• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

Resolved Roundcube Sieve Plugin not working, 17.8.11 MU 1

hansitheking

hansitheking

Basic Pleskian
If I access Roundcube Webmail 1.3.4 since Plesk 17.8.11 MU 1 I get an error Message while trying to edit the filter rules (Settings > Filters). Error Message: Sorry no connection to Sieve-Server. If you have a look to the logfiles you can see it is an error with the TLS-Cert while the plugin trys to connect to localhost.

Code: 
[11-Mar-2018 10:11:54 UTC] PHP Warning:  stream_socket_enable_crypto(): Peer certificate CN=`*.example.de' did not match expected CN=`localhost' in /usr/share/psa-roundcube/vendor/pear/net_sieve/Sieve.php on line 1239
[11-Mar-2018 10:11:54 UTC] ERROR: Failed to establish TLS connection (2)
[11-Mar-2018 10:11:54 UTC] ERROR: Failed to read from socket ()
 
... or at least I can say that I'm not experiencing this issue while having that setting.

This issue seems to be related: give it a try and report, please...
 
Sergio Manzi said:
This too seems to be solved by modifying /usr/share/psa-roundcube/config/defaults.inc.php with 'verify_peer' => false

See: Forwarded to devs - Roundcube "Connection to storage server failed" when securing mail with Let's Encrypt certificate
Click to expand...
I have tested with
PHP: 
$config['imap_conn_options'] = array(
  'ssl'         => array(
     'verify_peer'  => false,
     'verify_peer_name' => false,
     'allow_self_signed' => true,
   ),
 );
but the error message and log is still the same. Even if I change the config to a more secure setting
:
PHP: 
$config['default_host'] = 'tls://mail.example.de';
@include "/etc/psa-webmail/roundcube/mailhosts.php";

// TCP port used for IMAP connections
$config['default_port'] = 143;

$config['imap_conn_options'] = array(
  'ssl'         => array(
     'verify_peer'  => true,
     'verify_peer_name' => true,
     'allow_self_signed' => false,
   ),
 );

Only the Sieve Plugin is not working (Login to Roundcube and sending mails is working) and in the error log you still see "localhost" and not "mail.example.de". The Cert used for mail.example.de is not from LE in my case it as a wildcard bought one. There this seems not place for setting the verify rule for the sieve connection.

Code: 
[11-Mar-2018 13:14:37 UTC] PHP Warning:  stream_socket_enable_crypto(): Peer certificate CN=`*.example.de' did not match expected CN=`localhost' in /usr/share/psa-roundcube/vendor/pear/net_sieve/Sieve.php on line 1239
[11-Mar-2018 13:14:37 UTC] ERROR: Failed to establish TLS connection (2)
[11-Mar-2018 13:14:37 UTC] ERROR: Failed to read from socket ()
 
Good, I bricked my server while trying this... :(
Give me some time...

Using TLS (like you did, but obviously with my server name) Roundcube gave me an "Internal server error"

@Mark Muyskens Mark, your opinion?
 
Well, after all I haven't bricked my server: it is just my Internet connection acting weird (again)... pfuii... :p

@hansitheking have you tried with:
PHP: 
$config['default_host'] = 'ssl://localhost';
$config['default_port'] = 993;
$config['imap_auth_type'] = 'PLAIN';
$config['imap_conn_options'] = array(
     'ssl' => array(
     'verify_peer' => false,
     'verify_peer_name' => false,
     'allow_self_signed' => true,
   ),
 );

this is working for me (both accessing Roundcube and editing sieves), but the the cert used by my mail subsystem is an LE certificate issued on my server name...
 
Sergio Manzi said:
Well, after all I haven't bricked my server: it is just my Internet connection acting weird (again)... pfuii... :p

@hansitheking have you tried with:
PHP: 
$config['default_host'] = 'ssl://localhost';
$config['default_port'] = 993;
$config['imap_auth_type'] = 'PLAIN';
$config['imap_conn_options'] = array(
     'ssl' => array(
     'verify_peer' => false,
     'verify_peer_name' => false,
     'allow_self_signed' => true,
   ),
 );

this is working for me (both accessing Roundcube and editing sieves), but the the cert used by my mail subsystem is an LE certificate issued on my server name...
Click to expand...

Also with these settings editing sieves is not possible.
 
@hansitheking no problem!
Now I have something else to deal with, but then I'll see if I can come with something else...

On a general note, aren't sieves implemented at the IMAP (Dovecot) level and what Roundcube is doing is just configuring them?
 
OK I got an idea, this is something we tried on the other issue and it didn't do anything but maybe we will have luck here;

Modify /usr/share/psa-roundcube/config/defaults.inc.php - We're adding peer_name

Code: 
$config['imap_conn_options'] = array(
  'ssl'         => array(
     'peer_name' => 'FQDN for cert goes here',
     'verify_peer'  => true,
     'verify_peer_name' => false,
     'allow_self_signed' => true,
   ),
 );
 
The hack is to change the config['sieverules_usetls'] = FALSE in line 35 of

PHP: 
/usr/share/psa-roundcube/plugins/sieverules/config.inc.php

If I Post without spaces my forum account gets looked, please remove the spaces in the path.
 
Last edited by a moderator:
You must log in or register to reply here.

Similar threads

hansitheking
Forwarded to devs Roundcube sieve plugin can´t connect to sieve rules Server
Replies
2
Views
2K
Sergio Manzi
Sergio Manzi
B
Resolved Roundcube - Could not connect to ssl
Replies
3
Views
10K
Sergio Manzi
Sergio Manzi
burnley
Forwarded to devs Dovecot Sieve filtering broke after upgrading from 17.5.3 to 17.8.11
Replies
9
Views
3K
IgorG
IgorG
P
Question Roundcube carddav plugin - missing carddav_addressbooks
Replies
1
Views
2K
proton23
P
Sergio Manzi
Roundcube "Connection to storage server failed"
2
Replies
35
Views
16K
Sergio Manzi
Sergio Manzi
Back
Top