Author Topic: Upgrading from a 1.0 release  (Read 8562 times)

Offline soprano

  • Jr. Member
  • **
  • Posts: 31
Re: Upgrading from a 1.0 release
« Reply #15 on: April 09, 2020, 12:50:21 PM »
In the syslog logs there are some failed login errors but are a lot less, errors are not each 60 seconds

I don't know why now, the old version 1.0.1 has some imap failed login errors but not so many.

Claudio

Offline JohnDoh

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 2,845
Re: Upgrading from a 1.0 release
« Reply #16 on: April 09, 2020, 02:19:32 PM »
But the login entries you posted come from dovecot right? So unless there are corresponding entries in your roundcube logs then the requests are not coming from roundcube.
Roundcube Plugins: Contextmenu, SpamAssassin Prefs, and more…

Offline soprano

  • Jr. Member
  • **
  • Posts: 31
Re: Upgrading from a 1.0 release
« Reply #17 on: April 10, 2020, 03:35:10 AM »
Yes the previous logs were from dovecot.

I suppose maybe is it the imapproxy, but its configuration is not changed in the while.

And i don't understand because the authentication error is each one after 60 seconds from the previous for the same user.

Do you have some imapproxy software to reccomend ?

We use UWimapproxy maybe there is a better one ?

Claudio

Offline JohnDoh

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 2,845
Re: Upgrading from a 1.0 release
« Reply #18 on: April 10, 2020, 03:55:31 AM »
Quote
I suppose maybe is it the imapproxy
how do you not know for sure where the request are coming from? The dovecot logs have the remote IP and and I know for sure Roundcube logs errors and I presume your imapproxy has logs.
Roundcube Plugins: Contextmenu, SpamAssassin Prefs, and more…

Offline soprano

  • Jr. Member
  • **
  • Posts: 31
Re: Upgrading from a 1.0 release
« Reply #19 on: April 10, 2020, 05:44:11 AM »
On dovecot (imap server) i have login errors coming from my roundcube IP addresses (remember i have a load balancing setup), so i know for sure they are coming from roundcube servers.

I know that on the imapproxy i have these entries:

Apr 10 11:31:50 webmail1 in.imapproxyd[812]: LOGIN: 'XXXXX' (127.0.0.1:51986) failed: non-OK server response to LOGIN command: NO [AUTHENTICATIONFAILED] Authentication failed.

Apr 10 11:31:50 webmail1new roundcube: IMAP Error: Login failed for XXXXX from <IPADDRESS>. LOGIN: Authentication failed. in /var/www/html/program/lib/Roundcube/rcube_imap.php on line 184 (POST /?_task=login?_task=login&_action=login)

These are from yesterday from same user

Apr  9 17:26:55 webmail1 in.imapproxyd[812]: LOGIN: 'YYYYYYY' (127.0.0.1:52936) failed: non-OK server response to LOGIN command: NO [AUTHENTICATIONFAILED] Authentication failed.

Apr  9 17:27:55 webmail1 in.imapproxyd[812]: LOGIN: 'YYYYYYY' (127.0.0.1:53260) failed: non-OK server response to LOGIN command: NO [AUTHENTICATIONFAILED] Authentication failed.

Apr  9 17:28:59 webmail1 in.imapproxyd[812]: LOGIN: 'YYYYYYY' (127.0.0.1:53648) failed: non-OK server response to LOGIN command: NO [AUTHENTICATIONFAILED] Authentication failed.

Apr  9 17:29:55 webmail1 in.imapproxyd[812]: LOGIN: 'YYYYYYY' (127.0.0.1:54120) failed: non-OK server response to LOGIN command: NO [AUTHENTICATIONFAILED] Authentication failed.

Apr  9 17:30:55 webmail1 in.imapproxyd[812]: LOGIN: 'YYYYYYY' (127.0.0.1:54474) failed: non-OK server response to LOGIN command: NO [AUTHENTICATIONFAILED] Authentication failed.

and so on up to 17:44:55 each minute at 55 seconds and i don't know why, anyway all the night i have no authentication problems at all, i'll check today if these problems occurs again (i don't think a user can digit the wrong password each minute at the exact same seconds each time for 20 times).

Claudio
Claudio


Offline soprano

  • Jr. Member
  • **
  • Posts: 31
Re: Upgrading from a 1.0 release
« Reply #20 on: April 10, 2020, 10:24:47 AM »
anyway today the authentication errors seems come back to normal level, anymore i see all these messages each minute.

maybe a brute force attack on roundcube ? but they have to know the username of those users or there were some security flaws after v1.0.12 was released and never fixed ?

Anyway i will move very soon to v1.2.9 at least so we will be in LTS security support and if possibile we will move then to the latest version.

I saw that v1.2.9 works on mobile devices, finally in landscape i can see the message titles and can read the messages, is it not still the right mobile interface but at least it is usable on mobile phones.

Thanks for now
Claudio

Offline soprano

  • Jr. Member
  • **
  • Posts: 31
Re: Upgrading from a 1.0 release
« Reply #21 on: April 15, 2020, 10:03:13 AM »
Hi all,

i'm again here, i moved a cloned webmail machine from v1.0.2 to v.1.2.9 without any apparent problem.

I moved from php v5.4 to php v7.3.16 (latest available) because v1.3.x needs php > 5.4 so i don't know if the problems are related to the new PHP

Today i tried to move to v1.3.10 latest LTS version, the upgrade gone well, no errors, but then i had 3 problems, 1 was fixed but i would like to know why it is there now, 1 is a layout problem and 1 can't make me use roundcube.

These are the problems i had:

1) php sessions that before worked without problem, now give problem with the uid

Apr 15 12:33:18 webmailnew httpd-webmailnew[14059]: [proxy_fcgi:error] [pid 14100] [client
 10.15.66.13:51177] AH01071: Got error 'PHP message: PHP Warning:  session_start(): Session data file
is not created by your uid in /var/www/html/program/lib/Roundcube/rcube_session.php on line 129PHP mes
sage: PHP Warning:  session_start(): Failed to read session data: files (path: /XXX/XXX/webmailnew/phpsessions) in /var/www/html/program/lib/Roundcube/rcube_session.php on
 line 129', referer: https://webmailnew/?_task=login

The session storage is a shared storage where i can't change the owner of the folder, but apache user (that runs httpd) can write/read without problems.

For now I solved this one moving the sessions from php to DB but i would like to know why it is not working anymore.

2) I can connect to roundcube, login, read the emails, download the attachments, but i can't send emails anymore, it gives always

Apr 15 15:43:26 webmailnew httpd-webmailnew[25254]: [proxy_fcgi:error] [pid 25260] [client
 10.15.66.13:51691] AH01071: Got error 'PHP message: ERROR: STARTTLS failed ()PHP message: ERROR: Inva
lid response code received from server (-1)PHP message: ERROR: Invalid response code received from ser
ver (-1)', referer: https://webmailnew/?_task=mail&_action=compose&_id=3002398545e970db56a
5a1&_search=aa79f5c436586296d1b7e8e366b4a611

Before moving to roundcube v1.3.10 all was working really good.

I remember you that i'm using imapproxy on the roundcube server.

3) i see the new roundcube layout has 3 sections divided in columns, one column for imap folders, one to list the title of emails in the inbox and the third one to show the email content, is it possible to move the section for the email content in another place ? mobile devices can't display very well this
 roundcube layout, neither the login page (it is some way trunked), neither the inbox contents, i prefer v1.2.9 layout is it possible to revert to it ? if yes how ?

I didn't change any configuration settings in the config.inc.php and it worked like a charm before the upgrade to v1.3.10

Thanks for any suggestion
Claudio

Offline soprano

  • Jr. Member
  • **
  • Posts: 31
Re: Upgrading from a 1.0 release
« Reply #22 on: April 15, 2020, 10:28:06 AM »
I enabled log to 4 and smtp_debug

in /var/log/maillog i found this

Apr 15 16:20:24 webmailnew roundcube: <hnfdc92e> Recv: 220 lnf.infn.it ESMTP server; Wed, 15 Apr 2020 16:20:23 +0200
Apr 15 16:20:24 webmailnew roundcube: <hnfdc92e> Send: EHLO webmailnew
Apr 15 16:20:24 webmailnew roundcube: <hnfdc92e> Recv: 250-smtp Hello webmailnew [XXX.XXX.XXX.XXX], pleased to meet you
Apr 15 16:20:24 webmailnew roundcube: <hnfdc92e> Recv: 250-ENHANCEDSTATUSCODES
Apr 15 16:20:24 webmailnew roundcube: <hnfdc92e> Recv: 250-PIPELINING
Apr 15 16:20:24 webmailnew roundcube: <hnfdc92e> Recv: 250-8BITMIME
Apr 15 16:20:24 webmailnew roundcube: <hnfdc92e> Recv: 250-SIZE 30000000
Apr 15 16:20:24 webmailnew roundcube: <hnfdc92e> Recv: 250-DSN
Apr 15 16:20:24 webmailnew roundcube: <hnfdc92e> Recv: 250-AUTH GSSAPI
Apr 15 16:20:24 webmailnew roundcube: <hnfdc92e> Recv: 250-STARTTLS
Apr 15 16:20:24 webmailnew roundcube: <hnfdc92e> Recv: 250-DELIVERBY
Apr 15 16:20:24 webmailnew roundcube: <hnfdc92e> Recv: 250 HELP
Apr 15 16:20:24 webmailnew roundcube: <hnfdc92e> Send: STARTTLS
Apr 15 16:20:24 webmailnew roundcube: <hnfdc92e> Recv: 220 2.0.0 Ready to start TLS
Apr 15 16:20:24 webmailnew roundcube: <hnfdc92e> Send: RSET
Apr 15 16:20:24 webmailnew roundcube: <hnfdc92e> Recv: \x16\x03\x03\x01M\x0c
Apr 15 16:20:24 webmailnew roundcube: <hnfdc92e> Send: QUIT
Apr 15 16:20:24 webmailnew roundcube: <hnfdc92e> Recv: \x13\x0bEntrust.net1;09\x06\x03U\x04\x0b\x132www.entrust.net/CPS incorp. by ref. (limits liab.)1%0#\x06\x03U\x04\x0b\x13\x1c(c) 1999 Entrust.net Limited1:08\x06\x03U\x04\x03\x131Entrust.net Secure Server Certification Authority


Offline soprano

  • Jr. Member
  • **
  • Posts: 31
Re: Upgrading from a 1.0 release
« Reply #23 on: April 15, 2020, 10:43:02 AM »
my config.inc.php

$config['smtp_server'] = 'tls://server.domain';

$config['smtp_port'] = 587;

$config['smtp_user'] = '%u';

$config['smtp_pass'] = '%p';

$config['debug_level'] = 4;

$config['smtp_debug'] = true;

Offline soprano

  • Jr. Member
  • **
  • Posts: 31
Re: Upgrading from a 1.0 release
« Reply #24 on: April 15, 2020, 10:43:54 AM »
We are using LDAP something is changed ?

Claudio

Offline soprano

  • Jr. Member
  • **
  • Posts: 31
Re: Upgrading from a 1.0 release
« Reply #25 on: April 15, 2020, 11:26:45 AM »
The strange thing is that i have no log file for roundcube in the /var/www/html/logs/ folder

Maybe it is normal i send all to syslog.

Claudio

Offline JohnDoh

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 2,845
Re: Upgrading from a 1.0 release
« Reply #26 on: April 15, 2020, 01:08:17 PM »
Quote
1) php sessions that before worked without problem, now give problem with the uid
no idea, sorry

Quote
2) I can connect to roundcube, login, read the emails, download the attachments, but i can't send emails anymore, it gives always
SSL/TLS certificate verification was enabled by default starting with PHP 5.6 perhaps this is the issue. see here https://github.com/roundcube/roundcubemail/wiki/FAQ#problems-connecting-imapsmtp-server-via-ssltls

Quote
3) i see the new roundcube layout has 3 sections divided in columns
The Larry skin has 3 layout modes - list (no preview pane), widescreen (3 columns), desktop (preview pane below the message list). The layout mode can be changed from the settings screen or from the gear/cog icon in the top left coner of the message list

Quote
mobile devices can't display very well this
The Larry skin is not designed to work on mobiles. Support for mobiles (and tablets) was added to Roundcube in versoin 1.4 as part of the Elastic skin.
Roundcube Plugins: Contextmenu, SpamAssassin Prefs, and more…

Offline soprano

  • Jr. Member
  • **
  • Posts: 31
Re: Upgrading from a 1.0 release
« Reply #27 on: April 16, 2020, 04:11:10 AM »
Quote
1) php sessions that before worked without problem, now give problem with the uid
no idea, sorry

No problem i will switch to DB, just curios

Quote
2) I can connect to roundcube, login, read the emails, download the attachments, but i can't send emails anymore, it gives always
SSL/TLS certificate verification was enabled by default starting with PHP 5.6 perhaps this is the issue. see here https://github.com/roundcube/roundcubemail/wiki/FAQ#problems-connecting-imapsmtp-server-via-ssltls

Ok the problem seems this, if i disable the verify_peer all works, but now i want to enable it but i can't seems to resolve it, my smtp certificate use an intermediate CA, so i have

certficate -> intermediate ca -> root ca

in the local ca files can i put inside both ? i need to respect an order ? if yes can you explain it, please ?

Quote
3) i see the new roundcube layout has 3 sections divided in columns
The Larry skin has 3 layout modes - list (no preview pane), widescreen (3 columns), desktop (preview pane below the message list). The layout mode can be changed from the settings screen or from the gear/cog icon in the top left coner of the message list

is it possible to set it for all users ? a general setting i mean.

Quote
mobile devices can't display very well this
The Larry skin is not designed to work on mobiles. Support for mobiles (and tablets) was added to Roundcube in versoin 1.4 as part of the Elastic skin.

version 1.2.9 worked good on mobile devices in landscape mode

thanks for now
Claudio

Offline soprano

  • Jr. Member
  • **
  • Posts: 31
Re: Upgrading from a 1.0 release
« Reply #28 on: April 16, 2020, 04:17:09 AM »
Ok i solved the problem with the CA file

i put intermediate e root ca in the smtp-ca.crt file and now i can send messages

Claudio

Offline soprano

  • Jr. Member
  • **
  • Posts: 31
Re: Upgrading from a 1.0 release
« Reply #29 on: April 16, 2020, 05:01:50 AM »
I added 2 images one for v1.2.9 appearance and one for v1.3.10 appearance

Is it possible to switch v1.3.10 like v.1.2.9 for all users ?

If yes which file i have to modify and how ?

Thanks in advance
Claudio