[SOLVED] Roundcube "Soap Error: Forbidden" after update (of geoip database)

Discussion in 'Plugins/Modules/Addons' started by adrastea, Sep 5, 2020.

  1. adrastea

    adrastea New Member

    Hallo, all,
    I'm running a Debian Buster Webserver with ISPConfig and Roundcube and its ISPConfig-Plugins.
    Until middle of august 2020, everthing runs fine.
    My environment:
    - ISPConfig 3.1.15p3
    - Roundcube Webmail 1.3.15
    - PHP 7.3.21
    Since the update, I cannot access the ISPConfig Plugins, except the password plugin.
    I get this error: "Soap Error: Forbidden".
    I replaced the plugins with the latest ones but without success.
    By the way: another problem could be solved:
    After the update, all identities where invisible. I fixed this problem by set $config['default_host']='my-server-name' instead of 'localhost', that was set before.

    Any idea what's going wrong?
    Thank you in advance,
    Ralf
     
  2. Th0m

    Th0m ISPConfig Developer Staff Member ISPConfig Developer

    What did you update?

    Does your remote user have the rights to every function that’s needed for the plugins?
     
  3. adrastea

    adrastea New Member

    On 14th of August, the packages roundcube-plugins, roundcube-core, roundcube-mysql and roundcube where updated.
    This is the list of enabled plugins of the remote user:
    • Server functions
    • Mail domain functions
    • Mail domain alias functions
    • Mail user functions
    • Mail alias functions
    • Mail spamfilter user functions
    • Mail spamfilter policy functions
    • Mail fetchmail functions
    • Mail spamfilter whitelist functions
    • Mail spamfilter blacklist functions
    • Mail user filter functions
    • Client functions
    Nothing was changed after the successful installation of the server a year ago, as far as I know.
    I'm pretty sure I enabled the autoreply function in July successfully. everything was fine befor the update.
     
  4. Th0m

    Th0m ISPConfig Developer Staff Member ISPConfig Developer

    Did the update overwrite your roundcube config? And can you share it?

    Also, does /usr/share/roundcube/plugins/ispconfig3_account/config/config.inc.php contain the correct login details?
     
  5. adrastea

    adrastea New Member

    I'm not realy shure, but I suppose, not.
    The plugins are stored in /var/lib/roundcube/plugins as it was described in the howto's. In my opinion, the login details are correct. I replaced the password today, but without any effect.
    This is my configuration /etc/roundcube/config.inc.php:
    Code:
    <?php
    
    /*
    +-----------------------------------------------------------------------+
    | Local configuration for the Roundcube Webmail installation.           |
    |                                                                       |
    | This is a sample configuration file only containing the minimum       |
    | setup required for a functional installation. Copy more options       |
    | from defaults.inc.php to this file to override the defaults.          |
    |                                                                       |
    | This file is part of the Roundcube Webmail client                     |
    | Copyright (C) 2005-2013, The Roundcube Dev Team                       |
    |                                                                       |
    | Licensed under the GNU General Public License version 3 or            |
    | any later version with exceptions for skins & plugins.                |
    | See the README file for a full license statement.                     |
    +-----------------------------------------------------------------------+
    */
    
    $config = array();
    
    /* Do not set db_dsnw here, use dpkg-reconfigure roundcube-core to configure database ! */
    include_once("/etc/roundcube/debian-db-roundcube.php");
    
    // The IMAP host chosen to perform the log-in.
    // Leave blank to show a textbox at login, give a list of hosts
    // to display a pulldown menu or set one host as string.
    // To use SSL/TLS connection, enter hostname with prefix ssl:// or tls://
    // Supported replacement variables:
    // %n - hostname ($_SERVER['SERVER_NAME'])
    // %t - hostname without the first part
    // %d - domain (http hostname $_SERVER['HTTP_HOST'] without the first part)
    // %s - domain name after the '@' from e-mail address provided at login screen
    // For example %n = mail.domain.tld, %t = domain.tld
    //$config['default_host'] = 'localhost';
    $config['default_host'] = 'myservername.de';
    
    // SMTP server host (for sending mails).
    // Enter hostname with prefix tls:// to use STARTTLS, or use
    // prefix ssl:// to use the deprecated SSL over SMTP (aka SMTPS)
    // Supported replacement variables:
    // %h - user's IMAP hostname
    // %n - hostname ($_SERVER['SERVER_NAME'])
    // %t - hostname without the first part
    // %d - domain (http hostname $_SERVER['HTTP_HOST'] without the first part)
    // %z - IMAP domain (IMAP hostname without the first part)
    // For example %n = mail.domain.tld, %t = domain.tld
    $config['smtp_server'] = 'localhost';
    
    // SMTP port (default is 25; use 587 for STARTTLS or 465 for the
    // deprecated SSL over SMTP (aka SMTPS))
    $config['smtp_port'] = 25;
    
    // SMTP username (if required) if you use %u as the username Roundcube
    // will use the current username for login
    $config['smtp_user'] = '%u';
    
    // SMTP password (if required) if you use %p as the password Roundcube
    // will use the current user's password for login
    $config['smtp_pass'] = '%p';
    
    // provide an URL where a user can get support for this Roundcube installation
    // PLEASE DO NOT LINK TO THE ROUNDCUBE.NET WEBSITE HERE!
    $config['support_url'] = '';
    
    // Name your service. This is displayed on the login screen and in the window title
    $config['product_name'] = 'Roundcube Webmail';
    
    // this key is used to encrypt the users imap password which is stored
    // in the session record (and the client cookie if remember password is enabled).
    // please provide a string of exactly 24 chars.
    // YOUR KEY MUST BE DIFFERENT THAN THE SAMPLE VALUE FOR SECURITY REASONS
    $config['des_key'] = 'AUxhRhgbETmDvUDVwx4AbsKN';
    
    // List of active plugins (in plugins/ directory)
    // Debian: install roundcube-plugins first to have any
    $config['plugins'] = array(
    "jqueryui",
    "ispconfig3_account",
    "ispconfig3_autoreply",
    "ispconfig3_autoselect",
    "ispconfig3_pass",
    "ispconfig3_spam",
    "ispconfig3_fetchmail",
    "ispconfig3_filter",
    "ispconfig3_forward",
    "ispconfig3_wblist",
    "carddav"
    );
    
    //
    
    
    // skin name: folder from skins/
    $config['skin'] = 'larry';
    
    // Disable spellchecking
    // Debian: spellshecking needs additional packages to be installed, or calling external APIs
    //         see defaults.inc.php for additional informations
    $config['enable_spellcheck'] = false;
    
     
  6. adrastea

    adrastea New Member

    Hi!
    I solved the problem by myself! @Th0m: Thanks for your time!
    The problem accured because of an update of geoip database! Formerly, my servers ip address was assotiated to country id DE. But now it's associated to country ID FR, because the server center of my provider resists in France, I suppose.
    Normally, I restrict web service access and only allow for a couple of countries from where visitors are expected.
    I found this reason, because my monit also was unable to monitor apache2 web server anymore by check, if a token file can be reached by sending an internal request.
    So, I added the right country ID and that's it!
    It would be easier to look after the problem, if the soap error message would also send an error code, in this case 403 would be helpful. This would give a hint to search for web server access problems and not to search a needle in haystack ;)
    Have a good time!
    Ralf
     
    Th0m likes this.
  7. Jesse Norell

    Jesse Norell ISPConfig Developer Staff Member ISPConfig Developer

    Interesting chain of events there...
    I doubt that a numeric code would help any; the soap request already returned 'Forbidden' as the error/message, having it say '403 Forbidden' would only confuse matters, as error 403 is normally an http request failure, but the http request worked perfectly (ie. you successfully communicated with the soap api, so there is no http error).

    Even if someone were to create an error lookup table for ISPConfig api errors and you looked up '403' in there, you would likely find explanatory text along the lines of, 'your request was forbidden,' which is pretty much exactly what returning 'Forbidden' in response to your request indicates.
     

Share This Page