• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion
  • Inviting everyone to the UX test of a new security feature in the WP Toolkit
    For WordPress site owners, threats posed by hackers are ever-present. Because of this, we are developing a new security feature for the WP Toolkit. If the topic of WordPress website security is relevant to you, we would be grateful if you could share your experience and help us test the usability of this feature. We invite you to join us for a 1-hour online session via Google Meet. Select a convenient meeting time with our friendly UX staff here.

Forwarded to devs Roundcube sending mail error

Dave W

Dave W

Regular Pleskian
TITLE:
Roundcube sending mail error
PRODUCT, VERSION, OPERATING SYSTEM, ARCHITECTURE:
OS ‪CentOS Linux 7.6.1810 (Core)‬
Product Plesk Onyx
Version 17.8.11 Update #65, last updated on Aug 26, 2019 04:38 AM
PROBLEM DESCRIPTION:
OS ‪CentOS Linux 7.6.1810 (Core)‬
Product Plesk Onyx
Version 17.8.11 Update #65, last updated on Aug 26, 2019 04:38 AM

The server has a Positive SSL assigned for Mail, *.our-domain.tld, the servers hostname is name.our-domain.tld

Sending mail via Roundcube returns an error:
Code: 
[29-Aug-2019 15:11:47 UTC] ERROR: stream_socket_client(): unable to connect to ssl://localhost:465 (Unknown error) (0)
[29-Aug-2019 15:11:47 UTC] ERROR: Failed to connect socket: stream_socket_client(): unable to connect to ssl://localhost:465 (Unknown error) ()
[29-Aug-2019 15:11:47 +0000]: <58ijshl0> SMTP Error: Connection failed: Failed to connect socket: stream_socket_client(): unable to connect to ssl://localhost:465 (Unknown error) in /usr/share/psa-roundcube/program/lib/Roundcube/rcube.php on line 1667 (POST /?_task=mail&_unlock=loading1567091507176&_lang=en_US&_framed=1&_action=send)

Testing connections:
Code: 
 openssl s_client -showcerts -connect localhost:465

CONNECTED(00000003)
write:errno=104
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 0 bytes and written 289 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : 0000
    Session-ID:
    Session-ID-ctx:
    Master-Key:
    Key-Arg   : None
    Krb5 Principal: None
    PSK identity: None
    PSK identity hint: None
    Start Time: 1567125025
    Timeout   : 300 (sec)
    Verify return code: 0 (ok)
---

Whereas:
Code: 
openssl s_client -showcerts -connect name.our-domain.tld:465

returns the SSL certificate correctly.

The workaround we put in place was to edit
/usr/share/psa-roundcube/config/config.inc.php

and add:
Code: 
$config['smtp_server'] = 'ssl://name.our-domain.tld';

this overrides the
Code: 
$config['smtp_server'] = 'ssl://localhost';
in /usr/share/psa-roundcube/config/defaults.inc.php

Mail in roundcude sends correctly now.​
STEPS TO REPRODUCE:
Roundcube as webmail sending mail via localhost smtp which has an SSL assigned for the hostname of the server​
ACTUAL RESULT:
Sending mail via Roundcube returns an error:
Code: 
[29-Aug-2019 15:11:47 UTC] ERROR: stream_socket_client(): unable to connect to ssl://localhost:465 (Unknown error) (0)
[29-Aug-2019 15:11:47 UTC] ERROR: Failed to connect socket: stream_socket_client(): unable to connect to ssl://localhost:465 (Unknown error) ()
[29-Aug-2019 15:11:47 +0000]: <58ijshl0> SMTP Error: Connection failed: Failed to connect socket: stream_socket_client(): unable to connect to ssl://localhost:465 (Unknown error) in /usr/share/psa-roundcube/program/lib/Roundcube/rcube.php on line 1667 (POST /?_task=mail&_unlock=loading1567091507176&_lang=en_US&_framed=1&_action=send)
EXPECTED RESULT:
Roundcube should connect to localhost and send mail without SSL or it should connect to the hostname rather than localhost as described.​
ANY ADDITIONAL INFORMATION:
YOUR EXPECTATIONS FROM PLESK SERVICE TEAM:
Confirm bug
 
Judging by the provided information default certificate assignment on SMTP was lost. Check /etc/postfix/main.cf:smtpd_tls_cert_file = /etc/postfix/postfix.pem configuration.
However, even if it was not, there's still a problem that would prevent Roundcube connection to SMTP with such certificates (Developers tested w/ Let's Encrypt).

As an alternative workaround, one could add the following into /usr/share/psa-roundcube/config/config.inc.php:

Code: 
$config['smtp_conn_options'] = array(
'ssl' => array(
'verify_peer' => false,
'verify_peer_name' => false,
'allow_self_signed' => true,
),
);

See the documentation on the options here: PHP: SSL context options - Manual .

Developers have filed PPPM-10978 to resolve this issue.
 
Hi Igor,

Code: 
#grep smtpd_tls_cert_file /etc/postfix/main.cf
smtpd_tls_cert_file = /etc/postfix/postfix.pem
smtpd_tls_key_file = $smtpd_tls_cert_file

and the cert in /etc/postfix/postfix.pem is our *.domain.tld certificate.

I believe this issue only arose recently.

Oddly the code
Code: 
$config['smtp_conn_options'] = array(
   'ssl'         => array(
     'verify_peer_name'  => false,
     'allow_self_signed' => true,
   ),
);
is already in /usr/share/psa-roundcube/config/defaults.inc.php

So Roundcube "shouldnt" have been trying to verify the SSL.

If I get some time over the weekend I'll take another look.

Thanks for the reply
Dave
 
You must log in or register to reply here.

Similar threads

M
Issue Sending mail by code (roundcube & website) won't work anymore
Replies
2
Views
1K
MatthieuBL
M
W
Issue Error when try send a mail with attached image throught Roundcube Webmail
Replies
3
Views
889
Peter Debik
P
K
Resolved no incoming mail
Replies
6
Views
1K
Martin Dias
Martin Dias
O
Resolved Plesk 18 - Horde or Roundcube Webmail - Error 500 - Internal server error
Replies
10
Views
4K
octet
O
N
Issue Roundcube sending problems
Replies
0
Views
2K
nalayh
N
Back
Top