Wikimedia Developer Support

Email sending via postfix with SMTP/TLS fails with "authentication failure [SMTP: STARTTLS failed (code: 220, response: 2.0.0 Ready to start TLS)]"


I configured a basic Postfix server with basic SMTP and TLS that uses letsencrypt.
The email successfully sends by using this command:
echo "This is the body of the email" | mail -s "This is the subject line"

However when I use confirm email address in Preferences of mediawiki it gives this response.
Mailer returned: authentication failure [SMTP: STARTTLS failed (code: 220, response: 2.0.0 Ready to start TLS)]

I already read$wgSMTP#Troubleshooting_email and I’m confused because my Certs are already Valid and have not expired. I read somewhere that net_smtp has a bug that prevents usage of TLS. Is this true?

How do I solve this issue?

Failed to connect to ssl:// [SMTP: Failed to connect socket: fsockopen(): unable to connect to ssl:// (Unknown error) (code: -1, response: )]

I also have this problem when sent mail via third-party STMP server. I refer to the recommendations of other sites to modify the source code of net_smtp and solved it. Edit line 565 in vendor/pear/net_smtp/Net/SMTP.php file, replace && extension_loaded('openssl') && isset($this->esmtp['STARTTLS']) with && extension_loaded('openssl') && ($this->esmtp['STARTTLS']). (Just remove isset)


This is not a viable solution as this change will be restored when you upgrade mediawiki.


Yes, I did come across those articles. I was worried about modifying library source code(although I change one line and nothing changed), but I didn’t see the line you mentioned. So i ended up installing Extension:SwiftMailer and things just started working.

Thank you for answering my question. You’ve helped tremendously.


After I’ve changed many lines in my SMTP.php, your answer solved the problem.

So I changed following lines

   //$options = array('ssl' => array('verify_peer_name' => false, 'verify_peer' => false));
    //$result = $this->_socket->connect($this->host, $this->port, $persistent, $timeout, $options);
    $this->_socket_options = array('ssl' => array('verify_peer_name' => false));
    $timeout = 60; // previously null;
    //$this->timeout          = $timeout;

&& extension_loaded(‘openssl’) && ($this->esmtp[‘STARTTLS’])

Thank you so much