Jump to content

Welcome, Guest!

By registering with us, you'll be able to discuss, share and private message with other members of our community.

  • 0
t4Chippy

PHP encryption, stopped receiving emails via 365

Question

Hi Guys, I have a webshop running thirtybees 1.0.7 and around a month ago i stopped receiving "contact us" emails from my site. 

My email account is with microsoft office 365, and is the same domain as my site. My email was configured with "Use PHP's mail() function". This has been working fine since Christmas when the site went live, but as said, just stopped working on the 4th of May. 

I tried switching the customer services email to a gmail account and it comes through just fine, switch back to my domain email with 365 and it stops again. I contacted microsoft and they said to switch it over to SMTP but that refuses to even connect. 

I've read a few bits on bobs online that prestashop used to have a conflict with office 365 and something to do with presta not being STARTTLS compatable, and something to do with the swiftmailer? could this possibly be the issue with thirtybees too?

 

I'm not the most technically gifted individual but i can get a grasp of things and do have a friend who can can fill in the gaps in my knowledge so i thought I'd reach out to you guys and see if we can get this thing going again with your help.

Thanks in advance!

 

Share this post


Link to post
Share on other sites

Recommended Posts

  • 0
Posted (edited)

Hi Brent, thanks for the reply, yes thats pretty much what the Microsoft technician said, but for some reason it's not accepting the SMTP details.

 

It says "Unable to connect with TLS encryption"

And i know the username (email) and password are 100% correct.

I used microsoft 365's SMTP's settings of 

Server name: smtp.office365.com
Port: 587
Encryption method: STARTTLS

But obviously I can only select TLS, not STARTTLS 🙂

Edited by t4Chippy

Share this post


Link to post
Share on other sites
  • 0
1 minute ago, Brent Dacus said:

https://www.fastmail.com/help/technical/ssltlsstarttls.html

 

Try SSL

STARTTLS is a way to take an existing insecure connection and upgrade it to a secure connection using SSL/TLS. Note that despite having TLS in the name, STARTTLS doesn't mean you have to use TLS, you can use SSL.

Hi Brent, just switch to SSL and getting this error now 🙂

Error: Please check your configuration
Connection could not be established with host smtp.office365.com [ #0]

Share this post


Link to post
Share on other sites
  • 0

Share this post


Link to post
Share on other sites
  • 0

 

HI there, yea thats the exact link the MS technician sent me yesterday to try. Today he did a remote session and couldn't get the bottom of it either. 

Seems weird when i switch the email to gmail on PHP it all works fine, switch back to my .co.uk and it spits it's dummy out, also weird why it worked for 5 months then just stopped? 😞

 

Thanks for your help Brent, much appreciated 🙂

Share this post


Link to post
Share on other sites
  • 0
Posted (edited)

Hi Brent, I'm sure i had to do that to set up the account with 365, just checked and the domain registrar records and the MX records are there. The technician also added the hosting servers IP address to the TXT/SPF record to make doubly sure it would get through but still nothing comes through. CNAME records are also there.

He said it's almost like outlook deletes it as it's coming in, no error record he can see at all. weird 😞

Edited by t4Chippy

Share this post


Link to post
Share on other sites
  • 0

Yeah email is a bit of a black hole sometimes.  

  • Like 1

Share this post


Link to post
Share on other sites
  • 0

Yea it's a pain in the bum 🙂

I get all emails to that email address except emails from the site, they aren't moved to spam, they just don't arrive at all. 

Even had the MS tech confused 🙂

Share this post


Link to post
Share on other sites
  • 0

As part of a process of elimination, try setting up a mail client on your local PC with the SMTP settings you get from MS. Send some mails and see if it works.

If the local setup works then double-check the credentials you have on your server to make sure they are correct. You also might find this page to be useful with setting up SMTP on Office 365.

If it still isn't working then you may have to try a manual SMTP connection from the shell so you can see what the errors are.

Share this post


Link to post
Share on other sites
  • 0
Posted (edited)
3 hours ago, dynambee said:

As part of a process of elimination, try setting up a mail client on your local PC with the SMTP settings you get from MS. Send some mails and see if it works.

If the local setup works then double-check the credentials you have on your server to make sure they are correct. You also might find this page to be useful with setting up SMTP on Office 365.

If it still isn't working then you may have to try a manual SMTP connection from the shell so you can see what the errors are.

Hi Ian, just tried as you suggested and something interesting has just happened, I entered all the SMTP and IMAP details into outlook to set it up manually and set them both to SSL/TLS and it failed, I changed just the SMTP to  STARTTLS and it went through.

SO as I don't have the option for STARTTLS in thirtybees could this be my problem?

 

I'm wondering if it's this old presta problem https://www.prestashop.com/forums/topic/270220-modification-swift-mailer-upgrade-better-support-for-ssltls/ 

 

Maybe i need this? https://www.bellini-services.com/shop/modifications/39-swift-mailer-upgrade-better-support-for-ssltls.html 

Edited by t4Chippy

Share this post


Link to post
Share on other sites
  • 0

According to this Microsoft support page Office 365 uses STARTTLS for SMTP access. However there are other pages like this one that say TLS is also okay. Other pages I have found say that TLS is okay but it must be version 1.2 or higher. You can probably use the first option on this page to check if your server supports TLS 1.2.

This is another Microsoft page that looks like it might be useful. It explains how you can send messages directly to your Office 365 mailbox but your server must be able to send out on port 25. If you have shared hosting or some VPS services (like DO, or so I have heard) that block outbound connections on port 25 then direct send wouldn't work. However if you do have the ability to send out on port 25 then it might be a good solution for your particular problem.

Hope some of this helps.

  • Like 1

Share this post


Link to post
Share on other sites
  • 0
29 minutes ago, dynambee said:

According to this Microsoft support page Office 365 uses STARTTLS for SMTP access. However there are other pages like this one that say TLS is also okay. Other pages I have found say that TLS is okay but it must be version 1.2 or higher. You can probably use the first option on this page to check if your server supports TLS 1.2.

This is another Microsoft page that looks like it might be useful. It explains how you can send messages directly to your Office 365 mailbox but your server must be able to send out on port 25. If you have shared hosting or some VPS services (like DO, or so I have heard) that block outbound connections on port 25 then direct send wouldn't work. However if you do have the ability to send out on port 25 then it might be a good solution for your particular problem.

Hope some of this helps.

Thanks Ian, seems weird that it was fine at chistmas on PHP and was trouble free untill this time last month then BOOM!, stopped working 😞

I think I'll get my friend to have a look at this page as it's starting to get to the limit of my understanding, I might even send the MS tech a link 😉 

 

Thanks for your help so far all!

Share this post


Link to post
Share on other sites
  • 0
Posted (edited)
1 hour ago, t4Chippy said:

I checked the swiftmailer version included with TB 1.0.8 and it is 5.4.12. I'm not sure which version was in 1.0.7 but it is unlikely to be older than 5.4.9 which was released a number of months before TB 1.0.7 was released. You can check the version yourself though, it is located here: 

[your tb top folder] /vendor/swiftmailer/swiftmailer/VERSION

Edit: These are both much newer than the version provided by PS that fixed the STARTTLS issues discussed in the thread you linked to so I don't think changes to the TB swiftmailer will be necessary. Also, TB has moved the location of swiftmailer so I suspect installing that extension would bork TB's ability to send mails at all.

Edited by dynambee
As noted.

Share this post


Link to post
Share on other sites
  • 0
Posted (edited)
12 minutes ago, dynambee said:

I checked the swiftmailer version included with TB 1.0.8 and it is 5.4.12. I'm not sure which version was in 1.0.7 but it is unlikely to be older than 5.4.9 which was released a number of months before TB 1.0.7 was released. You can check the version yourself though, it is located here: 


[your tb top folder] /vendor/swiftmailer/swiftmailer/VERSION

 

Hi Ian, my mate just checked (as he does the server side for me) and it's 5.4.12 🙂 

So does that mean that shouldn't be the issue?

Edited by t4Chippy

Share this post


Link to post
Share on other sites
  • 0

That is newer than the version that PS added to 1.6.1 to fix the STARTTLS issue. You should be able to test the included swiftmailer version with help from this page.

You should also make sure you have openssl installed and available on your server, you can do that with the info in the link (this link) I provided a couple of replies ago. If you don't have openssl installed on the server then AFAIK you won't be able to connect securely to the remote SMTP server, something that is going to be required in today's world.

Share this post


Link to post
Share on other sites
  • 0

Just a thought, have you updated your SPF record to include the IP of your webserver as being allowed to send emails on behalf of your domain? I don't know how PHP-mailer works but there's a chance 365 is refusing your emails because they are coming from an unauthorized user.

Your SPF record should look something like this:

SPF	v=spf1 ip4:<Webserver IP Address> include:spf.protection.outlook.com ~all

 

Share this post


Link to post
Share on other sites
  • 0
57 minutes ago, dynambee said:

That is newer than the version that PS added to 1.6.1 to fix the STARTTLS issue. You should be able to test the included swiftmailer version with help from this page.

You should also make sure you have openssl installed and available on your server, you can do that with the info in the link (this link) I provided a couple of replies ago. If you don't have openssl installed on the server then AFAIK you won't be able to connect securely to the remote SMTP server, something that is going to be required in today's world.

I'll get my friend to check this for me :) 

Share this post


Link to post
Share on other sites
  • 0
2 minutes ago, dynambee said:

Just a thought, have you updated your SPF record to include the IP of your webserver as being allowed to send emails on behalf of your domain? I don't know how PHP-mailer works but there's a chance 365 is refusing your emails because they are coming from an unauthorized user.

Your SPF record should look something like this:


SPF	v=spf1 ip4:<Webserver IP Address> include:spf.protection.outlook.com ~all

 

Hi Ian, yes the MS Technician added that yesterday so thats done :) 

Share this post


Link to post
Share on other sites
  • 0

I'd double check the SPF record as small errors can make a huge difference in the meaning.

Share this post


Link to post
Share on other sites
  • 0
1 hour ago, dynambee said:

I'd double check the SPF record as small errors can make a huge difference in the meaning.

Hi Ian, just checked and it's v=spf1 ip4:XXX.XXX.XXX.XXX include:spf.protection.outlook.com -all 

Only difference between what is there and your string is the - or ~ just before all?

Share this post


Link to post
Share on other sites
  • 0

The difference between -all and ~all is that -all is a stricter setting. It means that any server that is not included in the SPF data should be automatically refused for delivery. ~all is a bit more flexible in that it means that servers not included in the SPF are allowed to send email on behalf of that domain but they are not officially approved. There are reasons that -all might be preferred over ~all but for general use purposes ~all is probably a better choice. (-all might also explain why your incoming TB messages are vanishing.)

I would also double (or triple) check that the IP in your SPF record is actually the IP of your webserver. No zeros that got entered as the letter O, no mistyped numerals, no commas instead of periods, etc.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×
×
  • Create New...