Author Topic: Setup issue  (Read 5173 times)

Offline sergedc

  • Newbie
  • *
  • Posts: 2
Setup issue
« on: December 24, 2016, 07:14:16 AM »
Hi, I am trying to configure roundcube but facing issue:

1. Imap (SSL on 993) and smtp (SSL on 465) works fine from outlook / Thunderbird.
2. My webserver (www.mydomain.com) and mail server (mail2.mydomain.com) are on different computers
When doing the config I tried: mail2.mydomain.com, ssl://mail2.mydomain.com, tls://mail2.mydomain.com, imaps://mail2.mydomain.com  and none work during the step 3 of the installer. The error shows is :

Connecting to imaps://mail2.mydomain.com...
IMAP connect:  NOT OK(Login failed for myusername from 62.235.220.96. Could not connect to ssl://mail2.mydomain.com:993: Unknown reason)

of course the "mydomain" and "myusername" are the same as in my Outlook / Thunderbird config.

3. In the step 3 of the installer, everything shows "ok".
4. I try to debug but there is very little:
- In the error file of roundcube, nothing is added when I do the imap test in installer "step 3"
- In my postfix / dovecot log (/var/log/maillog) not much was showing either, so I added more verbose and this is what I get now:

Dec 24 11:56:55 mail2 dovecot: imap-login: Debug: SSL: elliptic curve secp384r1          will be used for ECDH and ECDHE key exchanges
Dec 24 11:56:55 mail2 dovecot: imap-login: Debug: SSL: elliptic curve secp384r1          will be used for ECDH and ECDHE key exchanges
Dec 24 11:56:55 mail2 dovecot: imap-login: Debug: SSL: where=0x10, ret=1: before         /accept initialization [158.69.228.166]
Dec 24 11:56:55 mail2 dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: befo         re/accept initialization [158.69.228.166]
Dec 24 11:56:55 mail2 dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv         3 read client hello A [158.69.228.166]
Dec 24 11:56:55 mail2 dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv         3 write server hello A [158.69.228.166]
Dec 24 11:56:55 mail2 dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv         3 write certificate A [158.69.228.166]
Dec 24 11:56:55 mail2 dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv         3 write key exchange A [158.69.228.166]
Dec 24 11:56:55 mail2 dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv         3 write server done A [158.69.228.166]
Dec 24 11:56:55 mail2 dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv         3 flush data [158.69.228.166]
Dec 24 11:56:55 mail2 dovecot: imap-login: Debug: SSL: where=0x2002, ret=-1: SSL         v3 read client certificate A [158.69.228.166]
Dec 24 11:56:55 mail2 dovecot: imap-login: Debug: SSL: where=0x2002, ret=-1: SSL         v3 read client certificate A [158.69.228.166]
Dec 24 11:56:55 mail2 dovecot: auth: Debug: Loading modules from directory: /usr         /lib64/dovecot/auth
Dec 24 11:56:55 mail2 dovecot: auth: Debug: Module loaded: /usr/lib64/dovecot/au         th/libdriver_sqlite.so
Dec 24 11:56:55 mail2 dovecot: auth: Debug: Read auth token secret from /var/run         /dovecot/auth-token-secret.dat
Dec 24 11:56:55 mail2 dovecot: auth: Debug: auth client connected (pid=16492)
Dec 24 11:56:55 mail2 dovecot: imap-login: Warning: SSL alert: where=0x4004, ret         =560: fatal unknown CA [158.69.228.166]
Dec 24 11:56:55 mail2 dovecot: imap-login: Warning: SSL failed: where=0x2002: SS         Lv3 read client certificate A [158.69.228.166]
Dec 24 11:56:55 mail2 dovecot: imap-login: Disconnected (no auth attempts in 0 s         ecs): user=<>, rip=158.69.228.166, lip=172.31.29.201, TLS handshaking: SSL_accep         t() failed: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca:          SSL alert number 48, session=<QATrMmZEiQCeReSm>

There are only warnings and no real errors....
Any idea of what I could try next?

Thanks
Serge

Offline SKaero

  • Administrator
  • Hero Member
  • *****
  • Posts: 5,876
    • SKaero - Custom Roundcube development
Re: Setup issue
« Reply #1 on: December 24, 2016, 06:15:34 PM »
The error "Could not connect" mean Roundcube isn't connecting to the mail server, so its not an authentication (username/password) problem. The log you posted "Warning: SSL alert: where=0x4004, ret         =560: fatal unknown CA" points to a problem with SSL. So you want to set the following option in your Roundcube config:
Code: [Select]
// IMAP socket context options
// See http://php.net/manual/en/context.ssl.php
// The example below enables server certificate validation
//$config['imap_conn_options'] = array(
//  'ssl'         => array(
//     'verify_peer'  => true,
//     'verify_depth' => 3,
//     'cafile'       => '/etc/openssl/certs/ca.crt',
//   ),
// );
// Note: These can be also specified as an array of options indexed by hostname
$config['imap_conn_options'] = null;

If you set verify_peer to false it should connect, or you could specify the certificate manually.

Offline sergedc

  • Newbie
  • *
  • Posts: 2
Re: Setup issue
« Reply #2 on: December 26, 2016, 10:25:14 AM »
Thank you very much for your answer.
When it comes to IMAP, I have fixed the problem (ie I can loggin using roundcube), by realizing that in dovecot, 10-ssl.conf, the ssl_ca file had the wrong certificate (it needed to be the intermediate server certificate). It now works.

When it comes to SMTP, I am still stucked. I feel it is also a certificate problem. I have tried your above suggestion and change smtp_conn_options to have verify = false, but to no avail.
Again, outlook and Thunderbird are configured using the same parameters and work flawlessly...

This is the log in the error file of roundcube:

[26-Dec-2016 15:12:15 UTC] PHP Warning:  stream_socket_client(): unable to connect to ssl://mail2.sergedc.com:465 (Connection timed out) in /home/sergedc/public_html/roundcubemail-1.2.3/vendor/pear-pear.php.net/Net_Socket/Net/Socket.php on line 159
[26-Dec-2016 15:12:15 UTC] ERROR: Connection timed out (110)
[26-Dec-2016 15:12:15 UTC] ERROR: Failed to connect socket: Connection timed out ()
[26-Dec-2016 15:12:15 +0000]: <mpme5i27> SMTP Error: Connection failed: Failed to connect socket: Connection timed out in /home/sergedc/public_html/roundcubemail-1.2.3/program/lib/Roundcube/rcube.php on line 1648 (POST /roundcubemail-1.2.3/?_task=mail&_unlock=loading1482765076004&_lang=en&_framed=1&_action=send)


And this is the config:
$config['smtp_server'] = 'ssl://mail2.mydomain.com';
$config['smtp_port'] = 465;
$config['smtp_user'] = '%u';
$config['smtp_pass'] = '%p';
$config['support_url'] = '';
$config['smtp_auth_type'] = '';
$config['smtp_conn_options'] = array(
   'ssl'         => array(
    'verify_peer'  => false,
   ),
 );

Any other idea?

Offline SKaero

  • Administrator
  • Hero Member
  • *****
  • Posts: 5,876
    • SKaero - Custom Roundcube development
Re: Setup issue
« Reply #3 on: December 26, 2016, 04:19:58 PM »
The error your getting isn't related to SSL, the server is timing out when it tries to connect to the server. This is most likely a firewall problem on the server that Roundcube is running on. Make sure port 465 is open and you can connect to the server from the server.