search

roundcube / roundcubemail-docker

Resources to build Docker images for Roundcube Webmail
280 stars 126 forks source link

IMAPS not working with letsencrypt #126

Open Fernien opened 3 years ago

Fernien commented 3 years ago

I set everything up without any SSL configured on the mail server side and the roundcube side. After getting this to work i switched the mail server to use letsencrypt certificates. So i changed the roundcube config as well but i can't login in via roundcube anymore.

My Mail Server is functioning since its working in thunderbird. The thunderbird settings are these: IMAP: Port 143 STARTTLS

SMTP: Port 25 STARTTLS

The auth type is Passwort, normal

Knowing that these settings work i did this to the roundcube docker-compose file:

      - ROUNDCUBEMAIL_DEFAULT_HOST=tls://mail.example.de
      - ROUNDCUBEMAIL_DEFAULT_PORT=143
      - ROUNDCUBEMAIL_SMTP_SERVER=tls://smtp.example.de
      - ROUNDCUBEMAIL_SMTP_PORT=25

when i try to login i get the following error:

roundcubemail | errors: <60a672ec> IMAP Error: Login failed for niklas@example.de against mail.example.de from 172.21.0.1(X-Forwarded-For: XXX.XXX.XXX.XXX). Could not connect to mail.example.de:143: Connection refused in /var/www/html/program/lib/Roundcube/rcube_imap.php on line 200 (POST /?_task=login&_action=login)

I have no idea why this isnt working since it was in plaintext and it still does using mail clients.

thomascube commented 3 years ago

Seems like a duplicate of #72. Please check if setting the imap_conn_options config option as suggested in that ticket fixes the problem.

Fernien commented 3 years ago

I either don't know how to implement the said fixes or it doesn't work.

What I did: *customcfg.inc.php under www/config

<?php
$config['imap_conn_options'] = [
  'ssl' => [
    'verify_peer'  => true,
  ],
];

*added include(DIR . '/customcfg.inc.php'); to config.inc.php

Before that I tried adding these lines in the config.docker.inc.php to at least temporary get the effect

Fernien commented 3 years ago

Seems like a duplicate of #72. Please check if setting the imap_conn_options config option as suggested in that ticket fixes the problem.

Any Ideas?

thomascube commented 3 years ago

The example from issue #72 is incorrect. It should be 'verify_peer' => false,

Fernien commented 3 years ago

The example from issue #72 is incorrect. It should be 'verify_peer' => false,

Does not change anything. Still doesn't work

Fernien commented 3 years ago

Hello?

LupusMichaelis commented 3 years ago

I don't thing it's the certificate the problem. The default auth method used by RoundCube is DIGEST-MD5, not PLAIN (as you seem to do).

I did a pull request that helps tweaking this as I had the same issue, but for LOGIN method.

thomascube commented 3 years ago

I don't thing it's the certificate the problem. The default auth method used by RoundCube is DIGEST-MD5, not PLAIN (as you seem to do).

The error message says "Could not connect to mail.example.de:143: Connection refused". The connection to the IMAP server fails on transport layer level and it doesn't even reach the point where a login attempt (with whatever method) is made.

FWIW: if imap_auth_type is not set in config (that's the default), Roundcube selects the best from the authentication options offered by the IMAP server.

AlexanderZhirov commented 3 years ago

Colleagues, is there a solution to this problem?

On client errors: <1b37b033> IMAP Error: Login failed for test@mail.su against mailserver from 192.168.160.2(X-Real-IP: 185.220.70.51,X-Forwarded-For: 185.220.70.51). Unable to negotiate TLS in /var/www/html/program/lib/Roundcube/rcube_imap.php on line 200 (POST /?_task=login&_action=login)

On server Jun 14 21:18:24 mail dovecot: imap-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=192.168.160.9, lip=192.168.160.7, TLS, session=<GVIW4r3ERKbAqKAJ>

AlexanderZhirov commented 3 years ago

Colleagues, is there a solution to this problem?

On client errors: <1b37b033> IMAP Error: Login failed for test@mail.su against mailserver from 192.168.160.2(X-Real-IP: 185.220.70.51,X-Forwarded-For: 185.220.70.51). Unable to negotiate TLS in /var/www/html/program/lib/Roundcube/rcube_imap.php on line 200 (POST /?_task=login&_action=login)

On server Jun 14 21:18:24 mail dovecot: imap-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=192.168.160.9, lip=192.168.160.7, TLS, session=<GVIW4r3ERKbAqKAJ>

Any thoughts on this?

Fernien commented 3 years ago

@AlexanderZhirov i gave up and was searched for an alternative. Maybe have a look at open exchange. Its better than roundcube anyway

AlexanderZhirov commented 3 years ago

@AlexanderZhirov i gave up and was searched for an alternative. Maybe have a look at open exchange. Its better than roundcube anyway

I think that the solution to this problem has little effort. All the same, it is massive. Why hasn't it been eliminated?

mszczepanczyk commented 2 years ago

Had the same problem when connecting to my local server with self-signed certificate (with mismatching domain 😅). I managed to get around with this config. I don't recommend to use it in production though.

    $config['imap_conn_options'] = [
        'ssl'         => [
            'verify_peer'  => false,
            'verify_peer_name'  => false,
            'allow_self_signed' => true,
        ],
        'tls'         => [
            'verify_peer'  => false,
            'verify_peer_name'  => false,
            'allow_self_signed' => true,
        ],
    ];

    $config['smtp_conn_options'] = [
        'ssl'         => [
            'verify_peer'  => false,
            'verify_peer_name'  => false,
            'allow_self_signed' => true,
        ],
        'tls'         => [
            'verify_peer'  => false,
            'verify_peer_name'  => false,
            'allow_self_signed' => true,
        ],
    ];