XF 2.3 Errors when trying to send email via SMTP using Brevo (formerly Sendinblue)

[Peretz]

Since around the time we upgraded our forums from 2.3.3 to 2.3.4, sending email via SMTP using Brevo (formerly Sendinblue) stopped working. I investigated the issue today, updated the settings with the new Brevo domain name and values, and get the following error when "Use SSL/TLS" is checked in the XenForo Email Options control panel:

Email to REDACTED from REDACTED failed: Connection could not be established with host "ssl://smtp-relay.brevo.com:587": stream_socket_client(): SSL operation failed with code 1. OpenSSL Error messages: error:0A00010B:SSL routines::wrong version number

If I uncheck the "Use SSL/TLS" box and try sending again, I get this error:

Email to REDACTED from REDACTED failed: Unable to connect with STARTTLS: stream_socket_enable_crypto(): SSL operation failed with code 1. OpenSSL Error messages: error:16000069:STORE routines::unregistered scheme error:80000002:system library::No such file or directory error:16000069:STORE routines::unregistered scheme error:80000002:system library::No such file or directory error:16000069:STORE routines::unregistered scheme error:80000002:system library::No such file or directory error:0A000086:SSL routines::certificate verify failed

I've confirmed the settings (server, port, login, and password) are correct. I've read through several threads and the fixes are either not relevant to our configuration or they don't work.

EDIT: Our server is running OpenSSL 3.0.13.

Could anyone please advise on these issues?

 

[ENF]

As far as I am concerned, this is a xenforo issue and not a server issue...

Well, sorry, it's not a XenForo issue as the tests clearly show an issue with OpenSSL, which becomes a server configuration issue. If you can't resolve the OpenSLL connection test issues, then the issue exhibited in XenForo won't ever be resolved.

I'll leave it be and wish you the best to help get this resolved.

 

[hescominsoon]

here's another ubuntu lts server that with the same command does the same thing..but all of the 40 wordpress sites on there work fine. so something is up with how xenforo is using hte plugin or whatever.l;i will post a debian server after this:
openssl s_client -connect mail.smtp2go.com:2525
CONNECTED(00000003)
40B767B5F37F0000:error:0A00010B:SSL routines:ssl3_get_record:wrong version number:../ssl/record/ssl3_record.c:354:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 5 bytes and written 318 bytes
Verification: OK
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---

here's a debian 12 server..and the wordpress site on that using mailgun works fine
openssl s_client -connect mail.smtp2go.com:2525
CONNECTED(00000003)
40C73B4B167F0000:error:0A00010B:SSL routines:ssl3_get_record:wrong version number:../ssl/record/ssl3_record.c:354:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 5 bytes and written 322 bytes
Verification: OK
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---
if the openssl connection fails on xenforo but not on wordpress using the same plugins..points at xenforo...

 

[Peretz]

I'm wondering if both @ENF and @hescominsoon are both right in a sense, meaning that XenForo may have stricter requirements surrounding openssl and ca-certificates than WordPress.

I tested a second site running WordPress (and the WP Mail SMTP plugin configured to use a Brevo account) on the same server as our XenForo instance and confirmed that I was still able to send a test email from the WP Mail SMTP admin page without any issue.

So it does look like the issue is specific to XenForo in that it doesn't affect WordPress (or, more specifically, WP Mail SMTP), but I get the same error when trying to use three different SMTP relay services (Brevo, SMTP2GO, and Mailgun) and different ports (587, 465, 2525, etc.) and the "ssl3_get_record:wrong version number" hints at XenForo (or, more precisely Symfony) throwing a fit because of something in the server configuration.

Out of curiosity, I checked my WP Mail SMTP configuration and found (or rather, remembered) that I had set it up using an API key, so I'm not sure if it's configured to use SSL or TLS or not.

I'll keep researching and troubleshooting the issue, but I'm interested in hearing from anyone who was able to get SMTP relay working again after upgrading to XenForo 2.3.4.

 

[ENF]

I'll keep researching and troubleshooting the issue, but I'm interested in hearing from anyone who was able to get SMTP relay working again after upgrading to XenForo 2.3.4.

I have access to a number of sites that are using this configuration with no issues on XF 2.3+ -- But, none of the server configurations report the version errors like yours does. The common factor with your situation is you have those errors

I'll re-highlight the point.

Email to REDACTED from REDACTED failed: Connection could not be established with host "ssl://smtp-relay.brevo.com:587": stream_socket_client(): SSL operation failed with code 1. OpenSSL Error messages: error:0A00010B:SSL routines::wrong version number

OpenSSL is a part of your server environment and is not specific to XenForo -- your other mail systems may not being using this transport method, so it may not apply, thus no issues sending. In any case, as other installations are working without issue, I don't believe the issue is with XenForo.

 

[ENF]

@Peretz Because I had time, I went out and replicated your setup with Brevo and it worked with no issues.
The only difference is that this test server is running XF 2.3.6, PHP 8.3.16

Spoiler: sent sucess

​

(I've just masked my test domain, but otherwise untouched)

The configuration that worked for me: (SSL/TLS = not checked)


And the test connection from that server:

[root@orchid ~]# openssl s_client -connect smtp-relay.brevo.com:587
CONNECTED(00000003)
140501017479056:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:s23_clnt.c:794:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 7 bytes and written 289 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : 0000
    Session-ID: 
    Session-ID-ctx: 
    Master-Key: 
    Key-Arg   : None
    Krb5 Principal: None
    PSK identity: None
    PSK identity hint: None
    Start Time: 1740658559
    Timeout   : 300 (sec)
    Verify return code: 0 (ok)
---
You have new mail in /var/spool/mail/root
[root@orchid ~]#

This is just to document that XF works as designed and that your issue rests in either your SMTP configuration or your server config.
I don't believe there are any breaking changes between your version of XF and this one, so I wouldn't factor that in too deeply.

Hope this helps.

 

[Peretz]

@Peretz Because I had time, I went out and replicated your setup with Brevo and it worked with no issues.
The only difference is that this test server is running XF 2.3.6, PHP 8.3.16

[...]

This is just to document that XF works as designed and that your issue rests in either your SMTP configuration or your server config.
I don't believe there are any breaking changes between your version of XF and this one, so I wouldn't factor that in too deeply.

Hope this helps.

Thank you for testing and posting the results! That's encouraging to know that you were able to get SMTP relay working on XF 2.3.6 with Brevo. (I don't believe I mentioned it in previous posts, but we upgraded from 2.3.4 to 2.3.6 earlier this week.)

I tried unchecking the "Use SSL/TLS" box and leaving everything else the same (aside from re-entering the password) and got this error:

Email to REDACTED from REDACTED failed: Unable to connect with STARTTLS: stream_socket_enable_crypto(): SSL operation failed with code 1. OpenSSL Error messages: error:16000069:STORE routines::unregistered scheme error:80000002:system library::No such file or directory error:16000069:STORE routines::unregistered scheme error:80000002:system library::No such file or directory error:16000069:STORE routines::unregistered scheme error:80000002:system library::No such file or directory error:0A000086:SSL routines::certificate verify failed

I'll continue working with my host and XenForo support (I opened a ticket last night) to troubleshoot.

 

[hescominsoon]

@Peretz Because I had time, I went out and replicated your setup with Brevo and it worked with no issues.
The only difference is that this test server is running XF 2.3.6, PHP 8.3.16

Spoiler: sent sucess

View attachment 319589​

(I've just masked my test domain, but otherwise untouched)

The configuration that worked for me: (SSL/TLS = not checked)
View attachment 319591

And the test connection from that server:

[root@orchid ~]# openssl s_client -connect smtp-relay.brevo.com:587
CONNECTED(00000003)
140501017479056:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:s23_clnt.c:794:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 7 bytes and written 289 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : 0000
    Session-ID:
    Session-ID-ctx:
    Master-Key:
    Key-Arg   : None
    Krb5 Principal: None
    PSK identity: None
    PSK identity hint: None
    Start Time: 1740658559
    Timeout   : 300 (sec)
    Verify return code: 0 (ok)
---
You have new mail in /var/spool/mail/root
[root@orchid ~]#

This is just to document that XF works as designed and that your issue rests in either your SMTP configuration or your server config.
I don't believe there are any breaking changes between your version of XF and this one, so I wouldn't factor that in too deeply.

Hope this helps.

things worked fine before the site was upgraded to the most recent version...i have never run any smtp server on any server...no mail processes are running or are allowed to run..no sendmail, postfix,, exim...nothing.....i do not provide any kind of mail services...all of my other clients are under wordpress running mailgun, smtp2go, among others. it's not the server nor my service.