Author Topic: imap to dovecot on another server  (Read 1198 times)

Offline parrst

  • Newbie
  • *
  • Posts: 2
imap to dovecot on another server
« on: March 01, 2024, 02:10:28 PM »
I have been beating my head against a wall for 3 days now.  I have smtp and the DB working, but I cannot get imap to work.  I have been trying several variations of the 'imap_host' option and almost every version with tls//domain.com, ssl//domain.com, IPaddr:993, IPaddr:143 and so on, and everything says

IMAP connect:  NOT OK(Login failed for <my email address> against <web server > from <IP I am accessing website from>. Could not connect to <domainor IP or mailserver> Connection refused)

Only when using the IP of the email server:993 do I get

I know imap works because I can reach it from my mail server.  I have tried to turn off ssl using 'imap_conn_options' but still nothing.  Only thing I can think is my mail server uses a self signed server which is fine for my purposes but many apps need me to approve the fingerprint of the cert first and roundcube doesn't seem to give me the option.

Any help would be greatly appropriated.

Bob

Offline SKaero

  • Administrator
  • Hero Member
  • *****
  • Posts: 5,876
    • SKaero - Custom Roundcube development
Re: imap to dovecot on another server
« Reply #1 on: March 02, 2024, 01:27:43 AM »
I'm not clear on what your getting when connecting on port 993. It sounds like a firewall issue to me.

If you want to set cert options you can do that with the following config option:
Code: [Select]
// IMAP socket context options
// See http://php.net/manual/en/context.ssl.php
// The example below enables server certificate validation
//
// proxy_protocol is used to inject HAproxy style headers in the TCP stream
// See http://www.haproxy.org/download/1.6/doc/proxy-protocol.txt
// WARNING: Please note this is currently incompatible with implicit ssl,
// since the proxy protocol preamble is expected before the ssl handshake.
// $config['imap_conn_options'] = [
//    'ssl' => [
//        'verify_peer'  => true,
//        'verify_depth' => 3,
//        'cafile'       => '/etc/openssl/certs/ca.crt',
//    ],
//    'proxy_protocol' => 1 | 2 | [ // required (either version number (1|2) or array with 'version' key)
//        'version'       => 1 | 2, // required, if array
//        'remote_addr'   => $_SERVER['REMOTE_ADDR'], // optional
//        'remote_port'   => $_SERVER['REMOTE_PORT'], // optional
//        'local_addr'    => $_SERVER['SERVER_ADDR'], // optional
//        'local_port'    => $_SERVER['SERVER_PORT'], // optional
//    ],
// ];
// Note: These can be also specified as an array of options indexed by hostname
$config['imap_conn_options'] = null;

That said I would expect a different error if it was a certificate problem.

Offline parrst

  • Newbie
  • *
  • Posts: 2
Re: imap to dovecot on another server
« Reply #2 on: March 03, 2024, 12:34:38 PM »
I'm not clear on what your getting when connecting on port 993. It sounds like a firewall issue to me.

When I set the imap to use the mailserver's IP and port 993 "$config['imap_host'] = 'x.x.x.x:993'; I get the different error.

As for it being a firewall error, it looks like that to me as well but I have checked EVERY log on both servers and never see the firewall blocking.

Quote
If you want to set cert options you can do that with the following config option:
Code: [Select]
// IMAP socket context options
// See http://php.net/manual/en/context.ssl.php
// The example below enables server certificate validation
//
// proxy_protocol is used to inject HAproxy style headers in the TCP stream
// See http://www.haproxy.org/download/1.6/doc/proxy-protocol.txt
// WARNING: Please note this is currently incompatible with implicit ssl,
// since the proxy protocol preamble is expected before the ssl handshake.
// $config['imap_conn_options'] = [
//    'ssl' => [
//        'verify_peer'  => true,
//        'verify_depth' => 3,
//        'cafile'       => '/etc/openssl/certs/ca.crt',
//    ],
//    'proxy_protocol' => 1 | 2 | [ // required (either version number (1|2) or array with 'version' key)
//        'version'       => 1 | 2, // required, if array
//        'remote_addr'   => $_SERVER['REMOTE_ADDR'], // optional
//        'remote_port'   => $_SERVER['REMOTE_PORT'], // optional
//        'local_addr'    => $_SERVER['SERVER_ADDR'], // optional
//        'local_port'    => $_SERVER['SERVER_PORT'], // optional
//    ],
// ];
// Note: These can be also specified as an array of options indexed by hostname
$config['imap_conn_options'] = null;

That said I would expect a different error if it was a certificate problem.

I am not too worried about certificates as both servers are on a private network, so the connection between the two can be open.  BUT, if I set the cert for Roundcube, does it have to match the cert on the email server? 

Bob