SOLVED PHPMailer returning SMTP connect() failed

Zoee

Member
Sep 30, 2016
18
2
3
UK
cPanel Access Level
Root Administrator
Hi everyone, we migrated a PHP based ordering system from one VPS to one of a very similar spec (same CentOS, running the same PHP version and configured in the same way our end when it was first provisioned), a few weeks ago. We also haven't configured any additional security on it yet.

We've just discovered our password reset emails and order confirmation emails are not sending.

They use PHPMailer 5.2.14, and when testing with the password reset feature, all we get is this error: SMTP connect() failed. I've tried external SMTP details and I still get the same error, and there is nothing in the mail delivery reports. I've also tried removing the TLS setting and ports 25 and 465 in varying combos.

This is how we are calling PHPMailer:

Code:
                $mail = new PHPMailer;
                $mail->isSMTP();
                $mail->Host = "mail.xxxx.co.uk";
                $mail->SMTPAuth = true;
                $mail->Username = "[email protected]";
                $mail->Password = "xxxx";
                $mail->SMTPSecure = 'tls';
                $mail->Port = "587";
                $mail->setFrom('[email protected]', 'xxxx');
                $mail->addAddress($emailAddress, $firstName . " " . $lastName);
                $mail->isHTML(true);
                $mail->Subject = 'Forgot Password';
                $mail->Body = $emailBody;

if($mail->send()) :
//success message
else :
//error message inc $mail->ErrorInfo.
endif;

Our host has also had a look and this is what they've also tried:

To begin our diagnosis, we've created a test PHPMailler script using the details in the forgotpassword.php script. When manually firing off our test script, we see the following error (when smtpdebug is set to produce detailed errors):

Code:
[[email protected] public_html]# php test-send.php
2019-08-09 18:07:50    SERVER -> CLIENT: 220-xxx.xxx.com ESMTP Exim 4.92 #2 Fri, 09 Aug 2019 19:07:50 +0100
                                         220-We do not authorize the use of this system to transport unsolicited,
                                         220 and/or bulk e-mail.
2019-08-09 18:07:50    CLIENT -> SERVER: EHLO xxx.xxx.com
2019-08-09 18:07:50    SERVER -> CLIENT: 250-xxx.xxx.com Hello xxx.xxx.com [185.151.29.34]
                                         250-SIZE 52428800
                                         250-8BITMIME
                                         250-PIPELINING
                                         250-AUTH PLAIN LOGIN
                                         250-STARTTLS
                                         250 HELP
2019-08-09 18:07:50    CLIENT -> SERVER: STARTTLS
2019-08-09 18:07:50    SERVER -> CLIENT: 220 TLS go ahead
2019-08-09 18:07:50    SMTP Error: Could not connect to SMTP host.
2019-08-09 18:07:50    CLIENT -> SERVER: QUIT
2019-08-09 18:07:50    SERVER -> CLIENT: ecurity failure
                                         554 Security failure
2019-08-09 18:07:50    SMTP ERROR: QUIT command failed: ecurity failure
                                         554 Security failure
2019-08-09 18:07:50    SMTP connect() failed. https://github.com/PHPMailer/PHPMailer/wiki/Troubleshooting
Message was not sent.Mailer error: SMTP connect() failed. https://github.com/PHPMailer/PHPMailer/wiki/Troubleshooting
[[email protected] public_html]#
If we then checked the Exim log for your virtual machine, we can see the following:

2019-08-09 20:00:01 TLS error on connection from xxx.xxx.com [xx.xx.xx.xx]:42610 (SSL_accept): error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol

The initial debug log seems to suggest the connection can't be established subsequent to the TLS handshake. This is also implied in the secondary set of logs I've supplied, which also seems to suggest that the connection is being issued with an invalid TLS version/bad cipher.

To try and get around this, we've tried a few different things here. We've tried amending the list of ciphers within cPanel, we've attempted to force cPanel to allow weaker ciphers, we've attempted to change the minimum TLS version dovecot expects, amongst a number of others things, all to no avail.

I'd really appreciate any more ideas, things we can try or places we can look. I'm a bit stumped!

Thanks!
 
Last edited by a moderator:

cPanelLauren

Forums Analyst II
Staff member
Nov 14, 2017
6,762
535
263
Houston
cPanel Access Level
DataCenter Provider
This is usually a result of the server not accepting SSLv2 or SSLv3 connections which is a standard for cPanel/WHM in favor of TLS only connections. You can check this by going to WHM>>Service Configuration>>Exim Configuration Manager -> Options for OpenSSL
 

Zoee

Member
Sep 30, 2016
18
2
3
UK
cPanel Access Level
Root Administrator
This is usually a result of the server not accepting SSLv2 or SSLv3 connections which is a standard for cPanel/WHM in favor of TLS only connections. You can check this by going to WHM>>Service Configuration>>Exim Configuration Manager -> Options for OpenSSL
Thanks Lauren, I ended up submitting a ticket for support and it was that! I needed to go to WHM >> Exim Configuration Manager and set the Options for OpenSSL to +'no_sslv2'.

:)
 
  • Like
Reactions: cPanelLauren