• Please be aware: Kaspersky Anti-Virus has been deprecated
    With the upgrade to Plesk Obsidian 18.0.64, "Kaspersky Anti-Virus for Servers" will be automatically removed from the servers it is installed on. We recommend that you migrate to Sophos Anti-Virus for Servers.
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Issue Roundcube shows mails as forbidden

Fabian H

Fabian H

Basic Pleskian
While trying to open some mails on roundcube, the following appears in the content part:

Forbidden​

You don't have permission to access this resource.
Click to expand...

This only occurs by a few mails, even if they just arrived.
Right now, only from one sender.

There are no errors in /var/log/plesk-roundcube/errors and none in /var/log/plesk-php80-fpm/error.log.
I even tried a plesk repair web on the domain, but this don't fixed the problem, same as a apache restart.
While accessing the mail server with outlook and thunderbird, there is no error, seems it is a roundcube problem.
I am using Plesk Obsidian 18.0.36.0 on CentOS Linux release 8.4.2105.

I would rather not reinstall roundcube, as my customers settings would be lost.

Are there any ideas?
 
IgorG said:
What about webserver log?
Click to expand...
It's empty.

BUT:
I found that ModSecurity is blocking the access to this mails.
This is logged in /var/log/modsec_audit.log:

Code: 
Message: Access denied with code 403 (phase 4). Pattern match "(?i)(?:ORA-[0-9][0-9][0-9][0-9]|java\\.sql\\.SQLException|Oracle error|Oracle.*Driver|Warning.*oci_.*|Warning.*ora_.*)" at MATCHED_VAR. [file "/etc/httpd/conf/modsecurity.d/rules/comodo_free/17_Outgoing_FilterSQL.conf"] [line "22"] [id "218020"] [rev "1"] [msg "COMODO WAF: Oracle SQL Information Leakage||webmail.mydomain.com|F|2"] [data "Matched Data: error found within MATCHED_VAR: <!DOCTYPE html>\x0a<html lang=\x22de\x22 class=\x22iframe\x22>\x0a<head>\x0a<meta http-equiv=\x22content-type\x22 content=\x22text/html; charset=UTF-8\x22>\x0a<title>Roundcube Webmail :: Mail subject</title>\x0a\x09<meta name=\x22viewport\x22 content=\x22width=device-width, initial-scale=1.0, shrink-to-fit=no, maximum-scale=1.0\x22>\x0a<meta name=\x22theme-color\x22 content=\x22#f4f4f4\x22>\x0a<meta name=\x22msapplicat..."] [severity "CRITICAL"] [tag "CWAF"] [tag "FilterSQL"]
Message: Warning. Operator GE matched 4 at TX:outgoing_points. [file "/etc/httpd/conf/modsecurity.d/rules/comodo_free/20_Outgoing_FiltersEnd.conf"] [line "38"] [id "214940"] [rev "2"] [msg "COMODO WAF: Outbound Points Exceeded| Total Points: 5|webmail.mydomain.conf|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "FiltersEnd"]
I tried to disable ModSec for that domain, but seems like it cannot be disabled for webmail.
I could disable the rule global, but I don't want to do that because it could be used as security breach.
 
You must log in or register to reply here.

Similar threads

F
Question Mail delivery status notifications not forwarded
Replies
2
Views
811
fcnjd
F
T
Resolved "sent items" emails in Roundcube have all same date/time after restore of mailbox
Replies
2
Views
865
TomBoB
T
F
Issue PHP suddenly crashes
Replies
12
Views
6K
FloLa
F
E
Resolved EFS / Permission denied: AH00035
Replies
1
Views
642
Erwan
E
P
Question 403 forbidden, mail list management link on plesk with litespeed
Replies
0
Views
1K
pauls1919
P
Back
Top