How to disable “verify_peer” with Symfony Mailer component?

Question

I\'m configuring a mail server (postfix), with a self signed certificate, and it seems this self signed certificate is a problem for the Symfony Mailer component.

On

Answer 1

This option will been enabled when this pull request, which has been already merged into master, is tagged and released.

So it seems you would have to wait for the next Symfony release (this was merged into the 5.1 branch, so it doesn't look like it's going to be available in the 4.x branch at all), and then you will able to do this by adding verify_peer to your Mailer DSN configuration.

Regularly, you'll be able configure Mailer, you need only to create a MAILER_DSN environment variable (usually setting the value on one of your .env files is enough).

In a near future, you'll be able to do this:

MAILER_DSN=smtp://user:pass@localhost?verify_peer=false

But right now (as of 4.4.4 and 5.0.4) you can't do this natively with Symfony Mailer.

Answer 2

You can use:

MAILER_DSN="smtp://user:pass@localhost?encryption=ssl&stream_options[ssl][verify_peer]=false&stream_options[ssl][verify_peer_name]=false&stream_options[ssl][allow_self_signed]=true"

Answer 3

Unfortunatly verify_peer feature is not in symfony 4.4 (yet) as @yivi states correctly.

I tried updating symfony/mailer in composer to dev-master but symfony flex constraints doesnt allow this due to:

Restricting packages listed in "symfony/symfony" to "4.4.*"

So i ended up overriding mailer.transport_factory.smtp:

mailer.transport_factory.smtp:
    class: App\Mailer\EsmtpTransportFactory
    tags:
      - { name: 'mailer.transport_factory', priority: "-100" }

with a custom EsmtpTransportFactory that contains this feature:

<?php


namespace App\Mailer;

use Symfony\Component\Mailer\Transport\AbstractTransportFactory;
use Symfony\Component\Mailer\Transport\Dsn;
use Symfony\Component\Mailer\Transport\Smtp\EsmtpTransport;
use Symfony\Component\Mailer\Transport\TransportInterface;

final class EsmtpTransportFactory extends AbstractTransportFactory
{
    public function create(Dsn $dsn): TransportInterface
    {
        $tls = 'smtps' === $dsn->getScheme() ? true : null;
        $port = $dsn->getPort(0);
        $host = $dsn->getHost();

        $transport = new EsmtpTransport($host, $port, $tls, $this->dispatcher, $this->logger);

        if (!$dsn->getOption('verify_peer', true)) {
            /** @var SocketStream $stream */
            $stream = $transport->getStream();
            $streamOptions = $stream->getStreamOptions();

            $streamOptions['ssl']['verify_peer'] = false;
            $streamOptions['ssl']['verify_peer_name'] = false;

            $stream->setStreamOptions($streamOptions);
        }

        if ($user = $dsn->getUser()) {
            $transport->setUsername($user);
        }

        if ($password = $dsn->getPassword()) {
            $transport->setPassword($password);
        }

        return $transport;
    }

    protected function getSupportedSchemes(): array
    {
        return ['smtp', 'smtps'];
    }
}

Note the bool value if verify_peer in the DSN can't be a string.
This will not work: MAILER_DSN=smtp://foo@default?verify_peer=false
This will work: MAILER_DSN=smtp://foo@default?verify_peer=0
or as mentioned in this comment:

parameters:
  env(verify): 'false'

framework:
  mailer:
  dsn: '%env(MAILER_DSN)%?verify_peer=%env(bool:verify)%'

I guess it would be better if this feature was ported to 4.4 but so long i use this workaround.