multi server setup - connection to imap server failed after update to 3.2.2

Discussion in 'Installation/Configuration' started by chief, Jan 11, 2021.

  1. chief

    chief Member HowtoForge Supporter

    ispconfig 3.2.2
    debian 9 (stretch)
    web, mail, 2 x dns, web2, web3 and new test server.
    After upgrading to 3.2.2 from 3.1.15p all went well, i generated new cert (i shouldnt have) but i did.
    My problem.
    roundcube states - connection to imap server failed. the web server connects to mail.tlsystems.co.uk for imap mail.
    specific error from /var/log/roundcube/error
    Code:
    [11-Jan-2021 09:43:43 UTC] PHP Warning:  stream_socket_enable_crypto(): Unable to locate peer certificate CN in /usr/share/roundcube/program/lib/Roundcube/rcube_imap_generic.php on line 1017
    [11-Jan-2021 09:43:43 +0000]: <nfpu7nds> IMAP Error: Login failed for [email protected] from 79.79.62.1. Unable to negotiate TLS in /usr/share/roundcube/program/lib/Roundcube/rcube_imap.php on line 193 (POST /webmail/?_task=login&_action=login)
    I am not sure whether TLS or SSL security is working.
    as on mail server im getting this:
    Code:
    TLS handshaking: SSL_accept() failed: error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown: SSL alert number 46, session=</>
    I havent updated to latest Lets encrypt, as i thought that would be too much change too quick, but if this is the issue or another part of it please let em know.

    dave
     
  2. Th0m

    Th0m ISPConfig Developer Staff Member ISPConfig Developer

    Can you share your roundcube config (remove sensitive parts)?
     
  3. chief

    chief Member HowtoForge Supporter

    <b>/etc/roundcube/config.inc.php</b>
    Code:
    $config = array();
    include_once("/etc/roundcube/debian-db-roundcube.php");
    $config['default_host'] = 'tls://mail.tlsystems.co.uk';
    $config['imap_conn_options'] = array('ssl' => array('verify_peer' => false,'verfify_peer_name' => false,),);
    $config['smtp_conn_options'] = array('ssl' => array('verify_peer' => false,'verify_peer_name' => false,),);
    $config['smtp_server'] = 'tls://mail.tlsystems.co.uk';
    $config['smtp_port'] = 465;
    $config['smtp_user'] = '%u';
    $config['smtp_pass'] = '%p';
    $config['support_url'] = '';
    $config['product_name'] = 'Roundcube Webmail';
    $config['des_key'] = 'some-key-here';
    $config['plugins'] = array(
    $config['skin'] = 'larry';
    $config['enable_spellcheck'] = true;
    
     
  4. chief

    chief Member HowtoForge Supporter

    Just the config.inc.php?
     
  5. Th0m

    Th0m ISPConfig Developer Staff Member ISPConfig Developer

    You are using port 465 and tls://, you should use 587 for TLS and 465 for SSL.
     
  6. chief

    chief Member HowtoForge Supporter

    I have changed that, im still getting ...
    Code:
    connection to imap server failed
    output from /etc/log/roundcube/error
    Code:
    [11-Jan-2021 11:09:53 UTC] PHP Warning:  stream_socket_enable_crypto(): Unable to locate peer certificate CN in /usr/share/roundcube/program/lib/Roundcube/rcube_imap_generic.php on line 1017
    [11-Jan-2021 11:09:53 +0000]: <nfpu7nds> IMAP Error: Login failed for test@..... from 79.79.62.1. Unable to negotiate TLS in /usr/share/roundcube/program/lib/Roundcube/rcube_imap.php on line 193 (POST /webmail/?_task=login&_action=login)
    
     
  7. Th0m

    Th0m ISPConfig Developer Staff Member ISPConfig Developer

    You have a typo:
    $config['imap_conn_options'] = array('ssl' => array('verify_peer' => false,'verfify_peer_name' => false,),);

    verfify should be verify of course.
     
    chief likes this.
  8. chief

    chief Member HowtoForge Supporter

    Thank you so much, i could not see that typo. not sure how that happened as all i did was update the ispconfig.
    thanks again Th0m

    dave
     
  9. Th0m

    Th0m ISPConfig Developer Staff Member ISPConfig Developer

    Coincidence I think ;) But could be that the change of cert caused this setting to be needed but it "wasn't" set.
     

Share This Page