• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

Forwarded to devs Roundcube sending mail error

Dave W

Dave W

Regular Pleskian
TITLE:
Roundcube sending mail error
PRODUCT, VERSION, OPERATING SYSTEM, ARCHITECTURE:
OS ‪CentOS Linux 7.6.1810 (Core)‬
Product Plesk Onyx
Version 17.8.11 Update #65, last updated on Aug 26, 2019 04:38 AM
PROBLEM DESCRIPTION:
OS ‪CentOS Linux 7.6.1810 (Core)‬
Product Plesk Onyx
Version 17.8.11 Update #65, last updated on Aug 26, 2019 04:38 AM

The server has a Positive SSL assigned for Mail, *.our-domain.tld, the servers hostname is name.our-domain.tld

Sending mail via Roundcube returns an error:
Code: 
[29-Aug-2019 15:11:47 UTC] ERROR: stream_socket_client(): unable to connect to ssl://localhost:465 (Unknown error) (0)
[29-Aug-2019 15:11:47 UTC] ERROR: Failed to connect socket: stream_socket_client(): unable to connect to ssl://localhost:465 (Unknown error) ()
[29-Aug-2019 15:11:47 +0000]: <58ijshl0> SMTP Error: Connection failed: Failed to connect socket: stream_socket_client(): unable to connect to ssl://localhost:465 (Unknown error) in /usr/share/psa-roundcube/program/lib/Roundcube/rcube.php on line 1667 (POST /?_task=mail&_unlock=loading1567091507176&_lang=en_US&_framed=1&_action=send)

Testing connections:
Code: 
 openssl s_client -showcerts -connect localhost:465

CONNECTED(00000003)
write:errno=104
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 0 bytes and written 289 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : 0000
    Session-ID:
    Session-ID-ctx:
    Master-Key:
    Key-Arg   : None
    Krb5 Principal: None
    PSK identity: None
    PSK identity hint: None
    Start Time: 1567125025
    Timeout   : 300 (sec)
    Verify return code: 0 (ok)
---

Whereas:
Code: 
openssl s_client -showcerts -connect name.our-domain.tld:465

returns the SSL certificate correctly.

The workaround we put in place was to edit
/usr/share/psa-roundcube/config/config.inc.php

and add:
Code: 
$config['smtp_server'] = 'ssl://name.our-domain.tld';

this overrides the
Code: 
$config['smtp_server'] = 'ssl://localhost';
in /usr/share/psa-roundcube/config/defaults.inc.php

Mail in roundcude sends correctly now.​
STEPS TO REPRODUCE:
Roundcube as webmail sending mail via localhost smtp which has an SSL assigned for the hostname of the server​
ACTUAL RESULT:
Sending mail via Roundcube returns an error:
Code: 
[29-Aug-2019 15:11:47 UTC] ERROR: stream_socket_client(): unable to connect to ssl://localhost:465 (Unknown error) (0)
[29-Aug-2019 15:11:47 UTC] ERROR: Failed to connect socket: stream_socket_client(): unable to connect to ssl://localhost:465 (Unknown error) ()
[29-Aug-2019 15:11:47 +0000]: <58ijshl0> SMTP Error: Connection failed: Failed to connect socket: stream_socket_client(): unable to connect to ssl://localhost:465 (Unknown error) in /usr/share/psa-roundcube/program/lib/Roundcube/rcube.php on line 1667 (POST /?_task=mail&_unlock=loading1567091507176&_lang=en_US&_framed=1&_action=send)
EXPECTED RESULT:
Roundcube should connect to localhost and send mail without SSL or it should connect to the hostname rather than localhost as described.​
ANY ADDITIONAL INFORMATION:
YOUR EXPECTATIONS FROM PLESK SERVICE TEAM:
Confirm bug
 
Judging by the provided information default certificate assignment on SMTP was lost. Check /etc/postfix/main.cf:smtpd_tls_cert_file = /etc/postfix/postfix.pem configuration.
However, even if it was not, there's still a problem that would prevent Roundcube connection to SMTP with such certificates (Developers tested w/ Let's Encrypt).

As an alternative workaround, one could add the following into /usr/share/psa-roundcube/config/config.inc.php:

Code: 
$config['smtp_conn_options'] = array(
'ssl' => array(
'verify_peer' => false,
'verify_peer_name' => false,
'allow_self_signed' => true,
),
);

See the documentation on the options here: PHP: SSL context options - Manual .

Developers have filed PPPM-10978 to resolve this issue.
 
Hi Igor,

Code: 
#grep smtpd_tls_cert_file /etc/postfix/main.cf
smtpd_tls_cert_file = /etc/postfix/postfix.pem
smtpd_tls_key_file = $smtpd_tls_cert_file

and the cert in /etc/postfix/postfix.pem is our *.domain.tld certificate.

I believe this issue only arose recently.

Oddly the code
Code: 
$config['smtp_conn_options'] = array(
   'ssl'         => array(
     'verify_peer_name'  => false,
     'allow_self_signed' => true,
   ),
);
is already in /usr/share/psa-roundcube/config/defaults.inc.php

So Roundcube "shouldnt" have been trying to verify the SSL.

If I get some time over the weekend I'll take another look.

Thanks for the reply
Dave
 
You must log in or register to reply here.

Similar threads

M
Issue Sending mail by code (roundcube & website) won't work anymore
Replies
2
Views
1K
MatthieuBL
M
W
Issue Error when try send a mail with attached image throught Roundcube Webmail
Replies
3
Views
834
Peter Debik
P
K
Resolved no incoming mail
Replies
6
Views
1K
Martin Dias
Martin Dias
O
Resolved Plesk 18 - Horde or Roundcube Webmail - Error 500 - Internal server error
Replies
10
Views
4K
octet
O
N
Issue Roundcube sending problems
Replies
0
Views
2K
nalayh
N
Back
Top