Arch Linux

etakeh32

Member

From: Pridnestrovie

Registered: 2014-03-08

Posts: 66

Roundcube Test Imap config failed

Been trying for hours to get webmail working, following ArchWiki.

Step 3 of Roundcube Installer errors out:

IMAP connect:  NOT OK(Login failed for admin@domain.com from xxx.44.40.194. Could not connect to ssl://localhost:993: Unknown reason)

/var/log/mail:

May 24 09:20:22 server dovecot[13280]: imap-login: Disconnected (disconnected before auth was ready, waited 0 secs): user=<>, rip=::1, lip=::1, TLS handshaking: SSL_accept() failed: error:14094418:SSL routines:ssl3_read_bytes:tlsv1 alert unknown ca: SSL alert number 48, session=<ryUjZ9AW1QAAAAAAAAAAAAAAAAAAAAAB>

Had exact same issue with SMTP test, but changed certificate from FQDN to localhost as work-around and added following to /etc/webapps/roundcubemail/config/config.inc.php:

$config['smtp_conn_options'] = array(
  'ssl'         => array(
         'verify_peer'  => false,
         'verfify_peer_name' => false,
   ),
);

After this, smtp test succeeded. Tried the same for imap (imap_conn_options), but no success. Dovecot is configured to use the same certs as smtp

Configs:

[tkh@domain ~]$ cat /etc/postfix/main.cf | egrep -v "(^#.*|^$)"
compatibility_level = 2
queue_directory = /var/spool/postfix
command_directory = /usr/bin
daemon_directory = /usr/lib/postfix/bin
data_directory = /var/lib/postfix
mail_owner = postfix
myhostname = domain.com
mydomain = domain.com
myorigin = $mydomain
mydestination = localhost
unknown_local_recipient_reject_code = 550
mynetworks_style = host
relay_domains = $mydestination
alias_maps = hash:/etc/postfix/aliases
alias_database = $alias_maps

 
debug_peer_level = 2
debugger_command =
     PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
     ddd $daemon_directory/$process_name $process_id & sleep 5
sendmail_path = /usr/bin/sendmail
newaliases_path = /usr/bin/newaliases
mailq_path = /usr/bin/mailq
setgid_group = postdrop
html_directory = no
manpage_directory = /usr/share/man
sample_directory = /etc/postfix
readme_directory = /usr/share/doc/postfix
inet_protocols = ipv4
meta_directory = /etc/postfix
shlib_directory = /usr/lib/postfix
virtual_alias_maps = proxy:mysql:/etc/postfix/virtual_alias_maps.cf
virtual_mailbox_domains = proxy:mysql:/etc/postfix/virtual_mailbox_domains.cf
virtual_mailbox_maps = proxy:mysql:/etc/postfix/virtual_mailbox_maps.cf
virtual_mailbox_base = /home/vmail
virtual_mailbox_limit = 512000000
virtual_minimum_uid = 5000
virtual_transport = virtual
virtual_uid_maps = static:5000
virtual_gid_maps = static:5000
local_transport = virtual
local_recipient_maps = $virtual_mailbox_maps
transport_maps = hash:/etc/postfix/transport
smtpd_sasl_auth_enable = yes
smtpd_sasl_type = dovecot
smtpd_sasl_path = /var/run/dovecot/auth-client
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
smtpd_sasl_security_options = noanonymous
smtpd_sasl_tls_security_options = $smtpd_sasl_security_options
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /etc/ssl/private/server.crt
smtpd_tls_key_file = /etc/ssl/private/server.key
smtpd_sasl_local_domain = $mydomain
broken_sasl_auth_clients = yes
smtpd_tls_loglevel = 1

[tkh@domain ~]$ cat /etc/postfix/master.cf | egrep -v "(^#.*|^$)"
smtp      inet  n       -       n       -       -       smtpd
submission inet n       -       n       -       -       smtpd
  -o smtpd_tls_security_level=encrypt
  -o smtpd_sasl_auth_enable=yes
pickup    unix  n       -       n       60      1       pickup
cleanup   unix  n       -       n       -       0       cleanup
qmgr      unix  n       -       n       300     1       qmgr
tlsmgr    unix  -       -       n       1000?   1       tlsmgr
rewrite   unix  -       -       n       -       -       trivial-rewrite
bounce    unix  -       -       n       -       0       bounce
defer     unix  -       -       n       -       0       bounce
trace     unix  -       -       n       -       0       bounce
verify    unix  -       -       n       -       1       verify
flush     unix  n       -       n       1000?   0       flush
proxymap  unix  -       -       n       -       -       proxymap
proxywrite unix -       -       n       -       1       proxymap
smtp      unix  -       -       n       -       -       smtp
relay     unix  -       -       n       -       -       smtp
showq     unix  n       -       n       -       -       showq
error     unix  -       -       n       -       -       error
retry     unix  -       -       n       -       -       error
discard   unix  -       -       n       -       -       discard
local     unix  -       n       n       -       -       local
virtual   unix  -       n       n       -       -       virtual
lmtp      unix  -       -       n       -       -       lmtp
anvil     unix  -       -       n       -       1       anvil
scache    unix  -       -       n       -       1       scache

[tkh@domain ~]$ cat /etc/webapps/roundcubemail/config/config.inc.php | egrep -v "(^#.*|^$)"
<?php
/* Local configuration for Roundcube Webmail */
$config['db_dsnw'] = 'mysql://roundcube_user:sqlpass@localhost/roundcube_db';
$config['default_host'] = 'ssl://localhost';
$config['default_port'] = 993;
$config['imap_conn_options'] = array(
'ssl'         => array(
     'verify_peer'       => false,
     'verfify_peer_name' => false,
  ),
);
$config['smtp_server'] = 'tls://localhost';
$config['smtp_port'] = 587;
$config['smtp_user'] = '%u';
$config['smtp_pass'] = '%p';
$config['smtp_conn_options'] = array(
  'ssl'         => array(
     'verify_peer'  => false,
     'verfify_peer_name' => false,
   ),
);
$config['smtp_port'] = 587;
$config['support_url'] = '';
$config['des_key'] = '24char key';
$config['username_domain'] = 'domain.com';
$config['product_name'] = 'domain Clothing - Webmail';
$config['mime_types'] = '/etc/webapps/roundcubemail/mime.types';
$config['plugins'] = array('archive', 'zipdownload');
$config['language'] = 'en_US';
$config['htmleditor'] = 1;

[tkh@domain ~]$ cat /etc/dovecot/dovecot.conf | egrep -v "(^#.*|^$)"
protocols = imap
auth_mechanisms = plain
passdb {
    driver = sql
    args = /etc/dovecot/dovecot-sql.conf
}
userdb {
    driver = sql
    args = /etc/dovecot/dovecot-sql.conf
}
service auth {
    unix_listener auth-client {
        group = postfix
        mode = 0660
        user = postfix
    }
    user = root
}
mail_home = /home/vmail/%d/%u
mail_location = maildir:~
ssl_cert = </etc/ssl/private/server.crt
ssl_key = </etc/ssl/private/server.key
[tkh@domain ~]$

EDIT: I just set it all up on my phone (android with option 'accept all certificates') and I am able to send and receive e-mail, so it seems to be an issue with roundcube.

Last edited by etakeh32 (2015-05-26 01:41:28)

lucke

Member

From: Poland

Registered: 2004-11-30

Posts: 4,018

Re: Roundcube Test Imap config failed

If roundcube and the mail server are on the same host, do you really need SSL?

http://trac.roundcube.net/wiki/Howto_Co … orIMAPSMTP

etakeh32

Member

From: Pridnestrovie

Registered: 2014-03-08

Posts: 66

Re: Roundcube Test Imap config failed

I actually thought the same thing, but didn't think to research it further, since the Wiki I was following was for localhost config and used SSL... I guess I just assumed it was necessary for some reason.