Re: [courier-users] Icedove + Roundcube don't get along anymore with Courier
Hi, On Wed, Jul 08, 2015 at 06:24:26PM -0400, Sam Varshavchik wrote: Julien Patriarca writes: From Roundcube : imapd-ssl: couriertls: accept: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca It would be really cool if anyone could help me fix this. I have tried plenty of things already. This looks like Roundcube is configured to reject certificates not signed by a trusted certificate authority. If you're using a self-signed cert, Roundcube will not accept it. Either turn off certificate validation in Roundcube, however it's done, or pay for a real cert. I'am using Cacert.org certificates. I have tried to point courier to the CA certificate I got from cacert, but with no effect. What's weird, Roundcube version has not changed with the wheezy=jessie upgrade, so I am not sure Roundcube is faulty. signature.asc Description: Digital signature -- Don't Limit Your Business. Reach for the Cloud. GigeNET's Cloud Solutions provide you with the tools and support that you need to offload your IT needs and focus on growing your business. Configured For All Businesses. Start Your Cloud Today. https://www.gigenetcloud.com/___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] Icedove + Roundcube don't get along anymore with Courier
Hi, On Thu, Jul 09, 2015 at 02:21:08AM +0300, Alexei Yu. Batyr' wrote: Julien Patriarca wrote on 08.07.2015 18:40: It's now working except for RoundCube. Cheers, Where is the use of SSL if your Roundcube installed on the same host as Courier IMAP? That's absolutely true. I have decided to start the non-SSL courier and make it run on 127.0.0.1. No 143 port is opened, so it's absolutely non-reachable from Internet. I still don't get why it does not work, even with some new config parameters I put in RoundCube in order to point it to the CA cert. Thank to all of you, for having taken time to help me. signature.asc Description: Digital signature -- Don't Limit Your Business. Reach for the Cloud. GigeNET's Cloud Solutions provide you with the tools and support that you need to offload your IT needs and focus on growing your business. Configured For All Businesses. Start Your Cloud Today. https://www.gigenetcloud.com/___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] Icedove + Roundcube don't get along anymore with Courier
On 07/08/2015 09:32 AM, Julien Patriarca wrote: // -- // IMAP // -- $rcmail_config['default_host'] = 'ssl://localhost'; On 08.07.15 14:41, Gordon Messmer wrote: That's not going to work unless localhost is in the certificate SubjectAltName or CN. Use the hostname that appears in the certificate. You can in fact avoid SSL connections with localhost. They are rarely needed -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. My mind is like a steel trap - rusty and illegal in 37 states. -- Don't Limit Your Business. Reach for the Cloud. GigeNET's Cloud Solutions provide you with the tools and support that you need to offload your IT needs and focus on growing your business. Configured For All Businesses. Start Your Cloud Today. https://www.gigenetcloud.com/ ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] Icedove + Roundcube don't get along anymore with Courier
Hi Julien, I'am using Cacert.org certificates. I have tried to point courier to the CA certificate I got from cacert, but with no effect. What's weird, Roundcube version has not changed with the wheezy=jessie upgrade, so I am not sure Roundcube is faulty. I don't know roundcube, but jessie comes with PHP5.6 which checks certs by default. http://php.net/manual/en/migration56.openssl.php Bye, Thomas -- Don't Limit Your Business. Reach for the Cloud. GigeNET's Cloud Solutions provide you with the tools and support that you need to offload your IT needs and focus on growing your business. Configured For All Businesses. Start Your Cloud Today. https://www.gigenetcloud.com/ ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] Icedove + Roundcube don't get along anymore with Courier
Hi again, On Wed, Jul 08, 2015 at 02:29:53PM +0200, Julien Patriarca wrote: Hi there, I am a new subscriber to the list. I am facing an annoying issue with my mail-system. It is based on Postfix + Mysql for wirtual users, and Courier-imap-ssl. Everything is running on top of Debian Jessie. Before upgrading the server to Jessie from Wheezy, everythin was working fine. But since the upgrade, I can't login to the IMAP server anymore from Icedove and Roundcube. From my androîd smartphone and tablet, no problem it works flawlessly. Here the errors I am getting in the Logs : From Icedove : imapd-ssl: couriertls: accept: error:14094417:SSL routines:SSL3_READ_BYTES:sslv3 alert illegal parameter From Roundcube : imapd-ssl: couriertls: accept: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca It would be really cool if anyone could help me fix this. I have tried plenty of things already. I have ironed out the bug with icedove. The Debian courier package had a weak DH BITs. I have changed from 768 to 2048 bits in the mkdhparams script, then delete the dhparams.pem and run /usr/sbin/mkdhparams again. I have also exported $DH_BITS=2048. It's now working except for RoundCube. Cheers, signature.asc Description: Digital signature -- Don't Limit Your Business. Reach for the Cloud. GigeNET's Cloud Solutions provide you with the tools and support that you need to offload your IT needs and focus on growing your business. Configured For All Businesses. Start Your Cloud Today. https://www.gigenetcloud.com/___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] Icedove + Roundcube don't get along anymore with Courier
Hi and thanks for your answer, On Wed, Jul 08, 2015 at 09:24:35AM -0700, Gordon Messmer wrote: On 07/08/2015 08:40 AM, Julien Patriarca wrote: It's now working except for RoundCube. What does your roundcube configuration look like? Specifically, post all of the ssl/tls related options. Are you using a client certificate? I am not using a client certificate. I have attached the config. ?php /* +---+ | Main configuration file | | | | This file is part of the Roundcube Webmail client | | Copyright (C) 2005-2011, The Roundcube Dev Team | | Licensed under the GNU GPL| | | +---+ */ $rcmail_config = array(); // -- // LOGGING/DEBUGGING // -- // system error reporting: 1 = log; 2 = report (not implemented yet), 4 = show, 8 = trace $rcmail_config['debug_level'] = 1; // log driver: 'syslog' or 'file'. $rcmail_config['log_driver'] = 'syslog'; // date format for log entries // (read http://php.net/manual/en/function.date.php for all format characters) $rcmail_config['log_date_format'] = 'd-M-Y H:i:s O'; // Syslog ident string to use, if using the 'syslog' log driver. $rcmail_config['syslog_id'] = 'roundcube'; // Syslog facility to use, if using the 'syslog' log driver. // For possible values see installer or http://php.net/manual/en/function.openlog.php $rcmail_config['syslog_facility'] = LOG_USER; // Log sent messages to log_dir/sendmail or to syslog $rcmail_config['smtp_log'] = true; // Log successful logins to log_dir/userlogins or to syslog $rcmail_config['log_logins'] = false; // Log session authentication errors to log_dir/session or to syslog $rcmail_config['log_session'] = false; // Log SQL queries to log_dir/sql or to syslog $rcmail_config['sql_debug'] = false; // Log IMAP conversation to log_dir/imap or to syslog $rcmail_config['imap_debug'] = false; // Log LDAP conversation to log_dir/ldap or to syslog $rcmail_config['ldap_debug'] = false; // Log SMTP conversation to log_dir/smtp or to syslog $rcmail_config['smtp_debug'] = false; // -- // IMAP // -- // the mail host chosen to perform the log-in // leave blank to show a textbox at login, give a list of hosts // to display a pulldown menu or set one host as string. // To use SSL/TLS connection, enter hostname with prefix ssl:// or tls:// // Supported replacement variables: // %n - http hostname ($_SERVER['SERVER_NAME']) // %d - domain (http hostname without the first part) // %s - domain name after the '@' from e-mail address provided at login screen // For example %n = mail.domain.tld, %d = domain.tld $rcmail_config['default_host'] = 'ssl://localhost'; // TCP port used for IMAP connections $rcmail_config['default_port'] = 993; // IMAP AUTH type (DIGEST-MD5, CRAM-MD5, LOGIN, PLAIN or empty to use // best server supported one) $rcmail_config['imap_auth_type'] = null; // If you know your imap's folder delimiter, you can specify it here. // Otherwise it will be determined automatically $rcmail_config['imap_delimiter'] = null; // If IMAP server doesn't support NAMESPACE extension, but you're // using shared folders or personal root folder is non-empty, you'll need to // set these options. All can be strings or arrays of strings. // Folders need to be ended with directory separator, e.g. INBOX. // (special directory ~ is an exception to this rule) // These can be used also to overwrite server's namespaces $rcmail_config['imap_ns_personal'] = null; $rcmail_config['imap_ns_other']= null; $rcmail_config['imap_ns_shared'] = null; // By default IMAP capabilities are readed after connection to IMAP server // In some cases, e.g. when using IMAP proxy, there's a need to refresh the list // after login. Set to True if you've got this case. $rcmail_config['imap_force_caps'] = false; // By default list of subscribed folders is determined using LIST-EXTENDED // extension if available. Some servers (dovecot 1.x) returns wrong results // for shared namespaces in this case. http://trac.roundcube.net/ticket/1486225 // Enable this option to force LSUB command usage instead. $rcmail_config['imap_force_lsub'] = false; // IMAP connection timeout, in seconds. Default: 0 (no limit) $rcmail_config['imap_timeout'] = 0; // Optional IMAP authentication identifier to be used as authorization proxy $rcmail_config['imap_auth_cid'] = null; // Optional IMAP authentication password to be used for imap_auth_cid $rcmail_config['imap_auth_pw'] = null; // Type of IMAP indexes cache. Supported values: 'db', 'apc' and
Re: [courier-users] Icedove + Roundcube don't get along anymore with Courier
On 07/08/2015 08:40 AM, Julien Patriarca wrote: It's now working except for RoundCube. What does your roundcube configuration look like? Specifically, post all of the ssl/tls related options. Are you using a client certificate? -- Don't Limit Your Business. Reach for the Cloud. GigeNET's Cloud Solutions provide you with the tools and support that you need to offload your IT needs and focus on growing your business. Configured For All Businesses. Start Your Cloud Today. https://www.gigenetcloud.com/ ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] Icedove + Roundcube don't get along anymore with Courier
On 07/08/2015 09:32 AM, Julien Patriarca wrote: // -- // IMAP // -- $rcmail_config['default_host'] = 'ssl://localhost'; That's not going to work unless localhost is in the certificate SubjectAltName or CN. Use the hostname that appears in the certificate. -- Don't Limit Your Business. Reach for the Cloud. GigeNET's Cloud Solutions provide you with the tools and support that you need to offload your IT needs and focus on growing your business. Configured For All Businesses. Start Your Cloud Today. https://www.gigenetcloud.com/ ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] Icedove + Roundcube don't get along anymore with Courier
Julien Patriarca writes: From Roundcube : imapd-ssl: couriertls: accept: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca It would be really cool if anyone could help me fix this. I have tried plenty of things already. This looks like Roundcube is configured to reject certificates not signed by a trusted certificate authority. If you're using a self-signed cert, Roundcube will not accept it. Either turn off certificate validation in Roundcube, however it's done, or pay for a real cert. pgpp5QYB33Q9z.pgp Description: PGP signature -- Don't Limit Your Business. Reach for the Cloud. GigeNET's Cloud Solutions provide you with the tools and support that you need to offload your IT needs and focus on growing your business. Configured For All Businesses. Start Your Cloud Today. https://www.gigenetcloud.com/___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] Icedove + Roundcube don't get along anymore with Courier
Julien Patriarca wrote on 08.07.2015 18:40: It's now working except for RoundCube. Cheers, Where is the use of SSL if your Roundcube installed on the same host as Courier IMAP? -- А.Б. -- Don't Limit Your Business. Reach for the Cloud. GigeNET's Cloud Solutions provide you with the tools and support that you need to offload your IT needs and focus on growing your business. Configured For All Businesses. Start Your Cloud Today. https://www.gigenetcloud.com/ ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
