How to unspoof my own Gmail and iCloud e-mails?

[gusbemacbe]

Hello,

I use PHPMailer but I do not use STMP because it never works with "switch", therefore, I removed STMP and it worked. But in spite of it having worked, Gmail reported my own e-mails as spoofing messages.

[Synchro]

What do you mean by "switch"? If gmail thinks you're spoofing messages, you probably are. Can you post your code?

[gusbemacbe]

Here is the code:

require_once 'phpmailer/PHPMailerAutoload.php';

if ($_SERVER['REQUEST_METHOD'] === 'POST') {
  
  $curso            = $_POST['cursos'];
  $ip               = $_SERVER['REMOTE_ADDR'];
  $nomeusuario      = $_POST['nome'];
  $emailusuario     = $_POST['email'];
  $idade            = $_POST['idade'];
  $nascimento       = $_POST['nascimento'];
  $cidade           = $_POST['cidade'];
  $cpf              = $_POST['cpf'];
  $rg               = $_POST['rg'];
  $navegador        = $_SERVER['HTTP_USER_AGENT'];
  $pais             = json_decode(file_get_contents("http:https://ipinfo.io/"));
  $perfilfacebook   = $_POST['perfilfacebook'];
  $telefone         = $_POST['phone'];

  $email = new PHPMailer();
  $email->CharSet    = 'utf-8';
  $email->SetLanguage("br");
  $email->IsHTML(true);
  
  $email->From     = $emailusuario;
  $email->FromName = $nomeusuario;

  switch ($_POST['desportos'])
  {
    case "basqf":
      $assunto = "Candidato-me ao Basquete Feminino";
      $modalidade = "Basquete Feminino";
      $desportos = "[email protected]";
      break;
    case "basqm":
      $assunto = "Candidato-me ao Basquete Masculino";
      $modalidade = "Basquete Masculino";
      $desportos = "[email protected]";
      break;
    case "futebol":
      $assunto = "Candidato-me ao Futebol Futebol";
      $modalidade = "Futebol";
      $desportos = "[email protected]";
      break;
  }
  
  $email->Subject   = $assunto;
  $email->Body = "";
  $email->addAddress($desportos);

  if(! $email->Send())  {
    echo $naoenviada;
    echo $erro . $Email->ErrorInfo . "</p></div>";
  }  else {
    echo $enviada;
  }
}

[Synchro]

You are spoofing the From address:

$emailusuario     = $_POST['email'];
$email->From     = $emailusuario;

Do it like the contact form example shows.

[gusbemacbe]

No, I used it before several times and spent 3 days without sleeping, trying to repair it, it never worked with "switch". Look with attention to the switch.

[Synchro]

The switch has nothing to do with it. Spoofing only applies to the From address.

[gusbemacbe]

I used this example and nothing worked.

[Synchro]

You need to define exactly how it doesn't work. I can't guess. You have a whole bunch of odd things in this script - You're not setting a message Body, you're not using the $modalidade variable, you're not validating any of your inputs. The is all basic, simple PHP stuff you need to fix before you can expect more complex things to work.

[gusbemacbe]

I replaced if ($_SERVER['REQUEST_METHOD'] === 'POST') { for if (array_key_exists('email', $_POST)) { date_default_timezone_set('Etc/UTC');.

Then I added:

    $mail = new PHPMailer;
    $mail->isSMTP();
    $mail->Host = 'localhost';
    $mail->Port = 25;

I replaced $email->From = emailusuario; for $mail->setFrom('[email protected]', 'First Last');

I added and put the switch inside:

  if ($mail->addReplyTo($_POST['email'], $_POST['name'])) {
        switch ($_POST['desportos'])
  {
    case "basqf":
      $assunto = "Candidato-me ao Basquete Feminino";
      $modalidade = "Basquete Feminino";
      $mail->setFrom('[email protected]')
      break;
    case "basqm":
      $assunto = "Candidato-me ao Basquete Masculino";
      $modalidade = "Basquete Masculino";
      $mail->setFrom('[email protected]')
      break;
    case "futebol":
      $assunto = "Candidato-me ao Futebol Futebol";
      $modalidade = "Futebol";
      $mail->setFrom('[email protected]')
      break;
  }

  $email->Subject   = $assunto;
  $email->Body = "";
}

[Synchro]

That looks better, but you're still sending an empty message body, and you're not showing any kind of error message if the email address is invalid (i.e. addReplyTo returns false).

[gusbemacbe]

sending an empty message body

It is just an example. My body is looooonger. Do you want me to put 800 lines of code? :-)

you're not using the $modalidade variable, you're not validating any of your inputs. The is all basic, simple PHP stuff you need to fix before you can expect more complex things to work.

It comes from the switch and is "echoed" inside $email->Body

I want to remove $mail->setFrom('[email protected]', 'First Last'), because I do not want to receive the e-mails of people. The determined subjects of this switch will send to the e-ail of directors of each sport. Can I? The code like:

<?php
require_once 'phpmailer/PHPMailerAutoload.php';

if (array_key_exists('email', $_POST)) { 
   date_default_timezone_set('Etc/UTC');
  
    $mail = new PHPMailer;
    $mail->isSMTP();
    $mail->Host = 'localhost';
    $mail->Port = 25;

    $mail->CharSet    = 'utf-8';
    $mail->SetLanguage("br");
    $mail->IsHTML(true);
  
  $curso            = $_POST['cursos'];
  $ip               = $_SERVER['REMOTE_ADDR'];
  $nome             = $_POST['nome'];
  $email            = $_POST['email'];
  $idade            = $_POST['idade'];
  $nascimento       = $_POST['nascimento'];
  $cidade           = $_POST['cidade'];
  $cpf              = $_POST['cpf'];
  $rg               = $_POST['rg'];
  $navegador        = $_SERVER['HTTP_USER_AGENT'];
  $pais             = json_decode(file_get_contents("http:https://ipinfo.io/"));
  $perfilfacebook   = $_POST['perfilfacebook'];
  $telefone         = $_POST['phone'];
  
  $mail->From     = $email;
  $mail->FromName = $nome;

  if ($mail->addReplyTo($_POST['email'], $_POST['nome'])) {
        switch ($_POST['desportos'])
       {
         case "basqf":
           $assunto = "Candidato-me ao Basquete Feminino";
           $modalidade = "Basquete Feminino";
           $mail->setFrom('[email protected]')
           break;
        case "basqm":
          $assunto = "Candidato-me ao Basquete Masculino";
          $modalidade = "Basquete Masculino";
          $mail->setFrom('[email protected]')
          break;
        case "futebol":
          $assunto = "Candidato-me ao Futebol Futebol";
          $modalidade = "Futebol";
          $mail->setFrom('[email protected]')
         break;
      }

    $email->Subject   = $assunto;
    $email->Body = "Hello director of $modalidade! My name is $nome and my e-mail is $email";
  }

  if(! $email->Send())  {
    echo $naoenviada;
    echo $erro . $Email->ErrorInfo . "</p></div>";
  }  else {
    echo $enviada;
  }
}

?>

  <form action="sorts.php" 
        class="col s12"
        enctype="multipart/form-data" 
        method="post"           
        role="form">

<div class="row">
      <div class="input-field col s12 xl4">
        <i class="material-icons prefix">👤</i>
        <input class="validate" 
               id="nome" 
               name="nome"
               type="text">
        <label for="nome"><?php echo _nome ?></label>
      </div>
<div class="input-field col s12 xl4">
        <i class="material-icons prefix">✉️</i>
        <input class="validate" 
               data-error="wrong" 
               data-success="right"
               id="email" 
               name="email"
               type="email">
        <label for="email"><?php echo _email ?></label>
      </div>
<div class="input-field col s12 xl4">
        <i class="material-icons prefix">📝</i>
        <select iname="desportos"
                id="select"
                name="desportos">
          
          <option value="" disabled selected><?php echo _escolher_desportos ?></option>
          <option value="basqf"><?php echo _basqf ?></option>
          <option value="basqm"><?php echo _basqm ?></option>
          <option value="futebol"><?php echo _futebol ?></option>
          <option value="futsalf"><?php echo _futsalf ?></option>
          <option value="futsalm"><?php echo _futsalm ?></option>
          <option value="handf"><?php echo _handf ?></option>
          <option value="handm"><?php echo _handm ?></option>
          <option value="jiujitsu"><?php echo _jiujitsu ?></option>
          <option value="volei"><?php echo _volei ?></option>
          
        </select>
        <label for="desportos"><?php echo _pergunta_desportos ?></label>
      </div>
    </div>
    
    <input class="indigo darken-3 waves-effect waves-light btn" type="submit" name="submit" value="<?php echo $enviar ?>"/>
  </form>

Does it seem better for you?

[gusbemacbe]

I fixed my errors and updated my comment.

[Synchro]

I suggest putting a valid (i.e. within your domain) but non-responding address in the From address, like "noreply@...":

$mail->setFrom('[email protected]', 'First Last')

That should be all you need. The reply-to addresses will mean that your directors can simply reply to messages and they will go to submitters.

Other little things - You're not validating $_POST['desportos'], and you have no default case so your switch may not succeed in setting those vars. You're overwriting Subject and Body after you set them, but that may be just for this ticket :)

[gusbemacbe]

Other little things - You're not validating $_POST['desportos'], and you have no default case so your switch may not succeed in setting those vars. You're overwriting Subject and Body after you set them, but that may be just for this ticket :)

No, it worked very well when I chose the determined subject, but without STMP and without these codes you suggested.

The $_POST['desportos'] comes from the select and is demanded by switch, inside the which "cases" detect the option value from the select. As-tu compris ?

I have just had an interesting analysis after doing a test without STMP, if I sent my same own e-mail ([email protected]) as sender to my same own e-mail as receiver ([email protected]), Gmail classified it as spoof because I was spoofing myself. But if I sent my e-mail ([email protected]) as sender to my different e-mail ([email protected]) as receiver, Gmail didn't classify it as spoof because I wasn't spoofing myself.

[Synchro]

Ah, you didn't say you were sending through gmail - gmail doesn't allow sending from arbitrary addresses, though you can preset fixed aliases. This is mentioned in the troubleshooting guide.

I saw where desportos comes from, but that doesn't mean you should not be validating it - attackers don't care that you used a select - it makes no difference to how values are submitted to your script. Always validate, and if you get invalid values, reject the entire request, don't try to continue.

[gusbemacbe]

To validate that, I do not know how to fix or figure. :-/ Sorry!

[gusbemacbe]

I copied my last code with your suggestions and it worked nothing. :-/

[Synchro]

I don't know what problem you have now. Gmail won't let you spoof your from address; Nothing you put in your code will change that.

Simple validation of the property would be to add a default case which will only be used if none of the expected values match, for example:

default:
  exit('Invalid option submitted');

[gusbemacbe]

It worked nothing either.

[gusbemacbe]

Do you know why I put switch?

[Synchro]

Yes - you're using it to switch between several different options for who to the send the message to and what subject line to use. But that has absolutely nothing to do with spoofing, and my point about validation was more about general coding technique, not as a spoofing solution.

[gusbemacbe]

Then I want only the spoofing solution. To solution the spoofing problem, look that last code and does it look OK for you?

[Synchro]

No, because you're still using the user-submitted email address as the from address, which is straightforward forgery and won't work, as I said in my first response.

[gusbemacbe]

I wrote up everything and copied and tested your example that you gave and nothing worked.

[gusbemacbe]

I added many things from other examples, nothing worked. Your project has only errors. I gave up. I'm going to find an alternative.

[Synchro]

As I said before you're spoofing your from address and gmail won't allow that. It's nothing to do with your code, you've failed to say exactly how any of this has failed at all, and you've not shown a single error. It makes it very difficult to help you. Nobody will be able to help you find a solution if all you say is "it doesn't work".

[gusbemacbe]

Ah, it showed "Sorry, message failed". I have to add $mail->ErrorInfo; to see the errors.

[gusbemacbe]

I fixed and I removed user-submitted email. Impossible, it didn't want to show the errors and showed only the only error:

[Synchro]

This is basic PHP debugging - check your web server logs, where it will give you a proper error message from PHP - probably a syntax error. If you don't have access to that, set display_errors = true in your php.ini.

[gusbemacbe]

I do not have access to php.ini.

Can I send the attached zip to you by e-mail?

[Synchro]

OK, so do what the guide says and set $mail->SMTPDebug = 2;; then you will be able to see what the mail server is saying.

[Synchro]

Like it says, you need to authenticate to send through gmail - look at how to do that in the gmail example provided with PHPMailer.

[Synchro]

Yes, you need to read the error message and do what it says.

[Synchro]

Gmail doesn't like you authenticating in new ways, wants to be sure it's really you.

[gusbemacbe]

Too bad, I have just read: https://productforums.google.com/forum/#!topic/gmail/9KCgzXY4G_c

[gusbemacbe]

I read again this whole discussion.

Without STMP, would Gmail accuse the e-mails of spoofing? So you argued that only $email->From = $emailusuario; caused spoof.

Then what is the diference between $mail->addReplyTo, $mail->setFrom and $email->From? Do all these variables cause spoof without STMP? I am confused

[Synchro]

$mail->setFrom('[email protected]') and $mail->From = '[email protected]' are simply two ways of setting the from address, there is no difference in outcome. The only difference is that if you provide an invalid address, setFrom will return false immediately, so you don't have to wait until you send to find out it's invalid.

An email message can have several addresses associated with it - the from address (who sent it), the to address (where it's going), and it can also have a reply-to address (you can actually have more than 1), which is where replies should go. If you don't provide a reply-to address, replies will go to the from address.

If you want a reply to go somewhere that you don't have rights to send from, you can send the mail from yourself, but put a different address in reply-to, which will mostly achieve the same thing as sending from the other address. It used to be common to forge/spoof the from address, but it was exploited so much by spammers and phishing that it was blocked by almost everyone and resulted in SPF, which provides checking of email sources for a domain.

There is also another address called the envelope sender. This is not used directly in message headers, but at the SMTP level as part of the MAIL FROM command. Usually this is set to the same address as the From address, but there are some circumstances where you might want to control this separately (e.g. bounce routing), and PHPMailer lets you set that. The server that receives a message takes this address and adds it to your received message as a return-path header, and if a message delivery fails, this is where the message is sent. You shouldn't need to worry about this address though.

[gusbemacbe]

Salut @Synchro ,

En utilisant l'ancienne version de PHPMailer et avant, tout allait bien et nous recevions normalement les e-mails. Mas comme vous avez fait l'upgrade de la nouvelle version du PHPMailer, j'ai ajouté l'upgrade de la nouvelle version.

Depuis l'upgrade et avec les configurations du SMTP, je recevais normalement les e-mail parce j'utilisais l-email de Gmail. Mais comme l'association athlétique utilise le SMTP différent, ils ne reçoivent pas les e-mails, je devais reajouter et readjuster les configurations du SMTP et ça ne fonctionne rien. Leur SMTP utilise le port 587. Et le TLS ne connait pas leur SMTP.

J'ai ajouté les commentaires en français pour que vous puisse comprendre.

Vous m'avez suggéré que j'ajoutais if (array_key_exists('email', $_POST) et if ($mail->addReplyTo($_POST['email'], $_POST['name'])), mais je les considere inutiles.

Voici le code-source :

use PHPMailer\PHPMailer\PHPMailer;
use PHPMailer\PHPMailer\Exception;

date_default_timezone_set('America/Sao_Paulo');

require 'phpmailer/src/Exception.php';
require 'phpmailer/src/PHPMailer.php';
require 'phpmailer/src/SMTP.php';

if ($_SERVER['REQUEST_METHOD'] === 'POST') 
{
  
  $curso             = $_POST['cursos'];                                      // prénom du cours de qui envoie le formulaire
  $emailusuario      = $_POST['email'];                                       // l'e-mail de qui envoie le formulaire
  $faculdade         = $_POST['faculdades'];                                  // prénom de l'université de qui envoie le formulaire
  $idade             = $_POST['idade'];                                       // âge de qui envoie le formulaire
  $ip                = $_SERVER['REMOTE_ADDR'];                               // IP de qui envoie le formulaire
  $mensagem          = $_POST['mensagem'];                                    // message de qui envoie le formulaire
  $navegador         = $_SERVER['HTTP_USER_AGENT'];                           // le browser de l'utilisateur qui envoie le formulaire
  $nomeusuario       = $_POST['nome'];                                        // prénom et nom de qui envoie le formulaire
  $pais              = json_decode(file_get_contents("http:https://ipinfo.io/"));    // IP du pays de qui envoie le formulaire
  $telefone          = $_POST['phone'];                                       // téléphone de qui envoie le formulaire

  $email             = new PHPMailer();
  
  try 
  {
      $email->CharSet    = 'utf-8';
      $email->setLanguage('br', '/phpmailer/language/');
      $email->isHTML(true);

      $email->AddEmbeddedImage("imagens/logo-formulario.png", "logo-formulario", "logo-formulario.png", 'base64', 'image/png');
      $email->AddEmbeddedImage("imagens/icones/heart.png", "coracao", "heart.png", 'base64', 'image/png');
      $email->AddEmbeddedImage("imagens/icones/materialize.png", "materialize", "materialize.png", 'base64', 'image/png');
      $email->AddEmbeddedImage("imagens/icones/phpmailer.png", "phpmailer", "phpmailer.png", 'base64', 'image/png');
      $email->AddEmbeddedImage("imagens/icones/atom.png", "atom", "atom.png", 'base64', 'image/png');
      $email->AddEmbeddedImage("imagens/icones/apple.png", "apple", "apple.png", 'base64', 'image/png');

      $email->SMTPDebug = 2;                                 // Enable verbose debug output
      $email->isSMTP();                                      // Set mailer to use SMTP
      $email->Host = 'smtp.atleticaunisal.com.br';           // Specify main and backup SMTP servers
      $email->SMTPAuth = true;                               // Enable SMTP authentication
      $email->Username = '[email protected]';    // SMTP username
      $email->Password = 'atleticaunisalorena';            // SMTP password
      $email->SMTPSecure = 'tls';                            // Enable TLS encryption, `ssl` also accepted
      $email->Port = 587;                                    // TCP port to connect to

      $email->setFrom('[email protected]', 'Atlética UNISAL'); 
      $email->From        = $emailusuario;  // l'e-mail de qui envoie le formulaire
      $email->FromName    = $nomeusuario;   // prénom et nom de qui envoie le formulaire
  
      switch ($_POST['sectores'])
      {
        case 'basqf':
          $assunto = "Contato – Basquete Feminino";
          $departamento = "[email protected]";
          $indicao = "dúvidas ou sugestões";
          $modalidade = "Basquete Feminino";
          $profissao = "diretora";
          break;
        case 'basqm':
          $assunto = "Contato – Basquete Masculino";
          $departamento = "[email protected]";
          $indicao = "dúvidas ou sugestões";
          $modalidade = "Basquete Masculino";
          $profissao = "diretor";
          break;
        case "dpf":
          $assunto = "Contato – Departamento Financeiro";
          $departamento = "[email protected]";
          $indicao = "dúvidas ou sugestões";
          $modalidade = "Departamento Financeiro";
          $profissao = "diretor(a)";
          break;
        case "dpm":
          $assunto = "Contato – Departamento de Marketing";
          $departamento = "[email protected]";
          $indicao = "dúvidas ou sugestões";
          $modalidade = "Departamento de Marketing";
          $profissao = "diretor(a)";
          break;
        case "dps":
          $assunto = "Contato – Departamento Social";
          $departamento = "[email protected]";
          $indicao = "dúvidas ou sugestões";
          $modalidade = "Departamento Social";
          $profissao = "diretor(a)";
          break;
        case 'duvidas':
          $assunto = "Atlética UNISAL – Dúvidas";
          $departamento = "[email protected]";
          $indicao = "dúvidas";
          $modalidade = "Atlética UNISAL";
          $profissao = "gerente";
          break;
        case 'futebol':
          $assunto = "Contato – Futebol";
          $departamento = "[email protected]";
          $indicao = "dúvidas ou sugestões";
          $modalidade = "BFutebol";
          $profissao = "diretor";
          break;
        case 'futsalf':
          $assunto = "Contato – Futsal Feminino";
          $departamento = "[email protected]";
          $indicao = "dúvidas ou sugestões";
          $modalidade = "Futsal Feminino";
          $profissao = "diretora";
          break;
        case 'futsalm':
          $assunto = "Contato – Futsal Masculino";
          $departamento = "[email protected]";
          $indicao = "dúvidas ou sugestões";
          $modalidade = "Futsal Masculino";
          $profissao = "diretor";
          break;
        case 'handf':
          $assunto = "Contato – Handebol Feminino";
          $departamento = "[email protected]";
          $indicao = "dúvidas ou sugestões";
          $modalidade = "Handebol Feminino";
          $profissao = "diretora";
          break;
        case 'handm':
          $assunto = "Contato – Handebol Masculino";
          $departamento = "[email protected]";
          $indicao = "dúvidas ou sugestões";
          $modalidade = "Handebol Masculino";
          $profissao = "diretor";
          break;
        case 'jiujitsu':
          $assunto = "Contato – Jiu-jitsu Brasileiro";
          $departamento = "[email protected]";
          $indicao = "dúvidas ou sugestões";
          $modalidade = "Jiu-jitsu Brasileiro";
          $profissao = "diretor";
          break;
        case 'sugestoes':
          $assunto = "Atlética UNISAL – Sugestões";
          $departamento = "[email protected]";
          $indicao = "sugestões";
          $modalidade = "Atlética UNISAL";
          $profissao = "gerente";
          break;
        case 'tubatera':
          $assunto = "Contato – Tubatera";
          $departamento = "[email protected]";
          $indicao = "dúvidas ou sugestões";
          $modalidade = "Tubatera";
          $profissao = "diretor";
          break;
        case 'voleif':
          $assunto = "Contato – Vôlei Feminino";
          $departamento = "[email protected]";
          $indicao = "dúvidas ou sugestões";
          $modalidade = "Vôlei";
          $profissao = "diretor";
          break;
        case 'voleim':
          $assunto = "Contato – Vôlei Masculino";
          $departamento = "[email protected]";
          $indicao = "dúvidas ou sugestões";
          $modalidade = "Vôlei";
          $profissao = "diretor";
          break;
      }
  
      $email->Body = "<!DOCTYPE html><html> (...)";
      $email->Subject   = $assunto;         // sujet di qui envoie le formulaire
      $email->addAddress($departamento);    // adresse di qui reçoit
      $email->send();
      
      echo _enviada;            // message de succès
  } 

  catch (Exception $e) 
  {
    echo _naoenviada;       // message d'échec
    echo _erro . $email->ErrorInfo . "</p></div>";
  }
}

Et les fautes :

2018-03-13 20:59:47 SERVER -> CLIENT: 220 proxy.email-ssl.com.br ESMTP Postfix (Debian/GNU)
2018-03-13 20:59:47 CLIENT -> SERVER: EHLO atleticaunisal.com.br
2018-03-13 20:59:47 SERVER -> CLIENT: 250-proxy.email-ssl.com.br250-PIPELINING250-SIZE 50000000250-VRFY250-ETRN250-STARTTLS250-AUTH PLAIN LOGIN250-ENHANCEDSTATUSCODES250-8BITMIME250 DSN
2018-03-13 20:59:47 CLIENT -> SERVER: STARTTLS
2018-03-13 20:59:47 SERVER -> CLIENT: 220 2.0.0 Ready to start TLS
SMTP Error: Could not connect to SMTP host.
2018-03-13 20:59:47 CLIENT -> SERVER: QUIT
2018-03-13 20:59:47 SERVER -> CLIENT: 
2018-03-13 20:59:47 SMTP ERROR: QUIT command failed: 

[gusbemacbe]

Si vous voulez voir le fichier entier, le voici:

contacto.php

Vous pouvez tester le formulaire du site de l'association athlétique: http:https://atleticaunisal.com.br/contacto.php?hl=fr. Il a déjà des versions française métropolitaine et québécoise.

[Synchro]

Regarde la sequence ici:

2018-03-13 20:59:47 CLIENT -> SERVER: STARTTLS
2018-03-13 20:59:47 SERVER -> CLIENT: 220 2.0.0 Ready to start TLS
SMTP Error: Could not connect to SMTP host.

La faute est immédiatement après STARTTLS, avant authentication, donc c'est probablement votre certificates des CAs - lire la troubleshooting guide pour les remplacer.

[gusbemacbe]

Référez-vous à l'Encryption Flavours ou au Certificate verification failure ?

[Synchro]

La deuxième. Essayer les tests dans la guide pour verifier.

[gusbemacbe]

Malgré de mon macOS ne pas avoir openssl.cafile dans le premier commande, mais le second commande fonctionne :

$ php -i | grep cafile
openssl.cafile => no value => no value

$ echo QUIT | openssl s_client -starttls smtp -crlf -connect smtp.atleticaunisal.com.br:587
CONNECTED(00000005)
depth=1 C = US, O = "thawte, Inc.", CN = thawte SSL CA - G2
verify error:num=20:unable to get local issuer certificate
verify return:0
---
Certificate chain
 0 s:/C=BR/ST=Sao Paulo/L=Sao Paulo/O=LOCAWEB LTDA/OU=Hospedagem de sites/CN=*.locaweb.com.br
   i:/C=US/O=thawte, Inc./CN=thawte SSL CA - G2
 1 s:/C=US/O=thawte, Inc./CN=thawte SHA256 SSL CA
   i:/C=US/O=thawte, Inc./OU=Certification Services Division/OU=(c) 2008 thawte, Inc. - For authorized use only/CN=thawte Primary Root CA - G3
 2 s:/C=US/O=thawte, Inc./CN=thawte SSL CA - G2
   i:/C=US/O=thawte, Inc./OU=Certification Services Division/OU=(c) 2006 thawte, Inc. - For authorized use only/CN=thawte Primary Root CA
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIF3TCCBMWgAwIBAgIQJ0dIUx5xnvtgtbhKcUCdKjANBgkqhkiG9w0BAQsFADBB
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMdGhhd3RlLCBJbmMuMRswGQYDVQQDExJ0
aGF3dGUgU1NMIENBIC0gRzIwHhcNMTcwODA0MDAwMDAwWhcNMTgwNjA1MjM1OTU5
WjCBhTELMAkGA1UEBhMCQlIxEjAQBgNVBAgMCVNhbyBQYXVsbzESMBAGA1UEBwwJ
U2FvIFBhdWxvMRUwEwYDVQQKDAxMT0NBV0VCIExUREExHDAaBgNVBAsME0hvc3Bl
ZGFnZW0gZGUgc2l0ZXMxGTAXBgNVBAMMECoubG9jYXdlYi5jb20uYnIwggEiMA0G
CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDU9Mqs03GZyuD1DrbFoBfHnlyeanXz
r7X3TvbQf8bs6nvaSLqOwfF3LIPFrxrMAEa7VGkMOs52M9US7bXnAcaV7NBvBRPh
QetjmjzCQ/aADM9kGLSqSq6HEnupMzrsw1WogrOWXQyLon8YE925IhvwsqM0UM2/
d6102hTlddR3HCwHOa/3El0WxfD2DIsNJ4Su8WfNXKYIm1yBxkadLYIbq5ClLAI/
VBfjFXd/OnTsGY0FaJM515pK84pKzX5A/0Y0f3kCzkc92ktj0ac/t1yOUX+tGW/d
oxyvFJh/VhGFoGXLdnDdnlStd/ZFcinpe7CWcoJnxHvfDKowBe+fsJopAgMBAAGj
ggKKMIIChjArBgNVHREEJDAighAqLmxvY2F3ZWIuY29tLmJygg5sb2Nhd2ViLmNv
bS5icjAJBgNVHRMEAjAAMG4GA1UdIARnMGUwYwYGZ4EMAQICMFkwJgYIKwYBBQUH
AgEWGmh0dHBzOi8vd3d3LnRoYXd0ZS5jb20vY3BzMC8GCCsGAQUFBwICMCMMIWh0
dHBzOi8vd3d3LnRoYXd0ZS5jb20vcmVwb3NpdG9yeTAOBgNVHQ8BAf8EBAMCBaAw
HwYDVR0jBBgwFoAUwk9IV/zRT5rAXTh9DgXb2S61UmAwKwYDVR0fBCQwIjAgoB6g
HIYaaHR0cDovL3RqLnN5bWNiLmNvbS90ai5jcmwwHQYDVR0lBBYwFAYIKwYBBQUH
AwEGCCsGAQUFBwMCMFcGCCsGAQUFBwEBBEswSTAfBggrBgEFBQcwAYYTaHR0cDov
L3RqLnN5bWNkLmNvbTAmBggrBgEFBQcwAoYaaHR0cDovL3RqLnN5bWNiLmNvbS90
ai5jcnQwggEEBgorBgEEAdZ5AgQCBIH1BIHyAPAAdwDd6x0reg1PpiCLga2BaHB+
Lo6dAdVciI09EcTNtuy+zAAAAV2umd06AAAEAwBIMEYCIQDcgkgGk49ufkI70RLD
rqglp4tuve7FGGka6Z2w9T9BWwIhAP3uCtUxgjJO+anvJqisjfUHEQAstQWBhtWX
on1GhJiXAHUApLkJkLQYWBSHuxOizGdwCjw1mAT5G9+443fNDsgN3BAAAAFdrpne
yAAABAMARjBEAiAZ8RmIjMcsI7zyggVB1kJVvMSvBKHBmzG7VmJgtyKalQIgftuB
wnJa7R1/A35zacemk7xKe/9uxj2aNQMKG4/i/QMwDQYJKoZIhvcNAQELBQADggEB
AKoqxuynHOThNY/GsNTaW51B2LDkfCQOyorS0Le5fdL/rdouKcH9KQ6irAIqCOeo
kNrEQ+P/E/lot+LZ4m3xWj/vannCfbAdNOoboJ63R/8UwVZYdU9hGwOnh1dTutAv
4uagtN5NDcyF6XY7rILtdBtI/R3XX5Xk8JPuybBZnl4F7kEtAM3coP3efDggogjg
kYh1pwjCKrb+OIbQ42YJQvU4h6rPLcyiMGNDfK1gZHuTtk8Hy9ZE10YTGUJWvc5X
gtH4MsLyzT7nKLEUSdc6GVeVeadQ1L9h9M8eh2Wm7z0fnXWPH4tTxnuZ/QcKs1M8
od4zKv+tRHxRQUq4gp7GLrc=
-----END CERTIFICATE-----
subject=/C=BR/ST=Sao Paulo/L=Sao Paulo/O=LOCAWEB LTDA/OU=Hospedagem de sites/CN=*.locaweb.com.br
issuer=/C=US/O=thawte, Inc./CN=thawte SSL CA - G2
---
No client certificate CA names sent
---
SSL handshake has read 4845 bytes and written 479 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : ECDHE-RSA-AES256-GCM-SHA384
    Session-ID: CBA5AA19FCA800D6ADF8EB621BBFF651619381643D1F869EEE9982A0CCD855FE
    Session-ID-ctx: 
    Master-Key: A8AEF91DE91552FA516B44F708F0291373A7CB10612542EA424DE37411A06C4C6710EC369CB196F0CEC562EE8D47A3D3
    TLS session ticket lifetime hint: 7200 (seconds)
    TLS session ticket:
    0000 - 2c fe d4 da 97 e4 5f 87-76 bc 45 14 20 0d c4 05   ,....._.v.E. ...
    0010 - 37 71 6e 49 0c d9 8c 70-89 b3 4d aa 36 85 6f 4a   7qnI...p..M.6.oJ
    0020 - 83 19 87 eb 5f 21 d5 41-32 85 2f b1 29 0e 56 2a   ...._!.A2./.).V*
    0030 - b0 98 0a 2b 68 c1 82 9e-35 29 c1 53 04 ec 6a a3   ...+h...5).S..j.
    0040 - ac 28 4a 03 19 3e be 42-21 8c 34 e0 67 de c6 94   .(J..>.B!.4.g...
    0050 - ff ab b2 2e 0f 0d e0 0c-3c 7f 91 5f 66 28 cb 07   ........<.._f(..
    0060 - 70 27 87 eb 0b 51 0c c5-97 72 15 66 5b 0c 77 cd   p'...Q...r.f[.w.
    0070 - 69 e8 d9 1f 39 12 b1 b8-30 cd e6 fb 85 c7 5d fb   i...9...0.....].
    0080 - 55 8f 91 21 23 47 7d 33-42 d8 ff e5 78 2c f4 bf   U..!#G}3B...x,..
    0090 - ce a7 6a 06 83 dc 72 c6-66 93 58 c1 f0 5e 14 8c   ..j...r.f.X..^..

    Start Time: 1520984537
    Timeout   : 300 (sec)
    Verify return code: 0 (ok)
---
250 DSN
DONE

Est-ce que c'est à cause de No client certificate CA names sent ? Ou d'autre chose ?

[Synchro]

Pour éliminer les autre problèmes, télécharger le bundle CA et essayer à connecter avec ça:

echo QUIT | openssl s_client -crlf -starttls smtp -CAfile /etc/ssl/cacert.pem -connect smtp.atleticaunisal.com.br:587

Si cela fonctionne, vous savez que le bundle CA est le problème, vous pouvez donc mettre à jour votre fichier PHP.ini pour l'utiliser, or essayer le package Certainty.

[gusbemacbe]

J'ai exécuté ce commande-ci et ça fonctionne. J'ai installé ce paquet, mais après en utilisant php -i | grep cafile et echo QUIT | openssl s_client -starttls smtp -crlf -connect smtp.atleticaunisal.com.br:587, rien fonctionne rien. J'utilise PHP 7.2. Voici :

$ composer require paragonie/certainty
Using version ^1.0 for paragonie/certainty
./composer.json has been created
Loading composer repositories with package information
Updating dependencies (including require-dev)
Package operations: 8 installs, 0 updates, 0 removals
  - Installing paragonie/random_compat (v2.0.11): Downloading (100%)         
  - Installing paragonie/sodium_compat (v1.6.0): Downloading (100%)         
  - Installing paragonie/constant_time_encoding (v2.2.2): Downloading (100%)         
  - Installing guzzlehttp/promises (v1.3.1): Downloading (100%)         
  - Installing psr/http-message (1.0.1): Downloading (100%)         
  - Installing guzzlehttp/psr7 (1.4.2): Downloading (100%)         
  - Installing guzzlehttp/guzzle (6.3.0): Downloading (100%)         
  - Installing paragonie/certainty (v1.0.2): Downloading (100%)         
paragonie/random_compat suggests installing ext-libsodium (Provides a modern crypto API that can be used to generate random bytes.)
paragonie/sodium_compat suggests installing ext-libsodium (PHP < 7.0: Better performance, password hashing (Argon2i), secure memory management (memzero), and better security.)
guzzlehttp/guzzle suggests installing psr/log (Required for using the Log middleware)
Writing lock file
Generating autoload files

$ php -i | grep cafile
openssl.cafile => no value => no value

$ echo QUIT | openssl s_client -starttls smtp -crlf -connect smtp.atleticaunisal.com.br:587
CONNECTED(00000005)
depth=1 C = US, O = "thawte, Inc.", CN = thawte SSL CA - G2
verify error:num=20:unable to get local issuer certificate
verify return:0
---
Certificate chain
 0 s:/C=BR/ST=Sao Paulo/L=Sao Paulo/O=LOCAWEB LTDA/OU=Hospedagem de sites/CN=*.locaweb.com.br
   i:/C=US/O=thawte, Inc./CN=thawte SSL CA - G2
 1 s:/C=US/O=thawte, Inc./CN=thawte SHA256 SSL CA
   i:/C=US/O=thawte, Inc./OU=Certification Services Division/OU=(c) 2008 thawte, Inc. - For authorized use only/CN=thawte Primary Root CA - G3
 2 s:/C=US/O=thawte, Inc./CN=thawte SSL CA - G2
   i:/C=US/O=thawte, Inc./OU=Certification Services Division/OU=(c) 2006 thawte, Inc. - For authorized use only/CN=thawte Primary Root CA
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIF3TCCBMWgAwIBAgIQJ0dIUx5xnvtgtbhKcUCdKjANBgkqhkiG9w0BAQsFADBB
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMdGhhd3RlLCBJbmMuMRswGQYDVQQDExJ0
aGF3dGUgU1NMIENBIC0gRzIwHhcNMTcwODA0MDAwMDAwWhcNMTgwNjA1MjM1OTU5
WjCBhTELMAkGA1UEBhMCQlIxEjAQBgNVBAgMCVNhbyBQYXVsbzESMBAGA1UEBwwJ
U2FvIFBhdWxvMRUwEwYDVQQKDAxMT0NBV0VCIExUREExHDAaBgNVBAsME0hvc3Bl
ZGFnZW0gZGUgc2l0ZXMxGTAXBgNVBAMMECoubG9jYXdlYi5jb20uYnIwggEiMA0G
CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDU9Mqs03GZyuD1DrbFoBfHnlyeanXz
r7X3TvbQf8bs6nvaSLqOwfF3LIPFrxrMAEa7VGkMOs52M9US7bXnAcaV7NBvBRPh
QetjmjzCQ/aADM9kGLSqSq6HEnupMzrsw1WogrOWXQyLon8YE925IhvwsqM0UM2/
d6102hTlddR3HCwHOa/3El0WxfD2DIsNJ4Su8WfNXKYIm1yBxkadLYIbq5ClLAI/
VBfjFXd/OnTsGY0FaJM515pK84pKzX5A/0Y0f3kCzkc92ktj0ac/t1yOUX+tGW/d
oxyvFJh/VhGFoGXLdnDdnlStd/ZFcinpe7CWcoJnxHvfDKowBe+fsJopAgMBAAGj
ggKKMIIChjArBgNVHREEJDAighAqLmxvY2F3ZWIuY29tLmJygg5sb2Nhd2ViLmNv
bS5icjAJBgNVHRMEAjAAMG4GA1UdIARnMGUwYwYGZ4EMAQICMFkwJgYIKwYBBQUH
AgEWGmh0dHBzOi8vd3d3LnRoYXd0ZS5jb20vY3BzMC8GCCsGAQUFBwICMCMMIWh0
dHBzOi8vd3d3LnRoYXd0ZS5jb20vcmVwb3NpdG9yeTAOBgNVHQ8BAf8EBAMCBaAw
HwYDVR0jBBgwFoAUwk9IV/zRT5rAXTh9DgXb2S61UmAwKwYDVR0fBCQwIjAgoB6g
HIYaaHR0cDovL3RqLnN5bWNiLmNvbS90ai5jcmwwHQYDVR0lBBYwFAYIKwYBBQUH
AwEGCCsGAQUFBwMCMFcGCCsGAQUFBwEBBEswSTAfBggrBgEFBQcwAYYTaHR0cDov
L3RqLnN5bWNkLmNvbTAmBggrBgEFBQcwAoYaaHR0cDovL3RqLnN5bWNiLmNvbS90
ai5jcnQwggEEBgorBgEEAdZ5AgQCBIH1BIHyAPAAdwDd6x0reg1PpiCLga2BaHB+
Lo6dAdVciI09EcTNtuy+zAAAAV2umd06AAAEAwBIMEYCIQDcgkgGk49ufkI70RLD
rqglp4tuve7FGGka6Z2w9T9BWwIhAP3uCtUxgjJO+anvJqisjfUHEQAstQWBhtWX
on1GhJiXAHUApLkJkLQYWBSHuxOizGdwCjw1mAT5G9+443fNDsgN3BAAAAFdrpne
yAAABAMARjBEAiAZ8RmIjMcsI7zyggVB1kJVvMSvBKHBmzG7VmJgtyKalQIgftuB
wnJa7R1/A35zacemk7xKe/9uxj2aNQMKG4/i/QMwDQYJKoZIhvcNAQELBQADggEB
AKoqxuynHOThNY/GsNTaW51B2LDkfCQOyorS0Le5fdL/rdouKcH9KQ6irAIqCOeo
kNrEQ+P/E/lot+LZ4m3xWj/vannCfbAdNOoboJ63R/8UwVZYdU9hGwOnh1dTutAv
4uagtN5NDcyF6XY7rILtdBtI/R3XX5Xk8JPuybBZnl4F7kEtAM3coP3efDggogjg
kYh1pwjCKrb+OIbQ42YJQvU4h6rPLcyiMGNDfK1gZHuTtk8Hy9ZE10YTGUJWvc5X
gtH4MsLyzT7nKLEUSdc6GVeVeadQ1L9h9M8eh2Wm7z0fnXWPH4tTxnuZ/QcKs1M8
od4zKv+tRHxRQUq4gp7GLrc=
-----END CERTIFICATE-----
subject=/C=BR/ST=Sao Paulo/L=Sao Paulo/O=LOCAWEB LTDA/OU=Hospedagem de sites/CN=*.locaweb.com.br
issuer=/C=US/O=thawte, Inc./CN=thawte SSL CA - G2
---
No client certificate CA names sent
---
SSL handshake has read 4845 bytes and written 479 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : ECDHE-RSA-AES256-GCM-SHA384
    Session-ID: 4FF8158BC0664F35811923F14B8EF5A049E2AB547D36E6EEAA6C2E6024DD9E10
    Session-ID-ctx: 
    Master-Key: C80F480E46EE162B168F864386D729920C9A91247C56C866DAC32E93C2003194A530FD8E4045147EC42D8455245219D4
    TLS session ticket lifetime hint: 7200 (seconds)
    TLS session ticket:
    0000 - 16 4b 0a 61 41 68 af 81-04 c8 fc 10 74 c6 18 2e   .K.aAh......t...
    0010 - f1 88 9b 52 13 f9 be b9-f6 8c 6b 13 c7 84 36 39   ...R......k...69
    0020 - 18 c6 4a fa 4c 23 33 a9-a0 f3 47 65 b1 c5 51 0c   ..J.L#3...Ge..Q.
    0030 - 36 0b e7 cf 0b 3f ed 71-b6 3a 44 08 6c c8 61 5c   6....?.q.:D.l.a\
    0040 - 9b 3f 2d 84 7e 51 d0 bb-e8 4d 10 6d fd a4 9a bd   .?-.~Q...M.m....
    0050 - e2 23 d4 7e e2 b2 71 4a-b5 5a 32 d4 9e 7a ef e6   .#.~..qJ.Z2..z..
    0060 - 87 2c 6f bb 3e 85 01 27-44 c1 5b 22 5b ac 6a 9d   .,o.>..'D.["[.j.
    0070 - 67 53 57 89 f1 92 a5 f2-9e 92 93 d5 3c 60 e5 2b   gSW.........<`.+
    0080 - d8 a3 6f f8 d5 98 30 4c-f9 93 36 4f 18 b2 4a 92   ..o...0L..6O..J.
    0090 - 89 d2 30 fd d7 cb 27 ed-20 d9 22 6a 3e 96 e6 6f   ..0...'. ."j>..o

    Start Time: 1520986296
    Timeout   : 300 (sec)
    Verify return code: 0 (ok)
---
250 DSN
DONE

[Synchro]

You have to actually run the Certainty code, it's not magic! I did suggest trying the manual download first.

[gusbemacbe]

Then I have to copy the guzzlehttp, paragonie and par folders to web site server, because without them, it wouldn't work.

[gusbemacbe]

The problem is that I do not have cacert.pem.

[Synchro]

The guide tells you how to get that.

[gusbemacbe]

I did everything what the guide taught, but it worked nothing. Maybe the guide didn't tell which fils to require.

[Synchro]

It's not that complicated - you download the CA cert file, then alter your php.ini to point at it - that's it.

[gusbemacbe]

you download the CA cert file

I am confused, are you referring to any CA cert of paragonie/certainly/data/* or that CA cert that I downloaded from my terminal to generate with the athletic association's SMTP?

then alter your php.ini to point at it - that's it.

The problem is that php.ini is local and other users (visitors) do not have that configured php.ini and can fail to send the form contact. I do not know if I can add php.ini to the web site server.

[Synchro]

It doesn't matter how you get the CA file - they are the same either way. Certainty means you get control of it from inside your app rather than in your system config.

The problem is that php.ini is local and other users (visitors) do not have that configured php.ini and can fail to send the form contact. I do not know if I can add php.ini to the web site server.

What? No. php.ini files live on your server, and as the server owner, you should be able to access them and alter the settings in there. Visitors have no access to php.ini. There will already be one there, because PHP ships with one as standard.

There is another alternative: You can provide a path to a CA cert file in the SMTPOptions property:

$mail->SMTPOptions = [
    'ssl' => [
        'verify_peer' => true,
        'verify_peer_name' => true,
        'allow_self_signed' => false,
        'cafile' => '/path/to/cacert.pem'
    ]
];

That will only fix that specific usage of PHPMailer, whereas fixing it in php.ini or the system will fix it for all PHP scripts or the entire system respectively.

[gusbemacbe]

Which is one of them to uncomment?

[openssl]
;openssl.cafile=
;openssl.capath=

[Synchro]

cafile, just like the ssl options in my last post and also as documented in the guide.

[gusbemacbe]

I need to know if it is all right, if the order is correct and if I need to add Paragonie too:

try 
  {
      $email->CharSet    = 'utf-8';
      $email->setLanguage('br', '/phpmailer/language/');
      $email->isHTML(true);

      $email->AddEmbeddedImage("imagens/logo-formulario.png", "logo-formulario", "logo-formulario.png", 'base64', 'image/png');
      $email->AddEmbeddedImage("imagens/icones/heart.png", "coracao", "heart.png", 'base64', 'image/png');
      $email->AddEmbeddedImage("imagens/icones/materialize.png", "materialize", "materialize.png", 'base64', 'image/png');
      $email->AddEmbeddedImage("imagens/icones/phpmailer.png", "phpmailer", "phpmailer.png", 'base64', 'image/png');
      $email->AddEmbeddedImage("imagens/icones/atom.png", "atom", "atom.png", 'base64', 'image/png');
      $email->AddEmbeddedImage("imagens/icones/apple.png", "apple", "apple.png", 'base64', 'image/png');

      $email->SMTPOptions = 
      [
          'ssl' => 
          [
              'verify_peer' => true,
              'verify_peer_name' => true,
              'allow_self_signed' => false,
              'cafile' => 'paragonie/certainty/data/cacert-2018-03-07.pem'
          ]
      ];
      $email->SMTPDebug = 2;                                    // Enable verbose debug output
      $email->isSMTP();                                         // Set mailer to use SMTP
      $email->Host = 'smtp.atleticaunisal.com.br';              // Specify main and backup SMTP servers
      $email->SMTPAuth = true;                                  // Enable SMTP authentication
      $email->Username = '[email protected]';       // SMTP username
      $email->Password = 'atleticaunisalorena';                 // SMTP password
      $email->SMTPSecure = 'tls';                               // Enable TLS encryption, `ssl` also accepted
      $email->Port = 587;                                       // TCP port to connect to
      $email->Host = 'tls:https://smtp.atleticaunisal.com.br:587';

      $email->setFrom('[email protected]', 'Atlética UNISAL'); 

or

use ParagonIE\Certainty\RemoteFetch;

$latest = (new RemoteFetch())->getLatestBundle();

$latest->createSymlink('paragonie/certainty/data/cacert-2018-03-07.pem', true);

use PHPMailer\PHPMailer\PHPMailer;
use PHPMailer\PHPMailer\Exception;

date_default_timezone_set('America/Sao_Paulo');

require 'phpmailer/src/Exception.php';
require 'phpmailer/src/PHPMailer.php';
require 'phpmailer/src/SMTP.php';

if ($_SERVER['REQUEST_METHOD'] === 'POST') 
{
  
  $curso             = $_POST['cursos'];                                      // prénom du cours de qui envoie le formulaire
  $emailusuario      = $_POST['email'];                                       // l'e-mail de qui envoie le formulaire
  $faculdade         = $_POST['faculdades'];                                  // prénom de l'université de qui envoie le formulaire
  $idade             = $_POST['idade'];                                       // âge de qui envoie le formulaire
  $ip                = $_SERVER['REMOTE_ADDR'];                               // IP de qui envoie le formulaire
  $mensagem          = $_POST['mensagem'];                                    // message de qui envoie le formulaire
  $navegador         = $_SERVER['HTTP_USER_AGENT'];                           // le browser de l'utilisateur qui envoie le formulaire
  $nomeusuario       = $_POST['nome'];                                        // prénom et nom de qui envoie le formulaire
  $pais              = json_decode(file_get_contents("http:https://ipinfo.io/"));    // IP du pays de qui envoie le formulaire
  $telefone          = $_POST['phone'];                                       // téléphone de qui envoie le formulaire

  $email             = new PHPMailer();
  
  try 
  {
      $email->CharSet    = 'utf-8';
      $email->setLanguage('br', '/phpmailer/language/');
      $email->isHTML(true);

      $email->AddEmbeddedImage("imagens/logo-formulario.png", "logo-formulario", "logo-formulario.png", 'base64', 'image/png');
      $email->AddEmbeddedImage("imagens/icones/heart.png", "coracao", "heart.png", 'base64', 'image/png');
      $email->AddEmbeddedImage("imagens/icones/materialize.png", "materialize", "materialize.png", 'base64', 'image/png');
      $email->AddEmbeddedImage("imagens/icones/phpmailer.png", "phpmailer", "phpmailer.png", 'base64', 'image/png');
      $email->AddEmbeddedImage("imagens/icones/atom.png", "atom", "atom.png", 'base64', 'image/png');
      $email->AddEmbeddedImage("imagens/icones/apple.png", "apple", "apple.png", 'base64', 'image/png');

      $email->SMTPOptions = 
      [
          'ssl' => 
          [
              'verify_peer' => true,
              'verify_peer_name' => true,
              'allow_self_signed' => false,
              'cafile' => 'paragonie/certainty/data/cacert-2018-03-07.pem'
          ]
      ];
      $email->SMTPDebug = 2;                                    // Enable verbose debug output
      $email->isSMTP();                                         // Set mailer to use SMTP
      $email->Host = 'smtp.atleticaunisal.com.br';              // Specify main and backup SMTP servers
      $email->SMTPAuth = true;                                  // Enable SMTP authentication
      $email->Username = '[email protected]';       // SMTP username
      $email->Password = 'contatoatleticaunisal';                 // SMTP password
      $email->SMTPSecure = 'tls';                               // Enable TLS encryption, `ssl` also accepted
      $email->Port = 587;                                       // TCP port to connect to
      $email->Host = 'tls:https://smtp.atleticaunisal.com.br:587';

      $email->setFrom('[email protected]', 'Atlética UNISAL'); 
      $email->From        = $emailusuario;  // l'e-mail de qui envoie le formulaire
      $email->FromName    = $nomeusuario;   // prénom et nom de qui envoie le formulaire

Which of them is better?

And php.ini:

openssl.cafile='/Users/gus/paragonie/certainty/data/cacert-2018-03-07.pem'
openssl.capath='/Users/gus/paragonie/certainty/data/'

Is it right?

[Synchro]

You shouldn't need to update your CA certs very often - they don't change that frequently - doing it inline with every email send is excessive. As I said before, it doesn't matter how you get hold of your CA certs. Either of those openssl php.ini settings should work; the second one is perhaps more likely to stay working if you download more certificates in future and put them in the same folder.

[gusbemacbe]

Hi @Synchro

Although PHPMailer and SendGrid are unrelated, it is the same problem of authorisation certificate. The problem isn't PHPMailer or SendGrid, it is Locaweb's server, because they use very old server and they do not have authentication, authorisation certificates and credentials. I have contacted Loacweb. Due to these lacks, e-mails are classified as spams.

See the end of the topic: sendgrid/sendgrid-php#591.

[Synchro]

I don't think that explains it - if you get your own local copy of the CA certs and use it in your PHP ssl config (and you confirm that it actually works by running phpinfo()), as discussed above, then it's not using the server's default CA certs to validate the response.

[gusbemacbe]

@Synchro, I found how to solve the Locaweb's authentication error.

I had to reinstall PHP, using Homebrew to correct the curl, authentication and authorisation errors. I copied correctly cacert.pem to /etc/ssl/cacert.pem, setted correctly etc/ssl/cacert.pem) to the uncommented openssl.cafile and curl.cainfo in my php.ini file. I required correctly from Composer to my project to install Certainly and the I copied the SMTPOptions to my form contact file. I had to set $email->SMTPAuth = true;.

Finally it worked. Surprisingly, the e-mails are no longer as spams.

I will find how to solution the Locaweb server problem in SendGrid.

It is solved.

Merci beaucoup pour votre patience !