• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

XF 1.5 SSL / TLS problems with SMTP after server move / PHP upgrade

Gossipy

Active member
#1
We've just moved our XF install to a new server. We're now running Apache 2.4 and PHP 7.1 on CentOS 7.

We use a G Suite (formerly Google Apps) account for the forum's outbound email. Everything on Google's end is set correctly because it was all working fine until the move. We haven't changed any of the settings in Xenforo ACP - Mail Options. It's connecting to smtp.gmail.com on port 587 with TLS. This is the exact config that was working flawlessly on the old server.

It's worth noting that the old server was PHP 5.5 and this new server is PHP 7.1, and that's clearly where the "problem" lies.

Our certs are valid LetsEncrypt certs, not self-signed. We've done all the obvious stuff (I think anyway) such as verifying login credentials, etc.

Now, whenever the system tries to send outbound mail via SMTP, we get these server errors (user name and site address changed)

ErrorException: Email to someone@gmail.com failed: stream_socket_enable_crypto(): Peer certificate CN='host.oursite.com' did not match expected CN='smtp.gmail.com' - library/Zend/Mail/Protocol/Smtp.php:206
Generated By: xx 46 minutes ago

Stack Trace
#0 [internal function]: XenForo_Application::handlePhpError(2, 'stream_socket_e...', '/home/user/pu...', 206, Array)
#1 /home/user/public_html/community/library/Zend/Mail/Protocol/Smtp.php(206): stream_socket_enable_crypto(Resource id #124, true, 9)
#2 /home/user/public_html/community/library/Zend/Mail/Transport/Smtp.php(217): Zend_Mail_Protocol_Smtp->helo('localhost')
#3 /home/user/public_html/community/library/Zend/Mail/Transport/Abstract.php(348): Zend_Mail_Transport_Smtp->_sendMail()
#4 /home/user/public_html/community/library/Zend/Mail.php(1194): Zend_Mail_Transport_Abstract->send(Object(Zend_Mail))
#5 /home/user/public_html/community/library/XenForo/Deferred/UserEmail.php(168): Zend_Mail->send(Object(Zend_Mail_Transport_Smtp))
#6 /home/user/public_html/community/library/XenForo/Deferred/UserEmail.php(62): XenForo_Deferred_UserEmail->_sendEmail(Array, Array, Object(Zend_Mail_Transport_Smtp))
#7 /home/user/public_html/community/library/XenForo/Model/Deferred.php(295): XenForo_Deferred_UserEmail->execute(Array, Array, 7.9391350746155, '')
#8 /home/user/public_html/community/library/XenForo/Model/Deferred.php(429): XenForo_Model_Deferred->runDeferred(Array, 7.9391350746155, '', false)
#9 /home/user/public_html/community/library/XenForo/Model/Deferred.php(374): XenForo_Model_Deferred->_runInternal(Array, 7.9391360282898, '', false)
#10 /home/user/public_html/community/library/XenForo/ViewRenderer/Abstract.php(352): XenForo_Model_Deferred->run(true, 7.9391360282898)
#11 /home/user/public_html/community/library/XenForo/ViewRenderer/HtmlAdmin.php(50): XenForo_ViewRenderer_Abstract::hasManualDeferredToRun()
#12 /home/user/public_html/community/library/XenForo/FrontController.php(617): XenForo_ViewRenderer_HtmlAdmin->renderRedirect(4, 'https://www.our...', NULL, Array)
#13 /home/user/public_html/community/library/XenForo/FrontController.php(158): XenForo_FrontController->renderView(Object(XenForo_ControllerResponse_Redirect), Object(XenForo_ViewRenderer_HtmlAdmin), Array)
#14 /home/user/public_html/community/admin.php(13): XenForo_FrontController->run()
#15 {main}

One weird thing is that the SSL handshake looks like it's trying to match OUR server hostname with gmail's.

For posterity, we've done a lot of searching and found a few similar situations, but none resolved it for us. For example, we tried editing the SMTP.php file with these suggestions, but it just resulted in more errors. We also reviewed this and this.

Even our host seems stumped. If anyone has any ideas for us, they'd be very much appreciated! Thanks in advance.

[EDIT: FWIW, this is a WHM/cpanel server and Apache, PHP etc was built/deployed using EasyApache 4.]
 
Last edited:

Mike

XenForo developer
Staff member
#2
In your SMTP configuration within XF, are you entering smtp.gmail.com or host.oursite.com? If it's the latter, use smtp.gmail.com and it should sort it. If it's already the former, it's very likely related to an outgoing firewall that's effectively trying to man-in-the-middle the request.
 

Gossipy

Active member
#3
In your SMTP configuration within XF, are you entering smtp.gmail.com or host.oursite.com?
It's smtp.gmail.com.

If it's already the former, it's very likely related to an outgoing firewall that's effectively trying to man-in-the-middle the request.
You were close enough to send me down the right path! We had tried different settings on CSF (ConfigServer / Firewall) and even once with the firewall entirely disabled, and we still got the error. But after I read your message this morning, I went in and looked at CSF again. One of the settings in CSF referred to a security setting within WHM itself:

Tweak Settings -> Restrict outgoing SMTP to root, exim, and mailman (FKA SMTP Tweak)

Once we set that to "off", all is working well again. Thank you so much!