Rouncube SMTP error CONNECTION FAILED

Discussion in 'Installation/Configuration' started by francoisPE, Nov 10, 2020.

  1. francoisPE

    francoisPE Active Member HowtoForge Supporter

    Hello,
    I have ispc3.2 with ubuntu 20.04. I set up perfect server tuto and add roundcube following ubuntu 18.04 tuto and ispc plugin tuto
    My mail works well with thunderbird. I receive well. I send message through port 465 (SSL) w/o problem.
    But I face difficulty with roundcube. I receive messages but it refuses send message on 465, only 25 works.
    in /etc/roundcube/config.inc.php
    Only "$config['smtp_port'] = 25;" works...
    I try : netstat -ntap | grep 465
    it gives
    "
    tcp 0 0 0.0.0.0:465 0.0.0.0:* LISTEN 164933/master
    tcp6 0 0 :::465 :::* LISTEN 164933/master

    Fyi : Full /etc/roundcube/config.inc.php
    $config = array();
    include_once("/etc/roundcube/debian-db-roundcube.php");
    $config['default_host'] = 'localhost';
    $config['smtp_server'] = 'localhost';
    $config['smtp_port'] = 465;
    $config['smtp_user'] = '%u';
    $config['smtp_pass'] = '%p';
    $config['support_url'] = '';
    $config['product_name'] = 'Roundcube Webmail';
    $config['des_key'] = 'xxxxxx-removedxxxxx';
    $config['plugins'] = array(
    );
    $config['skin'] = 'elastic';
    $rcmail_config['plugins'] = array("jqueryui", "ispconfig3_account", "ispconfig3_autoreply", "ispconfig3_autoselect", "ispconfig3_pass", "ispcon>
    "
    (ispc plugins in roundcube work well :)
     
  2. Jesse Norell

    Jesse Norell Well-Known Member Staff Member Howtoforge Staff

    Try: $config['smtp_server'] = 'ssl://localhost/';
     
  3. francoisPE

    francoisPE Active Member HowtoForge Supporter

    I tried with
    $config['smtp_port'] = 465;
    and w/o
    No success !
    Now I am back to port 25 and it doesn't work : "smtp error 451 : temporary look up"
    I tested my MX. there are ok.
    I am trying to set up a ptr DNS and looking at what should I put in name and canonical name. May be this is this that bring problem ?
     
  4. francoisPE

    francoisPE Active Member HowtoForge Supporter

    I review mail logs. It seems to be mailman. I had a concern when setting it, I removed.
    apt remove --purge mailman
    rm -fr /var/lib/mailman/
    but now it is asking me
    /var/lib/mailman/data/aliases which is missing
    It seems I have mail somewhere in a queue but don't know how to repair !
     
  5. Jesse Norell

    Jesse Norell Well-Known Member Staff Member Howtoforge Staff

    Create that as an empty file, eg. 'touch /var/lib/mailman/data/aliases'
     
  6. francoisPE

    francoisPE Active Member HowtoForge Supporter

    I am back with a fresh reinstall to avoid any other configuration concerns.
    I try
    $config['smtp_server'] = 'ssl://localhost/';
    $config['smtp_port'] = 465;
    when sending in roundcube, answers 'SMTP -1 : connection to server error'

    idem with
    $config['smtp_server'] = 'STARTTLS://localhost/'; ## STARTTLS from an original idea of mine ;-) !
    $config['smtp_port'] = 587;

    only
    $config['smtp_server'] = 'localhost';
    $config['smtp_port'] = 25;
    works...
     
  7. nhybgtvfr

    nhybgtvfr Well-Known Member HowtoForge Supporter

    i don't think you can use 'localhost' on ports 465 or 587. put the actual server FQDN ( or whatever FQDN you used for the cert ) there.
    it's trying to match the requested address to the name on the certificate, localhost is never going to be included in the certificate.
     
  8. Taleman

    Taleman Well-Known Member HowtoForge Supporter

    Is this a multiserver setup? Does it make sense to try to use certificate on a localhost connection?
    I have set up Roundcube on ISPConfig following the Perfect Server guide and it just works.
     
    Th0m likes this.
  9. francoisPE

    francoisPE Active Member HowtoForge Supporter

    Yess men !! Giant, it works with
    $config['smtp_server'] = 'ssl://ns1.domain.tld/';
    $config['smtp_port'] = 465;

    as I have multiversers, it make all sense like that !
    Thanks so much :)
     
  10. nhybgtvfr

    nhybgtvfr Well-Known Member HowtoForge Supporter

    multiversers ??? don't they take up a lot of room? :p

    sorry. couldn't resist... :rolleyes:
     
    Th0m likes this.
  11. Th0m

    Th0m ISPConfig Developer Staff Member ISPConfig Developer

    If roundcube is on the same servers as the mailserver, use localhost, without ssl:// in front of it, and port 25. If it is a external server, I would use tls:// with port 587.
     
  12. Jesse Norell

    Jesse Norell Well-Known Member Staff Member Howtoforge Staff

    Just some comments that might clarify for others finding this thread, any time you're using port 465 you need use ssl (ie. prefix your smtp_server setting with ssl://), and any time you use 587, you need to use tls.

    When you use ssl/tls, if you have a certificate name mismatch (like connecting to 'localhost' which is not a name in the server's certificate), you will have to either change hostnames or configure roundcube to ignore the mismatch, which is done via the smtp_conn_options config setting:
    Code:
    // SMTP socket context options
    // See http://php.net/manual/en/context.ssl.php
    // The example below enables server certificate validation, and
    // requires 'smtp_timeout' to be non zero.
    // $config['smtp_conn_options'] = array(
    //   'ssl'         => array(
    //     'verify_peer'  => true,
    //     'verify_depth' => 3,
    //     'cafile'       => '/etc/openssl/certs/ca.crt',
    //   ),
    // );
    // Note: These can be also specified as an array of options indexed by hostname
    $config['smtp_conn_options'] = null;
    
    Sending on localhost port 25 is efficient in that it doesn't require any cpu for ssl, but generally is preferred to use the submission ports 465/587, which allows different configuration for port 25 (eg. more spam controls, although there isn't very much different currently in a default setup) and better filtering of networks.
     
    Taleman and Th0m like this.
  13. francoisPE

    francoisPE Active Member HowtoForge Supporter

    :)
    Everything clear !
    Thanks a lot for all that details
     

Share This Page