client will initiate connection with unencrypted form and upgrade it to encrypted one later. Now SMTPS for SMTP was like HTTPS for HTTP. Unlike STARTTLS, client will initiate connection by TLS negotiation and then start SMTP chit-chat on top TLS. Usually smtpd with STARTTLS capability listen in port 587, and STMPS in port 465. For another reference, see this SO question: What is the difference between ports 465 and 587?
Now, we will talk about postfix. By default, each process in postfix will get configuration from main.cf
(you can view the changes via postconf -n
like above). Of course you can override per postfix service via master.cf
like you do for three smtpd processes for different port. In this case you want to override the option so
- port 25 (smtp) shouldn't gives you certificate warning and shouldn't offer STARTTLS
- port 587 (submission) should offer STARTTLS and gives you certificate warning
- port 465 (smtps) should talk with SMTPS and gives you certificate warning
To turn off certificate warning in port 25, just specify smtpd_tls_security_level = none
like
smtp inet n - - - - smtpd
-o smtpd_tls_auth_only=yes
-o smtpd_sasl_auth_enable=no
-o smtpd_tls_security_level=none
You can notice that I replace smtp_
parameter with smtpd_
. See official documentation about smtpd_tls_security_level.
To enable SMTPS for port 465, use parameter smtpd_tls_wrappermode = yes
. Your config above looks OK.
Now, because we need STARTTLS (not SMTPS) in port 587, you doesn't need to specify smtpd_tls_wrappermode = yes
in submission service. Remove it.
The error that you get when connect to port 587 was caused by this smtpd_tls_wrappermode parameter. Postfix expects you to talk with encrypted traffic and you specify command in plain text.
Are you running the php as root over ssh? Or another user that has higher permissions than the web server?
If you know what user the web server is running as, try running the php script as that user. You can use phpinfo()
to find out what user it is running as. One way of running a script as that user is as follows...
First be root, or a user that can do sudo
, and type the following, to change to the web server user:
sudo -u www-data bash
Obviously replace www-data
with the name of the web server user if it is different, and bash
with a valid shell on your server if you don't have bash. One you have the web server user's bash prompt, run id
to check you are indeed the right user, and then try running your PHP script from that user's commandline. If it gives the same error then it must be the permissions issue. If it works, then at least you ruled it out!
If it does appear to be a permissions issue, try the following:
sudo setsebool -P httpd_can_sendmail 1
sudo setsebool -P httpd_can_network_connect 1
To enable permission.
Best Answer
If the mail server uses an invalid or self-signed certificate, you may need to set
allow_self_signed true
,verify_peer false
andverify_peer_name false
context options.I am not a PHPMailer user. I guess you may need to set
SMTPOptions
attribute. Please, test this piece of code (reference):