Centos – PHPMailer with SSL – CentOS 6.7 VPS – SMTP ERROR: Failed to connect to server: (0)

centosPHPsmtp

I have a CentOS 6.7 VPS and PHPMailer 5.2.14 will not connect to my mail server. I have tried troubleshooting the problem but nothing has solved my issue yet. My PHP is version 5.6.18. The only output I am getting from verbose debug (SMTPDebug = 4), is:

2016-03-06 23:05:40 Connection: opening to ssl://mail.server.com:465, timeout=300, options=array ( )

2016-03-06 23:05:40 SMTP ERROR: Failed to connect to server: (0)

Things I have tried to fix the issue:

Disable SELinux (currently is enabled with both http_can_sendmail, http_can_network_connect)
Disable Firewall (currently enabled again)
Checked that php openssl package is enabled (listed in php -m)
Double checked all credentials (no whitespaces, no anything)

Other info:

Can connect to my mail server with openssl s_client on port 465
PHPmailer can send on port 25 with no SSL

There are many similar posts, however they have all been fixed by the things I have listed above. Any suggestions would be greatly appreciated.

Best Answer

If the mail server uses an invalid or self-signed certificate, you may need to set allow_self_signed true, verify_peer false and verify_peer_name false context options.

I am not a PHPMailer user. I guess you may need to set SMTPOptions attribute. Please, test this piece of code (reference):

$PHPMailer->SMTPOptions = array (
    'ssl' => array (
        'verify_peer' => false,
        'verify_peer_name' => false,
        'allow_self_signed' => true
    )
);

Related Solutions

Certificate on port 25 when trying to secure SMTP with POSTFIX

Well, looks like you are confusing SMTPD with SMTP. These two beast has different purpose in postfix terms. smtpd was SMTP server used for receiving email, it bind to specific port (for example 25, 587, 465). smtp was SMTP client used for sending email, it connect to SMTP server port.

Another confusion here is about STARTTLS, SMTPS and unencryption email. By default postfix will send and receive email without encryption. For encryption method, SMTP has two schema: STARTTLS and SMTPS. With STARTTLS, client will initiate connection with unencrypted form and upgrade it to encrypted one later. Now SMTPS for SMTP was like HTTPS for HTTP. Unlike STARTTLS, client will initiate connection by TLS negotiation and then start SMTP chit-chat on top TLS. Usually smtpd with STARTTLS capability listen in port 587, and STMPS in port 465. For another reference, see this SO question: What is the difference between ports 465 and 587?

Now, we will talk about postfix. By default, each process in postfix will get configuration from main.cf (you can view the changes via postconf -n like above). Of course you can override per postfix service via master.cf like you do for three smtpd processes for different port. In this case you want to override the option so

port 25 (smtp) shouldn't gives you certificate warning and shouldn't offer STARTTLS
port 587 (submission) should offer STARTTLS and gives you certificate warning
port 465 (smtps) should talk with SMTPS and gives you certificate warning

To turn off certificate warning in port 25, just specify smtpd_tls_security_level = none like

smtp      inet  n       -       -       -       -       smtpd
  -o smtpd_tls_auth_only=yes
  -o smtpd_sasl_auth_enable=no
  -o smtpd_tls_security_level=none

You can notice that I replace smtp_ parameter with smtpd_. See official documentation about smtpd_tls_security_level.

To enable SMTPS for port 465, use parameter smtpd_tls_wrappermode = yes. Your config above looks OK.

Now, because we need STARTTLS (not SMTPS) in port 587, you doesn't need to specify smtpd_tls_wrappermode = yes in submission service. Remove it.

The error that you get when connect to port 587 was caused by this smtpd_tls_wrappermode parameter. Postfix expects you to talk with encrypted traffic and you specify command in plain text.

SMTP connect() failed when request comes from browser

Are you running the php as root over ssh? Or another user that has higher permissions than the web server?

If you know what user the web server is running as, try running the php script as that user. You can use phpinfo() to find out what user it is running as. One way of running a script as that user is as follows... First be root, or a user that can do sudo, and type the following, to change to the web server user:

sudo -u www-data bash

Obviously replace www-data with the name of the web server user if it is different, and bash with a valid shell on your server if you don't have bash. One you have the web server user's bash prompt, run id to check you are indeed the right user, and then try running your PHP script from that user's commandline. If it gives the same error then it must be the permissions issue. If it works, then at least you ruled it out!

If it does appear to be a permissions issue, try the following:

sudo setsebool -P httpd_can_sendmail 1
sudo setsebool -P httpd_can_network_connect 1

To enable permission.

Best Answer

Related Solutions

Certificate on port 25 when trying to secure SMTP with POSTFIX

SMTP connect() failed when request comes from browser

Related Topic