On 08 Nov 2016, at 09:09, @lbutlr kremels@kreme.com wrote:
I am getting this error after updating to dovecot2-2.2.26.0_1 under FreeBSD 10.2 when a user tries to login via roundcube webmail. I am able to login via my own mail client and there is no error in the log when roundcube fails to login.
I stopped dovecot, removed all the dovecot files from the maildir folders and restarted dovecot, but get the same error.
Some more information:
# openssl s_client -connect localhost:993 CONNECTED(00000003) depth=0 C = US, ST = Colorado, L = Denver, O = COVISP, CN = mail.covisp.net, emailAddress = admin@covisp.net verify error:num=18:self signed certificate verify return:1 depth=0 C = US, ST = Colorado, L = Denver, O = COVISP, CN = mail.covisp.net, emailAddress = admin@covisp.net verify return:1
Certificate chain [etc]
logging in via my mail software works fine:
16:13:49 mail dovecot: imap-login: Login: user=<kremels>, 23.24.150.141, PLAIN, TLS
But from round cube:
IMAP Error in /usr/local/www/roundcube/program/lib/Roundcube/rcube_imap.php (193): Login failed for kremels from 23.24.150.141. Could not connect to ssl://localhost:993: Unknown reason
On Nov 8, 2016, at 4:17 PM, @lbutlr kremels@kreme.com wrote:
IMAP Error in /usr/local/www/roundcube/program/lib/Roundcube/rcube_imap.php (193): Login failed for kremels from 23.24.150.141. Could not connect to ssl://localhost:993: Unknown reason
Thought I had this figured out, PHP5.6 will not accept a self0signed cert for some reason.
However, even if I point dovecot to a not self-signed cert (A let’s encrypt cert/key pari), I am still getting the same error.
# openssl s_client -connect localhost:993 CONNECTED(00000003) depth=1 C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3 verify error:num=20:unable to get local issuer certificate
Not sure what “unable to get local issuer certificate” means.
I did find something online, and tried adding this to the config file for roundcube:
$config['default_host'] = 'tls://mail.covisp.net/';
// PHP 5.6 accept self-sogned certs $config['imap_conn_options'] = array( 'ssl' => array( 'verify_peer' => true, 'allow_self_signed' => true, 'peer_name' => 'mail.covisp.net', 'ciphers' => 'TLSv1+HIGH:!aNull:@STRENGTH', 'cafile' => '/etc/ssl/certs/covisp.net.pem', ), );
But, then I get
Empty startup greeting (mail.covisp.net:993) in /usr/local/www/roundcube/program/lib/Roundcube/rcube_imap.php on line 193 (POST /?_task=login&_action=login)
On Nov 9, 2016, at 3:33 AM, @lbutlr kremels@kreme.com wrote:
# openssl s_client -connect localhost:993 CONNECTED(00000003) depth=1 C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3 verify error:num=20:unable to get local issuer certificate
Fixed this issue (there was a spurious openssl-1.0.1 binary installed, once I removed it and pointed everything at openssl 1.0.2 and setup the letsencrypt certificate in dovecot:
# openssl s_client -connect mail.covisp.net:993 CONNECTED(00000003) depth=2 O = Digital Signature Trust Co., CN = DST Root CA X3 verify return:1 depth=1 C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3 verify return:1 depth=0 CN = covisp.net verify return:1
So that’s good, but roundcube still reports the same error:
Empty startup greeting (mail.covisp.net:993) in /usr/local/www/roundcube/program/lib/Roundcube/rcube_imap.php on line 193
The only other thing that roundcube logs is in logs/sql
[09-Nov-2016 18:44:41 -0700]: <65e749cv> [4] DELETE FROM session WHERE sess_id = ‘<stuff>';
[09-Nov-2016 18:44:41 -0700]: <65e749cv> [5] INSERT INTO session (sess_id, vars, ip, created, changed) VALUES (‘<stuff>', ‘<morestuff>=', '23.24.150.141', now(), now());
Anyone have any ideas? I’m stuck.
On Nov 9, 2016, at 6:51 PM, @lbutlr kremels@kreme.com wrote:
Anyone have any ideas? I’m stuck.
No one?
I'd try but without full config files and log file entries it's really hard to tell what's going wrong... Need to know the details of your setup because Roundcube (or more precisely PHP) refuse to talk to the IMAP server. After all, I assume that you have a working IMAP server that you can connect to from the outside world using some MUA?
On 11/12/2016 05:52 AM, @lbutlr wrote:
On Nov 9, 2016, at 6:51 PM, @lbutlr kremels@kreme.com wrote:
Anyone have any ideas? I’m stuck.
No one?
Roundcube Users mailing list users@lists.roundcube.net http://lists.roundcube.net/mailman/listinfo/users
-
@lbutlr -
Matthias Sitte