Author Topic: New Install - Can't get beyond login page  (Read 5490 times)

Offline ArthurDent

  • Newbie
  • *
  • Posts: 8
New Install - Can't get beyond login page
« on: April 13, 2018, 10:30:04 AM »
Hello all,

I don't know if this is the right place to post my problem - if not please point me in the right direction. Thanks.

I am partway through a bare-metal upgrade of my home server to Fedora 27. I have the Dovecot IMAP server up and running and listening on port 993. That works just fine.

I am however somewhat tired of squirrelmail as my webmail server - and besides, I have failed to get that working for some (possibly related) reason. So I have downloaded Roundcube to try (using dnf) and followed various installation guides. I have got beyond the config section, but but when I try to do my first ever login all I get is a blank screen and eventual timeout.

What I see in the logs is:
Code: [Select]
[13-Apr-2018 14:14:51 +0100]: <p6420nv9> IMAP Error: Login failed for mark from <my_IP_address>. Empty startup greeting (localhost:993) in /usr/share/roundcubemail/program/lib/Roundcube/rcube_imap.php on line 196 (POST /roundcubemail/?_task=login&_action=login)
I also noticed this in /var/log/maillog:
Code: [Select]
Apr 13 14:14:51 MyServer dovecot[1349]: imap-login: Disconnected (no auth attempts in 60 secs): user=<>, rip=::1, lip=::1, TLS handshaking: SSL_accept() syscall failed: Success, session=<MbdLqLppmIAAAAAAAAAAAAAAAAAAAAAB>(Note: user = <>)

I have the following settings in my config.ini.php:
Code: [Select]
$config['default_host'] = 'localhost';
// TCP port used for IMAP connections
$config['default_port'] = 993;
If anyone can help me get beyond this initail stage I'd be very grateful!

Thanks in advance

Mark


Offline alec

  • Hero Member
  • *****
  • Posts: 1,363
Re: New Install - Can't get beyond login page
« Reply #1 on: April 13, 2018, 11:19:24 AM »
you have to use ssl:// prefix in the default_host setting.

Offline ArthurDent

  • Newbie
  • *
  • Posts: 8
Re: New Install - Can't get beyond login page
« Reply #2 on: April 13, 2018, 02:06:57 PM »
Well thanks for trying to help - however, it didn't work I'm afraid...

I tried:
Code: [Select]
$config['default_host'] = 'ssl://localhost';
$config['default_host'] = 'ssl://192.168.0.2';           // Internal IP address
$config['default_host'] = 'ssl://12.34.567.890';         // External IP address
$config['default_host'] = 'ssl://example.com';           // Server Address

None of these worked.

The error messages were *slightly different to before however:
Code: [Select]
[13-Apr-2018 18:52:14 +0100]: <p6420nv9> IMAP Error: Login failed for mark from 12.34.567.890. Could not connect to ssl://localhost:993: Unknown reason in /usr/share/roundcubemail/program/lib/Roundcube/rcube_imap.php on line 196 (POST /roundcubemail/?_task=login&_action=login)
[13-Apr-2018 18:53:27 +0100]: <p6420nv9> IMAP Error: Login failed for mark from 12.34.567.890. Could not connect to ssl://192.168.0.2:993: Unknown reason in /usr/share/roundcubemail/program/lib/Roundcube/rcube_imap.php on line 196 (POST /roundcubemail/?_task=login&_action=login)
[13-Apr-2018 18:54:19 +0100]: <p6420nv9> IMAP Error: Login failed for mark from 12.34.567.890. Could not connect to ssl://12.34.567.890:993: Unknown reason in /usr/share/roundcubemail/program/lib/Roundcube/rcube_imap.php on line 196 (POST /roundcubemail/?_task=login&_action=login)
[13-Apr-2018 18:55:02 +0100]: <p6420nv9> IMAP Error: Login failed for mark from 12.34.567.890. Could not connect to ssl://example.com:993: Unknown reason in /usr/share/roundcubemail/program/lib/Roundcube/rcube_imap.php on line 196 (POST /roundcubemail/?_task=login&_action=login)

Any other suggestions?

Thanks for the help so far... (much appreciated)

Mark

Offline JohnDoh

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 2,845
Re: New Install - Can't get beyond login page
« Reply #3 on: April 16, 2018, 08:06:16 AM »
whats the common name on the cert you are using? coz default_host should match that for cert verification. if you are using a self signed cert or one from letsencrypt or something like that then you probably also need to set imap_conn_options (setting verify_peer to false will disable cert verification)
Roundcube Plugins: Contextmenu, SpamAssassin Prefs, and more…

Offline ArthurDent

  • Newbie
  • *
  • Posts: 8
Re: New Install - Can't get beyond login page
« Reply #4 on: April 17, 2018, 12:51:48 PM »
Thanks for helping - Though sadly I don't seem that much further forward.

I do indeed have a self-signed certificate, but making the suggested changes have not helped...

This is what I now have in my config.inc.php file:
Code: [Select]
$config['default_host'] = 'ssl://www.mytld.com';

$config['imap_conn_options'] = array(
 'ssl'         => array(
     'verify_peer'       => false,
  ),
);

// Log IMAP conversation to <log_dir>/imap or to syslog
//$config['imap_debug'] = true;

// TCP port used for IMAP connections
$config['default_port'] = 993;

but still the error is the same:
Code: [Select]
[17-Apr-2018 17:41:53 +0100]: <g213evlj> IMAP Error: Login failed for mark from 12.34.567.890. Could not connect to ssl://www.mytld.com:993: Unknown reason in /usr/share/roundcubemail/program/lib/Roundcube/rcube_imap.php on line 196 (POST /roundcubemail/?_task=login&_action=login)
How can I troubleshoot this further?

Thanks again for helping...

Mark

Offline rm13

  • Full Member
  • ***
  • Posts: 129
Re: New Install - Can't get beyond login page
« Reply #5 on: April 17, 2018, 06:45:56 PM »
You said you have Dovecot up and running. Does that mean you can login as 'mark' with a different mail client than Roundcube? Or from command line?

Offline ArthurDent

  • Newbie
  • *
  • Posts: 8
Re: New Install - Can't get beyond login page
« Reply #6 on: April 18, 2018, 12:47:20 PM »
Yes indeed...

I and my family (this is a small server for me and my family) can access our mail on the dovecot server by using various mobile device clients (iPhone / iPad apple mail) as well as using the Evolution mail client on my Fedora Desktop.

Moreover, I can telnet into port 993 for 192.168.0.1 (internal IP), my external IP address, and my domainname. So yes, Dovecot is working OK...

Where to look next?

Thanks again for your help so far.

Mark

Offline JohnDoh

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 2,845
Re: New Install - Can't get beyond login page
« Reply #7 on: April 20, 2018, 11:45:20 AM »
i think that unknown reason message is normally due to cert problems i'm a bit suprised the imap_conn_options didn't help. you might need to put some debug code in to find out what is going on though. you could look in this function https://github.com/roundcube/roundcubemail/blob/master/program/lib/Roundcube/rcube_imap_generic.php#L949.

also you said you can telnet to your imap server. thats not really testing this as telnet is only going to use a plain text connection. you could check with something like this: https://stackoverflow.com/questions/14959461/how-to-talk-to-imap-server-in-shell-via-openssl but it sounds like your imap server is working, may be some issue with openssl on your webserver?
Roundcube Plugins: Contextmenu, SpamAssassin Prefs, and more…

Offline ArthurDent

  • Newbie
  • *
  • Posts: 8
Re: New Install - Can't get beyond login page
« Reply #8 on: April 21, 2018, 06:31:13 AM »
Thanks again!

I haven't had a chance to go through the first of those two links, but here is the output from the openssl command:

Code: [Select]
$ openssl s_client -connect 192.168.0.2:993

CONNECTED(00000003)
depth=0 OU = IMAP server, CN = my_TLD.com, emailAddress = me@my_email.com
verify error:num=18:self signed certificate
verify return:1
depth=0 OU = IMAP server, CN = my_TLD.com,, emailAddress = me@my_email.com
verify return:1
---
Certificate chain
 0 s:/OU=IMAP server/CN=my_TLD.com/emailAddress=me@my_email.com
   i:/OU=IMAP server/CN=my_TLD.com/emailAddress=me@my_email.com
---
Server certificate
-----BEGIN CERTIFICATE-----
MIICLTCCAZagAwIBAgIJAKvj4+dJnlnHMA0GCSqGSIb3DQEBCwUAME0xFDASBgNV
BAsMC0lNQVAgc2VydmVyMRQwEgYDVQQDDAtzYW5zb21lLm9yZzEfMB0GCSqGSIb3
... My SSL Cert...
AK5omWwUL4SxxUldZQEOSx1kOO08Jn6wiugdl1+k7ijb8AOeTwn5cGPlYv/sJkp8
5EQRRnL+JlYQWlj2+tJZm4t43OVOEA8Im4WjeELXGSOWAVctYNlzRSLVTlsCAqI1
ZTUWzNr+ilgMYT6BMEbIpT7b4kX5+LNsCrXH6oa0TVjW
-----END CERTIFICATE-----
subject=/OU=IMAP server/CN=my_TLD.com/emailAddress=me@my_email.com
issuer=/OU=IMAP server/CN=my_TLD.com/emailAddress=me@my_email.com
---
No client certificate CA names sent
Peer signing digest: SHA512
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 1058 bytes and written 347 bytes
Verification error: self signed certificate
---
New, TLSv1.2, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 1024 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : ECDHE-RSA-AES256-GCM-SHA384
    Session-ID: 1E1228FA308A101EE3AAE553272365963626BAB226ABA620067253A62A219908
    Session-ID-ctx:
    Master-Key: 01A9B32934A487D52F3860B2A83C618FC54AAF51DE31AFE02B9C4B81A8D773AC7418322E3F05C3AF3A214DE3EFD4C7B0
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    TLS session ticket lifetime hint: 7200 (seconds)
    TLS session ticket:
    0000 - dc 88 12 87 2a 66 c5 16-cf ca 7f ea bd cd 64 bb   ....*f........d.
    0010 - c7 59 9a 2d f5 d6 63 f3-e7 c4 f9 32 e6 95 af 64   .Y.-..c....2...d
    0020 - 27 36 3c d5 5a 27 e6 7b-ac bd ed 6b 58 1c 6b 6f   '6<.Z'.{...kX.ko
    0030 - 12 3c f1 99 d7 9c 13 33-18 bc e1 6e b9 bf 40 3f   .<.....3...n..@?
    0040 - 2d 09 59 75 a0 73 87 cc-4b ab 4a f9 02 0b 49 80   -.Yu.s..K.J...I.
    0050 - 3a 40 39 f0 85 52 3e 02-b1 15 ce f6 ff 7a 68 6d   :@9..R>......zhm
    0060 - 64 a3 eb 0e 36 c5 50 25-af 00 ef 56 ed 09 7f 78   d...6.P%...V...x
    0070 - a6 4e d5 17 17 e5 09 cb-b8 14 a8 5f 0a 2b 1c 2e   .N........._.+..
    0080 - 89 c8 19 43 55 7b ff b2-be 52 d9 7c 5d 0f b9 27   ...CU{...R.|]..'
    0090 - 7f e4 e6 f4 cf 8f a6 62-38 92 bd b7 ec 90 54 59   .......b8.....TY

    Start Time: 1524306134
    Timeout   : 7200 (sec)
    Verify return code: 18 (self signed certificate)
    Extended master secret: yes
---
* OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE AUTH=PLAIN] Dovecot ready.

Does this tell you anything useful to this this problem?

Thanks again!

Mark
« Last Edit: April 21, 2018, 09:36:13 AM by ArthurDent »

Offline ArthurDent

  • Newbie
  • *
  • Posts: 8
Re: New Install - Can't get beyond login page
« Reply #9 on: April 21, 2018, 10:07:56 AM »
Update:

With thanks to John Doh - who went to the trouble to PM me I have now solved this!

It seems that the fault was that my config.inc.php (see message # 4 above) had the line:
$config['default_host'] = 'ssl://.mytld.com';
changing this to:
$config['default_host'] = 'ssl://.mytld.com':993;
made it all work!

Many thanks to all who helped - and especially to John.

Now I am going to tgo and play with it!

Thanks again!

Mark