Re: PHP App Timing Out When Sending Emails via Zimbra SMTP on Port 587

Have a great idea for extending Zimbra? Share ideas, ask questions, contribute, and get feedback.
Post Reply
davidjames82912
Posts: 1
Joined: Tue Jul 08, 2025 7:17 am

Re: PHP App Timing Out When Sending Emails via Zimbra SMTP on Port 587

Post by davidjames82912 »

Hi davidjames78,

That’s a frustrating issue with the PHP app timing out on Zimbra’s SMTP port 587! I’ve hit similar snags with Zimbra Collaboration 10.1.8 FOSS on Ubuntu 20.04, and it’s often a mix of Postfix/TLS quirks or PHPMailer settings. Since telnet connects to port 587 but Zimbra logs show no SMTP activity, the issue likely lies in the TLS handshake or Postfix configuration blocking the connection before it’s logged. Here’s a step-by-step approach to debug and fix this, based on your setup (single-server, no firewall, STARTTLS).
1. Verify Postfix SMTP ConfigurationYour zimbraMtaAuthEnabled: TRUE and zimbraMtaTlsAuthOnly: TRUE look good, but Postfix may not be advertising STARTTLS correctly or could be misconfigured. Let’s confirm:

As the zimbra user, run: telnet localhost 587

After connecting, type EHLO test and check if 250-STARTTLS appears in the response. If not, Postfix isn’t offering STARTTLS, which could cause PHPMailer to fail.
Check Postfix’s main config: sudo -u zimbra postconf | grep smtpd_tls

Ensure smtpd_tls_security_level = may (allows STARTTLS) and smtpd_sasl_auth_enable = yes. If missing, set them: sudo -u zimbra postconf -e smtpd_tls_security_level=may
sudo -u zimbra postconf -e smtpd_sasl_auth_enable=yes
sudo -u zimbra postfix reload


Verify the server’s hostname resolves correctly: zmhostname

Ensure mail.mydomain.com matches the output and is in /etc/hosts (e.g., 192.168.x.x mail.mydomain.com). A mismatch can cause TLS issues.

2. Debug TLS Handshake IssuesThe timeout and lack of logs suggest PHPMailer’s TLS handshake fails silently. Common culprits include certificate mismatches or PHP’s OpenSSL setup:

Check Zimbra’s TLS certificate: sudo -u zimbra /opt/zimbra/bin/zmcertmgr viewdeployedcrt

Ensure the certificate’s CN matches mail.mydomain.com and isn’t expired. If invalid, deploy a new Let’s Encrypt cert: sudo -u zimbra /opt/zimbra/bin/zmcertmgr deploycrt comm /etc/letsencrypt/live/mail.mydomain.com/cert.pem /opt/zimbra/ssl/zimbra/commercial/commercial_ca.crt

Then restart Postfix: sudo -u zimbra zmmtactl restart.
Test TLS externally: openssl s_client -starttls smtp -connect mail.mydomain.com:587

Look for SSL handshake has read ... and a valid cipher (e.g., TLSv1.2). If it fails with unknown protocol or certificate not trusted, PHPMailer may be rejecting the connection.
In PHPMailer, disable strict SSL verification (temporary, for testing): $mail->SMTPOptions = array(
'ssl' => array(
'verify_peer' => false,
'verify_peer_name' => false,
'allow_self_signed' => true
)
);

Add this before $mail->send() and test. If it works, the issue is TLS-related, and you should fix the certificate rather than leaving this workaround.

3. Enable SMTP Debugging in PHPMailerTo pinpoint why no logs appear, enable verbose debugging:

Update your PHP code: $mail->SMTPDebug = 2; // Enable verbose debug output
$mail->Debugoutput = 'html'; // Optional: cleaner output

Run the script and check the output for SMTP handshake details (e.g., EHLO, STARTTLS responses). Look for errors like “SSL23_GET_CLIENT_HELLO:unknown protocol”.
If the debug shows “STARTTLS not advertised,” Postfix isn’t offering it, pointing back to step 1.

4. Check Zimbra and Postfix LogsThe absence of /var/log/zimbra.log or /var/log/maillog entries suggests the connection doesn’t reach Postfix. Enable verbose logging:

Edit /opt/zimbra/conf/log4j.properties as zimbra user, add: log4j.logger.zimbra.smtp=DEBUG

Restart logging: sudo -u zimbra zmlogswatchctl restart.
Check Postfix logs: sudo tail -f /var/log/maillog

Try sending an email and look for connect from or SSL_accept error. If nothing appears, the connection is blocked before Postfix.

5. Network and Firewall ChecksEven with ufw disabled, a VM network issue or NAT misconfiguration could block connections:

Confirm the PHP server resolves mail.mydomain.com: ping mail.mydomain.com
nslookup mail.mydomain.com

Ensure it resolves to the Zimbra server’s IP.
Test connectivity from the PHP server: nc -zv mail.mydomain.com 587

If it fails, check VM networking (e.g., bridged vs. NAT) or any hypervisor firewall.
Ensure no other MTA (e.g., system Postfix) is running: sudo systemctl stop postfix
sudo systemctl disable postfix
sudo -u zimbra zmcontrol restart



6. Why This HappensThe timeout with no logs suggests the TLS handshake fails before authentication, often due to:

Postfix not advertising STARTTLS (smtpd_tls_security_level misconfigured).
Certificate issues (mismatched CN, expired cert) causing PHPMailer to abort.
Network issues (DNS, NAT, or VM routing) preventing the connection from reaching Postfix.
PHPMailer’s strict TLS settings rejecting Zimbra’s self-signed cert.

Next Steps

Start with steps 1 and 2 to verify Postfix and TLS settings.
Add SMTP debugging (step 3) and share any specific errors (e.g., “SSL23_GET_CLIENT_HELLO”).
Check logs after enabling verbose mode (step 4).
If it still fails, confirm the PHP server’s network setup (step 5) and share:
Output of telnet localhost 587 and EHLO test.
Any new log entries in /var/log/maillog or /var/log/zimbra.log.



This should get you closer to resolving the timeout! Let me know how it goes or if you need help with any CLI commands.
Top
Post Reply

Return to “Developers”