• Please be aware: Kaspersky Anti-Virus has been deprecated
    With the upgrade to Plesk Obsidian 18.0.64, "Kaspersky Anti-Virus for Servers" will be automatically removed from the servers it is installed on. We recommend that you migrate to Sophos Anti-Virus for Servers.
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Forwarded to devs Roundcube sending mail error

Dave W

Regular Pleskian
TITLE:
Roundcube sending mail error
PRODUCT, VERSION, OPERATING SYSTEM, ARCHITECTURE:
OS ‪CentOS Linux 7.6.1810 (Core)‬
Product Plesk Onyx
Version 17.8.11 Update #65, last updated on Aug 26, 2019 04:38 AM
PROBLEM DESCRIPTION:
OS ‪CentOS Linux 7.6.1810 (Core)‬
Product Plesk Onyx
Version 17.8.11 Update #65, last updated on Aug 26, 2019 04:38 AM

The server has a Positive SSL assigned for Mail, *.our-domain.tld, the servers hostname is name.our-domain.tld

Sending mail via Roundcube returns an error:
Code:
[29-Aug-2019 15:11:47 UTC] ERROR: stream_socket_client(): unable to connect to ssl://localhost:465 (Unknown error) (0)
[29-Aug-2019 15:11:47 UTC] ERROR: Failed to connect socket: stream_socket_client(): unable to connect to ssl://localhost:465 (Unknown error) ()
[29-Aug-2019 15:11:47 +0000]: <58ijshl0> SMTP Error: Connection failed: Failed to connect socket: stream_socket_client(): unable to connect to ssl://localhost:465 (Unknown error) in /usr/share/psa-roundcube/program/lib/Roundcube/rcube.php on line 1667 (POST /?_task=mail&_unlock=loading1567091507176&_lang=en_US&_framed=1&_action=send)

Testing connections:
Code:
 openssl s_client -showcerts -connect localhost:465

CONNECTED(00000003)
write:errno=104
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 0 bytes and written 289 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : 0000
    Session-ID:
    Session-ID-ctx:
    Master-Key:
    Key-Arg   : None
    Krb5 Principal: None
    PSK identity: None
    PSK identity hint: None
    Start Time: 1567125025
    Timeout   : 300 (sec)
    Verify return code: 0 (ok)
---

Whereas:
Code:
openssl s_client -showcerts -connect name.our-domain.tld:465

returns the SSL certificate correctly.

The workaround we put in place was to edit
/usr/share/psa-roundcube/config/config.inc.php

and add:
Code:
$config['smtp_server'] = 'ssl://name.our-domain.tld';

this overrides the
Code:
$config['smtp_server'] = 'ssl://localhost';
in /usr/share/psa-roundcube/config/defaults.inc.php

Mail in roundcude sends correctly now.​
STEPS TO REPRODUCE:
Roundcube as webmail sending mail via localhost smtp which has an SSL assigned for the hostname of the server​
ACTUAL RESULT:
Sending mail via Roundcube returns an error:
Code:
[29-Aug-2019 15:11:47 UTC] ERROR: stream_socket_client(): unable to connect to ssl://localhost:465 (Unknown error) (0)
[29-Aug-2019 15:11:47 UTC] ERROR: Failed to connect socket: stream_socket_client(): unable to connect to ssl://localhost:465 (Unknown error) ()
[29-Aug-2019 15:11:47 +0000]: <58ijshl0> SMTP Error: Connection failed: Failed to connect socket: stream_socket_client(): unable to connect to ssl://localhost:465 (Unknown error) in /usr/share/psa-roundcube/program/lib/Roundcube/rcube.php on line 1667 (POST /?_task=mail&_unlock=loading1567091507176&_lang=en_US&_framed=1&_action=send)
EXPECTED RESULT:
Roundcube should connect to localhost and send mail without SSL or it should connect to the hostname rather than localhost as described.​
ANY ADDITIONAL INFORMATION:
YOUR EXPECTATIONS FROM PLESK SERVICE TEAM:
Confirm bug
 
Judging by the provided information default certificate assignment on SMTP was lost. Check /etc/postfix/main.cf:smtpd_tls_cert_file = /etc/postfix/postfix.pem configuration.
However, even if it was not, there's still a problem that would prevent Roundcube connection to SMTP with such certificates (Developers tested w/ Let's Encrypt).

As an alternative workaround, one could add the following into /usr/share/psa-roundcube/config/config.inc.php:

Code:
$config['smtp_conn_options'] = array(
'ssl' => array(
'verify_peer' => false,
'verify_peer_name' => false,
'allow_self_signed' => true,
),
);

See the documentation on the options here: PHP: SSL context options - Manual .

Developers have filed PPPM-10978 to resolve this issue.
 
Hi Igor,

Code:
#grep smtpd_tls_cert_file /etc/postfix/main.cf
smtpd_tls_cert_file = /etc/postfix/postfix.pem
smtpd_tls_key_file = $smtpd_tls_cert_file

and the cert in /etc/postfix/postfix.pem is our *.domain.tld certificate.

I believe this issue only arose recently.

Oddly the code
Code:
$config['smtp_conn_options'] = array(
   'ssl'         => array(
     'verify_peer_name'  => false,
     'allow_self_signed' => true,
   ),
);
is already in /usr/share/psa-roundcube/config/defaults.inc.php

So Roundcube "shouldnt" have been trying to verify the SSL.

If I get some time over the weekend I'll take another look.

Thanks for the reply
Dave
 
Back
Top