[1.5-beta] Broken IMAP socket options

[tborychowski]

Hello, I was trying out the 1.5-beta version and have some issues with connecting to the mail server (running mailcow).

• First I tried the docker version but it didn't work with the default mailcow config (where hosts are local, see below), it only worked if I put the FQDM as server host.
• Next - I backed up my local RC v1.4 (that is working) and followed the upgrade guide from the 1.5-beta - but the error I'm getting is the same as in docker version

My roundcube config is almost the same as in mailcow's docs, where servers are using docker's local host references, like so:

$config['default_host'] = 'tls://dovecot';
$config['smtp_server'] = 'tls://postfix';

Has anything changed in 1.5-beta with regard to connection? Or is there another reason, why v1.4 would work, but v1.5-beta wouldn't?

[johndoh]

whats the error?

also see https://github.com/roundcube/roundcubemail/wiki/FAQ#problems-connecting-imapsmtp-server-via-ssltls

[tborychowski]

Hi @johndoh, thanks for a quick response :-)

The errors.log shows this:

[28-Feb-2021 16:05:25 +0000]: <025e869e> IMAP Error: Login failed for user1@example.com 
against dovecot from 192.168.1.1 (X-Forwarded-For: 192.168.1.1). 
Unable to negotiate TLS in /web/roundcube/program/lib/Roundcube/rcube_imap.php on line 210 
(POST /roundcube/?_task=login&_action=login)

and imap.log shows this:

[28-Feb-2021 16:29:08 +0000]: <025e869e> [97B8] Connecting to tls://dovecot:143...
[28-Feb-2021 16:29:08 +0000]: <025e869e> [97B8] S: * OK [CAPABILITY IMAP4rev1 SASL-IR LOGIN-REFERRALS ID ENABLE IDLE LITERAL+ STARTTLS LOGINDISABLED] Dovecot ready.
[28-Feb-2021 16:29:08 +0000]: <025e869e> [97B8] C: A0001 STARTTLS
[28-Feb-2021 16:29:08 +0000]: <025e869e> [97B8] S: A0001 OK Begin TLS negotiation now.

I am using let's encrypt certs, but disabled cert verification in config.inc.php:

$config['imap_conn_options'] = array(
    'ssl' => array('verify_peer' => false, 'verify_peer_name' => false, 'allow_self_signed' => true)
);
$config['smtp_conn_options'] = array(
    'ssl' => array('verify_peer' => false, 'verify_peer_name' => false, 'allow_self_signed' => true)
);

but still no luck. The old instance (v1.4) connects & logs in fine, while the new one (v1.5) doesn't :-|

[johndoh]

I think 7e5301f6368622080550a19d4949176728bd59dd is the issue. After that the imap_conn_options config is not being respected. Again, I think! Please someone else confirm. As a simple test I changed line 154 of program/lib/Roundcube/rcube_imap.php from:

'socket_options' => [],

to

'socket_options' => $this->options['socket_options'],

and then connections to servers with "invalid" certs worked again for me.

[tborychowski]

Thank you! That change worked for me!

[alecpl]

Fixed.