Swiftmailer: Unable to connect with TLS encryption

Clearasil picture Clearasil · Aug 20, 2016 · Viewed 9.5k times · Source

I'm trying to send emails via Symfony with Swiftmailer. On the production server I get an error:

[2016-08-20 11:59:37] app.ERROR: Exception occurred while flushing email queue: Unable to connect with TLS encryption [] []

This is what I have in my config.yml:

swiftmailer:
transport: smtp
host:      localhost
username:  [email protected]
password:  testpw
spool:     { type: memory }
encryption: tls
port:       587

Postfix is my mailserver, it was installed with Plesk.

This is my postfix main.cf:

# See /usr/share/postfix/main.cf.dist for a commented, more complete version


# Debian specific:  Specifying a file name will cause the first
# line of that file to be used as the name.  The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname

smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no

# appending .domain is the MUA's job.
append_dot_mydomain = no

# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h

readme_directory = no

# TLS parameters
smtpd_tls_cert_file = /etc/ssl/certs/smtpd.crt
smtpd_tls_key_file = /etc/ssl/private/smtpd.key
smtpd_use_tls = yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.

smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
myhostname = derkvanderheide.nl
alias_maps = hash:/etc/aliases, hash:/var/spool/postfix/plesk/aliases
alias_database = hash:/etc/aliases
mydestination = localdomain, localhost, localhost.localdomain, localhost
relayhost =
mynetworks =
mailbox_command = procmail -a "$EXTENSION"
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
inet_protocols = all
virtual_mailbox_domains = $virtual_mailbox_maps, hash:/var/spool/postfix/plesk/virtual_domains
virtual_alias_maps = $virtual_maps, hash:/var/spool/postfix/plesk/virtual
virtual_mailbox_maps = , hash:/var/spool/postfix/plesk/vmailbox
transport_maps = , hash:/var/spool/postfix/plesk/transport
smtpd_tls_security_level = encrypt
smtp_tls_security_level = may
smtp_use_tls = yes
smtpd_timeout = 3600s
smtpd_proxy_timeout = 3600s
disable_vrfy_command = yes
smtpd_sender_restrictions = check_sender_access hash:/var/spool/postfix/plesk/blacklists, permit_sasl_authenticated
smtpd_client_restrictions = permit_mynetworks, permit_sasl_authenticated
smtp_send_xforward_command = yes
smtpd_authorized_xforward_hosts = 127.0.0.0/8 [::1]/128
smtpd_sasl_auth_enable = yes
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
virtual_mailbox_base = /var/qmail/mailnames
virtual_uid_maps = static:30
virtual_gid_maps = static:31
smtpd_milters = , inet:127.0.0.1:12768
sender_dependent_default_transport_maps = hash:/var/spool/postfix/plesk/sdd_transport_maps
virtual_transport = plesk_virtual
plesk_virtual_destination_recipient_limit = 1
mailman_destination_recipient_limit = 1
virtual_mailbox_limit = 0
smtpd_tls_mandatory_protocols = TLSv1 TLSv1.1 TLSv1.2
smtpd_tls_protocols = TLSv1 TLSv1.1 TLSv1.2
smtpd_tls_ciphers = medium
smtpd_tls_mandatory_ciphers = medium
tls_medium_cipherlist = HIGH:!aNULL:!MD5
message_size_limit = 10240000
smtpd_tls_auth_only = no
smtp_tls_note_starttls_offer = yes
smtpd_tls_CAfile = /etc/ssl/certs/cacert.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom

This is the output from telnet:

Trying 185.57.10.237...
Connected to derkvanderheide.nl.
Escape character is '^]'.
220 derkvanderheide.nl ESMTP Postfix (Ubuntu)
ehlo localhost
250-derkvanderheide.nl
250-PIPELINING
250-SIZE 10240000
250-ETRN
250-STARTTLS
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN

This is in my maillog:

Aug 20 17:06:35 vps-248826-4222 postfix/smtpd[8592]: connect from vps-248826-4222.hosted.at.hostnet.nl[127.0.0.1]
Aug 20 17:06:35 vps-248826-4222 postfix/smtpd[8592]: SSL_accept error from vps-248826-4222.hosted.at.hostnet.nl[127.0.0.1]: 0
Aug 20 17:06:35 vps-248826-4222 postfix/smtpd[8592]: warning: TLS library problem: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca:s3_pkt.c:1262:SSL alert number 48:
Aug 20 17:06:35 vps-248826-4222 postfix/smtpd[8592]: lost connection after STARTTLS from vps-248826-4222.hosted.at.hostnet.nl[127.0.0.1]
Aug 20 17:06:35 vps-248826-4222 postfix/smtpd[8592]: disconnect from vps-248826-4222.hosted.at.hostnet.nl[127.0.0.1]

I have barely any clue what I'm doing, this is my first time messing around with a mail server.

Answer

ZeJur picture ZeJur · Nov 4, 2016

Try this solution:

$opt['ssl']['verify_peer'] = FALSE;
$opt['ssl']['verify_peer_name'] = FALSE;

$this->get('swiftmailer.mailer.default.transport.real')->setStreamOptions($opt);

code above to be placed before: \Swift_Message::newInstance() in your controller