WordPress mail plugins do not work after pci_compliance_resolver was enabled

Created:

2016-12-18 06:53:30 UTC

Modified:

2017-08-08 13:37:35 UTC

0

Was this article helpful?


Have more questions?

Submit a request

WordPress mail plugins do not work after pci_compliance_resolver was enabled

Applicable to:

  • Plesk Onyx for Linux

Symptoms

WordPress SMTP plugins do not work after pci_compliance_resolver was enabled.

/var/log/maillog contains the following when trying to send a test message using plugin:

postfix/smtpd[538769]: connect from smtp.example.com[203.0.113.2]
postfix/smtpd[538769]: SSL_accept error from smtp.example.com[203.0.113.2]: -1
postfix/smtpd[538769]: warning: TLS library problem: error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol:s23_srvr.c:647:
postfix/smtpd[538769]: lost connection after STARTTLS from smtp.example.com[203.0.113.2]
postfix/smtpd[538769]: disconnect from smtp.example.com[203.0.113.2]

Postfix is set to work with TLSv1.1 and TLSv1.2 only.

PHP 5.6.7 or newer is used.

The following error may appear when using Test Email in Bank Mail plugin:

530 5.7.0 Must issue a STARTTLS command first

Cause

Plugin is coded to use TLSv1 be default

Resolution

Starting from PHP 5.6.7, STREAM_CRYPTO_METHOD_TLS_CLIENT, which is commonly used in such WordPress plugins, does not include TLSv1.1 and TLSv1.2.

Considering that pci_compliance_resolver is enabled, postfix will not accept a TLSv1 handshake.

In order for plugin to work, it's source code has to be modified, specifically the aforementioned parameter: STREAM_CRYPTO_METHOD_TLS_CLIENT

For example, for Mail Bank plugin it is done the following way:

  1. Find the parameter in code:

    # grep -iR 'STREAM_CRYPTO_METHOD_' /var/www/vhosts/example.com/httpdocs/wp-content/plugins/wp-mail-bank/
    /var/www/vhosts/example.com/httpdocs/wp-content/plugins/wp-mail-bank/lib/zend/mail/protocol/smtp.php: if (!stream_socket_enable_crypto($this->_socket, true, STREAM_CRYPTO_METHOD_TLSv1_CLIENT))
  2. Change STREAM_CRYPTO_METHOD_TLSv1_CLIENT to STREAM_CRYPTO_METHOD_TLSv1_2_CLIENT by editing the file smtp.php

Have more questions? Submit a request
Please sign in to leave a comment.