• Plesk Uservoice will be deprecated by October. Moving forward, all product feature requests and improvement suggestions will be managed through our new platform Plesk Productboard.
    To continue sharing your ideas and feedback, please visit features.plesk.com

Forwarded to devs Roundcube sending mail error

Dave W

Dave W

Regular Pleskian
TITLE:
Roundcube sending mail error
PRODUCT, VERSION, OPERATING SYSTEM, ARCHITECTURE:
OS ‪CentOS Linux 7.6.1810 (Core)‬
Product Plesk Onyx
Version 17.8.11 Update #65, last updated on Aug 26, 2019 04:38 AM
PROBLEM DESCRIPTION:
OS ‪CentOS Linux 7.6.1810 (Core)‬
Product Plesk Onyx
Version 17.8.11 Update #65, last updated on Aug 26, 2019 04:38 AM

The server has a Positive SSL assigned for Mail, *.our-domain.tld, the servers hostname is name.our-domain.tld

Sending mail via Roundcube returns an error:
Code: 
[29-Aug-2019 15:11:47 UTC] ERROR: stream_socket_client(): unable to connect to ssl://localhost:465 (Unknown error) (0)
[29-Aug-2019 15:11:47 UTC] ERROR: Failed to connect socket: stream_socket_client(): unable to connect to ssl://localhost:465 (Unknown error) ()
[29-Aug-2019 15:11:47 +0000]: <58ijshl0> SMTP Error: Connection failed: Failed to connect socket: stream_socket_client(): unable to connect to ssl://localhost:465 (Unknown error) in /usr/share/psa-roundcube/program/lib/Roundcube/rcube.php on line 1667 (POST /?_task=mail&_unlock=loading1567091507176&_lang=en_US&_framed=1&_action=send)

Testing connections:
Code: 
 openssl s_client -showcerts -connect localhost:465

CONNECTED(00000003)
write:errno=104
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 0 bytes and written 289 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : 0000
    Session-ID:
    Session-ID-ctx:
    Master-Key:
    Key-Arg   : None
    Krb5 Principal: None
    PSK identity: None
    PSK identity hint: None
    Start Time: 1567125025
    Timeout   : 300 (sec)
    Verify return code: 0 (ok)
---

Whereas:
Code: 
openssl s_client -showcerts -connect name.our-domain.tld:465

returns the SSL certificate correctly.

The workaround we put in place was to edit
/usr/share/psa-roundcube/config/config.inc.php

and add:
Code: 
$config['smtp_server'] = 'ssl://name.our-domain.tld';

this overrides the
Code: 
$config['smtp_server'] = 'ssl://localhost';
in /usr/share/psa-roundcube/config/defaults.inc.php

Mail in roundcude sends correctly now.​
STEPS TO REPRODUCE:
Roundcube as webmail sending mail via localhost smtp which has an SSL assigned for the hostname of the server​
ACTUAL RESULT:
Sending mail via Roundcube returns an error:
Code: 
[29-Aug-2019 15:11:47 UTC] ERROR: stream_socket_client(): unable to connect to ssl://localhost:465 (Unknown error) (0)
[29-Aug-2019 15:11:47 UTC] ERROR: Failed to connect socket: stream_socket_client(): unable to connect to ssl://localhost:465 (Unknown error) ()
[29-Aug-2019 15:11:47 +0000]: <58ijshl0> SMTP Error: Connection failed: Failed to connect socket: stream_socket_client(): unable to connect to ssl://localhost:465 (Unknown error) in /usr/share/psa-roundcube/program/lib/Roundcube/rcube.php on line 1667 (POST /?_task=mail&_unlock=loading1567091507176&_lang=en_US&_framed=1&_action=send)
EXPECTED RESULT:
Roundcube should connect to localhost and send mail without SSL or it should connect to the hostname rather than localhost as described.​
ANY ADDITIONAL INFORMATION:
YOUR EXPECTATIONS FROM PLESK SERVICE TEAM:
Confirm bug
 
Judging by the provided information default certificate assignment on SMTP was lost. Check /etc/postfix/main.cf:smtpd_tls_cert_file = /etc/postfix/postfix.pem configuration.
However, even if it was not, there's still a problem that would prevent Roundcube connection to SMTP with such certificates (Developers tested w/ Let's Encrypt).

As an alternative workaround, one could add the following into /usr/share/psa-roundcube/config/config.inc.php:

Code: 
$config['smtp_conn_options'] = array(
'ssl' => array(
'verify_peer' => false,
'verify_peer_name' => false,
'allow_self_signed' => true,
),
);

See the documentation on the options here: PHP: SSL context options - Manual .

Developers have filed PPPM-10978 to resolve this issue.
 
Hi Igor,

Code: 
#grep smtpd_tls_cert_file /etc/postfix/main.cf
smtpd_tls_cert_file = /etc/postfix/postfix.pem
smtpd_tls_key_file = $smtpd_tls_cert_file

and the cert in /etc/postfix/postfix.pem is our *.domain.tld certificate.

I believe this issue only arose recently.

Oddly the code
Code: 
$config['smtp_conn_options'] = array(
   'ssl'         => array(
     'verify_peer_name'  => false,
     'allow_self_signed' => true,
   ),
);
is already in /usr/share/psa-roundcube/config/defaults.inc.php

So Roundcube "shouldnt" have been trying to verify the SSL.

If I get some time over the weekend I'll take another look.

Thanks for the reply
Dave
 
You must log in or register to reply here.

Similar threads

austriadesign
Issue Custom Dovecot Config fails (2.4) – Need Help
Replies
0
Views
467
austriadesign
austriadesign
V
Issue Roundcube connection error when sending or saving as draft
Replies
1
Views
2K
Sebahat.hadzhi
Sebahat.hadzhi
S
Issue Mail Server Certificate Conflict Despite Correct Assignment (SNI Error)
Replies
3
Views
2K
Martin Dias
Martin Dias
I
Issue Mail delivery deferred (4.4.2 delivery temporarily suspended)
Replies
1
Views
2K
iainh
I
W
Issue Mail forwarded on the server in the target mailbox is delivered to the SPAM folder
Replies
0
Views
2K
W4ru
W
Back
Top