Ever since upgrading to NC13, I have not been able to send email from my Nextcloud docker instance.
I receive an error when I click the test button saying
A problem occurred while sending the email. Please revise your settings. (Error: Unable to connect with TLS encryption)
On my mail server, the log says
Apr 13 08:19:10 mail postfix/submission/smtpd[3303]: connect from xxxxxxxxx.dk[11.22.33.44]
Apr 13 08:19:10 mail postfix/submission/smtpd[3303]: SSL_accept error from xxxxxxxxx.dk[11.22.33.44]: -1 Apr 13 08:19:10 mail postfix/submission/smtpd[3303]: warning: TLS library problem: error:14094418:SSL routines:ssl3_read_bytes:tlsv1 alert unknown ca:../ssl/record/rec_layer_s3.c:1399:SSL alert number 48:
Apr 13 08:19:10 mail postfix/submission/smtpd[3303]: lost connection after STARTTLS from xxxxxxxxx.dk[11.22.33.44]
Apr 13 08:19:10 mail postfix/submission/smtpd[3303]: disconnect from xxxxxxxxx.dk[11.22.33.44] ehlo=1 starttls=0/1
commands=1/2
My Nextcloud instance is running in Docker on my NAS, behind nginx-proxy and letsencrypt-nginx-proxy-companion. I have a theory that there is something weird going on with the TLS connection and perhaps a self-signed cert inside the Nextcloud docker container.
It might be different for you since apparently the issue occurred when upgrading NC, but in our case it seems the issue was because our mail server updated its security and upgraded to TLS 1.2 which is not supported by NC13.
You might want to take a look at your mail server TLS level. Anything above TLS 1 will probably fail.
Configuring our mail server to allow TLS 1 and higher fixed it for us.
I went an alternate route and enabled acceptance of self-signed certificates in Nextcloudâs mailer function. Make the following change in /var/www/nextcloud/lib/private/Mail/Mailer.php in the getSmtpInstance() function. For Nextcloud 15.0.2, this should be added around line 262.
Note: This will have to be done again when you upgrade Nextcloud, as it will likely copy over any edits. I prefer this route as I donât expose my mail server and donât want to get a public cert.
I placed the call to setStreamOptions down before the return statement. As you had it, the options would only get set when SMTP Auth is disabled. Hereâs my version:
/**
* Returns the SMTP transport
*
* @return \Swift_SmtpTransport
*/
protected function getSmtpInstance(): \Swift_SmtpTransport {
$transport = new \Swift_SmtpTransport();
$transport->setTimeout($this->config->getSystemValue('mail_smtptimeout', 10));
$transport->setHost($this->config->getSystemValue('mail_smtphost', '127.0.0.1'));
$transport->setPort($this->config->getSystemValue('mail_smtpport', 25));
if ($this->config->getSystemValue('mail_smtpauth', false)) {
$transport->setUsername($this->config->getSystemValue('mail_smtpname', ''));
$transport->setPassword($this->config->getSystemValue('mail_smtppassword', ''));
$transport->setAuthMode($this->config->getSystemValue('mail_smtpauthtype', 'LOGIN'));
}
$smtpSecurity = $this->config->getSystemValue('mail_smtpsecure', '');
if (!empty($smtpSecurity)) {
$transport->setEncryption($smtpSecurity);
}
/* EDIT - allow self-signed mail cert */
$transport->setStreamOptions(array('ssl' => array('allow_self_signed' => true, 'verify_peer' => false)));
/* EDIT end */
return $transport;
}