Search code examples
phpmaileramazon-seswhmexim4

WHM / EXIM / SES - SMTP Error "We do not authorize the use of this system to transport unsolicited, 220 and/or bulk e-mail"

I have AWS SES connected to my domain, it is setup and verified via DKIM and the SES console is happy (including mail from address). I have created SMTP credentials but I am unable to send from my server via PHPMailer and EXIM mail server.

I get the following response (xxxx's replace my actual domains)

2021-11-11 09:09:20 SERVER -> CLIENT: xxxx.cprapid.com ESMTP Exim 4.94.2 #2 Thu, 11 Nov 2021 09:09:20 +0000 220-We do not authorize the use of this system to transport unsolicited, 220 and/or bulk e-mail.
2021-11-11 09:09:20 CLIENT -> SERVER: EHLO xxxx.gg
2021-11-11 09:09:20 SERVER -> CLIENT: xxxx.cprapid.com Hello xxxx.gg [x.x.x.x]250-SIZE 52428800250-8BITMIME250-PIPELINING250-PIPE_CONNECT250-AUTH PLAIN LOGIN250-STARTTLS250 HELP
2021-11-11 09:09:20 CLIENT -> SERVER: STARTTLS
2021-11-11 09:09:20 SERVER -> CLIENT: 220 TLS go ahead
SMTP Error: Could not connect to SMTP host.
2021-11-11 09:09:20 CLIENT -> SERVER: QUIT
2021-11-11 09:09:20
2021-11-11 09:09:20
SMTP Error: Could not connect to SMTP host.

Fatal error: Uncaught PHPMailer\PHPMailer\Exception: SMTP Error: Could not connect to SMTP host. in /home/xxxx/public_html/lib/src/PHPMailer.php:21

This is a WHM server I have setup on a Digital Ocean Droplet. The .gg domain is a domain created on that WEHM server with a cPanel.

I think the issue is it's trying to authenticate with the server via the WHM host .cprapid.com but it should be the .gg domain - see here:

2021-11-11 09:09:20 CLIENT -> SERVER: EHLO xxxx.gg
2021-11-11 09:09:20 SERVER -> CLIENT: xxxx.cprapid.com Hello xxxx.gg

I am new to EXIM/WHM and I am sure that I have set it up incorrectly.

Help please!

Solution

  • The "We do not authorize..." message is not an error, it's just a "welcome" banner that has no technical meaning or significance.

    The symptom you're seeing is just as described in the troubleshooting guide about certificate verification failure:

    In an SMTP transcript this will typically be shown as trying to send a STARTTLS command immediately followed by a QUIT command.

    As you say, this is likely caused by a mismatch between the hostname you asked to connect to and the name on the certificate it replied with, which is a symptom of SMTP firewall redirection, which is very common at hosting services. You have not posted your code, but this will happen if you say:

    $mail->Host = 'xxxx.gg';

    and the server replies with:

    SERVER -> CLIENT: xxxx.cprapid.com ESMTP Exim

    (the certificate will contain the same name), and because xxx.gg != xxxx.cprapid.com, verification will fail. There are two ways around this:

    1. Ask your hosting provider to allow outbound SMTP to arbitrary addresses.
    2. Switch to using your hosting provider's email server intentionally (presumably xxxx.cprapid.com).
    3. A more unlikely scenario is that the mail server is misconfigured, and is presenting a certificate that does not match its hostname, in which case the mail server admin needs to fix it.

    If you can't do any of these, you probably need to find a new hosting provider.

    One other thing I can tell from the error it generated is that you have enabled exceptions (by passing true to the PHPMailer constructor):

    $mail = new PHPMailer(true);

    but then you are not wrapping your following code in a try/catch block, so the exception is not being caught.