• We value your experience with Plesk during 2024
    Plesk strives to perform even better in 2025. To help us improve further, please answer a few questions about your experience with Plesk Obsidian 2024.
    Please take this short survey:

    https://pt-research.typeform.com/to/AmZvSXkx
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Resolved Roundcube Sieve Plugin not working, 17.8.11 MU 1

hansitheking

Basic Pleskian
If I access Roundcube Webmail 1.3.4 since Plesk 17.8.11 MU 1 I get an error Message while trying to edit the filter rules (Settings > Filters). Error Message: Sorry no connection to Sieve-Server. If you have a look to the logfiles you can see it is an error with the TLS-Cert while the plugin trys to connect to localhost.

Code:
[11-Mar-2018 10:11:54 UTC] PHP Warning:  stream_socket_enable_crypto(): Peer certificate CN=`*.example.de' did not match expected CN=`localhost' in /usr/share/psa-roundcube/vendor/pear/net_sieve/Sieve.php on line 1239
[11-Mar-2018 10:11:54 UTC] ERROR: Failed to establish TLS connection (2)
[11-Mar-2018 10:11:54 UTC] ERROR: Failed to read from socket ()
 
... or at least I can say that I'm not experiencing this issue while having that setting.

This issue seems to be related: give it a try and report, please...
 
This too seems to be solved by modifying /usr/share/psa-roundcube/config/defaults.inc.php with 'verify_peer' => false

See: Forwarded to devs - Roundcube "Connection to storage server failed" when securing mail with Let's Encrypt certificate
I have tested with
PHP:
$config['imap_conn_options'] = array(
  'ssl'         => array(
     'verify_peer'  => false,
     'verify_peer_name' => false,
     'allow_self_signed' => true,
   ),
 );
but the error message and log is still the same. Even if I change the config to a more secure setting
:
PHP:
$config['default_host'] = 'tls://mail.example.de';
@include "/etc/psa-webmail/roundcube/mailhosts.php";

// TCP port used for IMAP connections
$config['default_port'] = 143;

$config['imap_conn_options'] = array(
  'ssl'         => array(
     'verify_peer'  => true,
     'verify_peer_name' => true,
     'allow_self_signed' => false,
   ),
 );

Only the Sieve Plugin is not working (Login to Roundcube and sending mails is working) and in the error log you still see "localhost" and not "mail.example.de". The Cert used for mail.example.de is not from LE in my case it as a wildcard bought one. There this seems not place for setting the verify rule for the sieve connection.

Code:
[11-Mar-2018 13:14:37 UTC] PHP Warning:  stream_socket_enable_crypto(): Peer certificate CN=`*.example.de' did not match expected CN=`localhost' in /usr/share/psa-roundcube/vendor/pear/net_sieve/Sieve.php on line 1239
[11-Mar-2018 13:14:37 UTC] ERROR: Failed to establish TLS connection (2)
[11-Mar-2018 13:14:37 UTC] ERROR: Failed to read from socket ()
 
Good, I bricked my server while trying this... :(
Give me some time...

Using TLS (like you did, but obviously with my server name) Roundcube gave me an "Internal server error"

@Mark Muyskens Mark, your opinion?
 
Well, after all I haven't bricked my server: it is just my Internet connection acting weird (again)... pfuii... :p

@hansitheking have you tried with:
PHP:
$config['default_host'] = 'ssl://localhost';
$config['default_port'] = 993;
$config['imap_auth_type'] = 'PLAIN';
$config['imap_conn_options'] = array(
     'ssl' => array(
     'verify_peer' => false,
     'verify_peer_name' => false,
     'allow_self_signed' => true,
   ),
 );

this is working for me (both accessing Roundcube and editing sieves), but the the cert used by my mail subsystem is an LE certificate issued on my server name...
 
Well, after all I haven't bricked my server: it is just my Internet connection acting weird (again)... pfuii... :p

@hansitheking have you tried with:
PHP:
$config['default_host'] = 'ssl://localhost';
$config['default_port'] = 993;
$config['imap_auth_type'] = 'PLAIN';
$config['imap_conn_options'] = array(
     'ssl' => array(
     'verify_peer' => false,
     'verify_peer_name' => false,
     'allow_self_signed' => true,
   ),
 );

this is working for me (both accessing Roundcube and editing sieves), but the the cert used by my mail subsystem is an LE certificate issued on my server name...

Also with these settings editing sieves is not possible.
 
@hansitheking no problem!
Now I have something else to deal with, but then I'll see if I can come with something else...

On a general note, aren't sieves implemented at the IMAP (Dovecot) level and what Roundcube is doing is just configuring them?
 
OK I got an idea, this is something we tried on the other issue and it didn't do anything but maybe we will have luck here;

Modify /usr/share/psa-roundcube/config/defaults.inc.php - We're adding peer_name

Code:
$config['imap_conn_options'] = array(
  'ssl'         => array(
     'peer_name' => 'FQDN for cert goes here',
     'verify_peer'  => true,
     'verify_peer_name' => false,
     'allow_self_signed' => true,
   ),
 );
 
The hack is to change the config['sieverules_usetls'] = FALSE in line 35 of

PHP:
/usr/share/psa-roundcube/plugins/sieverules/config.inc.php

If I Post without spaces my forum account gets looked, please remove the spaces in the path.
 
Last edited by a moderator:
Back
Top