Unable to connect via TLS

Community Support Mail
1

Hello everyone,

I am facing an issue with sending emails after starting to migrate my clients to Hestia. I have the following PHP code that assembles and sends emails using the Zend Framework:

<?php

namespace Base\Helper;

use Zend\Mail\Transport\Smtp as SmtpTransport;
use Zend\Mail\Transport\SmtpOptions;
use Zend\Mail\Message;
use Zend\Mime\Message as MimeMessage;
use Zend\Mime\Part as MimePart;

class EmailMail
{
    function emailMail($nomeCliente, $emailCliente, $emailEnvio, $assunto, $texto, $configSmtp)
    {
        $html = new MimePart($texto);
        $html->type = "text/html";
        $body = new MimeMessage();
        $body->setParts([$html]);

        $mail = new Message();
        $mail->setBody($body);
        $mail->setFrom($emailCliente, $nomeCliente);
        $mail->addTo($emailEnvio, $emailEnvio);
        $mail->setSubject($assunto);

        $transport = new SmtpTransport();
        $options   = new SmtpOptions([
            'name'              => $configSmtp[0]->getSmtp(),
            'host'              => $configSmtp[0]->getHost(),            
            'port'              => 587,
            'connection_class'  => 'login',
            'connection_config' => [
                'username' => $configSmtp[0]->getUser(),
                'password' => $configSmtp[0]->getPassword(),
                'use_complete_quit'   => false,
                'ssl'      => 'tls',
            ],
        ]);
        $transport->setOptions($options);
        
        try {
            $transport->send($mail);
            return 1;
        } catch (\Zend\Mail\Transport\Exception\ExceptionInterface $e) {
            var_dump($e->getMessage());
            exit;
            return 2;
        } 
    }
}
?>

I have enabled the

extension=php_openssl.dll

in PHP and restarted Apache, but the problem persists.

Previously, this code worked on VestaCp without requiring the following lines:


'port' => 587,
'ssl'  => 'tls',

I have many clients using this method, and I don’t want to compromise the security of the server. If necessary, I will make the changes for all my clients.

The error message I receive is:

Unable to connect via TLS

Could anyone guide me on possible Exim configurations or adjustments to the code to resolve this issue? I have tried disabling the firewall but to no avail.

Thank you in advance for any help.

2

Hi @molero.renan,

Sorry but it is not clear (to me) whether using above conf works or not. I would assume that using port 587 and tls works.

If it works in Vesta but not in Hestia when not configuring port or ssl options, is because by default, your send mail code will use port 25 without tls and in Hestia, if Exim doesn’t detect the use of TLS, it won’t advertise the AUTH extensions so the users can’t login (and expose in clear their passwords).

You could try this:

Option 1

Edit file /etc/exim4/exim4.conf.template and add all the ips used to send mails using that code to directive auth_advertise_hosts.

Before:

auth_advertise_hosts = localhost :  ${if eq{$tls_in_cipher}{}{}{*}}

After:

auth_advertise_hosts = localhost : 203.0.113.1 : 192.0.2.123 : ${if eq{$tls_in_cipher}{}{}{*}}

If you made changes to exim conf, don’t forget to restart exim.

systemctl restart exim4

Option 2

Comment the directive and restart exim4:

#auth_advertise_hosts = localhost : ${if eq{$tls_in_cipher}{}{}{*}}

Warning: If you comment/remove the directive, your users will be able to connect to your server on port 25 and sending their passwords in text clear.

3 Likes
3

Man, you are a true savior, a hero! Hahaha

I followed the first option you suggested, and it worked perfectly.

Thank you so much!

1 Like
4

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.