4

I read a lot of articles who explains how to send an email with smtp, like this Send email using GMail SMTP server from PHP page I have a cloud server and a localhost setup, both are the same (Centos 6, installed only httpd, php and mysql through yum). The iptables are the same: output ports opened, input only for 22 and 80.

I installed pear Mail and pear Net_SMTP to use with smtp.gmail.com. phpinfo(); shows openssl is enabled.

I am using this code:

 <?php  require_once "Mail.php";

    $from = "<from.gmail.com>";
    $to = "<to.yahoo.com>";
    $subject = "Hi!";
    $body = "Hi,\n\nHow are you?";

    $host = "ssl://smtp.gmail.com";
    $port = "465";
    $username = "<myaccount.gmail.com>";
    $password = "password";

    $headers = array ('From' => $from,
      'To' => $to,
      'Subject' => $subject);
    $smtp = Mail::factory('smtp',
      array ('host' => $host,
        'port' => $port,
        'auth' => true,
        'username' => $username,
        'password' => $password));

    $mail = $smtp->send($to, $headers, $body);

    if (PEAR::isError($mail)) {
      echo("<p>" . $mail->getMessage() . "</p>");
     } else {
      echo("<p>Message successfully sent!</p>");
     }

?>  <!-- end of php tag-->

At my localhost server the script worked and I received the email at my gmail account. But at my cloud server, with the same script, I got this error: (with the debug)

ErrorFailed to connect to ssl://smtp.gmail.com:465 [SMTP: Failed to connect socket: Permission denied (code: -1, response: )]DEBUG: Send: QUIT

I searched a lot and I saw some people saying that error occurr when the 465 port are blocked.

So I review my iptables, my connections etc and the port 465 for OUTPUT is opened.

I did a test using: openssl s_client -verify 0 -connect smtp.gmail.com:465 and I got this result: 

verify depth is 0
CONNECTED(00000003)
depth=2 C = US, O = Equifax, OU = Equifax Secure Certificate Authority
verify return:1
depth=1 C = US, O = Google Inc, CN = Google Internet Authority
verify return:1
depth=0 C = US, ST = California, L = Mountain View, O = Google Inc, CN = smtp.gmail.com
verify return:1
---
Certificate chain
 0 s:/C=US/ST=California/L=Mountain View/O=Google Inc/CN=smtp.gmail.com
   i:/C=US/O=Google Inc/CN=Google Internet Authority
 1 s:/C=US/O=Google Inc/CN=Google Internet Authority
   i:/C=US/O=Equifax/OU=Equifax Secure Certificate Authority
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIDWzCCAsSgAwIBAgIKFeQVggADAAA7NjANBgkqhkiG9w0BAQUFADBGMQswCQYD
VQQGEwJVUzETMBEGA1UEChMKR29vZ2xlIEluYzEiMCAGA1UEAxMZR29vZ2xlIElu
dGVybmV0IEF1dGhvcml0eTAeFw0xMTExMTgwMTU3MTdaFw0xMjExMTgwMjA3MTda
MGgxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1N
b3VudGFpbiBWaWV3MRMwEQYDVQQKEwpHb29nbGUgSW5jMRcwFQYDVQQDEw5zbXRw
LmdtYWlsLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAuK+t5ZRq6c3K
kWPwLuIcPa6DgiBURaQK9akP4OBoXKJ6bqYIQWsS4C3RgnOaGaDENadxHSNZ5Qpl
Vqg2S54N54SM5OXwOq0NtrqdlbhgigB53TZouiJvnLDxxIexSOn2Gx1qyZF2z8Ii
MoUhHuStWgW5YoOHje8z6K9xQdYkQp0CAwEAAaOCASwwggEoMB0GA1UdDgQWBBTs
OL4jbtJ5l8B6/eoEvv30KEiTrjAfBgNVHSMEGDAWgBS/wDDr9UMRPme6npH7/Gra
42sSJDBbBgNVHR8EVDBSMFCgTqBMhkpodHRwOi8vd3d3LmdzdGF0aWMuY29tL0dv
b2dsZUludGVybmV0QXV0aG9yaXR5L0dvb2dsZUludGVybmV0QXV0aG9yaXR5LmNy
bDBmBggrBgEFBQcBAQRaMFgwVgYIKwYBBQUHMAKGSmh0dHA6Ly93d3cuZ3N0YXRp
Yy5jb20vR29vZ2xlSW50ZXJuZXRBdXRob3JpdHkvR29vZ2xlSW50ZXJuZXRBdXRo
b3JpdHkuY3J0MCEGCSsGAQQBgjcUAgQUHhIAVwBlAGIAUwBlAHIAdgBlAHIwDQYJ
KoZIhvcNAQEFBQADgYEAQiMlHuQLRFqR10UsSg5WTNe3vagbdnBLAkdhvAf90B5a
9beBxJH2/ylTSIGfD2uceAqzcsQe6Ouy4C9r3rz86qA1dhdtIcPg6uoZb+E2qhE5
UaOJOPO4rHInX9kscBxh+baHbpBMh+ch6v5L8plss8hd0id8C4g10YKzwcgPYlQ=
-----END CERTIFICATE-----
subject=/C=US/ST=California/L=Mountain View/O=Google Inc/CN=smtp.gmail.com
issuer=/C=US/O=Google Inc/CN=Google Internet Authority
---
No client certificate CA names sent
---
SSL handshake has read 1850 bytes and written 299 bytes
---
New, TLSv1/SSLv3, Cipher is RC4-SHA
Server public key is 1024 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : TLSv1
    Cipher    : RC4-SHA
    Session-ID: 55E90A8854BB04C962AB8AD7D231C89291E62B28EC93F4189CFD512B2EFD43B6
    Session-ID-ctx:
    Master-Key: C454B3ED7E5C522B745F0E2EBF45BDEADFAD2CE29ECE945C1CA6EBA1629921577FEECFF968D896E39CF4E0057731CD26
    Key-Arg   : None
    Krb5 Principal: None
    PSK identity: None
    PSK identity hint: None
    TLS session ticket lifetime hint: 100800 (seconds)
    TLS session ticket:
    0000 - 75 be ab 14 ff bf e3 74-61 4f 98 e6 ec 58 ae ab   u......taO...X..
    0010 - 50 2f 20 f5 12 14 ae b5-11 dd 2c c1 9e 99 36 b1   P/ .......,...6.
    0020 - 9a 66 5b 76 15 c8 0e 7f-07 ce ce e1 4c b3 f4 12   .f[v........L...
    0030 - 38 c8 43 2d a2 c7 f9 62-17 4f da 82 4f 4b 12 93   8.C-...b.O..OK..
    0040 - af 31 9e d5 90 8d 3e 4c-06 d6 73 30 fb b6 95 80   .1....>L..s0....
    0050 - 59 1c 65 e3 d3 51 2e a7-48 15 11 ba 9f 72 89 12   Y.e..Q..H....r..
    0060 - 9a 68 63 df 65 22 0f cb-60 b7 cf 3c b4 c6 f9 92   .hc.e"..`..<....
    0070 - a0 c1 34 d7 06 31 97 ef-e6 8a bf b8 14 d9 72 b0   ..4..1........r.
    0080 - 13 d9 dd df ce 48 a1 83-74 53 d6 fe b0 5a 53 a1   .....H..tS...ZS.
    0090 - ee d0 9e b3                                       ....

    Start Time: 1335462088
    Timeout   : 300 (sec)
    Verify return code: 0 (ok)
---

So, I think the problem doesn't have relation with "blocked port". I also tried port 587...

I sent a message for my host asking if the ISP could be blocking those ports and they told me they don't block any ports, the clients (me) have full control of the server.

I don't know what more can cause this error and what I can do now. Maybe some configuration file I am not seeing.

Anyone have some advice to help me or suggest more test I can do to get more information of why I am getting that error and solve this problem?

thanks

Community
  • 1
  • 1
xbrpiatto
  • 43
  • 1
  • 5

3 Answers3

4

You may check if app armor or SELinux active in your system. To disable app armor :

AppArmor can be disabled, and the kernel module unloaded by entering the following:

sudo /etc/init.d/apparmor stop

sudo update-rc.d -f apparmor remove

reboot

To disable SELINUX:

edit /etc/selinux/config and change the SELINUX line to SELINUX=disabled

reboot

or more cleaner approach (SELINUX):

/usr/sbin/setsebool httpd_can_network_connect=1

reboot

Superbiji
  • 1,723
  • 2
  • 14
  • 21
  • Thank you Superbiji, this is exactly what I needed. I forgot about SELINUX and it was blocking my apache user. I disabled it and everything worked fine. Thank you very much, I tried to vote, but said I cannot because I don't have reputation – xbrpiatto Apr 26 '12 at 21:28
2

Make sure you have uncommented ;extension=php_openssl.dll means remove semicolon in php.ini file. And if you dont find this line than copy "extension=php_openssl.dll" and paste it into your php.ini file

Andrew Barber
  • 39,603
  • 20
  • 94
  • 123
mukund
  • 2,253
  • 1
  • 18
  • 31
  • Do not include links to your website like that; it was not *directly* related to the topic of the question, and you failed to indicate it was your own blog. – Andrew Barber Nov 26 '12 at 14:44
0

Enter this command in Terminal (no reboot ) required it will set SELinux to permissive (it will only alert it doesn't stop process and reboot is also not required)

setenforce 0

and to very verify you can choose

getenforce

and if you want to disable you can do this

edit /etc/selinux/config
or
gedit /etc/selinux/config
or
vi /etc/selinux/config

and change you file to this

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of these two values:
#     targeted - Targeted processes are protected,
#     minimum - Modification of targeted policy. Only selected processes are protected. 
#     mls - Multi Level Security protection.
SELINUXTYPE=targeted

Thanks :)

Ravinder Payal
  • 2,884
  • 31
  • 40