Author Topic: Cannot login Roundcube dashboard  (Read 2699 times)

Offline TomHsiung

  • Jr. Member
  • **
  • Posts: 16
Cannot login Roundcube dashboard
« on: January 18, 2019, 08:37:48 AM »
Hello,

I can send email via Macintosh mail.app, via my self-hosted Postfix/Dovecot server, which has been confirmed by sending and receiving emails with email service providers.

I downloaded the latest Roundcube stable version and uploaded the script to the web directory. After browsing the .../installer directory, all required and optional preretirements have been achieved.

However, when I tried to login into the webmail, I got an error: connection-to-storage-server-failed.

Offline JohnDoh

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 2,275
Re: Cannot login Roundcube dashboard
« Reply #1 on: January 19, 2019, 02:09:25 AM »
That means Roundcube could not connect to your IMAP server. Check your Roundcube config. More details about the error may be available in the Roundcube error log.
Roundcube Plugins: Contextmenu, SpamAssassin Prefs, and more…

Offline TomHsiung

  • Jr. Member
  • **
  • Posts: 16
Re: Cannot login Roundcube dashboard
« Reply #2 on: January 19, 2019, 03:52:11 AM »
Here is the error log:

Code: [Select]
[19-Jan-2019 16:47:58 +0800]: <tt3ij78l> IMAP Error: Login failed for username from x.x.x.x. Empty startup greeting (localhost:993) in /xxx/roundcubemail/program/lib/Roundcube/rcube_imap.php on line 196 (POST /roundcubemail/?_task=login&_action=login)
When I test the SMTP function, I got:
Code: [Select]
[19-Jan-2019 17:00:14 Asia/Shanghai] ERROR: Invalid response code received from server (530)
« Last Edit: January 19, 2019, 04:01:42 AM by TomHsiung »

Offline JohnDoh

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 2,275
Re: Cannot login Roundcube dashboard
« Reply #3 on: January 19, 2019, 05:54:36 AM »
"Empty startup greeting" is a TLS error. I see you are connecting to localhost:993. There is no need for TLS when connecting localhost and if you do want it you'll also need to disable certificate validation (see imap_conn_options). What have you set default_host' and 'default_port' too?
Roundcube Plugins: Contextmenu, SpamAssassin Prefs, and more…

Offline TomHsiung

  • Jr. Member
  • **
  • Posts: 16
Re: Cannot login Roundcube dashboard
« Reply #4 on: January 19, 2019, 06:26:06 AM »
Default host
Code: [Select]
$config['default_host'] = 'tls://localhost';
Default port
Code: [Select]
$config['default_port'] = 993;

Offline TomHsiung

  • Jr. Member
  • **
  • Posts: 16
Re: Cannot login Roundcube dashboard
« Reply #5 on: January 19, 2019, 06:37:30 AM »
"Empty startup greeting" is a TLS error. I see you are connecting to localhost:993. There is no need for TLS when connecting localhost and if you do want it you'll also need to disable certificate validation (see imap_conn_options). What have you set default_host' and 'default_port' too?

Yep, it is not necessary to use transport layer security mechanism. However, I want to make sure that, if Roundcube supports transport layer secure transport? It is obviously my Macintosh Mail.app support the transport layer secure transport. How about Roundcube webmail? If I use Roundcube webmail to connect to a remote email server, for instance, there is a need to use transport layer security. Thanks.

Tom

Offline JohnDoh

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 2,275
Re: Cannot login Roundcube dashboard
« Reply #6 on: January 19, 2019, 09:37:40 AM »
Roundcube supports TLS yes. Try changing tls:// to ssl:// in your default_host config. See the answer here for more explanation https://serverfault.com/questions/690200/roundcube-dovecot-ssl-errors-when-trying-to-log-in
Roundcube Plugins: Contextmenu, SpamAssassin Prefs, and more…

Offline TomHsiung

  • Jr. Member
  • **
  • Posts: 16
Re: Cannot login Roundcube dashboard
« Reply #7 on: January 20, 2019, 02:24:45 AM »
For SMTP server.

When I tried ssl://, I got:
Code: [Select]
[20-Jan-2019 15:11:05 Asia/Shanghai] ERROR: fsockopen(): unable to connect to ssl://localhost:587 (Unknown error) (0)
[20-Jan-2019 15:11:05 Asia/Shanghai] ERROR: Failed to connect socket: fsockopen(): unable to connect to ssl://localhost:587 (Unknown error) ()

When I tried tls://, I got:
Code: [Select]
[20-Jan-2019 15:22:36 Asia/Shanghai] ERROR: Invalid response code received from server (530)
[20-Jan-2019 15:22:36 Asia/Shanghai] ERROR: Invalid response code received from server (530)

Offline TomHsiung

  • Jr. Member
  • **
  • Posts: 16
Re: Cannot login Roundcube dashboard
« Reply #8 on: January 20, 2019, 02:43:39 AM »
When I tried IMAPs for ssl://, I got:
Code: [Select]
[20-Jan-2019 15:38:52 Asia/Shanghai] PHP Deprecated:  idn_to_ascii(): INTL_IDNA_VARIANT_2003 is deprecated in x/x/x/test.php on line 416
[20-Jan-2019 15:38:52 Asia/Shanghai] PHP Deprecated:  idn_to_ascii(): INTL_IDNA_VARIANT_2003 is deprecated in x/x/x/test.php on line 417

Offline JohnDoh

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 2,275
Re: Cannot login Roundcube dashboard
« Reply #9 on: January 20, 2019, 06:16:56 AM »
Quote
[20-Jan-2019 15:11:05 Asia/Shanghai] ERROR: fsockopen(): unable to connect to ssl://localhost:587 (Unknown error) (0)
Did you disable certificate verification? see smtp_conn_options

Quote
[20-Jan-2019 15:38:52 Asia/Shanghai] PHP Deprecated:  idn_to_ascii(): INTL_IDNA_VARIANT_2003 is deprecated in x/x/x/test.php on line 416
Fixed in version 1.3.4 see https://github.com/roundcube/roundcubemail/issues/6075
Roundcube Plugins: Contextmenu, SpamAssassin Prefs, and more…

Offline TomHsiung

  • Jr. Member
  • **
  • Posts: 16
Re: Cannot login Roundcube dashboard
« Reply #10 on: January 22, 2019, 04:21:02 AM »
I think it is safe to enable transport layer security (asymmetrical encryption). So I have to enable the certification verification (public key).

Tom

Offline TomHsiung

  • Jr. Member
  • **
  • Posts: 16
Re: Cannot login Roundcube dashboard
« Reply #11 on: February 03, 2019, 09:58:56 AM »
Quote
Did you disable certificate verification? see smtp_conn_options

If the certificate verification is disabled, what difference it will be?

Offline JohnDoh

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 2,275
Re: Cannot login Roundcube dashboard
« Reply #12 on: February 04, 2019, 05:38:30 AM »
Any one can create a self-signed cert for any common name (CN). Certificate validation checks the Certificate Authority (CA) which issued the certificate to see that its valid. Because self-signed certs are not signed by a known CA they will fail validation. If you are using self-signed certs or certs from an unknown CA then using imap/smtp_conn_options you can disable the verification to allow the connection to be established. Or rather than disabling verificaiton you can also configure the CA information to allow OpenSSL (the unlying lib) to verify the certificate. There are comments in defaults.inc.php with more info.
Roundcube Plugins: Contextmenu, SpamAssassin Prefs, and more…

Offline TomHsiung

  • Jr. Member
  • **
  • Posts: 16
Re: Cannot login Roundcube dashboard
« Reply #13 on: February 05, 2019, 09:47:26 AM »
I do use self-assigned keys. But, my email client (for example, the Mac mail.app) is able to access my mail server, with certificate enabled.

It sounds like it not the issue of the transport layer security it self. It's about the keys, for which the round cube requires a key assigned by a CA company. If I disable the verification, does the transport layer security mechanism still work?

Tom
« Last Edit: February 05, 2019, 09:50:55 AM by TomHsiung »

Offline TomHsiung

  • Jr. Member
  • **
  • Posts: 16
Re: Cannot login Roundcube dashboard
« Reply #14 on: February 05, 2019, 10:25:46 AM »
And I tried:

Code: [Select]
$config['imap_conn_options'] = FALSE;
$config['smtp_conn_options'] = FALSE;

Not work

Code: [Select]
$config['imap_conn_options'] = false;
$config['smtp_conn_options'] = false;

Not work

Code: [Select]
$config['imap_conn_options'] = null;
$config['smtp_conn_options'] = null;

Not work, too.

======After reading some online references======

It should be:

Code: [Select]
$config['imap_conn_options'] = array(
  'ssl'         => array(
     'verify_peer'  => false,
     'verify_peer_name' => false,
   ),
 );


$config['smtp_conn_options'] = array(
  'ssl'         => array(
     'verify_peer'  => false,
     'verify_peer_name' => false,
   ),
 );

And now I could login into the dashboard.
« Last Edit: February 05, 2019, 10:40:29 AM by TomHsiung »