IMAPS not working with letsencrypt

[Fernien]

I set everything up without any SSL configured on the mail server side and the roundcube side. After getting this to work i switched the mail server to use letsencrypt certificates. So i changed the roundcube config as well but i can't login in via roundcube anymore.

My Mail Server is functioning since its working in thunderbird. The thunderbird settings are these:
IMAP:
Port 143 STARTTLS

SMTP:
Port 25 STARTTLS

The auth type is Passwort, normal

Knowing that these settings work i did this to the roundcube docker-compose file:

      - ROUNDCUBEMAIL_DEFAULT_HOST=tls://mail.example.de
      - ROUNDCUBEMAIL_DEFAULT_PORT=143
      - ROUNDCUBEMAIL_SMTP_SERVER=tls://smtp.example.de
      - ROUNDCUBEMAIL_SMTP_PORT=25

when i try to login i get the following error:

roundcubemail | errors: <60a672ec> IMAP Error: Login failed for [email protected] against mail.example.de from 172.21.0.1(X-Forwarded-For: XXX.XXX.XXX.XXX). Could not connect to mail.example.de:143: Connection refused in /var/www/html/program/lib/Roundcube/rcube_imap.php on line 200 (POST /?_task=login&_action=login)

I have no idea why this isnt working since it was in plaintext and it still does using mail clients.

[thomascube]

Seems like a duplicate of #72. Please check if setting the imap_conn_options config option as suggested in that ticket fixes the problem.

[Fernien]

I either don't know how to implement the said fixes or it doesn't work.

What I did:
*customcfg.inc.php under www/config

<?php
$config['imap_conn_options'] = [
  'ssl' => [
    'verify_peer'  => true,
  ],
];

*added include(DIR . '/customcfg.inc.php'); to config.inc.php

Before that I tried adding these lines in the config.docker.inc.php to at least temporary get the effect

[Fernien]

Seems like a duplicate of #72. Please check if setting the imap_conn_options config option as suggested in that ticket fixes the problem.

Any Ideas?

[thomascube]

The example from issue #72 is incorrect. It should be 'verify_peer' => false,

[Fernien]

The example from issue #72 is incorrect. It should be 'verify_peer' => false,

Does not change anything. Still doesn't work

[Fernien]

Hello?

[LupusMichaelis]

I don't thing it's the certificate the problem. The default auth method used by RoundCube is DIGEST-MD5, not PLAIN (as you seem to do).

I did a pull request that helps tweaking this as I had the same issue, but for LOGIN method.

[thomascube]

I don't thing it's the certificate the problem. The default auth method used by RoundCube is DIGEST-MD5, not PLAIN (as you seem to do).

The error message says "Could not connect to mail.example.de:143: Connection refused". The connection to the IMAP server fails on transport layer level and it doesn't even reach the point where a login attempt (with whatever method) is made.

FWIW: if imap_auth_type is not set in config (that's the default), Roundcube selects the best from the authentication options offered by the IMAP server.

[AlexanderZhirov]

Colleagues, is there a solution to this problem?

On client
errors: <1b37b033> IMAP Error: Login failed for [email protected] against mailserver from 192.168.160.2(X-Real-IP: 185.220.70.51,X-Forwarded-For: 185.220.70.51). Unable to negotiate TLS in /var/www/html/program/lib/Roundcube/rcube_imap.php on line 200 (POST /?_task=login&_action=login)

On server
Jun 14 21:18:24 mail dovecot: imap-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=192.168.160.9, lip=192.168.160.7, TLS, session=<GVIW4r3ERKbAqKAJ>

[AlexanderZhirov]

Colleagues, is there a solution to this problem?

On client
errors: <1b37b033> IMAP Error: Login failed for [email protected] against mailserver from 192.168.160.2(X-Real-IP: 185.220.70.51,X-Forwarded-For: 185.220.70.51). Unable to negotiate TLS in /var/www/html/program/lib/Roundcube/rcube_imap.php on line 200 (POST /?_task=login&_action=login)

On server
Jun 14 21:18:24 mail dovecot: imap-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=192.168.160.9, lip=192.168.160.7, TLS, session=<GVIW4r3ERKbAqKAJ>

Any thoughts on this?

[Fernien]

@AlexanderZhirov i gave up and was searched for an alternative. Maybe have a look at open exchange. Its better than roundcube anyway

[AlexanderZhirov]

@AlexanderZhirov i gave up and was searched for an alternative. Maybe have a look at open exchange. Its better than roundcube anyway

I think that the solution to this problem has little effort. All the same, it is massive. Why hasn't it been eliminated?

[mszczepanczyk]

Had the same problem when connecting to my local server with self-signed certificate (with mismatching domain 😅). I managed to get around with this config. I don't recommend to use it in production though.

    $config['imap_conn_options'] = [
        'ssl'         => [
            'verify_peer'  => false,
            'verify_peer_name'  => false,
            'allow_self_signed' => true,
        ],
        'tls'         => [
            'verify_peer'  => false,
            'verify_peer_name'  => false,
            'allow_self_signed' => true,
        ],
    ];

    $config['smtp_conn_options'] = [
        'ssl'         => [
            'verify_peer'  => false,
            'verify_peer_name'  => false,
            'allow_self_signed' => true,
        ],
        'tls'         => [
            'verify_peer'  => false,
            'verify_peer_name'  => false,
            'allow_self_signed' => true,
        ],
    ];

[pabzm]

Closing since it's old. Also, in #237 there's a fresher claim that this doesn't work (currently not reproducible for me).