Author Topic: When wil Dovecot be supported?  (Read 4423 times)

Offline chris01

  • Jr. Member
  • **
  • Posts: 11
When wil Dovecot be supported?
« on: April 25, 2018, 05:08:24 PM »
Hello,
I've been attempting to get RC running with Dovecot since (RC) 0.9. But RC won't communicate
with Dovecot. I'm currently attempting with RC-1.3.6, it stalls after initiating a connection with
Dovecot;
Code: [Select]
# RC log
[2018-Apr-25 13:39:10 -0700]: <c3a5de0e> IMAP Error: Login failed for <my-name-here> from NNN.NN.NNN.NN. Empty startup greeting (localhost:993) in /usr/local/www/rc/program/lib/Roundcube/rcube_imap.php on line 196 (POST /rmail/?_task=login&_action=login)

Code: [Select]
# Dovecot transcript
Apr 25 13:37:40 auth: Debug: Loading modules from directory: /usr/local/lib/dovecot/auth
Apr 25 13:37:40 auth: Debug: Read auth token secret from /var/run/dovecot/auth-token-secret.dat
Apr 25 13:37:40 auth: Debug: auth client connected (pid=25072)
Apr 25 13:39:10 imap-login: Info: Disconnected (no auth attempts in 90 secs): user=<>, rip=127.0.0.1, lip=127.0.0.1, TLS handshaking: Disconnected, session=<a21fQ7JqlwB/AAAB>

I have zero trouble with other (web) clients communicating with Dovecot. In fact RC is the only client I
haven't been able to get to communicate with Dovecot. It seems as tho RC initiates the connection, Dovecot
attempts to create a session. But both stop, as tho they are both waiting for the other, before continuing.
I've searched the web for this, and I've found some 10,000 entries. But none with a solution.

Thank you for all your time, and consideration.

--Chris

P.S: *BSD / Apache / Dovecot 2.x / RC-1.3.6

Offline SKaero

  • Administrator
  • Hero Member
  • *****
  • Posts: 5,876
    • SKaero - Custom Roundcube development
Re: When wil Dovecot be supported?
« Reply #1 on: April 25, 2018, 09:06:45 PM »
What is the config for IMAP in Roundcube.

Offline chris01

  • Jr. Member
  • **
  • Posts: 11
Re: When wil Dovecot be supported?
« Reply #2 on: April 25, 2018, 10:07:34 PM »
What is the config for IMAP in Roundcube.
Hello, and thanks for the reply!
Code: [Select]
$config['default_host'] = 'localhost';
$config['default_port'] = 993;
$config['imap_auth_type'] = PLAIN; # localhost over a secured connection, so plain is safe :-)
$config['imap_conn_options'] = null; # there is no cert involved, so array(values/tokens) omitted
$config['imap_timeout'] = 90;
$config['imap_auth_cid'] = null;
$config['imap_auth_pw'] = null;
$config['imap_delimiter'] = null;
$config['imap_vendor'] = dovecot;
$config['imap_ns_personal'] = null;
$config['imap_ns_other']    = null;
$config['imap_ns_shared']   = null;
$config['imap_log_session'] = true;
I can confirm RC will communicate, and works as expected with Dovecot over port 143.
But with come 30k users, I'm not going to teach everyone of them how to change their (client)
settings. It's too big a time loss, and RC should work fine over a secured (IMAP) port anyway. :-)

Hope I provided enough info, and thanks again!

--Chris

Offline chris01

  • Jr. Member
  • **
  • Posts: 11
Re: When wil Dovecot be supported?
« Reply #3 on: April 26, 2018, 01:13:21 AM »
Dovecot is opening a connection for RC. But RC isn't sending anything. Is there any way to tell RC to send LOGIN
with name and password? I don't have a problem initiating a LOGIN through telnet. But I can't see any RC config
setting to modify RC IMAPS login behavior.

Thanks.

--Chris

Offline alec

  • Hero Member
  • *****
  • Posts: 1,363
Re: When wil Dovecot be supported?
« Reply #4 on: April 26, 2018, 01:46:20 AM »
You have to tell Roundcube to use ssl by adding ssl:// prefix to the default_host.

Also note that config.inc.php is a PHP file and should use PHP syntax, i.e. all strings should be quoted.

Offline chris01

  • Jr. Member
  • **
  • Posts: 11
Re: When wil Dovecot be supported?
« Reply #5 on: April 26, 2018, 02:14:01 AM »
Thanks for the reply, alec.
prepending ssl:// to localhost at least elicits a new error. As adding that it requires having
a CERT. But given Dovecot && RC are on the same box, and authenticating against localhost
it's pretty pointless. :-)
I (RC) should simply use a secure connection on port 993. But apparently can't? Removing ssl://
from localhost results in RC just opening a connection to Dovecot, and doing nothing further. Dovecot
eventually (after 90 seconds) hangs up. Because RC had nothing more to say.  :-\
I've have CERTS for all my domains. But adding one just for localhost seems like pointless overhead.
Surely requiring CERTS isn't the only way to get RC to communicate (securely) on port 993?

Thanks again, for taking the time to reply, alec!

--Chris

Offline JohnDoh

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 2,845
Re: When wil Dovecot be supported?
« Reply #6 on: April 26, 2018, 02:33:27 AM »
Try writing the default_host like this 'ssl://<FQDN>:993' make sure the FQDN matches the CN of your cert. If you are using a self signed cert or one from LetsEncrypt then you will also need to use imap_conn_options to disable certificate verification.

Quote
...But with come 30k users, I'm not going to teach everyone of them how to change their (client) settings....
Out of interest why would configuring your webmail to use port 143 require clients to change any settings?
Roundcube Plugins: Contextmenu, SpamAssassin Prefs, and more…

Offline chris01

  • Jr. Member
  • **
  • Posts: 11
Re: When wil Dovecot be supported?
« Reply #7 on: April 26, 2018, 03:09:54 AM »
Try writing the default_host like this 'ssl://<FQDN>:993' make sure the FQDN matches the CN of your cert. If you are using a self signed cert or one from LetsEncrypt then you will also need to use imap_conn_options to disable certificate verification.
Thanks for the reply!
Yes it works. I whipped up a self-signed cert, after my last reply, to verify. But why is this necessary? IOW why
does RC refuse to talk to Dovecot after opening a connection on port 993? None of the other clients (web or otherwise)
I've worked with have this problem. Only RC.  IMHO this seems like a flaw. :-\
I guess if I really want to use RC, I'm going to have to write an IMAP(S) library to replace the one it uses.
Or rewrite the one it currently uses. Not (yet) sure it's worth it, or if I can find the time.

Quote
...But with come 30k users, I'm not going to teach everyone of them how to change their (client) settings....
Out of interest why would configuring your webmail to use port 143 require clients to change any settings?
Wasn't thinking it through (my mind was still full of "how do I make this work" && "why isn't this working") IOW
They won't. Because the changes only affect RC.  :P

Thanks again, for taking the time to reply!

--Chris

Offline JohnDoh

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 2,845
Re: When wil Dovecot be supported?
« Reply #8 on: April 26, 2018, 05:14:49 AM »
I'm not sure why you have to put the port number. I don't think you should but if you have a look around the forum you'll find another similar post where this was the solution.

I'm not sure what you mean about the rest. Port 993 is used for secure IMAP so Roundcube needs to know the protocol to use (ssl/tls). PHP made certificate verification the default in the last few years. I can't remember exactly which version but its why there are the imap_conn_options so you can control that verification or disable it if you want want it.
Roundcube Plugins: Contextmenu, SpamAssassin Prefs, and more…

Offline chris01

  • Jr. Member
  • **
  • Posts: 11
Re: When wil Dovecot be supported?
« Reply #9 on: April 26, 2018, 09:50:06 AM »
I'm not sure why you have to put the port number. I don't think you should but if you have a look around the forum you'll find another similar post where this was the solution.
hmm... odd. Makes no sense to me (that a cert is required).

I'm not sure what you mean about the rest. Port 993 is used for secure IMAP so Roundcube needs to know the protocol to use (ssl/tls). PHP made certificate verification the default in the last few years. I can't remember exactly which version but its why there are the imap_conn_options so you can control that verification or disable it if you want want it.
Again, IMHO odd. I understand that port 993 doesn't tell RC whether it's tls, or ssl. But that would be a trivial task for
RC to determine on it's own. As to PHP making the change to require a cert; The box I'm testing this on, is only using version 5.6.
I can only imagine anyone requiring a cert due to the elimination (depreciation) of the "NULL" cert by openssl, after the "heartbleed",
and similar vulnerabilities found in the openssl' implementation of SSL. But that wasn't even a year ago. I remember it well, as I maintain
some 200 ports for the *BSD ports system. Many of which required modifications after the change.  :-\
Honestly; I'n not sure why anyone would continue to use the openssl' implementation of SSL anymore. It was great in the 20th
century, but it really shows it's age, these days.
On the other hand; I have 2 other web-based mail clients I use, that happily communicate with Dovecot on port 993 without the
need to specifically state ssl, or tls. Nor do they require a cert, and both of them are built on PHP.
I've still got some free(ish) time available. I've whipped up a port/mail/IMAP(s) tester built in PHP. At this point it tests whether the
MX/IMAP(s) communicate on the requested ports, and works well. I'm now going to attempt to add some "debugging" features to
it. So I can conclusively determine why RC won't work on port 993 w/o specifically adding an implementation, and cert. While
other clients do.

Thank you very much for taking the time to respond, John!

--Chris

Offline JohnDoh

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 2,845
Re: When wil Dovecot be supported?
« Reply #10 on: April 26, 2018, 03:20:15 PM »
To be fair to Roundcube I'd say that the config for the host could possibly have been simpler (though I have not yet looked into why you have to put the port in to the connection string) the cert validation  stuff is down to PHP and openssl and outside of Roundcube's control and any connection on 993 requires that info.
Roundcube Plugins: Contextmenu, SpamAssassin Prefs, and more…