• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

Issue Roundcube shows mails as forbidden

Fabian H

Fabian H

Basic Pleskian
While trying to open some mails on roundcube, the following appears in the content part:

Forbidden​

You don't have permission to access this resource.
Click to expand...

This only occurs by a few mails, even if they just arrived.
Right now, only from one sender.

There are no errors in /var/log/plesk-roundcube/errors and none in /var/log/plesk-php80-fpm/error.log.
I even tried a plesk repair web on the domain, but this don't fixed the problem, same as a apache restart.
While accessing the mail server with outlook and thunderbird, there is no error, seems it is a roundcube problem.
I am using Plesk Obsidian 18.0.36.0 on CentOS Linux release 8.4.2105.

I would rather not reinstall roundcube, as my customers settings would be lost.

Are there any ideas?
 
IgorG said:
What about webserver log?
Click to expand...
It's empty.

BUT:
I found that ModSecurity is blocking the access to this mails.
This is logged in /var/log/modsec_audit.log:

Code: 
Message: Access denied with code 403 (phase 4). Pattern match "(?i)(?:ORA-[0-9][0-9][0-9][0-9]|java\\.sql\\.SQLException|Oracle error|Oracle.*Driver|Warning.*oci_.*|Warning.*ora_.*)" at MATCHED_VAR. [file "/etc/httpd/conf/modsecurity.d/rules/comodo_free/17_Outgoing_FilterSQL.conf"] [line "22"] [id "218020"] [rev "1"] [msg "COMODO WAF: Oracle SQL Information Leakage||webmail.mydomain.com|F|2"] [data "Matched Data: error found within MATCHED_VAR: <!DOCTYPE html>\x0a<html lang=\x22de\x22 class=\x22iframe\x22>\x0a<head>\x0a<meta http-equiv=\x22content-type\x22 content=\x22text/html; charset=UTF-8\x22>\x0a<title>Roundcube Webmail :: Mail subject</title>\x0a\x09<meta name=\x22viewport\x22 content=\x22width=device-width, initial-scale=1.0, shrink-to-fit=no, maximum-scale=1.0\x22>\x0a<meta name=\x22theme-color\x22 content=\x22#f4f4f4\x22>\x0a<meta name=\x22msapplicat..."] [severity "CRITICAL"] [tag "CWAF"] [tag "FilterSQL"]
Message: Warning. Operator GE matched 4 at TX:outgoing_points. [file "/etc/httpd/conf/modsecurity.d/rules/comodo_free/20_Outgoing_FiltersEnd.conf"] [line "38"] [id "214940"] [rev "2"] [msg "COMODO WAF: Outbound Points Exceeded| Total Points: 5|webmail.mydomain.conf|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "FiltersEnd"]
I tried to disable ModSec for that domain, but seems like it cannot be disabled for webmail.
I could disable the rule global, but I don't want to do that because it could be used as security breach.
 
You must log in or register to reply here.

Similar threads

F
Question Mail delivery status notifications not forwarded
Replies
2
Views
421
fcnjd
F
T
Resolved "sent items" emails in Roundcube have all same date/time after restore of mailbox
Replies
2
Views
584
TomBoB
T
E
Resolved EFS / Permission denied: AH00035
Replies
1
Views
203
Erwan
E
P
Question 403 forbidden, mail list management link on plesk with litespeed
Replies
0
Views
785
pauls1919
P
CobraArbok
Question Emails from bank not received
Replies
2
Views
998
CobraArbok
CobraArbok
Back
Top