Could not connect to SMTP host

Question

1. I have a VPS server
2. I have a postfix mail server running on that VPS server (I installed it via command line using a tutorial)
3. I have an SMTP server running on that VPS server
4. I also have the required records for mail server such as, (MX record, SPF record, PTR record, DMARC record, A record) I checked them out via: mxtoolbox checker and I got all of them correct

But unfortunately, still I can not send or receive mails whether I was using:

1. usermin (port:20000)
2. or even from my website using PHPMailer library

my Postfix configuration file is:

# See /usr/share/postfix/main.cf.dist for a commented, more complete version


# Debian specific:  Specifying a file name will cause the first
# line of that file to be used as the name.  The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname

smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no

# appending .domain is the MUA's job.
append_dot_mydomain = no

# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h

readme_directory = no

# See http://www.postfix.org/COMPATIBILITY_README.html -- default to 2 on
# fresh installs.
compatibility_level = 2

# TLS parameters
smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key
smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
myhostname = mainserver.mskillsa.com
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = $myhostname, mskillsa.com, mainserver.mskillsa.com, localhost.mskillsa.com, localhost
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_command = procmail -a "$EXTENSION"
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
inet_protocols = all
smtp_sasl_auth_enable = yes

My Domain Name is: mskillsa.com

My Hostname is : mainserver.mskillsa.com

My Email is : info@mskillsa.com

Some record checkers told me that I do not have DKIM record, I tried to use third party DKIM record generator and I use it but STILL have the same issue with DKIM record!!!

My PHPMailer codes :

<?php

// Include required phpmailer files

require "includes/PHPMailer.php";
require "includes/SMTP.php";
require "includes/Exception.php";
// Define name spaces

use PHPMailer\PHPMailer\PHPMailer;

use PHPMailer\PHPMailer\SMTP;

use PHPMailer\PHPMailer\Exception;

// Create instance of phpmailer

$mail = new PHPMailer();

// Set mailer to use SMTP

$mail->isSMTP();

// Define SMTP host

$mail->Host = "mail.mskillsa.com";

// enable SMTP authentication

$mail->SMTPAuth = "true";

// Set type of encryption (ssl/tls)

$mail->SMTPSecure = "ssl";

// Set port to connect SMTP

$mail->Port = "465";

// Set username

$mail->Username = "example@mskillsa.com";

// Set password

$mail->Password = "password";

// Set email Subject

$mail->Subject = "Hello Info Testing";

// Set sender email

$mail->setFrom("example@mskillsa.com");

// Email Body

$mail->Body = "Hello testing...";

// Add recipient

$mail->addAddress('recipient_example@gmail.com');

// Finally Send Email

if ($mail->send()) {
    echo "Sent";
} else {
    echo "Not Sent";
}

// Closing SMTP Connection

$mail->smtpClose();

And I got the following error:

2022-08-08 15:42:54 CLIENT -> SERVER: EHLO mskillsa.com
2022-08-08 15:42:54 CLIENT -> SERVER: STARTTLS
SMTP Error: Could not connect to SMTP host. Connection failed. stream_socket_enable_crypto(): Peer certificate CN=`localhost.localdomain' did not match expected CN=`mainserver.mskillsa.com'
2022-08-08 15:42:54 CLIENT -> SERVER: QUIT
2022-08-08 15:42:54
SMTP connect() failed. https://github.com/PHPMailer/PHPMailer/wiki/Troubleshooting
Not Sent

My master.cf file:

#
# Postfix master process configuration file.  For details on the format
# of the file, see the master(5) manual page (command: "man 5 master" or
# on-line: http://www.postfix.org/master.5.html).
#
# Do not forget to execute "postfix reload" after editing this file.
#
# ==========================================================================
# service type  private unpriv  chroot  wakeup  maxproc command + args
#               (yes)   (yes)   (no)    (never) (100)
# ==========================================================================
smtp      inet  n       -       y       -       -       smtpd
#smtp      inet  n       -       y       -       1       postscreen
#smtpd     pass  -       -       y       -       -       smtpd
#dnsblog   unix  -       -       y       -       0       dnsblog
#tlsproxy  unix  -       -       y       -       0       tlsproxy
#submission inet n       -       y       -       -       smtpd
#  -o syslog_name=postfix/submission
#  -o smtpd_tls_security_level=encrypt
#  -o smtpd_sasl_auth_enable=yes
#  -o smtpd_tls_auth_only=yes
#  -o smtpd_reject_unlisted_recipient=no
#  -o smtpd_client_restrictions=$mua_client_restrictions
#  -o smtpd_helo_restrictions=$mua_helo_restrictions
#  -o smtpd_sender_restrictions=$mua_sender_restrictions
#  -o smtpd_recipient_restrictions=
#  -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
#  -o milter_macro_daemon_name=ORIGINATING
#smtps     inet  n       -       y       -       -       smtpd
#  -o syslog_name=postfix/smtps
#  -o smtpd_tls_wrappermode=yes
#  -o smtpd_sasl_auth_enable=yes
#  -o smtpd_reject_unlisted_recipient=no
#  -o smtpd_client_restrictions=$mua_client_restrictions
#  -o smtpd_helo_restrictions=$mua_helo_restrictions
#  -o smtpd_sender_restrictions=$mua_sender_restrictions
#  -o smtpd_recipient_restrictions=
#  -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
#  -o milter_macro_daemon_name=ORIGINATING
#628       inet  n       -       y       -       -       qmqpd
pickup    unix  n       -       y       60      1       pickup
cleanup   unix  n       -       y       -       0       cleanup
qmgr      unix  n       -       n       300     1       qmgr
#qmgr     unix  n       -       n       300     1       oqmgr
tlsmgr    unix  -       -       y       1000?   1       tlsmgr
rewrite   unix  -       -       y       -       -       trivial-rewrite
bounce    unix  -       -       y       -       0       bounce
defer     unix  -       -       y       -       0       bounce
trace     unix  -       -       y       -       0       bounce
verify    unix  -       -       y       -       1       verify
flush     unix  n       -       y       1000?   0       flush
proxymap  unix  -       -       n       -       -       proxymap
proxywrite unix -       -       n       -       1       proxymap
smtp      unix  -       -       y       -       -       smtp
relay     unix  -       -       y       -       -       smtp
        -o syslog_name=postfix/$service_name
#       -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq     unix  n       -       y       -       -       showq
error     unix  -       -       y       -       -       error
retry     unix  -       -       y       -       -       error
discard   unix  -       -       y       -       -       discard
local     unix  -       n       n       -       -       local
virtual   unix  -       n       n       -       -       virtual
lmtp      unix  -       -       y       -       -       lmtp
anvil     unix  -       -       y       -       1       anvil
scache    unix  -       -       y       -       1       scache
#
# ====================================================================
# Interfaces to non-Postfix software. Be sure to examine the manual
# pages of the non-Postfix software to find out what options it wants.
#
# Many of the following services use the Postfix pipe(8) delivery
# agent.  See the pipe(8) man page for information about ${recipient}
# and other message envelope options.
# ====================================================================
#
# maildrop. See the Postfix MAILDROP_README file for details.
# Also specify in main.cf: maildrop_destination_recipient_limit=1
#
maildrop  unix  -       n       n       -       -       pipe
  flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
#
# ====================================================================
#
# Recent Cyrus versions can use the existing "lmtp" master.cf entry.
#
# Specify in cyrus.conf:
#   lmtp    cmd="lmtpd -a" listen="localhost:lmtp" proto=tcp4
#
# Specify in main.cf one or more of the following:
#  mailbox_transport = lmtp:inet:localhost
#  virtual_transport = lmtp:inet:localhost
#
# ====================================================================
#
# Cyrus 2.1.5 (Amos Gouaux)
# Also specify in main.cf: cyrus_destination_recipient_limit=1
#
#cyrus     unix  -       n       n       -       -       pipe
#  user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}
#
# ====================================================================
# Old example of delivery via Cyrus.
#
#old-cyrus unix  -       n       n       -       -       pipe
#  flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user}
#
# ====================================================================
#
# See the Postfix UUCP_README file for configuration details.
#
uucp      unix  -       n       n       -       -       pipe
  flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
#
# Other external delivery methods.
#
ifmail    unix  -       n       n       -       -       pipe
  flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp     unix  -       n       n       -       -       pipe
  flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
scalemail-backend unix  -   n   n   -   2   pipe
  flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
mailman   unix  -       n       n       -       -       pipe
  flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
  ${nexthop} ${user}

I tested my email score in https://www.mail-tester.com/ and you can check my score

Answer 1

You overcomplicate things when using PHPmailer.

As your SMTP server is on localhost, the simplest thing you can do is not to use $mail->isSMTP() at all and not to set any values for $mail->Host, $mail->SMTPAuth, $mail->SMTPSecure, $mail->Port, $mail->Username and $mail->Password. Omit $mail->smtpClose() as well. So you are left with

$mail = new PHPMailer();
$mail->Subject = "Hello Info Testing";
$mail->setFrom("example@mskillsa.com");
$mail->Body = "Hello testing...";
$mail->addAddress('recipient_example@gmail.com');

if ($mail->send()) {
    echo "Sent";
} else {
    echo "Not Sent";
}

like in the first example from this tutorial ("How to send your first email with PHPmailer").

With this approach, PHPmailer will use exactly the same method of sending mail as PHP internal mail() function, that is, submit the mail directly to local mail server using sendmail. In my opinion, it's the most proper method of sending mail on a machine that also runs a local SMTP server. If this method did work for you previously (mail from command line and PHP mail() function), it should work here too.

If you, however, insist on using SMTP, there are a few options how you can do that, but each of them requires some corrections to your parameters.

First, you attempt to use secure connection to local server ($mail->SMTPSecure = "ssl"). This gives absolutely no security benefits if you are connecting to localhost, and this is the main cause of your problems because the error dialog you posted shows that PHPmailer fails on certificate verification. So first try getting rid of encryption completely. Replace

$mail->Host = "mail.mskillsa.com";

by

$mail->Host = "localhost";

or

$mail->Host = "127.0.0.1";

and remove the line $mail->SMTPSecure = "ssl". You may also need to add the following:

$mail->SMTPAutoTLS = false;

to stop PHPmailer from automatically using encryption if it sees that server supports it.

Because your Postfix server trusts localhost (which is absolutely correct) - the localhost address is included in mynetworks=. So you can simply connect to standard SMTP port 25. You should also get rid of authentication, because your current Postfix configuration does not support authentication, at least on port 25 (you did not post your master.cf, where the configuration for submission service on port 465 is probably defined, so I don't know for sure if authentication is supported there or not, but from the dialog you posted - the previous version, before your editing - I see that the server does not advertise AUTH). So remove $mail->SMTPAuth, $mail->Username and $mail->Password lines, and set

$mail->Port = 25;

So next option that works should be the following:

$mail = new PHPMailer();
$mail->isSMTP();
$mail->Host = "localhost";
$mail->SMTPAutoTLS = false;
$mail->Port = 25;
$mail->Subject = "Hello Info Testing";
$mail->setFrom("example@mskillsa.com");
$mail->Body = "Hello testing...";
$mail->addAddress('recipient_example@gmail.com');

if ($mail->send()) {
    echo "Sent";
} else {
    echo "Not Sent";
}

$mail->smtpClose();

Finally, if you really want to use encrypted authenticated submission (although I want to stress once again that it has no sense when connecting to local SMTP server), you need to fix a bit your Postfix configuration as well.

As I said, your Postfix configuration does not turn on authentication. You probably wanted to turn it on using the line smtp_sasl_auth_enable = yes, but this turns on authentication for Postfix connecting as a client to another server to send mail to it, and not for SMTP server in Postfix. You usually don't want this. And without an accompanying parameter smtp_sasl_password_maps, defining the credentials Postfix should use to authenticate to remote servers, this parameter does not work at all. So remove this line from your main.cf.

The parameter that turns on authentication in Postfix server is smtpd_sasl_auth_enable = yes (note the "d" in the name), but you should not put this in your main.cf as it isn't a good practice in configuring mail servers to enable authentication on port 25. Instead, you should enable authentication only in your submission service on port 465, which is defined in master.cf. You haven't posted your master.cf so I can't tell you how to correct it.

Assume you have fixed your master.cf, there are still some things needed to fix in your PHPmailer parameters. PHPmailer failed on certificate verification because you have a self-signed certfificate on your server and PHPmailer by default expects an "official" certificate from a certification authority and tries to verify it. So in addition to what you already have in your PHPmailer code, you need to add the following:

/* Disable some SSL checks. */
$mail->SMTPOptions = array(
   'ssl' => array(
   'verify_peer' => false,
   'verify_peer_name' => false,
   'allow_self_signed' => true
   )
);

I took this from the tutorial I already linked, see the second example under "How to use a custom SMTP server". This is a third variant that should work for you.

Update: Now that you posted your master.cf contents, I see that you don't have the submission service enabled at all. So I wonder how initially the connection to port 465 (as specified in your PHPmailer code) did work at all for you. Do you have some other software running on port 465? Because according to your master.cf, Postfix listens only on port 25.

Anyway, to make authenticated submission work, you need to uncomment the following lines in your master.cf and restart Postfix:

#smtps     inet  n       -       y       -       -       smtpd
#  -o syslog_name=postfix/smtps
#  -o smtpd_tls_wrappermode=yes
#  -o smtpd_sasl_auth_enable=yes
#  -o smtpd_reject_unlisted_recipient=no
#  -o smtpd_client_restrictions=$mua_client_restrictions
#  -o smtpd_helo_restrictions=$mua_helo_restrictions
#  -o smtpd_sender_restrictions=$mua_sender_restrictions
#  -o smtpd_recipient_restrictions=
#  -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
#  -o milter_macro_daemon_name=ORIGINATING

But, you need also some authenticator defined that will check the users credentials. This is some program external to Postfix, such as for example Dovecot. You need to configure the authentication in two places. First, you need to add the following to your Postfix main.cf file:

smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth

Then, you need to configure in Dovecot an authentication service for Postfix. There is a tutorial on Dovecot website how to do that.