SSL/TLS authentication setup for webmail client / Roundcubemail 1.6.2

[Crankymail]

Hello all I have a nagging problem with setting up roundcubemail-1.6.2  with SSL/TLS authentication. I want to use : POP or IMAP on SSL/TLS  not STARTLS. This is how my current config.inc.php looks like :

// IMAP
$config['imap_host'] = '127.0.0.1';
$config['default_host'] = 'ssl://imap.uwb.edu.pl';
$config['default_port'] = 993;
$config['imap_auth_type'] = 'LOGIN';
$config['imap_delimiter'] = '/';
// Required if you're running PHP 5.6 or later
$config['imap_conn_options'] = array(
    'ssl' => array(
        'verify_peer'  => false,
        'verify_peer_name' => false,
    ),
);

// SMTP
$config['smtp_host'] = '127.0.0.1';
$config['smtp_server'] = 'ssl://smtp.uwb.edu.pl';
$config['default_port'] = 465;
$config['smtp_user'] = '%u';
$config['smtp_pass'] = '%p';
$config['smtp_auth_type'] = 'LOGIN';
// Required if you're running PHP 5.6 or later
$config['smtp_conn_options'] = array(
    'ssl' => array(
        'verify_peer'      => false,
        'verify_peer_name' => false,
    ),
);

In dovecot.conf :

ssl_min_protocol = TLSv1.2
ssl = required
verbose_ssl = no
disable_plaintext_auth = yes
auth_mechanisms = PLAIN LOGIN
mail_location = maildir:%Lh/Maildir/:INDEX=%Lh/Maildir/

In postfix main.cf :

# Sender restrictions
smtpd_sender_restrictions =
    permit_mynetworks
    reject_unknown_sender_domain
    reject_non_fqdn_sender
    reject_unlisted_sender
    permit_sasl_authenticated
    check_sender_access pcre:/etc/postfix/sender_access.pcre

# Recipient restrictions
smtpd_recipient_restrictions =
    reject_unknown_recipient_domain
    reject_non_fqdn_recipient
    reject_unlisted_recipient
    check_policy_service inet:127.0.0.1:7777
    permit_mynetworks
    permit_sasl_authenticated
    reject_unauth_destination
    check_policy_service inet:127.0.0.1:12340

And in postfix master.cf :

smtp      inet  n       -       y       -       1       postscreen
smtpd     pass  -       -       y       -       -       smtpd
dnsblog   unix  -       -       y       -       0       dnsblog
tlsproxy  unix  -       -       y       -       0       tlsproxy

# Submission, port 587, force TLS connection.
submission inet n       -       n       -       -       smtpd
  -o syslog_name=postfix/submission
  -o smtpd_tls_security_level=encrypt
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
  -o content_filter=smtp-amavis:[127.0.0.1]:10026

# smtps, port 465, force SSL connection.
465 inet  n       -       n       -       -       smtpd
  -o syslog_name=postfix/smtps
  -o smtpd_tls_wrappermode=yes
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
#  -o content_filter=smtp-amavis:[127.0.0.1]:10026

[JohnDoh]

The `default_host`, `default_port` and 'smtp_server' where all removed in Roundcube 1.6 as described in the release announcement. I guess you upgraded from an earlier version and thats where you got the old vars from.

I think what you want is:

Code: [Select]

// IMAP
$config['imap_host'] = 'ssl://imap.uwb.edu.pl:993';
$config['imap_auth_type'] = 'LOGIN';
$config['imap_delimiter'] = '/';
// Required if you're running PHP 5.6 or later
$config['imap_conn_options'] = array(
    'ssl' => array(
        'verify_peer'  => false,
        'verify_peer_name' => false,
    ),
);

// SMTP
$config['smtp_host'] = 'ssl://smtp.uwb.edu.pl:465';
$config['smtp_user'] = '%u';
$config['smtp_pass'] = '%p';
$config['smtp_auth_type'] = 'LOGIN';
// Required if you're running PHP 5.6 or later
$config['smtp_conn_options'] = array(
    'ssl' => array(
        'verify_peer'      => false,
        'verify_peer_name' => false,
    ),
);

If you are trying to connect to 127.0.0.1 rather then *.uwb.edu.pl then just swap those. Since 1.6.0 there is only 1 config var *_host and that contains the protocol, host and port.

[Crankymail]

Thanks