Failed to mail send from laravel service Incoming email works, but outgoing (reply) fails: SECURITY PROBLEM: insecure server advertised AUTH=PLAIN

Hi everyone,

I'm building a SaaS application where users can connect their own business email accounts. I'm storing their email credentials and dynamically configuring the mailer so they can read and reply to emails directly from the app.

Viewing the incoming emails works perfectly fine, but I'm running into an issue when trying to send an outgoing email (specifically, replying to a message).

Whenever the app attempts to send, it fails and throws this error in my logs:

[2026-04-23 11:31:03] production.ERROR: PHP Request Shutdown: SECURITY PROBLEM: insecure server advertised AUTH=PLAIN (errflg=1) {"userId":1,"exception":"[object] (ErrorException(code: 0): PHP Request Shutdown: SECURITY PROBLEM: insecure server advertised AUTH=PLAIN (errflg=1) at Unknown:0)

Here is the method I'm using to dynamically configure the SMTP settings and send the email:

private function attemptSend(EmailAccount $account, array $data, ?string $encryption, $port): void
{
    app('mail.manager')->purge('smtp');

    config([
        'mail.mailers.smtp.host'       => $account->smtp_host,
        'mail.mailers.smtp.port'       => $port,
        'mail.mailers.smtp.encryption' => $encryption,
        'mail.mailers.smtp.username'   => $account->username,
        'mail.mailers.smtp.password'   => $account->password,
        'mail.from.address'            => $account->email,
        'mail.from.name'               => $account->label,
        
        'mail.mailers.smtp.stream' => [
            'ssl' => [
                'allow_self_signed' => true,
                'verify_peer'       => false,
                'verify_peer_name'  => false,
            ],
        ],
    ]);

    Mail::mailer('smtp')->send([], [], function ($message) use ($data, $account) {
        $message->from($account->email, $account->label)
                ->to($data['to'])
                ->subject($data['subject'])
                ->html($data['body']); 

        if (!empty($data['in_reply_to'])) {
            $headers = $message->getHeaders();
            $headers->addTextHeader('In-Reply-To', $data['in_reply_to']);
            $headers->addTextHeader('References', $data['in_reply_to']);
        }
    });
}

As you can see, I even tried forcing the stream context to ignore SSL verification just in case it was a strict certificate issue, but the error persists.

Has anyone run into this AUTH=PLAIN security problem when dynamically configuring mailers in Laravel? Any guidance on what I might be missing here would be hugely appreciated!

Thanks in advance!

Glukinho

4 days ago

Level 30

SECURITY PROBLEM: insecure server advertised AUTH=PLAIN (errflg=1)

This error strikes from IMAP connection which is used to access a mailbox, not for sending emails. Where this error goes from in your code? I mean specific file and line.

Please or to participate in this conversation.