@TylerVigario opened this Issue on December 23rd 2020

I was having trouble figuring out why I couldn't send email via only to figure out PHPMailer thinks my local Postfix accepts encryption.

To workaround this issue, I had to install my certificate within Postfix and access via domain.com:25

There is probably misconfiguration in my local Postfix, but shouldn't Matomo respect the STMP Encryption Method chosen? Which, in my case, is none.

Maybe we overlooked PHPMailer's SMTPAutoTLS? I think it's enabled by default.

Whether to enable TLS encryption automatically if a server supports it, even if SMTPSecure is not set to 'tls'.

Be aware that in PHP >= 5.6 this requires that the server's certificates are valid.


Edit: Add question about SMTPAutoTLS

@tsteur commented on December 23rd 2020 Member

Looking at the code there might be a regression indeed. @TylerVigario not sure if you configured mail in your config/config.ini.php directly but it might be worth trying to edit it and setting encryption = "". It looks like Matomo might assign none to SMTPSecure setting in PHP Mailer and PHP Mailer might actually not understand this value.

@TylerVigario commented on December 23rd 2020

I added encryption = "" to the mail section of config/config.ini.php and the result was the same.


SMTP Error: Could not connect to SMTP host.
ERROR [2020-12-23 23:52:35] 447576  Uncaught exception: /var/www/matomo/vendor/phpmailer/phpmailer/src/PHPMailer.php(2052): SMTP Error: Could not connect to SMTP host.
SMTP Error: Could not connect to SMTP host.

Postfix logs

connect from localhost[]
lost connection after STARTTLS from localhost[]
disconnect from localhost[] ehlo=1 starttls=1 commands=2
@hahayidu commented on December 28th 2020


I was mentioned before... You can check for more information.


@TylerVigario commented on December 28th 2020

@hahayidu Thanks for pointing out my failure to use the search feature. I guess Matomo developers have considered PHPMailer's SMTPAutoTLS functionality.

I would suggest that we adjust the SMTP Encryption Method default to "auto" and add a fourth option for "none" that will disable SMTPAutoTLS. This will keep the same default security conscious approach while helping to clear things up.

@hahayidu commented on December 29th 2020


I think below screen design covers all situations.


secure: {
default: false,
enum: [false, 'force', 'disabled', true],
enumNames: [
'auto (uses STARTTLS if available)',
'force (requires STARTTLS or fail)',
'disabled (never use STARTTLS)',
description: 'whether the connection should use TLS',
ignoreUnauthorized: {
type: 'boolean',
description: 'ignore certificates error (e.g. self-signed certificate)',


This Issue was closed on January 5th 2021
Powered by GitHub Issue Mirror