Roundcube Community Forum
Release Support => Pending Issues => Topic started by: creampuff on April 20, 2021, 03:18:07 AM
-
firefox -- https://roundcube/?_task=login
Gateway Timeout
The gateway did not receive a timely response from the upstream server or application.
mailserver: 192.168.0.11
roundcube-server: 192.168.0.15
browser is on: 192.168.20.118
mailserver# tshark -ni enp1s0 -Y 'ip.addr == 10.0.0.15 or ipv6.addr == fd00::15'
Running as user "root" and group "root". This could be dangerous.
Capturing on 'enp1s0'
63 20.802890237 10.0.0.15 → 10.0.0.11 TCP 74 38364 → 993 [SYN] Seq=0 Win=64240 Len=0 MSS=1460 SACK_PERM=1 TSval=1822290789 TSecr=0 WS=128
64 20.802932385 10.0.0.11 → 10.0.0.15 TCP 74 993 → 38364 [SYN, ACK] Seq=0 Ack=1 Win=65160 Len=0 MSS=1460 SACK_PERM=1 TSval=1418522623 TSecr=1822290789 WS=128
65 20.803000704 10.0.0.15 → 10.0.0.11 TCP 66 38364 → 993 [ACK] Seq=1 Ack=1 Win=64256 Len=0 TSval=1822290789 TSecr=1418522623
93 80.848574636 10.0.0.15 → 10.0.0.11 TCP 66 38364 → 993 [FIN, ACK] Seq=1 Ack=1 Win=64256 Len=0 TSval=1822350834 TSecr=1418522623
94 80.848816786 10.0.0.11 → 10.0.0.15 TCP 66 993 → 38364 [ACK] Seq=1 Ack=2 Win=65280 Len=0 TSval=1418582669 TSecr=1822350834
95 80.849252587 10.0.0.11 → 10.0.0.15 TCP 66 993 → 38364 [FIN, ACK] Seq=1 Ack=2 Win=65280 Len=0 TSval=1418582669 TSecr=1822350834
96 80.849556904 10.0.0.15 → 10.0.0.11 TCP 66 38364 → 993 [ACK] Seq=2 Ack=2 Win=64256 Len=0 TSval=1822350835 TSecr=1418582669
roundcube-server# grep -v '^//' config.inc.php
<?php
/* Local configuration for Roundcube Webmail */
$config['db_dsnw'] = 'mysql://roundcube:topsecret@localhost/roundcube';
$config['default_host'] = 'tls://mailserver.example.net';
$config['default_port'] = 993;
$config['smtp_server'] = 'tls://mailserver.example.net';
$config['support_url'] = '';
$config['des_key'] = '**deleted**';
$config['plugins'] = array('enigma', 'example_addressbook', 'filesystem_attachments', 'http_authentication', 'managesieve', 'password', 'show_additional_headers', 'zipdownload');
$config['language'] = 'de_DE';
$config['spellcheck_engine'] = 'pspell';
$config['imap_conn_options'] = array(
'tls' => array(
'verify_peer' => true,
'allow_self_signed' => true,
'peer_name' => 'mailserver.example.net',
'ciphers' => 'TLSv1+HIGH:!aNull:@STRENGTH',
'cafile' => '/etc/pki/opnsense/example+CA.pem',
),
);
$config['smtp_conn_options'] = array(
'tls' => array(
'verify_peer' => true,
'allow_self_signed' => true,
'peer_name' => 'mailserver.example.net',
'ciphers' => 'TLSv1+HIGH:!aNull:@STRENGTH',
'cafile' => '/etc/pki/opnsense/example+CA.pem',
),
);
-
Usually tls:// is on port 143, and ssl:// on port 993.
-
so
$config['default_port'] = 993;
is not sufficient?
roundcube is connecting to the mail server on port 993 as the sniffer logs show.
-
It is not sufficient, you have to use proper prefix.
-
would you please increase your verbosity?
-
$config['default_host'] = 'ssl://mailserver.example.net';
$config['default_port'] = 993;
-
I already had that, but I changed it back now. So I'm getting "connection to storage server failed" instead
# tshark -ni enp1s0 -Y 'ip.addr == 192.168.0.15 or ipv6.addr == fd00::15'
Running as user "root" and group "root". This could be dangerous.
Capturing on 'enp1s0'
7 18.527784502 192.168.0.15 → 192.168.0.11 TCP 74 38560 → 993 [SYN] Seq=0 Win=64240 Len=0 MSS=1460 SACK_PERM=1 TSval=1995173067 TSecr=0 WS=128
8 18.527822019 192.168.0.11 → 192.168.0.15 TCP 74 993 → 38560 [SYN, ACK] Seq=0 Ack=1 Win=65160 Len=0 MSS=1460 SACK_PERM=1 TSval=1591404900 TSecr=1995173067 WS=128
9 18.527947837 192.168.0.15 → 192.168.0.11 TCP 66 38560 → 993 [ACK] Seq=1 Ack=1 Win=64256 Len=0 TSval=1995173067 TSecr=1591404900
10 18.528601748 192.168.0.15 → 192.168.0.11 TLSv1 583 Client Hello
11 18.528615136 192.168.0.11 → 192.168.0.15 TCP 66 993 → 38560 [ACK] Seq=1 Ack=518 Win=64768 Len=0 TSval=1591404901 TSecr=1995173068
12 18.541289100 192.168.0.11 → 192.168.0.15 TLSv1.3 1514 Server Hello, Change Cipher Spec, Application Data, Application Data
13 18.541313146 192.168.0.11 → 192.168.0.15 TLSv1.3 417 Application Data, Application Data
14 18.541471337 192.168.0.15 → 192.168.0.11 TCP 66 38560 → 993 [ACK] Seq=518 Ack=1800 Win=63232 Len=0 TSval=1995173080 TSecr=1591404914
15 18.542053860 192.168.0.15 → 192.168.0.11 TLSv1.3 146 Change Cipher Spec, Application Data
16 18.542064477 192.168.0.11 → 192.168.0.15 TCP 66 993 → 38560 [ACK] Seq=1800 Ack=598 Win=64768 Len=0 TSval=1591404914 TSecr=1995173081
17 18.542230024 192.168.0.15 → 192.168.0.11 TLSv1.3 90 Application Data
18 18.542236608 192.168.0.11 → 192.168.0.15 TCP 66 993 → 38560 [ACK] Seq=1800 Ack=622 Win=64768 Len=0 TSval=1591404914 TSecr=1995173081
19 18.542330787 192.168.0.15 → 192.168.0.11 TCP 66 38560 → 993 [FIN, ACK] Seq=622 Ack=1800 Win=64128 Len=0 TSval=1995173081 TSecr=1591404914
20 18.542361744 192.168.0.11 → 192.168.0.15 TLSv1.3 608 Application Data, Application Data
21 18.542411227 192.168.0.11 → 192.168.0.15 TLSv1.3 191 Application Data
22 18.542474883 192.168.0.15 → 192.168.0.11 TCP 54 38560 → 993 [RST] Seq=623 Win=0 Len=0
23 18.542490884 192.168.0.15 → 192.168.0.11 TCP 54 38560 → 993 [RST] Seq=623 Win=0 Len=0
in error.log
[22-Apr-2021 09:21:06 +0200]: <ftfndk25> IMAP Error: Login failed for user1 against mailserver.example.net from 192.168.20.118. Could not connect to ssl://mailserver.example.net:993: Unknown reason in /var/www/roundcube/program/lib/Roundcube/rcube_imap.php on line 200 (POST /?_task=login&_action=login)
-
That usually is some ssl or certificate verification issue.
// IMAP socket context options
// See http://php.net/manual/en/context.ssl.php
// The example below enables server certificate validation
//$config['imap_conn_options'] = [
// 'ssl' => [
// 'verify_peer' => true,
// 'verify_depth' => 3,
// 'cafile' => '/etc/openssl/certs/ca.crt',
// ],
// ];
// Note: These can be also specified as an array of options indexed by hostname
$config['imap_conn_options'] = null;
So, set it up accordingly. Start with verify_peer=false.
-
this would lead to "unknown CA" so I need to set "cafile".
verify_peer does not seem to have an effect at all.
It's still not working: The error persists - Any additional ideas?