Dear subscribers
We just published another update to the both stable versions 1.2 and
1.1 delivering important bug fixes and improvements which we picked
from the upstream branch.
Included is a fix for a recently revealed security issue when using
PHP's mail() function. It has been discovered and kindly reported by
Robin Peraglie using the static code analyzer RIPS [1] and more
details along with a CVE number will be published shortly.
See the full changelog for 1.2.3 in the wiki [2]. …
[View More]Version 1.1.7 is a
security update fixing the mail() issue and thus only relevant to
Roundcube installations not having an SMTP server configured for mail
delivery.
Both versions are considered stable and we recommend to update all
productive installations of Roundcube with either of these versions.
Download them from GitHub via https://roundcube.net/download.
As usual, don't forget to backup your data before updating!
Best,
Thomas
[1] https://www.ripstech.com/
[2] https://github.com/roundcube/roundcubemail/wiki/Changelog#release-123
[View Less]
HI All
I am a first time user to roundcube. I am looking for an alternative to
squirrelmail since a lot of Squirrelmail plugins are not actively
maintained. I am running version 1.2.2,1 on FreeBSD 11. I have completed
the setup and ran all the tests in the installer and everything passed. I
browse to the login page and I am getting the errir "Invalid request no
data saved." I have noticed that a number of people are having this error
but none of the solutions I have seen so far work for me. By …
[View More]the way, I am
running it on postgresql 9.3.15. Can someone please help me troubleshoot
this. Please let me know if there is any more information you need. My
confic.inc.php file below
$config['db_dsnw'] = 'pgsql://roundcube:password@localhost/roundcubemail';
$config['mime_types'] = '/usr/local/etc/nginx/mime.types';
$config['smtp_server'] = 'mail.domain.com';
$config['smtp_port'] = 25;
$config['smtp_pass'] = '%p';
$config['des_key'] = 'rcmail-!24ByteDESkey*Str';
I would really appreciate any help
Regards
[View Less]
Do you still have other openssl libraries installed? What is PHP using? You
mentioned multiple openssl binaries and that's great it works on the
command line.
Have you confirmed the cert matches the cipher list the config options?
Command line output also shows the common name (CN) not matching the
hostname requested.
Any additional SSL details would help!
On Nov 9, 2016 6:58 PM, "@lbutlr" <kremels(a)kreme.com> wrote:
On Nov 9, 2016, at 3:33 AM, @lbutlr <kremels(a)kreme.com> …
[View More]wrote:
> # openssl s_client -connect localhost:993
> CONNECTED(00000003)
> depth=1 C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
> verify error:num=20:unable to get local issuer certificate
Fixed this issue (there was a spurious openssl-1.0.1 binary installed, once
I removed it and pointed everything at openssl 1.0.2 and setup the
letsencrypt certificate in dovecot:
# openssl s_client -connect mail.covisp.net:993
CONNECTED(00000003)
depth=2 O = Digital Signature Trust Co., CN = DST Root CA X3
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
verify return:1
depth=0 CN = covisp.net
verify return:1
So that’s good, but roundcube still reports the same error:
Empty startup greeting (mail.covisp.net:993) in /usr/local/www/roundcube/
program/lib/Roundcube/rcube_imap.php on line 193
The only other thing that roundcube logs is in logs/sql
[09-Nov-2016 18:44:41 -0700]: <65e749cv> [4] DELETE FROM `session` WHERE
`sess_id` = ‘<stuff>';
[09-Nov-2016 18:44:41 -0700]: <65e749cv> [5] INSERT INTO `session`
(`sess_id`, `vars`, `ip`, `created`, `changed`) VALUES (‘<stuff>',
‘<morestuff>=', '23.24.150.141', now(), now());
Anyone have any ideas? I’m stuck.
_______________________________________________
Roundcube Users mailing list
users(a)lists.roundcube.net
http://lists.roundcube.net/mailman/listinfo/users
[View Less]
On 08 Nov 2016, at 09:09, @lbutlr <kremels(a)kreme.com> wrote:
> I am getting this error after updating to dovecot2-2.2.26.0_1 under FreeBSD 10.2 when a user tries to login via roundcube webmail. I am able to login via my own mail client and there is no error in the log when roundcube fails to login.
>
> I stopped dovecot, removed all the dovecot files from the maildir folders and restarted dovecot, but get the same error.
>
> <https://help.directadmin.com/item.php?id=…
[View More]473>
Some more information:
# openssl s_client -connect localhost:993
CONNECTED(00000003)
depth=0 C = US, ST = Colorado, L = Denver, O = COVISP, CN = mail.covisp.net, emailAddress = admin(a)covisp.net
verify error:num=18:self signed certificate
verify return:1
depth=0 C = US, ST = Colorado, L = Denver, O = COVISP, CN = mail.covisp.net, emailAddress = admin(a)covisp.net
verify return:1
---
Certificate chain
[etc]
logging in via my mail software works fine:
16:13:49 mail dovecot: imap-login: Login: user=<kremels>, 23.24.150.141, PLAIN, TLS
But from round cube:
IMAP Error in /usr/local/www/roundcube/program/lib/Roundcube/rcube_imap.php (193): Login failed for kremels from 23.24.150.141. Could not connect to ssl://localhost:993: Unknown reason
[View Less]
Yes, I'm pretty sure it's problem with RC - it uses TLSv1.2 for IMAP
connections but not for SMTP.
PHP is rather new (Debian 7):
php --version
PHP 5.4.45-1~dotdeb+7.1 (cli) (built: Sep 5 2015 00:21:03)
Copyright (c) 1997-2014 The PHP Group
Zend Engine v2.4.0, Copyright (c) 1998-2014 Zend Technologies
> do you really think roundcube has it's own low-level TLS code?
> most likely you run outdated PHP
>
> https://bugs.php.net/bug.php?id=65329
>
> Am 10.11.2016 um 11:02 …
[View More]schrieb Paweł Łukasik:
>> Hello,
>>
>> Roundcube always use TLSv1 for sending mail (used on same host as
>> mailserver with both RSA and ECDSA certs, ports 25 and 587). When I
>> disable all TLS/SSL versions except TLSv1.2 in Postfix config, I
>> cannot
>> send mails from Roundcube (SMTP Error: Authentication failure:
>> STARTTLS
>> failed (Code: ) in /var/www/roundcube/program/lib/Roundcube/rcube.php
>> on
>> line 1649 (POST
>> /?_task=mail&_unlock=loading1478615054443&_lang=en&_framed=1&_action=send)
>> ) but can from desktop/mobile client.
>> Connection from Roundcube to IMAP server is always use TLSv1.2,
>> external
>> servers (i.e. GMail) connect with TLSv1.2.
>>
>> What could cause this behaviour? Is it possible to force TLSv1.2 for
>> SMTP?
--
Pozdrawiam, Paweł Łukasik
[View Less]
Hello,
Roundcube always use TLSv1 for sending mail (used on same host as
mailserver with both RSA and ECDSA certs, ports 25 and 587). When I
disable all TLS/SSL versions except TLSv1.2 in Postfix config, I cannot
send mails from Roundcube (SMTP Error: Authentication failure: STARTTLS
failed (Code: ) in /var/www/roundcube/program/lib/Roundcube/rcube.php on
line 1649 (POST
/?_task=mail&_unlock=loading1478615054443&_lang=en&_framed=1&_action=send)
) but can from desktop/…
[View More]mobile client.
Connection from Roundcube to IMAP server is always use TLSv1.2, external
servers (i.e. GMail) connect with TLSv1.2.
What could cause this behaviour? Is it possible to force TLSv1.2 for
SMTP?
--
Regards, Paul
[View Less]
Hi Gurus,
I have a roundcube 1.1.3 install, a user has reported that sometimes
mail is not able to forward. After a bit of trial and error, I am able
to reproduce the problem reliably if I forward an html mail as html, and
add a new attachment, a popup error saying "failed to send message will
happen. The mail mail server never receives a connection, so I take
this to mean that roundcube cannot craft the mail correctly in order to
pass it to the outgoing server.
If I forward as plain …
[View More]text and add the attachment, the mail will send as
expected.
If I try to forward an html message with an attachment, the message
becomes a plain text message, even though roundcube is configured to
forward html mails as html.
I have looked through config options and bug reports and what google has
to offer, I don't find any way to fix this, wondering if anyone has
suggestions?
Also, I was looking through the changelog up to release 1.2.1 and I
don't see anything that mentions this type of problem being fixed, and
because this install still has some of the old MyRoundcube plugins I
would avoid upgrading in case that breaks more than it fixes.
--
Bob Miller
Computerisms
867-334-7117 / 867-633-3760
http://www.computerisms.ca
[View Less]
I am getting this error after updating to dovecot2-2.2.26.0_1 under FreeBSD 10.2 when a user tries to login via roundcube webmail. I am able to login via my own mail client and there is no error in the log when roundcube fails to login.
I stopped dovecot, removed all the dovecot files from the maildir folders and restarted dovecot, but get the same error.
<https://help.directadmin.com/item.php?id=473>
Hello all,
I’ve recently reinstalled roundcube on an Ubuntu 14.04 machine (version
0.9.5-4). There were no problems with the installation, but now I can
see all my folders, but they all appear empty. Additionally, I can’t
update any of the preferences.
Reinstalling hasn’t helped, so I’m guessing I’ve done something stupid.
Can anyone help?
All main.in.php settings are vanilla, and I’m running Dovecot 2.2.9,
again with a fairly vanilla config.
TIA!
Richard
--
jonze.com/privacy.html