MyBB Community Forums
[Error Message] Failed to start TLS encryption, Office 365 SMTP - It worked but not any more - Printable Version

+- MyBB Community Forums (https://community.mybb.com)
+-- Forum: 1.8 Support (https://community.mybb.com/forum-175.html)
+--- Forum: General Support (https://community.mybb.com/forum-176.html)
+--- Thread: [Error Message] Failed to start TLS encryption, Office 365 SMTP - It worked but not any more (/thread-230904.html)



Failed to start TLS encryption, Office 365 SMTP - It worked but not any more - jft-aml - 2021-01-19

I had my forum mail settings working fine until randomly mail stopped sending and the error message that MyBB gives is "Failed to start TLS encryption".

After extensive Googling and trying various things to fix it, I've exhausted all of my ideas.

The forum is hosted on a dedicated server running Cent OS 7.9.2009, where the provider assures me that the firewall is set to allow SMTP connections. I have confirmed this by telnetting Microsoft's SMTP servers on ports 587 and 25:

telnet smtp.office365.com 587
Trying 52.97.133.162...
Connected to smtp.office365.com.
Escape character is '^]'.220 LO2P265CA0171.outlook.office365.com Microsoft ESMTP MAIL Service ready at Tue, 19 Jan 2021 15:49:05 +0000

telnet smtp.office365.com 25
Trying 52.97.129.226...
Connected to smtp.office365.com.
Escape character is '^]'.
220 LO2P265CA0199.outlook.office365.com Microsoft ESMTP MAIL Service ready at Tue, 19 Jan 2021 15:50:31 +0000

I have tried installing ca-certificates and openssl, but they already seem to be installed:

yum install ca-certificates
..
..
Package ca-certificates-2020.2.41-70.0.el7_8.noarch already installed and latest version
Nothing to do

yum install openssl
..
..
Package 1:openssl-1.0.2k-21.el7_9.x86_64 already installed and latest version
Nothing to do

I've tried running the following PHP from the root of the forum:

<?php

echo "Email test";
echo "<br>";

define('IN_MYBB', 1);
define('THIS_SCRIPT', 'email_test.php');

require_once('global.php');

function myErrorHandler($errno, $errstr, $errfile, $errline)
{
     print "Error: " . $errstr;
}
set_error_handler( 'myErrorHandler' );
my_mail( '[email protected]', 'Testing...', 'This is a test' );

?>

Returns:
Email test
Error: stream_socket_enable_crypto(): SSL operation failed with code 1. OpenSSL Error messages: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed


Although I think the problem relates to connecting to Microsoft's SMTP servers over TLS, it might be worth me mentioning that the email address is setup with 2FA and a dedicated app password is used for the forum. This was how it was set up before the problem seemingly randomly appeared. I've since made sure that the server is up to date and I've given it a reboot, but I've had no joy with getting it sending mail again. Any guidance to get this fixed would be greatly appreciated. I've already sunk many hours in to trying to fix it myself.


RE: Failed to start TLS encryption, Office 365 SMTP - It worked but not any more - Crazycat - 2021-01-19

Have an eye on https://github.com/PHPMailer/PHPMailer/issues/1309


RE: Failed to start TLS encryption, Office 365 SMTP - It worked but not any more - jft-aml - 2021-01-20

(2021-01-19, 04:55 PM)Crazycat Wrote: Have an eye on https://github.com/PHPMailer/PHPMailer/issues/1309

I've tried running:

echo QUIT | openssl s_client -crlf -starttls smtp -connect smtp.office365.com:587

Assuming that not including the -CAfile and path will force the command to use the system certificates. The command returns:

CONNECTED(00000003)
depth=2 C = BE, O = GlobalSign nv-sa, OU = Root CA, CN = GlobalSign Root CA
verify return:1
depth=1 C = BE, O = GlobalSign nv-sa, CN = GlobalSign Organization Validation CA - SHA256 - G3
verify return:1
depth=0 C = US, ST = Washington, L = Redmond, O = Microsoft Corporation, CN = outlook.com
verify return:1
---
Certificate chain
 0 s:/C=US/ST=Washington/L=Redmond/O=Microsoft Corporation/CN=outlook.com
   i:/C=BE/O=GlobalSign nv-sa/CN=GlobalSign Organization Validation CA - SHA256 - G3
 1 s:/C=BE/O=GlobalSign nv-sa/CN=GlobalSign Organization Validation CA - SHA256 - G3
   i:/C=BE/O=GlobalSign nv-sa/OU=Root CA/CN=GlobalSign Root CA

Which from what I understand, this means that it is working as it should.