SMTP connection fails #237
Comments
|
I have the same problem with my installation. Connections (imap and smtp) without tls work but as soon as I activate tls I get these error messages. My Postfix and Dovecot have certificates from Let's Encrypt. Both certificate chains don't seem to be present in the Docker image. Test: I created my own container image in which I added the Let's Encrypt certificate chain to /usr/local/share/ca-certificates/ and updated the CA files with "RUN update-ca-certificates". Afterwards I can successfully validate the server certificate using curl. PHP can now apparently validate the certificate with the PHP default config. Test: But Roundcube still cannot validate the Let's Encrypt certificate during imap or smtp connections with tls. I then converted my configuration to the advanced configuration and set the options "smtp_conn_options" and "imap_conn_options" to point to /etc/ssl/certs/ca-certificates.crt. With this configuration, SMTP and IMAP are both TLS protected and working. It would be nice to extend the Entrypoint script so that it updates the CA chain if, for example, a directory with additional CA certificates is mounted under /certs/. And an adapted *_conn_options configuration could be included in the container image, which points to the correct ca_file. |
|
I cannot reproduce that. Can you specify a full example, including a hostname? |
|
Hi, Actually not connecting to my mailserver (letsencrypt/selfsigned certs), ports 993 and 465 (ssl://mail.domain.com). I think the certs are actually selfsigned, I would need to be able to set: $config['imap_conn_options'] = [ $config['smtp_conn_options'] = [ from variables (like ssl_skip_verify or something of the kind) |
|
What I couldn't reproduce is PHP not being able to validate letsencrypt certificates. Can someone else reproduce that? To use self-signed certificates the shown configuration is required. I don't want to include that into the images because such a configuration shouldn't be used in a productive environment, I think. |
|
I actually solved: my mailserver, being multi-domain, did not use different certs for different domains, just used the principal sever domain for the smtp/imap certs. Once I pointed to the right domain, the domain validation worked out flawlessly. |
|
I have created the first step of a possible implementation as a pull request. If you agree with the implementation, the PHP still needs to be made to use the correct file (/etc/ssl/certs/ca-certificates.crt). Since I'm not much of a PHP person anymore, maybe you could give me a tip on how you would like to have the configuration adjustment implemented best... |
I cannot send an email trough smtp no matter what I do, I tested with other mail clients and it works, expect for Roundcube docker,
My docker log:
errors: <9ea8998e> PHP Error: STARTTLS failed (POST /?_task=mail&_unlock=loading1702834244555&_framed=1&_lang=en&_action=send)
errors: <9ea8998e> PHP Error: Invalid response code received from server (POST /?_task=mail&_unlock=loading1702834244555&_framed=1&_lang=en&_action=send)
errors: <9ea8998e> SMTP Error: STARTTLS failed: 2.0.0 Ready to start TLS (Code: 220) in /var/www/html/program/lib/Roundcube/rcube.php on line 1794 (POST /?_task=mail&_unlock=loading1702834244555&_framed=1&_lang=en&_action=send)
My postfix log:
Dec 17 17:30:49 mail.rokal.es postfix/smtpd[9891]: connect from ip51.ip-87-98-146.eu[87.98.146.51]
Dec 17 17:30:50 mail.rokal.es postfix/smtpd[9891]: lost connection after STARTTLS from ip51.ip-87-98-146.eu[87.98.146.51]
Dec 17 17:30:50 mail.rokal.es postfix/smtpd[9891]: disconnect from ip51.ip-87-98-146.eu[87.98.146.51]
The text was updated successfully, but these errors were encountered: