Havouza Posted October 7 Posted October 7 We still have mail problems When trying to send a testmail iI get this error Failed to send email: SMTP Error: Could not connect to SMTP host. Connection failed. stream_socket_enable_crypto(): Peer certificate CN=`mail.mxmail.pro' did not match expected CN=`mail.jv80.se' The smtp host is fully working I can use it with both webmail and the mail client I dont know where it get mail.mxmail.pro from, the smtp server used is mail.jv80.se
datakick Posted October 7 Posted October 7 That is not an application issue, but server issue. Check this: https://github.com/PHPMailer/PHPMailer/wiki/Troubleshooting#certificate-verification-failure Most likely, your hosting providet is redirection all smtp traffic to their own smtp server.
Havouza Posted October 7 Author Posted October 7 @datakick my hosting provider is a dedicated server over wihich I have 100% control. The second dedicated server we have is our own email server with postfix and dovecot. I have 100% control on that also. So your assumtion is totally wrong
Havouza Posted October 7 Author Posted October 7 and that old post has no meaning for our problem. And still I dont understand why it works everywhere else with the exact same settings
Havouza Posted October 7 Author Posted October 7 Just one more thing. We also have an opencart shop with 7 services we sell. The contact for on that shop which is a virtual domain on the same server as TB use exactly the same settings and works flawless. The mail arrive 10 sec after I press the send button
the.rampage.rado Posted October 7 Posted October 7 Misconfiguration of your app or your server is not thirty bees' fault. I would strongly suggest triple checking your setup and settings and if you can't find the issue search for paid support.
Havouza Posted October 7 Author Posted October 7 Not much to misconfigure in the php mailer. And still it works everywhere except tb.
the.rampage.rado Posted October 7 Posted October 7 So check your thirty bees settings then. Be sure that the app is working, yes, there are unfortunately many ways you can misconfigure it (I had similar issues a while back and it was totally my fault).
datakick Posted October 7 Posted October 7 I've checked the SSL certificate for your mail server: openssl s_client -connect mail.jv80.se:587 -starttls smtp -crlf outputs Connecting to 156.67.80.139 CONNECTED(00000005) depth=2 C=US, O=Internet Security Research Group, CN=ISRG Root X1 verify return:1 depth=1 C=US, O=Let's Encrypt, CN=R11 verify return:1 depth=0 CN=mail.mxmail.pro verify return:1 --- Certificate chain 0 s:CN=mail.mxmail.pro i:C=US, O=Let's Encrypt, CN=R11 a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256 v:NotBefore: Oct 7 10:04:49 2024 GMT; NotAfter: Jan 5 10:04:48 2025 GMT 1 s:C=US, O=Let's Encrypt, CN=R11 i:C=US, O=Internet Security Research Group, CN=ISRG Root X1 a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256 v:NotBefore: Mar 13 00:00:00 2024 GMT; NotAfter: Mar 12 23:59:59 2027 GMT --- Server certificate -----BEGIN CERTIFICATE----- MIIFUjCCBDqgAwIBAgISA3dwbr6Y61zugeXx1GxKELtmMA0GCSqGSIb3DQEBCwUA MDMxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQwwCgYDVQQD EwNSMTEwHhcNMjQxMDA3MTAwNDQ5WhcNMjUwMTA1MTAwNDQ4WjAaMRgwFgYDVQQD Ew9tYWlsLm14bWFpbC5wcm8wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB AQCSQ1HbHGiBbou7GOZhL0jYk2D3IK3Al48pX/OioRQJL57c0HFCFRGrJgJ523qQ gt9yHwmeSjr+JdsAedOw0evb2rKf3CaKfW7ECMkW0cUvM8yhOs2LyC8o+DLhhFGQ gh1VsfOetKN05zM11vLfqWpuRsLa7nqJTE1ZIxYLpe1pG1zVY2N36FqVdw06ptOw UxTxDzhdi5BbAsdjC8rVweo0Ja0pTUb9F+nmQV5F1U0g/eLsyjzQvyhFVhJdc1sH 8YlDTw9NnSPm84GUlT/Gxzo3u7tMPYRh4KSE6i+uYUm21phRDZeUzzzYFGY4nfX1 SoP/9Qqjg51T2xuv0Dgg5MpLAgMBAAGjggJ3MIICczAOBgNVHQ8BAf8EBAMCBaAw HQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYD VR0OBBYEFDk9g01mxaxjoVTkhDGc59225HJQMB8GA1UdIwQYMBaAFMXPRqTq9MPA emyVxC2wXpIvJuO5MFcGCCsGAQUFBwEBBEswSTAiBggrBgEFBQcwAYYWaHR0cDov L3IxMS5vLmxlbmNyLm9yZzAjBggrBgEFBQcwAoYXaHR0cDovL3IxMS5pLmxlbmNy Lm9yZy8wfQYDVR0RBHYwdIIMbWFpbC5qdjgwLnNlghxtYWlsLmt0aW1hdGhlb3Bo YW5vdXMuY29tLmN5ghJtYWlsLm1lZGlhc2FmZS5wcm+CD21haWwubXhtYWlsLnBy b4IObWFpbC5teG1haWwuc2WCEW1haWwucGlzc291cmkub3JnMBMGA1UdIAQMMAow CAYGZ4EMAQIBMIIBBQYKKwYBBAHWeQIEAgSB9gSB8wDxAHcAzxFW7tUufK/zh1vZ aS6b6RpxZ0qwF+ysAdJbd87MOwgAAAGSZqXgAAAABAMASDBGAiEAiQZplHsW+AXR C5g1d1yuPRiPiIGACuOZn8ZBgQPB7z0CIQCwTvKO+VMaeOq8rRXaNiLdiqKlz7lk RH704XdJjJWIAgB2AD8XS0/XIkdYlB1lHIS+DRLtkDd/H4Vq68G/KIXs+GRuAAAB kmal54wAAAQDAEcwRQIgZqd3CmlCk+h6p8HfSW+SzmlfgwyENhHl4JbqdPZvKboC IQDJ762uDxba1ZT2GibDQn87EO/TVJaQh2uol0i9FG+NpjANBgkqhkiG9w0BAQsF AAOCAQEAVHukoNoGdJwB6urbDbq0tzCoK1RfdQK/IjZoiGPK6IiQS6SQH8tG8g+X HhFfsnSdpPLK4UHB/e1KnGD0YuHXrYhBSsF4wSsq4bwNp6o+123P8fIblEVZStZG Wyfhj/mpmpN86LPs7sJRSrZREmU2txdSx0F930AgDrPZ3sdTYuEs4SQnyymdRcbo P+iERwxCnOX5SFuEEYWW75WSOWGIY34L8py+mFLdy+C/l4rv/yXNLOT9HuT+FbP5 1/VewuSEp/gCDTxQT9PqgwGDuX7KWcp77iho6zqgNyPyW1SU3qhvfpg0AeT1XHU5 iAcmR7M8XMqDOpv+4p5XhY//5gREqQ== -----END CERTIFICATE----- subject=CN=mail.mxmail.pro issuer=C=US, O=Let's Encrypt, CN=R11 --- No client certificate CA names sent Peer signing digest: SHA256 Peer signature type: RSA-PSS Server Temp Key: X25519, 253 bits --- SSL handshake has read 3408 bytes and written 433 bytes Verification: OK --- New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384 Server public key is 2048 bit This TLS version forbids renegotiation. Compression: NONE Expansion: NONE No ALPN negotiated Early data was not sent Verify return code: 0 (ok) --- 250 DSN DONE The SSL certificate was issued primarily for domain mail.mxmail.pro and not for mail.jv80.se However, when you decode certificate (for example by https://www.sslshopper.com/certificate-decoder.html), you will see that the certificate CAN be used by mail.jv80.se, because this domain is listed in Subject Alternative Names section. So, the SSL handshake should be successful. Hower, it looks like php native SSL method does check SAN when verifying peer name -- it expects peer CN to match the requested hostname, and does not check SAN list as well. Fortunately, it might be possible to force PHP to accept SAN if your provide the peer name in SSL options, as described here: https://github.com/PHPMailer/PHPMailer/issues/1113 You can test this by editing file /modules/tbphpmailer/src/PhpMailerTransport.php and insert this code. $message->SMTPOptions = [ 'ssl' => [ 'peer_name' => 'mail.jv80.se' ] ]; Result should look something like this: Let us know if this helped.
Havouza Posted October 9 Author Posted October 9 (edited) @datakick Late answer Its very common when you have many domains on your mailserver that you create one cert for all the domains by making lets encrypt create the same cert for multiple domains. its nothing that compromize security but when you get 20-30 domains on the email server it a pain in the but to keep track of all the different serts if you create them one by one. The problem here seems not to be the same. The php mailer works without a problem sendig out mails to customers, but the mail alerts, which I assume also use Php Mailer does not. So hardly the cert cant be the problem I will test the code change Edited October 9 by Havouza
Havouza Posted October 9 Author Posted October 9 @datakick I just noticed that the change say ssl. SSL is really depreaced so we use TLS. But perhaps it does not matter, it mostly a name change
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now