firefox -- https://roundcube/?_task=login
Gateway Timeout
The gateway did not receive a timely response from the upstream server or application.
mailserver: 192.168.0.11
roundcube-server: 192.168.0.15
browser is on: 192.168.20.118
mailserver# tshark -ni enp1s0 -Y 'ip.addr == 10.0.0.15 or ipv6.addr == fd00::15'
Running as user "root" and group "root". This could be dangerous.
Capturing on 'enp1s0'
63 20.802890237 10.0.0.15 → 10.0.0.11 TCP 74 38364 → 993 [SYN] Seq=0 Win=64240 Len=0 MSS=1460 SACK_PERM=1 TSval=1822290789 TSecr=0 WS=128
64 20.802932385 10.0.0.11 → 10.0.0.15 TCP 74 993 → 38364 [SYN, ACK] Seq=0 Ack=1 Win=65160 Len=0 MSS=1460 SACK_PERM=1 TSval=1418522623 TSecr=1822290789 WS=128
65 20.803000704 10.0.0.15 → 10.0.0.11 TCP 66 38364 → 993 [ACK] Seq=1 Ack=1 Win=64256 Len=0 TSval=1822290789 TSecr=1418522623
93 80.848574636 10.0.0.15 → 10.0.0.11 TCP 66 38364 → 993 [FIN, ACK] Seq=1 Ack=1 Win=64256 Len=0 TSval=1822350834 TSecr=1418522623
94 80.848816786 10.0.0.11 → 10.0.0.15 TCP 66 993 → 38364 [ACK] Seq=1 Ack=2 Win=65280 Len=0 TSval=1418582669 TSecr=1822350834
95 80.849252587 10.0.0.11 → 10.0.0.15 TCP 66 993 → 38364 [FIN, ACK] Seq=1 Ack=2 Win=65280 Len=0 TSval=1418582669 TSecr=1822350834
96 80.849556904 10.0.0.15 → 10.0.0.11 TCP 66 38364 → 993 [ACK] Seq=2 Ack=2 Win=64256 Len=0 TSval=1822350835 TSecr=1418582669
roundcube-server# grep -v '^//' config.inc.php
<?php
/* Local configuration for Roundcube Webmail */
$config['db_dsnw'] = 'mysql://roundcube:topsecret@localhost/roundcube';
$config['default_host'] = 'tls://mailserver.example.net';
$config['default_port'] = 993;
$config['smtp_server'] = 'tls://mailserver.example.net';
$config['support_url'] = '';
$config['des_key'] = '**deleted**';
$config['plugins'] = array('enigma', 'example_addressbook', 'filesystem_attachments', 'http_authentication', 'managesieve', 'password', 'show_additional_headers', 'zipdownload');
$config['language'] = 'de_DE';
$config['spellcheck_engine'] = 'pspell';
$config['imap_conn_options'] = array(
'tls' => array(
'verify_peer' => true,
'allow_self_signed' => true,
'peer_name' => 'mailserver.example.net',
'ciphers' => 'TLSv1+HIGH:!aNull:@STRENGTH',
'cafile' => '/etc/pki/opnsense/example+CA.pem',
),
);
$config['smtp_conn_options'] = array(
'tls' => array(
'verify_peer' => true,
'allow_self_signed' => true,
'peer_name' => 'mailserver.example.net',
'ciphers' => 'TLSv1+HIGH:!aNull:@STRENGTH',
'cafile' => '/etc/pki/opnsense/example+CA.pem',
),
);
Usually tls:// is on port 143, and ssl:// on port 993.
so
$config['default_port'] = 993;
is not sufficient?
roundcube is connecting to the mail server on port 993 as the sniffer logs show.
It is not sufficient, you have to use proper prefix.
would you please increase your verbosity?
$config['default_host'] = 'ssl://mailserver.example.net';
$config['default_port'] = 993;
I already had that, but I changed it back now. So I'm getting "connection to storage server failed" instead
# tshark -ni enp1s0 -Y 'ip.addr == 192.168.0.15 or ipv6.addr == fd00::15'
Running as user "root" and group "root". This could be dangerous.
Capturing on 'enp1s0'
7 18.527784502 192.168.0.15 → 192.168.0.11 TCP 74 38560 → 993 [SYN] Seq=0 Win=64240 Len=0 MSS=1460 SACK_PERM=1 TSval=1995173067 TSecr=0 WS=128
8 18.527822019 192.168.0.11 → 192.168.0.15 TCP 74 993 → 38560 [SYN, ACK] Seq=0 Ack=1 Win=65160 Len=0 MSS=1460 SACK_PERM=1 TSval=1591404900 TSecr=1995173067 WS=128
9 18.527947837 192.168.0.15 → 192.168.0.11 TCP 66 38560 → 993 [ACK] Seq=1 Ack=1 Win=64256 Len=0 TSval=1995173067 TSecr=1591404900
10 18.528601748 192.168.0.15 → 192.168.0.11 TLSv1 583 Client Hello
11 18.528615136 192.168.0.11 → 192.168.0.15 TCP 66 993 → 38560 [ACK] Seq=1 Ack=518 Win=64768 Len=0 TSval=1591404901 TSecr=1995173068
12 18.541289100 192.168.0.11 → 192.168.0.15 TLSv1.3 1514 Server Hello, Change Cipher Spec, Application Data, Application Data
13 18.541313146 192.168.0.11 → 192.168.0.15 TLSv1.3 417 Application Data, Application Data
14 18.541471337 192.168.0.15 → 192.168.0.11 TCP 66 38560 → 993 [ACK] Seq=518 Ack=1800 Win=63232 Len=0 TSval=1995173080 TSecr=1591404914
15 18.542053860 192.168.0.15 → 192.168.0.11 TLSv1.3 146 Change Cipher Spec, Application Data
16 18.542064477 192.168.0.11 → 192.168.0.15 TCP 66 993 → 38560 [ACK] Seq=1800 Ack=598 Win=64768 Len=0 TSval=1591404914 TSecr=1995173081
17 18.542230024 192.168.0.15 → 192.168.0.11 TLSv1.3 90 Application Data
18 18.542236608 192.168.0.11 → 192.168.0.15 TCP 66 993 → 38560 [ACK] Seq=1800 Ack=622 Win=64768 Len=0 TSval=1591404914 TSecr=1995173081
19 18.542330787 192.168.0.15 → 192.168.0.11 TCP 66 38560 → 993 [FIN, ACK] Seq=622 Ack=1800 Win=64128 Len=0 TSval=1995173081 TSecr=1591404914
20 18.542361744 192.168.0.11 → 192.168.0.15 TLSv1.3 608 Application Data, Application Data
21 18.542411227 192.168.0.11 → 192.168.0.15 TLSv1.3 191 Application Data
22 18.542474883 192.168.0.15 → 192.168.0.11 TCP 54 38560 → 993 [RST] Seq=623 Win=0 Len=0
23 18.542490884 192.168.0.15 → 192.168.0.11 TCP 54 38560 → 993 [RST] Seq=623 Win=0 Len=0
in error.log
[22-Apr-2021 09:21:06 +0200]: <ftfndk25> IMAP Error: Login failed for user1 against mailserver.example.net from 192.168.20.118. Could not connect to ssl://mailserver.example.net:993: Unknown reason in /var/www/roundcube/program/lib/Roundcube/rcube_imap.php on line 200 (POST /?_task=login&_action=login)
That usually is some ssl or certificate verification issue.
// IMAP socket context options
// See http://php.net/manual/en/context.ssl.php
// The example below enables server certificate validation
//$config['imap_conn_options'] = [
// 'ssl' => [
// 'verify_peer' => true,
// 'verify_depth' => 3,
// 'cafile' => '/etc/openssl/certs/ca.crt',
// ],
// ];
// Note: These can be also specified as an array of options indexed by hostname
$config['imap_conn_options'] = null;
So, set it up accordingly. Start with verify_peer=false.
this would lead to "unknown CA" so I need to set "cafile".
verify_peer does not seem to have an effect at all.
It's still not working: The error persists - Any additional ideas?