Author Topic: Myriad Issues; SSL Fail, IMAP Conn Fail, Migraine  (Read 5509 times)

Offline FoxFrenzy

  • Newbie
  • *
  • Posts: 6
Myriad Issues; SSL Fail, IMAP Conn Fail, Migraine
« on: December 10, 2017, 12:21:23 PM »
I am really starting to dislike roundcube.  I'm glad it's working for others and good for them.  Their setup may be simpler than mine or their needs easily attained.
I want a mail server that I can connect to via website and via Outlook or other mail-delivery applications.
I had everything working through the website until I tried to add my account to Outlook and that's when my migraine started to come back.
How is it I can connect via the website but not via Outlook?
How is it when I made a few changes, Outlook was connecting to IMAP, but not SMTP nor the website?
Why is roundcube trying to use the SSL certificate for the page and not the SSL certificate for the MX?
I don't WANT everything to be mail.domain.com because it doesn't work.
I WANT the website, https://mail.domain.com, to be it's OWN thing.
When I want to set myself or other users up through Outlook, or Gmail, or Windows Mail or WHATEVER - I want the imap and smtp server settings TO BE DIFFERENT.
Why, you ask?
Because when they were the same it was NOT WORKING.
The process of troubleshooting and the definition of insanity should not be mutually exclusive.

Diagnostics from Hmailserver
Code: [Select]
Test: Collect server details
hMailServer version: hMailServer 5.6.6-B2383
Database type: MySQL

Test: Test IPv6
IPv6 support is available in operating system.

Test: Test outbound port
SMTP relayer not in use. Attempting mail.hmailserver.com:25...
Trying to connect to host mail.hmailserver.com...
Trying to connect to TCP/IP address 5.189.183.138 on port 25.
Received: 220 mail.hmailserver.com ESMTP.
Connected successfully.

Test: Test backup directory
ERROR: Backup directory has not been specified.

Test: Test MX records
Trying to resolve MX records for tctgaming.com...
Host name found: mx.tctgaming.com

Test: Test local connect
Connecting to TCP/IP address in MX records for local domain domain tctgaming.com...
Trying to connect to host mx.tctgaming.com...
Trying to connect to TCP/IP address 127.0.0.1 on port 25.
Received: 220 mxl.tctgaming.com ESMTP.                                          ---no idea where it's getting MXL subdomain from.
Connected successfully.

Test: Test message file locations
Relative message paths are stored in the database for all messages.

Test: Test IP range configuration
No problems were found in the IP range configuration.

Deeper details:
[size=85]
Code: [Select]
2017-12-10   Hmailserver: 5.6.6-B2383

DOMAINS

   "Domain1.com" - tcxxxxxxx.com                  Enabled: True

SIGNATURE         LIMITS                       DKIM               ADVANCED
  Enabled: False   Max size:                0   Enabled: False   
                   Max message size:        0                      Plus addressing: False
                   Max size of accounts:    0                   
                                                                   Greylisting:     False
-----------------------------------------------------------------------------------------------

IP RANGES

IP: 127.0.0.1 - 127.0.0.1     Priority: 25     Name: My computer

  Allow connections                         Other
     SMTP:   True                              Antispam :   True
     POP3:  False                              Antivirus:   True
     IMAP:   True                              SSL/TLS:     True

  Allow Deliveries from                     Require Authentication from
     Local To Local       -  True              Local To Local       - False
     Local To External    -  True              Local To External    - False
     External To Local    -  True              External To Local    - False
     External To External -  True              External To External -  True


IP: 0.0.0.0 - 255.255.255.255     Priority: 10     Name: Internet

  Allow connections                         Other
     SMTP:   True                              Antispam :   True
     POP3:  False                              Antivirus:   True
     IMAP:   True                              SSL/TLS:     True

  Allow Deliveries from                     Require Authentication from
     Local To Local       -  True              Local To Local       -  True
     Local To External    -  True              Local To External    -  True
     External To Local    -  True              External To Local    - False
     External To External -  True              External To External -  True


------------------------------------------------------
AUTOBANNED Local Addresses:
    No entries

-----------------------------------------------------------------------------------------------

AUTOBAN
  Autoban Enabled: True       Max invalid logon attempts:      5
                              Minutes Before Reset:           15  (0.25 hours, 0.01 days)
                              Minutes to Autoban:             60  (1.00 hours, 0.04 days)

No problems were found in the IP range configuration.
-----------------------------------------------------------------------------------------------

INCOMING RELAYS
   No entries
-----------------------------------------------------------------------------------------------

MIRRORING         Disabled
-----------------------------------------------------------------------------------------------

PROTOCOLS

SMTP
GENERAL             DELIVERY                  RFC COMPLIANCE            ADVANCED
No. Connections:  0  No Retries:  4 Mins: 60   Plain Text:        False  Bind:
                     Host: EXTERNAL.TLD        Empty sender:       True  Batch recipients:   100
Max Msg Size: 20480  Relay:-                   Incorrect endings:  True  Use STARTTLS:      True
                     (none entered)            Disc. on invalid:  False  Delivered-To hdr: False
                                                                         Loop limit:           5
                                                                         Recipient hosts:     15
  Routes:
     No routes defined.

POP3
 !! Service Not Enabled !!

IMAP
 GENERAL                   PUBLIC FOLDERS                    ADVANCED
  No. Connections:   0      Public folder name: #Public       IMAP sort:  True
                                                              IMAP Quota: True
                                                              IMAP Idle:  True
                                                              IMAP ACL:   True
                                                              Delim: "."
-----------------------------------------------------------------------------------------------

ANTISPAM

GENERAL                              SPAM TESTS              Score   SPAMASSASSIN
  Spam Mark:                  5       Use SPF:           False        Use Spamassassin:    True
  Add X-HmailServer-Spam:     True    Check HELO host:   False        Hostname:       127.0.0.1
  Add X-HmailServer-Reason:   True    Check MX records:  False        Port:                 783
  Add X-HmailServer-Subject: False    Verify DKIM:       False        Use SA score:        True

  Spam delete threshold: 20         Maximum message size: 1024

DNSBL ENTRIES:
   No 'enabled' entries

SURBL ENTRIES:
   No 'enabled' entries

GREYLISTING:
  Greylisting:  False

WHITELISTING
              127.0.0.1          to    127.0.0.1                   
-----------------------------------------------------------------------------------------------

ANTIVIRUS

GENERAL:
  When found - Delete email. Notify Sender: False,  Notify Receiver: False

  Max Message Size: 0
     CLAM AV:   False
     CLAMWIN:   True       Executable: O:\Website\wamp64\www\roundcube\clamav\bin\clamscan.exe    Path: O:\Website\wamp64\www\roundcube\clamav\db
     CUSTOMAV:  False

  Block Attachments: False
-----------------------------------------------------------------------------------------------

SSL CERTIFICATES
   mx.Domain1.com
       Certificate: O:\Website\wamp64\bin\apache\apache2.4.23\conf\ssl\mx.Domain1.com-crt.pem
       Private key: O:\Website\wamp64\bin\apache\apache2.4.23\conf\ssl\mx.Domain1.com-key.pem
-----------------------------------------------------------------------------------------------

SSL/TLS
             SSL 3.0 :  False
             TLS 1.0 :   True
             TLS 1.1 :   True
             TLS 1.2 :   True                Verify Remote SSL/TLS Certs:   True
SslCipherList  :

ECDHE-RSA-AES128-GCM-SHA256     - ECDHE-ECDSA-AES128-GCM-SHA256   - ECDHE-RSA-AES256-GCM-SHA384     
ECDHE-ECDSA-AES256-GCM-SHA384   - DHE-RSA-AES128-GCM-SHA256       - DHE-DSS-AES128-GCM-SHA256       
kEDH+AESGCM                     - ECDHE-RSA-AES128-SHA256         - ECDHE-ECDSA-AES128-SHA256       
ECDHE-RSA-AES128-SHA            - ECDHE-ECDSA-AES128-SHA          - ECDHE-RSA-AES256-SHA384         
ECDHE-ECDSA-AES256-SHA384       - ECDHE-RSA-AES256-SHA            - ECDHE-ECDSA-AES256-SHA         
DHE-RSA-AES128-SHA256           - DHE-RSA-AES128-SHA              - DHE-DSS-AES128-SHA256           
DHE-RSA-AES256-SHA256           - DHE-DSS-AES256-SHA              - DHE-RSA-AES256-SHA             
AES128-GCM-SHA256               - AES256-GCM-SHA384               - ECDHE-RSA-RC4-SHA               
ECDHE-ECDSA-RC4-SHA             - AES128                          - AES256                         
RC4-SHA                         - HIGH                            - !aNULL                         
!eNULL                          - !EXPORT                         - !DES                           
!3DES                           - !MD5                            - !PSK;                           
-----------------------------------------------------------------------------------------------

TCPIP PORTS                                         Connection Sec
               0.0.0.0         / 25    / SMTP   -   StartTLS Optional   Cert: mx.Domain1.com
               0.0.0.0         / 143   / IMAP   -   StartTLS Required   Cert: mx.Domain1.com
               0.0.0.0         / 587   / SMTP   -   StartTLS Required   Cert: mx.Domain1.com
-----------------------------------------------------------------------------------------------

LOGGING      Logging Enabled: True

  Paths:-
    Current:  O:\hMailServer\Logs\hmailserver_2017-12-10.log
    Error:    O:\hMailServer\Logs\ERROR_hmailserver_2017-12-10.log
    Event:    O:\hMailServer\Logs\hmailserver_events.log - Not present
    Awstats:  O:\hMailServer\Logs\hmailserver_awstats.log
                        APPLICATION -    True
                        SMTP        -    True
                        POP3        -      .
                        IMAP        -    True
                        TCPIP       -    True
                        DEBUG       -    True
                        AWSTATS     -    True
-----------------------------------------------------------------------------------------------

SYSTEM TESTS

Database type: MySQL

IPv6 support is available in operating system.

ERROR: Backup directory has not been specified.

Relative message paths are stored in the database for all messages.

-----------------------------------------------------------------------------------------------

HMAILSERVER.INI

[Directories]
Program folder:  O:\hMailServer\
Database folder:
Data folder:     O:\hMailServer\Data
Log folder:      O:\hMailServer\Logs
Temp folder:     O:\hMailServer\Temp
Event folder:    O:\hMailServer\Events

[Database]
Type=              MYSQL
Username=          root
PasswordEncryption=1
Port=              3306
Server=            127.0.0.1
Internal=          0
-----------------------------------------------------------------------------------------------

[/size][size=80]Generated by HMSSettingsDiagnostics v1.88, Hmailserver Forum.[/size]


Here is my RC Config file.
Code: [Select]
<?php


$config 
= array();

$config['db_dsnw'] = 'mysql://root:OnyxSQL@localhost/mxdb';


$config['default_host'] = 'tls://mx.tctgaming.com';
$config['default_port'] = 143;
$rcmail_config['imap_auth_type'] = null;

$config['username_domain_forced'] = false;

$config['smtp_server'] = 'tls://mx.tctgaming.com';
$config['smtp_port'] = 587;
$config['smtp_user'] = '%u';
$config['smtp_pass'] = '%p';

$config['support_url'] = '';

$config['product_name'] = 'TCT Webmail';

$config['des_key'] = 'XXXXXXXXXXXXXXXXXXX';

$config['plugins'] = array('xskin');

$config['skin'] = 'litecube-f';

$config['enable_installer'] = false;

$config['mime_types'] = 'O:/Website/wamp64/bin/apache/apache2.4.23/conf/mime.types';

$config['language'] = 'en_US';

// roundcubeskins.net License
$config['license_key'] = 'XXXXXXXXXXXXXXXXXX';

Here is one of the errors I get:
Code: [Select]
[10-Dec-2017 16:51:44 UTC] PHP Warning:  stream_socket_enable_crypto(): Peer certificate CN=`mail.tctgaming.com' did not match expected CN=`mx.tctgaming.com' in O:\Website\wamp64\www\roundcube\program\lib\Roundcube\rcube_imap_generic.php on line 1027

[10-Dec-2017 16:51:44 UTC] PHP Stack trace:

[10-Dec-2017 16:51:44 UTC] PHP   1. {main}() O:\Website\wamp64\www\roundcube\index.php:0

[10-Dec-2017 16:51:44 UTC] PHP   2. rcmail->login() O:\Website\wamp64\www\roundcube\index.php:121

[10-Dec-2017 16:51:44 UTC] PHP   3. rcube_imap->connect() O:\Website\wamp64\www\roundcube\program\include\rcmail.php:626

[10-Dec-2017 16:51:44 UTC] PHP   4. rcube_imap_generic->connect() O:\Website\wamp64\www\roundcube\program\lib\Roundcube\rcube_imap.php:158

[10-Dec-2017 16:51:44 UTC] PHP   5. rcube_imap_generic->_connect() O:\Website\wamp64\www\roundcube\program\lib\Roundcube\rcube_imap_generic.php:839

[10-Dec-2017 16:51:44 UTC] PHP   6. stream_socket_enable_crypto() O:\Website\wamp64\www\roundcube\program\lib\Roundcube\rcube_imap_generic.php:1027

[10-Dec-2017 16:51:44 +0000]: <jjnh3g3d> IMAP Error: Login failed for fox@tctgaming.com from 127.0.0.1. Unable to negotiate TLS in O:\Website\wamp64\www\roundcube\program\lib\Roundcube\rcube_imap.php on line 196 (POST /?_task=login&_action=login)

Here are my DNS records.


Here is the Outlook error.


External mail applications DO NOT WORK when using Mail.Domain.Com
IMAP connects, but SMTP does not when using Mx.Domain.Com

How do I get this ALL working??  What am I missing?  Does ANYONE have pharmaceutical-grade aspirin?

Offline alec

  • Hero Member
  • *****
  • Posts: 1,363
Re: Myriad Issues; SSL Fail, IMAP Conn Fail, Migraine
« Reply #1 on: December 10, 2017, 12:28:57 PM »
I will not solve your issues, but I'll give you a hint. Roundcube is just an imap client, the same as Outlook is. The only problem with Roundcube here is PHP ssl configuration. You can modify ssl settings for IMAP connection with imap_conn_options option in Roundcube config. All other problems you describe are not related with Roundcube, so you should ask in another place.

Offline FoxFrenzy

  • Newbie
  • *
  • Posts: 6
Re: Myriad Issues; SSL Fail, IMAP Conn Fail, Migraine
« Reply #2 on: December 10, 2017, 12:49:05 PM »
I am very certain it's a roundcube configuration issue since it's the only part of this mess that's throwing any errors and none of the errors make any sense.  Roundcube is trying to do things it was not asked to do; using the wrong certificate, for example, with no way to force it down any other path - regardless of the imap_conn_option which ALSO doesn't work:

It fails to negotiate TLS.

Code: [Select]
$config['imap_conn_options'] = array(
      'ssl'                => array(
      'verify_peer'        => false,
      'verify_depth'        => 3,
      'allow_self_signed'   => true,
      'cafile'              => 'O:/Website/wamp64/bin/apache/apache2.4.23/conf/ssl/ca-mx.tctgaming.com-crt.pem',
      'local_cert'          => 'O:/Website/wamp64/bin/apache/apache2.4.23/conf/ssl/mx.tctgaming.com-crt.pem',
      'local_pk'            => 'O:/Website/wamp64/bin/apache/apache2.4.23/conf/ssl/mx.tctgaming.com-key.pem',
  ),
);

Code: [Select]
[10-Dec-2017 17:40:57 UTC] PHP Warning:  stream_socket_enable_crypto(): SSL operation failed with code 1. OpenSSL Error messages:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed in O:\Website\wamp64\www\roundcube\program\lib\Roundcube\rcube_imap_generic.php on line 1027

[10-Dec-2017 17:40:57 UTC] PHP Stack trace:

[10-Dec-2017 17:40:57 UTC] PHP   1. {main}() O:\Website\wamp64\www\roundcube\index.php:0

[10-Dec-2017 17:40:57 UTC] PHP   2. rcmail->login() O:\Website\wamp64\www\roundcube\index.php:121

[10-Dec-2017 17:40:57 UTC] PHP   3. rcube_imap->connect() O:\Website\wamp64\www\roundcube\program\include\rcmail.php:626

[10-Dec-2017 17:40:57 UTC] PHP   4. rcube_imap_generic->connect() O:\Website\wamp64\www\roundcube\program\lib\Roundcube\rcube_imap.php:158

[10-Dec-2017 17:40:57 UTC] PHP   5. rcube_imap_generic->_connect() O:\Website\wamp64\www\roundcube\program\lib\Roundcube\rcube_imap_generic.php:839

[10-Dec-2017 17:40:57 UTC] PHP   6. stream_socket_enable_crypto() O:\Website\wamp64\www\roundcube\program\lib\Roundcube\rcube_imap_generic.php:1027

[10-Dec-2017 17:40:57 +0000]: <f04vjc9r> IMAP Error: Login failed for fox@tctgaming.com from 127.0.0.1. Unable to negotiate TLS in O:\Website\wamp64\www\roundcube\program\lib\Roundcube\rcube_imap.php on line 196 (POST /?_task=login&_action=login)

I have tried using both MX. and Mail. certificates without any success.  It breaks my ability to log in via the webpage.

The attempt to dismiss me is noted, however.

Offline JohnDoh

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 2,845
Re: Myriad Issues; SSL Fail, IMAP Conn Fail, Migraine
« Reply #3 on: December 12, 2017, 10:40:58 AM »
In your original post you described problems with Outlook and other clients, not just Roundcube. I think that is probably what Alec meant when he said "The only problem with Roundcube here is PHP ssl configuration.". The fact the multiple clients cannot connect would point to a problems with your IMAP and/or SMTP servers.

Another thing, you said you don't know why your SMTP server says its name is "mxl.tctgaming.com". That would be because its the name of your SMTP server. I've never used hmailserver but I'm guessing its going to like any other and when you configure it you have to specify its name.

You said you specified certs like "O:/Website/wamp64/bin/apache/apache2.4.23/conf/ssl/mx.tctgaming.com-crt.pem" in your Roundcube imap_conn_options, is that the same cert file that your IMAP server is using? What you put into these options has nothing to do with the URL that you are using to access Roundcube, it needs to match the SSL/TLS config of your IMAP server.

Quote
External mail applications DO NOT WORK when using Mail.Domain.Com
IMAP connects, but SMTP does not when using Mx.Domain.Com
Is hmailserver your IMAP and SMTP server, and if so have you configured different certs for IMAP and SMTP because if not then may be the reason that SMTP connect is because your server presents a cert with a CN of mail.domain.com and so fails verification when the client says "but i wanted mx.domain.com"
Roundcube Plugins: Contextmenu, SpamAssassin Prefs, and moreā€¦