Roundcube Community Forum
Release Support => Pending Issues => Topic started by: TomHsiung on January 18, 2019, 08:37:48 AM
-
Hello,
I can send email via Macintosh mail.app, via my self-hosted Postfix/Dovecot server, which has been confirmed by sending and receiving emails with email service providers.
I downloaded the latest Roundcube stable version and uploaded the script to the web directory. After browsing the .../installer directory, all required and optional preretirements have been achieved.
However, when I tried to login into the webmail, I got an error: connection-to-storage-server-failed.
-
That means Roundcube could not connect to your IMAP server. Check your Roundcube config. More details about the error may be available in the Roundcube error log.
-
Here is the error log:
[19-Jan-2019 16:47:58 +0800]: <tt3ij78l> IMAP Error: Login failed for username from x.x.x.x. Empty startup greeting (localhost:993) in /xxx/roundcubemail/program/lib/Roundcube/rcube_imap.php on line 196 (POST /roundcubemail/?_task=login&_action=login)
When I test the SMTP function, I got:
[19-Jan-2019 17:00:14 Asia/Shanghai] ERROR: Invalid response code received from server (530)
-
"Empty startup greeting" is a TLS error. I see you are connecting to localhost:993. There is no need for TLS when connecting localhost and if you do want it you'll also need to disable certificate validation (see imap_conn_options). What have you set default_host' and 'default_port' too?
-
Default host
$config['default_host'] = 'tls://localhost';
Default port
$config['default_port'] = 993;
-
"Empty startup greeting" is a TLS error. I see you are connecting to localhost:993. There is no need for TLS when connecting localhost and if you do want it you'll also need to disable certificate validation (see imap_conn_options). What have you set default_host' and 'default_port' too?
Yep, it is not necessary to use transport layer security mechanism. However, I want to make sure that, if Roundcube supports transport layer secure transport? It is obviously my Macintosh Mail.app support the transport layer secure transport. How about Roundcube webmail? If I use Roundcube webmail to connect to a remote email server, for instance, there is a need to use transport layer security. Thanks.
Tom
-
Roundcube supports TLS yes. Try changing tls:// to ssl:// in your default_host config. See the answer here for more explanation https://serverfault.com/questions/690200/roundcube-dovecot-ssl-errors-when-trying-to-log-in
-
For SMTP server.
When I tried ssl://, I got:
[20-Jan-2019 15:11:05 Asia/Shanghai] ERROR: fsockopen(): unable to connect to ssl://localhost:587 (Unknown error) (0)
[20-Jan-2019 15:11:05 Asia/Shanghai] ERROR: Failed to connect socket: fsockopen(): unable to connect to ssl://localhost:587 (Unknown error) ()
When I tried tls://, I got:
[20-Jan-2019 15:22:36 Asia/Shanghai] ERROR: Invalid response code received from server (530)
[20-Jan-2019 15:22:36 Asia/Shanghai] ERROR: Invalid response code received from server (530)
-
When I tried IMAPs for ssl://, I got:
[20-Jan-2019 15:38:52 Asia/Shanghai] PHP Deprecated: idn_to_ascii(): INTL_IDNA_VARIANT_2003 is deprecated in x/x/x/test.php on line 416
[20-Jan-2019 15:38:52 Asia/Shanghai] PHP Deprecated: idn_to_ascii(): INTL_IDNA_VARIANT_2003 is deprecated in x/x/x/test.php on line 417
-
[20-Jan-2019 15:11:05 Asia/Shanghai] ERROR: fsockopen(): unable to connect to ssl://localhost:587 (Unknown error) (0)
Did you disable certificate verification? see smtp_conn_options
[20-Jan-2019 15:38:52 Asia/Shanghai] PHP Deprecated: idn_to_ascii(): INTL_IDNA_VARIANT_2003 is deprecated in x/x/x/test.php on line 416
Fixed in version 1.3.4 see https://github.com/roundcube/roundcubemail/issues/6075
-
I think it is safe to enable transport layer security (asymmetrical encryption). So I have to enable the certification verification (public key).
Tom
-
Did you disable certificate verification? see smtp_conn_options
If the certificate verification is disabled, what difference it will be?
-
Any one can create a self-signed cert for any common name (CN). Certificate validation checks the Certificate Authority (CA) which issued the certificate to see that its valid. Because self-signed certs are not signed by a known CA they will fail validation. If you are using self-signed certs or certs from an unknown CA then using imap/smtp_conn_options you can disable the verification to allow the connection to be established. Or rather than disabling verificaiton you can also configure the CA information to allow OpenSSL (the unlying lib) to verify the certificate. There are comments in defaults.inc.php with more info.
-
I do use self-assigned keys. But, my email client (for example, the Mac mail.app) is able to access my mail server, with certificate enabled.
It sounds like it not the issue of the transport layer security it self. It's about the keys, for which the round cube requires a key assigned by a CA company. If I disable the verification, does the transport layer security mechanism still work?
Tom
-
And I tried:
$config['imap_conn_options'] = FALSE;
$config['smtp_conn_options'] = FALSE;
Not work
$config['imap_conn_options'] = false;
$config['smtp_conn_options'] = false;
Not work
$config['imap_conn_options'] = null;
$config['smtp_conn_options'] = null;
Not work, too.
======After reading some online references======
It should be:
$config['imap_conn_options'] = array(
'ssl' => array(
'verify_peer' => false,
'verify_peer_name' => false,
),
);
$config['smtp_conn_options'] = array(
'ssl' => array(
'verify_peer' => false,
'verify_peer_name' => false,
),
);
And now I could login into the dashboard.
-
Unfortunately, I encountered new issue when I tried to send email via the webmail. Note that the desktop email client of Macintosh Mail.app worked well.
This error:
SMTP Error (530): Failed to set sender "xxx@xxx.com" (5.7.0 Must issue a STARTTLS command first).
Tom
-
perhaps the same as this https://github.com/roundcube/roundcubemail/issues/4590? may be you need to the smtp auth settings. If its not that then when config do you have in $config['smtp_server'] and $config['smtp_port']?
-
It's solved by adding to config.inc.php
$config['smtp_user'] = '%u';
$config['smtp_pass'] = '%p';
However, this raise safety concern. Is it secure to add this two lines?
Tom
-
However, this raise safety concern.
What concern?
-
However, this raise safety concern.
What concern?
That is, would these two lines cause security flaws, or reduce the effect of TLS. Thanks.
Tom
-
The options have nothing to do with TLS. SMTP login is done during transaction time, after the TLS connection is established. It's a similar process to how Roundcube logins to your IMAP server.