Issue with SSL on SMTP

[Arnaud31500]

Hi,
When I try to set up my domain, that requires SSL auth and click on the "test" button, IMAP pass the test but SMTP give this error :

stream_socket_client(): SSL operation failed with code 1. OpenSSL Error messages: error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol

Any idea of where can the problem come from ?
Thank you,
Arnaud

[ervee]

Are you sure you must use SSL and not TLS? Can you set SMTP to use TLS and try the test again?

[Arnaud31500]

The problem came from the line supposed to check verification of SSL certificate used. On "off", it works and my configuration becomes green. On "on", it is unable to read it and return errors. On IMAP, it shows:
failed loading cafile stream: `/etc/letsencrypt/live/mydomain.tld/cert.pem'
Is this function really operative ?

PS : Have you seen my comment on #107 ?

Thank you for your help.

[ervee]

I know there are (or have been) serious issues with RainLoop and checking certificate validity. So disabling the check is an option but will allow man in the middle attacks. I think you can kind of safely disable it when the IMAP server is on the same server as RainLoop though, but still...

I have seen you comment on the fall2ban issue. Looks like you fall2ban is not working correctly. This could have a lot of reasons but it's hard to say. Perhaps try to simulate by changing the fail trigger to "someword “ and then insert that line (replace HOST with an IP address) a couple of times in the log and see if that triggers a ban. I think you'll have to debug a little from there on.

[Arnaud31500]

My IMAP server is on the same server as RainLoop, so I decided to disable it. I Hope it will work better on future releases.
Thanks for your help !

[Pietro-Aretino]

Could you re-open this issue? I think there is still a bug. I am using a paid-for COMODO RSA SSL certificate for my mail server. The SMTP & IMAP TLS/SSL configuration works perfectly. The sending and receiving of email from my server is encrypted just fine using the certificate. The issue I have resides in the Rainloop webmail, it does not accept my certificate files. I consistently get the error: "failed loading cafile stream: /etc/ssl/domain/domain.crt" I have checked the path and file and it is correct. This .crt file contains the entire chain i.e. the cafile, the gd_bundle and the private key. Is Rainloop incapable of understanding that? Does it have to be in separate files? In Rainloop's configuration, if I turn off "Require verification of SSL certificate used (IMAP/SMTP) (unstable)" I am able to connect via Webmail, if I turn it on I get the "Cannot Connect" error. I do see it says "unstable" but this really should get fixed. I have clients who wish to use the Webmail at times, and I cannot allow them too for obvious MITM vulnerabilities to utilize the Rainloop webmail client. Its an absolute pity as I thoroughly enjoy Rainloop and was planning on purchasing it for my company, but if it cannot verify SSL certificates, I can't propose this as a viable webmail client even though I prefer this above Horde, Squirrel Mail and Roundcube. Any tips or advice would be much appreciated. Thank you for your time.

Here is more error info:

Next exception 'RainLoop\Exceptions\ClientException' with message 'ConnectionError[104]' in /var/www/rainloop/v/1.11.1/app/libraries/RainLoop/Actions.php:2091

[22:19:33.208][e2c1f21b] INFO[ERROR]: exception 'MailSo\Net\Exceptions\SocketCanNotConnectToHostException' with message 'Can't connect to host "ssl://mail.my_domain.xyz:993"' in /var/www/rainloop/v/1.11.1/app/libraries/MailSo/Net/NetCli$
Stack trace:
#0 /var/www/rainloop/v/1.11.1/app/libraries/MailSo/Imap/ImapClient.php(153): MailSo\Net\NetClient->Connect('mail.my_domain.x...', 993, 1, true, true)
#1 /var/www/rainloop/v/1.11.1/app/libraries/MailSo/Mail/MailClient.php(72): MailSo\Imap\ImapClient->Connect('mail.my_domain.x...', 993, 1, true)
#2 /var/www/rainloop/v/1.11.1/app/libraries/RainLoop/Model/Account.php(424): MailSo\Mail\MailClient->Connect('mail.my_domain.x...', 993, 1, true, false)
#3 /var/www/rainloop/v/1.11.1/app/libraries/RainLoop/Actions.php(2083): RainLoop\Model\Account->IncConnectAndLoginHelper(Object(RainLoop\Plugins\Manager), Object(MailSo\Mail\MailClient), Object(RainLoop\Config\Application))
#4 /var/www/rainloop/v/1.11.1/app/libraries/RainLoop/Actions.php(2325): RainLoop\Actions->CheckMailConnection(Object(RainLoop\Model\Account), true)
#5 /var/www/rainloop/v/1.11.1/app/libraries/RainLoop/Actions.php(2379): RainLoop\Actions->LoginProcess('user@domain...', 'PASSWORD...', '', '', false)
#6 [internal function]: RainLoop\Actions->DoLogin()
#7 /var/www/rainloop/v/1.11.1/app/libraries/RainLoop/ServiceActions.php(172): call_user_func(Array)
#8 [internal function]: RainLoop\ServiceActions->ServiceAjax('')
#9 /var/www/rainloop/v/1.11.1/app/libraries/RainLoop/Service.php(146): call_user_func(Array, '')
#10 /var/www/rainloop/v/1.11.1/app/libraries/RainLoop/Service.php(56): RainLoop\Service->localHandle()
#11 /var/www/rainloop/v/1.11.1/app/libraries/RainLoop/Service.php(79): RainLoop\Service->__construct()
#12 /var/www/rainloop/v/1.11.1/app/handle.php(94): RainLoop\Service::Handle()
#13 /var/www/rainloop/v/1.11.1/include.php(225): include('/var/www/rainlo...')
#14 /var/www/index.php(13): include('/var/www/rainlo...')
#15 {main}

Next exception 'RainLoop\Exceptions\ClientException' with message 'ConnectionError[104]' in /var/www/rainloop/v/1.11.1/app/libraries/RainLoop/Actions.php:2091
Stack trace:
#0 /var/www/rainloop/v/1.11.1/app/libraries/RainLoop/Actions.php(2325): RainLoop\Actions->CheckMailConnection(Object(RainLoop\Model\Account), true)
#1 /var/www/rainloop/v/1.11.1/app/libraries/RainLoop/Actions.php(2379): RainLoop\Actions->LoginProcess('user@domain...', 'PASSWORD...', '', '', false)
#2 [internal function]: RainLoop\Actions->DoLogin()
#3 /var/www/rainloop/v/1.11.1/app/libraries/RainLoop/ServiceActions.php(172): call_user_func(Array)
#4 [internal function]: RainLoop\ServiceActions->ServiceAjax('')
#5 /var/www/rainloop/v/1.11.1/app/libraries/RainLoop/Service.php(146): call_user_func(Array, '')
#6 /var/www/rainloop/v/1.11.1/app/libraries/RainLoop/Service.php(56): RainLoop\Service->localHandle()
#7 /var/www/rainloop/v/1.11.1/app/libraries/RainLoop/Service.php(79): RainLoop\Service->__construct()
#8 /var/www/rainloop/v/1.11.1/app/handle.php(94): RainLoop\Service::Handle()
#9 /var/www/rainloop/v/1.11.1/include.php(225): include('/var/www/rainlo...')
#10 /var/www/index.php(13): include('/var/www/rainlo...')
#11 {main}
[22:19:33.208][e2c1f21b] AJAX[DATA]: {"Action":"Login","Result":false,"ErrorCode":104,"ErrorMessage":"","ErrorMessageAdditional":"","Time":1032}
[22:19:33.214][e2c1f21b] INFO[MEMORY]: Memory peak usage: 1.5MB
[22:19:33.214][e2c1f21b] INFO[TIME]: Time delta: 1.0387041568756

[RainLoop]

Most of these errors relate to the setting of PHP.
You may try to use this PHP file to check ssl connection.

[Pietro-Aretino]

My SSL connection is fine. My mailserver is configured correctly as I said in my previous post.
I tested using the PHP code you provided and I get an OK.

imap.gmail.com:993 = OK

The issue seems to be Rainloop not properly reading my SSL certificate file.

[RainLoop]

Ok, try this test file: test_ssl_connection.zip

[Pietro-Aretino]

Hello, I ran your script and received the following output:

root@mail:~# php test_ssl_connection.php 
imap.gmail.com:993 = OK