Please stick to the template and provide as much detail as possible to help us diagnose and fix the issue.
Description
When using Hi.Events with a local/internal SMTP relay, Symfony Mailer attempts STARTTLS if the SMTP server advertises it, even when:
MAIL_MAILER = smtp
MAIL_HOST = 172.19.0.1
MAIL_PORT = 25
MAIL_ENCRYPTION = This breaks deployments that relay through local Postfix using a self-signed/internal certificate.
Environment
Hi.Events Docker all-in-one image
Self-hosted Docker deployment
SMTP relay: Postfix on Docker host
Postfix is reachable from container
Postfix advertises STARTTLS with a local/self-signed certificate
Error
Unable to connect with STARTTLS:
stream_socket_enable_crypto(): SSL operation failed
OpenSSL Error messages:
error:0A000086:SSL routines::certificate verify failed
Expected behavior
There should be a supported environment variable to disable opportunistic STARTTLS for trusted internal SMTP relays.
Example:
or:
Actual behavior
Symfony Mailer attempts STARTTLS automatically when the server advertises it, and fails certificate verification.
Proposed fix
Expose Symfony Mailer stream options in config/mail.php, for example:
'stream ' => [
'ssl ' => [
'allow_self_signed ' => env ('MAIL_ALLOW_SELF_SIGNED ' , false ),
'verify_peer ' => env ('MAIL_VERIFY_PEER ' , true ),
'verify_peer_name ' => env ('MAIL_VERIFY_PEER_NAME ' , true ),
],
],And/or allow disabling opportunistic STARTTLS:
'auto_tls ' => env ('MAIL_AUTO_TLS ' , true ),Then Docker users could configure:
MAIL_ENCRYPTION =
MAIL_AUTO_TLS = false This is useful for internal Docker-to-host SMTP relays where the relay handles onward TLS/auth to the public SMTP provider.
PR patch idea
// backend/config/mail.php
'smtp ' => [
'transport ' => 'smtp ' ,
'scheme ' => env ('MAIL_SCHEME ' ),
'url ' => env ('MAIL_URL ' ),
'host ' => env ('MAIL_HOST ' , '127.0.0.1 ' ),
'port ' => env ('MAIL_PORT ' , 2525 ),
'username ' => env ('MAIL_USERNAME ' ),
'password ' => env ('MAIL_PASSWORD ' ),
'timeout ' => null ,
'local_domain ' => env ('MAIL_EHLO_DOMAIN ' ),
'stream ' => [
'ssl ' => [
'allow_self_signed ' => env ('MAIL_ALLOW_SELF_SIGNED ' , false ),
'verify_peer ' => env ('MAIL_VERIFY_PEER ' , true ),
'verify_peer_name ' => env ('MAIL_VERIFY_PEER_NAME ' , true ),
],
],
],Note: the issue is likely safer to open first. Symfony’s exact auto_tls support depends on how Laravel wires the transport.
Note
Please stick to the template and provide as much detail as possible to help us diagnose and fix the issue.
Low effort bug reports will be closed.
Description
When using Hi.Events with a local/internal SMTP relay, Symfony Mailer attempts STARTTLS if the SMTP server advertises it, even when:
This breaks deployments that relay through local Postfix using a self-signed/internal certificate.
Environment
Error
Expected behavior
There should be a supported environment variable to disable opportunistic STARTTLS for trusted internal SMTP relays.
Example:
or:
Actual behavior
Symfony Mailer attempts STARTTLS automatically when the server advertises it, and fails certificate verification.
Proposed fix
Expose Symfony Mailer stream options in
config/mail.php, for example:And/or allow disabling opportunistic STARTTLS:
Then Docker users could configure:
This is useful for internal Docker-to-host SMTP relays where the relay handles onward TLS/auth to the public SMTP provider.
PR patch idea
Note: the issue is likely safer to open first. Symfony’s exact
auto_tlssupport depends on how Laravel wires the transport.