Hello guys, I've been testing 0.3rc1 and everything works fine until now, except for the SSL feature of SMTP.
My config is as follow : # less config/main.inc.php [...] $rcmail_config['smtp_server'] = 'ssl://localhost'; $rcmail_config['smtp_port'] = 25; $rcmail_config['smtp_user'] = '%u'; $rcmail_config['smtp_pass'] = '%p'; $rcmail_config['smtp_auth_type'] = 'PLAIN'; [...]
This configuration works fine in Thunderbird (see attachment) but doesn't with roundcube. When I try to send an email, I get a server error in the interface and the following log in apache :
[Wed Aug 05 23:06:08 2009] [info] [client xxx.xxx.xxx.xxx] Connection to child 0 established (server xxx.xxx.xxx.xxx:443) [Wed Aug 05 23:06:08 2009] [info] Seeding PRNG with 1672 bytes of entropy [Wed Aug 05 23:06:08 2009] [info] Initial (No.1) HTTPS request received for child 0 (server xxx.xxx.xxx.xxx:443) [Wed Aug 05 23:06:08 2009] [info] Subsequent (No.2) HTTPS request received for child 0 (server xxx.xxx.xxx.xxx:443) [Wed Aug 05 23:06:08 2009] [error] [client xxx.xxx.xxx.xxx] fsockopen() [<a href='function.fsockopen'>function.fsockopen</a>]: unable to connect to ssl://localhost:25 (Unknown error) (0): , referer: https://xxx.xxx.xxx.xxx/mail/?_task=mail&_id=141016%5Bnumber_and_letters... [Wed Aug 05 23:06:08 2009] [error] [client xxx.xxx.xxx.xxx] Failed to connect socket: fsockopen() [<a href='function.fsockopen'>function.fsockopen</a>]: unable to connect to ssl://localhost:25 (Unknown error) (): , referer: https://xxx.xxx.xxx.xxx/mail/?_task=mail&_id=141016%5Bnumber_and_letters... [Wed Aug 05 23:06:13 2009] [info] [client xxx.xxx.xxx.xxx] (70007)The timeout specified has expired: SSL input filter read failed. [Wed Aug 05 23:06:13 2009] [info] [client xxx.xxx.xxx.xxx] Connection closed to child 0 with standard shutdown (server xxx.xxx.xxx.xxx:443)
I've hesitated before posting this here because I'm not too sure about what the configuration of roundcube should be... But, it can't do any bad to clarify it anyway.
Any clue ?
Julien
--- 8< --- detachments --- 8< --- The following attachments have been detached and are available for viewing. http://detached.gigo.com/rc/8C/ephhinum/smtp_ssl_tbird.png http://detached.gigo.com/rc/8C/ephhinum/smime.p7s Only click these links if you trust the sender, as well as this message. --- 8< --- detachments --- 8< ---
List info: http://lists.roundcube.net/dev/
On Wed, 05 Aug 2009 23:17:55 +0200, Julien Vehent julien@linuxwall.info wrote:
$rcmail_config['smtp_server'] = 'ssl://localhost';
try without ssl, you will have tls enabled in port 25 ?
$rcmail_config['smtp_port'] = 25; $rcmail_config['smtp_user'] = '%u'; $rcmail_config['smtp_pass'] = '%p'; $rcmail_config['smtp_auth_type'] = 'PLAIN';
here i have null, and my 0.3 does fine smtp auth see my header :)
Benny Pedersen wrote:
On Wed, 05 Aug 2009 23:17:55 +0200, Julien Vehent julien@linuxwall.info wrote:
$rcmail_config['smtp_server'] = 'ssl://localhost';
try without ssl, you will have tls enabled in port 25 ?
It works fine without ssl. My postfix configuration enables STARTTLS on port 25.
$ nc 192.168.1.55 25 220 smtp.linuxwall.info ehlo mail 250-zerhuel.linuxwall.info 250-PIPELINING 250-SIZE 10240000 250-VRFY 250-ETRN 250-STARTTLS 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 DSN
Authentication using PLAIN and LOGIN is available only after activation of STARTTLS, so it doesn't appear above. But if I redo the connection using openssl :
$ openssl s_client -connect xxx.xxx.xxx.xxx:25 -starttls smtp CONNECTED(00000003) [SSL JUNK]
250 DSN ehlo mail 250-zerhuel.linuxwall.info 250-PIPELINING 250-SIZE 10240000 250-VRFY 250-ETRN 250-AUTH PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 DSN
$rcmail_config['smtp_port'] = 25; $rcmail_config['smtp_user'] = '%u'; $rcmail_config['smtp_pass'] = '%p'; $rcmail_config['smtp_auth_type'] = 'PLAIN';
here i have null, and my 0.3 does fine smtp auth see my header :)
I tried with both NULL and PLAIN, same result...
Julien
--- 8< --- detachments --- 8< --- The following attachments have been detached and are available for viewing. http://detached.gigo.com/rc/bF/Jw8Kuh5k/smime.p7s Only click these links if you trust the sender, as well as this message. --- 8< --- detachments --- 8< ---
List info: http://lists.roundcube.net/dev/
Julien Vehent wrote:
Hello guys, I've been testing 0.3rc1 and everything works fine until now, except for the SSL feature of SMTP.
My config is as follow : # less config/main.inc.php [...] $rcmail_config['smtp_server'] = 'ssl://localhost';
ähm, SSL for your localhost does not really make sense in my opinion. The only outcome will be that the connection will be way slower because of the SSL handshake.... but it does not add any security.
Best regards,
Michael _______________________________________________ List info: http://lists.roundcube.net/dev/
On Thu, Aug 6, 2009 at 7:47 AM, Julien Vehentjulien@linuxwall.info wrote:
Benny Pedersen wrote:
On Wed, 05 Aug 2009 23:17:55 +0200, Julien Vehent julien@linuxwall.info wrote:
$rcmail_config['smtp_server'] = 'ssl://localhost';
try without ssl, you will have tls enabled in port 25 ?
It works fine without ssl. My postfix configuration enables STARTTLS on port 25.
tls://localhost:25 ?
Till _______________________________________________ List info: http://lists.roundcube.net/dev/
On Thu, 06 Aug 2009 11:21:16 +0200, Michael Baierl mail@mbaierl.com wrote:
Julien Vehent wrote:
Hello guys, I've been testing 0.3rc1 and everything works fine until now, except
for
the SSL feature of SMTP.
My config is as follow : # less config/main.inc.php [...] $rcmail_config['smtp_server'] = 'ssl://localhost';
ähm, SSL for your localhost does not really make sense in my opinion. The only outcome will be that the connection will be way slower because of the SSL handshake.... but it does not add any security.
Wow, thank you for your enlightment, it's great, because, you know, I didn't figure that out myself...
0.3rc1 is a release candidate, so I'm running tests as requested by the dev team.
Is there anybody to reproduce this problem on another configuration, so we can see if it comes from my conf or if it's actually a code issue ?
note: I can create a test account on my smtp server: smtp.linuxwall.info. Configuration is detailed here (in french unfortunately) http://wiki.linuxwall.info/doku.php?id=ressources:dossiers:postfix:smtp_tls
Julien
List info: http://lists.roundcube.net/dev/
On Thu, 6 Aug 2009 11:34:08 +0200, till klimpong@gmail.com wrote:
On Thu, Aug 6, 2009 at 7:47 AM, Julien Vehentjulien@linuxwall.info
wrote:
Benny Pedersen wrote:
On Wed, 05 Aug 2009 23:17:55 +0200, Julien Vehent julien@linuxwall.info wrote:
$rcmail_config['smtp_server'] = 'ssl://localhost';
try without ssl, you will have tls enabled in port 25 ?
It works fine without ssl. My postfix configuration enables STARTTLS on port 25.
tls://localhost:25 ?
Nope, I get the exact same error. It seems that either the keyword ssl:// is not recognized (but it works fine on IMAP) or the STARTTLS is not handle properly...
Or my conf is completely screwed. But once again it works fine for IMAP (SSL on port 993 with cyrus-imap).
julien
List info: http://lists.roundcube.net/dev/
till wrote:
tls://localhost:25 ?
This will not work with Net_SMTP package. Maybe we should prevent this.
$rcmail_config['smtp_server'] = 'host'; $rcmail_config['smtp_port'] = 25;
If server requires TLS then it's enabled. Currently in Net_SMTP package there's no option to force TLS skipping.
$rcmail_config['smtp_server'] = 'ssl://host'; $rcmail_config['smtp_port'] = 465;
Port 25 is for plain SMTP, for SSL most often port 465 (or 587) is used.
On Thu, 06 Aug 2009 12:07:24 +0200, "A.L.E.C" alec@alec.pl wrote:
till wrote:
tls://localhost:25 ?
This will not work with Net_SMTP package. Maybe we should prevent this.
- SMTP TLS:
$rcmail_config['smtp_server'] = 'host'; $rcmail_config['smtp_port'] = 25;
If server requires TLS then it's enabled. Currently in Net_SMTP package there's no option to force TLS skipping.
- SMTP SSL:
$rcmail_config['smtp_server'] = 'ssl://host'; $rcmail_config['smtp_port'] = 465;
Port 25 is for plain SMTP, for SSL most often port 465 (or 587) is used.
OK, so to use STARTTLS with roundcube, the postfix server must be configured with the option smtpd_enforce_tls = yes, right ?
IMHO, this is dangerous because a lot of MUA and MTA don't support TLS, and it would then presuppose that I have one SMTP server for roundcube with TLS enforced, and another one to receive emails from the rest of the world...
Still right ?
julien
List info: http://lists.roundcube.net/dev/
Julien Vehent wrote:
OK, so to use STARTTLS with roundcube, the postfix server must be configured with the option smtpd_enforce_tls = yes, right ?
No, it is must not. As I see in the code, STARTTLS is called when authentication is requested (when smtp_user and smtp_pass options in Roundcube config are set) and (from Net_SMTP):
version_compare(PHP_VERSION, '5.1.0', '>=') && extension_loaded('openssl') && isset($this->_esmtp['STARTTLS']) && strncasecmp($this->host, 'ssl://', 6) != 0
On Thu, 06 Aug 2009 07:47:09 +0200, Julien Vehent julien@linuxwall.info wrote:
I tried with both NULL and PLAIN, same result...
postconf -e smtpd_tls_auth_only=no
On Thu, 06 Aug 2009 12:17:14 +0200, Julien Vehent julien@linuxwall.info wrote:
OK, so to use STARTTLS with roundcube, the postfix server must be configured with the option smtpd_enforce_tls = yes, right ?
this will disable regulary smtpd to work without tls, dont force tls as requirement
it makes more sense to only have permit_sasl_* in postfix if you dont want non smtp auth clients