Re: [RCU] Problem with CSRF
* Andreas Meyer: > handcrafted cusine schrieb am > 09.04.19 um 19:39:19 Uhr [...] Just add these guys to your mail killfile. Months ago, I explained to them how to get off this mailing list (as my good deed for the day), but it looks like they are still around. While they don't know much about mailing lists, they are apparently into creating culinary masterpieces from scratch, which is commendable. ;-) -Ralph ___ Roundcube Users mailing list users@lists.roundcube.net http://lists.roundcube.net/mailman/listinfo/users
Re: [RCU] [Roundcube Announce] [netangels #8645156] Roundcube Webmail 1.3.9 released
* Marcel Herrguth: > Please disable auto replies for mailing lists. Indeed, but when criticising people for their boo-boo on a mailing list, please DO NOT fully quote them on that mailing list. ;-) Also, the Roundcube announcements list should definitely be moderated. -Ralph ___ Roundcube Users mailing list users@lists.roundcube.net http://lists.roundcube.net/mailman/listinfo/users
Re: [RCU] Roundcube Webmail 1.3.9 released
* A. L. E. C.: > We proudly announce the next service release to update the stable > version 1.3. My thanks for your work. Just a small blemish: Tag 1.3.9 ist marked as "unverified" on GitHub, so I am guessing somebody forgot to sign the tag. -Ralph ___ Roundcube Users mailing list users@lists.roundcube.net http://lists.roundcube.net/mailman/listinfo/users
Re: [RCU] Recalling Emails
* Elite Cryo Studio: > I need to recall an email...is this possible? No. This is not a limitation Roundcube, it is a basic fact of SMTP mail transfer. Once the message has been received, there is no way to "take it back" other than apologise. -Ralph ___ Roundcube Users mailing list users@lists.roundcube.net http://lists.roundcube.net/mailman/listinfo/users
Re: [RCU] Firefox - "Mixed content is not blocked: not secure"
On 30.06.2018 10:49, Philip Rhoades wrote: > Is this a serious issue? No. ___ Roundcube Users mailing list users@lists.roundcube.net http://lists.roundcube.net/mailman/listinfo/users
Re: [RCU] roundcube custom tls verification options
On 09.04.2018 02:37, David Mehler wrote: > what I'm wanting to do is tighten my tls verification options. My > domains each use a different letsencrypt certificate. Depending on your platform, you could do without any special Roundube configuration. With modern Linux distributions like Gentoo this works: 1. Download LE root CA cert from https://letsencrypt.org/certificates/ 2. Save cert in /usr/local/share/ca-certificates (you might need to create this directory) with '.crt' name suffix. (*) 3. Run 'update-ca-certificates --fresh' as root. 4. Restart your web server. With that, Let's Encrypt is configured as a locally trusted CA for libssl, and in the Roundube configuration only $config['default_host'] = 'ssl://imap.horus-it.com'; is then required, if you match the host name of your certificate. This method benefits any process on your server that uses libssl. -Ralph (*) See 'man 8 update-ca-certificates'. ___ Roundcube Users mailing list users@lists.roundcube.net http://lists.roundcube.net/mailman/listinfo/users
Re: [RCU] SSL certificate woes with Roundcube 1.3 and PHP 5.6
On 11.08.2017 09:26, Davide Perini wrote: > Thunderbird ignore peer verification on both IMAP and SMTP. Nope. For a test, set up foo.some.domain and bar.some.domain as CNAME records for imap.some.domain, with the server certificate containing both imap.some.domain and foo.some.domain, but not bar.some.domain. The attempt to connect with an IMAP server name of bar.some.domain, will cause Thunderbird to open an "Add Security Exception" dialog, with the complaint "Wrong Site - The certificate belongs to a different site, which could mean that someone is trying to impersonate this site." (see attached image). That's the result of peer verification. -Ralph ___ Roundcube Users mailing list users@lists.roundcube.net http://lists.roundcube.net/mailman/listinfo/users
Re: [RCU] SSL certificate woes with Roundcube 1.3 and PHP 5.6
On 11.08.17 00:00, Davide Perini wrote: > I'm pretty sure that the problem resides in your postfix/dovecot > configuration, if you use those. Sorry, but no. As I stated in my OP, other clients can access Dovecot and Postfix just fine (tested with iOS Mail, Apple Mail, Thunderbird on macOS and Windows). Roundcube 1.3 with PHP 5.6 is the only combination causing problems, and since Roundcube uses PHP to establish IMAP connections and I can connect fine if I disable PHP peer verification, the cause is definitely that verification mechanism failing on my Roundcube server. The crux is to figure out why it fails. Google confirms that other people experienced similar problems after updating to PHP 5.6, which enabled peer verification as a default setting (see http://php.net/manual/en/migration56.openssl.php). -Ralph ___ Roundcube Users mailing list users@lists.roundcube.net http://lists.roundcube.net/mailman/listinfo/users
Re: [RCU] SSL certificate woes with Roundcube 1.3 and PHP 5.6
On 10.08.17 19:50, Michael Grimm wrote: > Here's my "HOWTO" in config.inc.php, and please note, that my > roundcube/nginx and both postfix/dovecot(10.10.10.2) run in different > FreeBSD jails. Thus you might need to stick with localhost [...] I verified that the peer name matches my $config['default_host'] = 'ssl://imap.some.domain'; entry, and I also tested your 'peer_name' => 'imap.some.domain' suggestion, but still no workee. Using localhost is not an option, because Roundcube runs on server A and Dovecot/Postfix on server B (namely imap.some.domain). Also, if I could use localhost, I would not mind turning off peer verification. -Ralph ___ Roundcube Users mailing list users@lists.roundcube.net http://lists.roundcube.net/mailman/listinfo/users
Re: [RCU] SSL certificate woes with Roundcube 1.3 and PHP 5.6
On 10.08.17 19:00, Davide Perini wrote: > I had the same problems until a saint suggested me to stop using self > signed certificates and start using Let's Encrypt. It's completely free > and you can create a strong signed certificates in minutes. Thanks, I am aware of Let's Encrypt, but the problems I described occur with certificates issued by both Let's Encrypt and by my own CA (not self-signed certs, but a real CA). I guess I should have mentioned that. I included my own CA certificates and those provided by Let's Encrypt in my Roundcube server's keychain, but it just does not work as expected. I am fairly certain it is related to PHP 5.6 in particular, as I described earlier. -Ralph ___ Roundcube Users mailing list users@lists.roundcube.net http://lists.roundcube.net/mailman/listinfo/users
[RCU] SSL certificate woes with Roundcube 1.3 and PHP 5.6
With Roundcube 1.3.0 and PHP 5.6.31, I keep seeing errors like the following in my logs: Aug 10 11:00:31 myhost roundcube: <0ho1kdmf> IMAP Error: Login failed for username from [ip-address]. Could not connect to ssl://imap.some.domain:993: Unknown reason in /var/www/roundcubemail/program/lib/Roundcube/rcube_imap.php on line 196 (POST /rcm/?_task=login&_action=login) Outgoing SMTP TLS connections from Roundcube are affected, too. This is probably caused by how PHP 5.6 verifies certificates. I have tried configuring openssl.cafile=/etc/ssl/certs/ca-certificates.crt and/or openssl.capath=/etc/ssl/certs in php.ini with world-readable certificate chains, but no dice. I am positive that the IMAP and SMTP servers (Dovecot and Postfix, respectively) are configured correctly, because MUAs like Thunderbird or iOS Mail connect successfully. When I include the following workaround in config.inc.php Roundcube can connect to the IMAP server: $config['default_host'] = 'ssl://imap.some.domain'; $config['imap_conn_options'] = array( 'ssl' => array( 'verify_peer' => false, ), ); Does anybody here know how to debug and fix this? Other people seem to have this problem as well, but disabling peer verification was the only recommendation I could find so far, and for obvious reasons I would like to avoid that. -Ralph ___ Roundcube Users mailing list users@lists.roundcube.net http://lists.roundcube.net/mailman/listinfo/users
[RCU] Current mailing list configuration causes DKIM failures
This mailing list's configuration (prefix subjects with "[RCU]", append footer to message bodies) invalidates DKIM signatures. Could the list owners be convinced to turn the modifications off, please? -Ralph ___ Roundcube Users mailing list users@lists.roundcube.net http://lists.roundcube.net/mailman/listinfo/users
Re: [RCU] feature request: set identity per recipient
On 16.10.16 10:33, Jari Fredriksson wrote: > I have multiple identities, and for example mailing lists like this > I use this iki.fi identity, because my primary identity has strick > dkim/dmarc -policies which will cause fail when received from a > mailing list of an email forwarding service (like iki.fi). DMARC policies are enforced by MTAs, but Roundcube is a MUA, so I'm not sure I understand what exactly you are asking for? Are you thinking of identity support in Thunderbird fashion, which allows for different SMTP server / sender address combinations? -Ralph ___ Roundcube Users mailing list users@lists.roundcube.net http://lists.roundcube.net/mailman/listinfo/users
Re: [RCU] new user accounts
we need to create a few more users as following: han...@floridabluebay.gr s...@floridabluebay.gr ju...@floridabluebay.gr How can we do this??? Hire a local IT consultant who knows what he's doing? -RS ___ Roundcube Users mailing list users@lists.roundcube.net http://lists.roundcube.net/mailman/listinfo/users
Re: [RCU] Attaching files is not working for me, what am I missing?
On 28.05.2014 09:05, Thomas Bruederli wrote: Maybe you can do some tests with finfo_open() / finfo_file() and mime_content_type() do further track down the failing component. I have added a couple of error_log statements to the file_content_type function to narrow the problem down (see end of this message). A typical trace for PDF attachments looks like this: Entering file_content_type Checking mime_ext array MIME type is application/pdf Start finfo_open block End finfo_open block Exiting file_content_type with mime_type application/pdf while a typical trace for other files (i.e. PNG, XML) looks like this: Entering file_content_type Checking mime_ext array MIME type is null Start finfo_open block m1: finfo_open exists m3: mime_magic is null m4: process finfo m5: finfo is not null m8: calling finfo_file m9: done calling finfo_file m10: calling finfo_close Entering file_content_type Checking mime_ext array MIME type is null Start finfo_open block m1: finfo_open exists m3: mime_magic is null m4: process finfo m5: finfo is not null m8: calling finfo_file m9: done calling finfo_file m10: calling finfo_close Seems to me that the Apache child processes die in the finfo_close call, then a new child is spawned which dies there aswell (up to three times). Here is a backtrace from the Apache log, if it helps: *** Error in `/usr/sbin/apache2': free(): invalid next size (fast): 0x7f70207d0b40 *** === Backtrace: = /lib64/libc.so.6(+0x7403f)[0x7f7067dd303f] /lib64/libc.so.6(+0x7995e)[0x7f7067dd895e] /lib64/libc.so.6(+0x7a686)[0x7f7067dd9686] /usr/lib64/libmagic.so.1(+0x4e83)[0x7f705f921e83] /usr/lib64/apache2/modules/libphp5.so(finfo_resource_destructor+0x15)[0x7f705ec9bfe5] /usr/lib64/apache2/modules/libphp5.so(list_entry_destructor+0x52)[0x7f705eefe492] /usr/lib64/apache2/modules/libphp5.so(zend_hash_del_key_or_index+0x29d)[0x7f705eefc36d] /usr/lib64/apache2/modules/libphp5.so(_zend_list_delete+0x7d)[0x7f705eefe6cd] /usr/lib64/apache2/modules/libphp5.so(zif_finfo_close+0x6c)[0x7f705ec9c3bc] /usr/lib64/apache2/modules/libphp5.so(+0x4e6141)[0x7f705efab141] /usr/lib64/apache2/modules/libphp5.so(execute_ex+0x4b)[0x7f705ef1ad4b] /usr/lib64/apache2/modules/libphp5.so(zend_execute_scripts+0x1c3)[0x7f705eeef483] /usr/lib64/apache2/modules/libphp5.so(php_execute_script+0x20b)[0x7f705ee8208b] /usr/lib64/apache2/modules/libphp5.so(+0x4e7f1f)[0x7f705efacf1f] /usr/sbin/apache2(ap_run_handler+0x40)[0x448d20] /usr/sbin/apache2(ap_invoke_handler+0x69)[0x449279] /usr/sbin/apache2(ap_process_async_request+0x1fa)[0x45c3ba] /usr/sbin/apache2[0x4593b0] /usr/sbin/apache2(ap_run_process_connection+0x40)[0x451d60] /usr/sbin/apache2[0x4641de] /lib64/libpthread.so.0(+0x8073)[0x7f706830e073] /lib64/libc.so.6(clone+0x6d)[0x7f7067e4744d] Finally, here is the modified function I used for debugging: public static function file_content_type($path, $name, $failover = 'application/octet-stream', $is_stream = false, $skip_suffix = false) { error_log(Entering file_content_type); static $mime_ext = array(); $mime_type = null; $config = rcube::get_instance()-config; $mime_magic = $config-get('mime_magic'); if (!$skip_suffix empty($mime_ext)) { foreach ($config-resolve_paths('mimetypes.php') as $fpath) { $mime_ext = array_merge($mime_ext, (array) @include($fpath)); } } // use file name suffix with hard-coded mime-type map if (!$skip_suffix is_array($mime_ext) $name) { if ($suffix = substr($name, strrpos($name, '.')+1)) { error_log(Checking mime_ext array); $mime_type = $mime_ext[strtolower($suffix)]; error_log(MIME type is . ($mime_type ? $mime_type : null)); } } error_log(Start finfo_open block); // try fileinfo extension if available if (!$mime_type function_exists('finfo_open')) { error_log(m1: finfo_open exists); // null as a 2nd argument should be the same as no argument // this however is not true on all systems/versions if ($mime_magic) { error_log(m2: mime_magic is not null); $finfo = finfo_open(FILEINFO_MIME, $mime_magic); } else { error_log(m3: mime_magic is null); $finfo = finfo_open(FILEINFO_MIME); } error_log(m4: process finfo); if ($finfo) { error_log(m5: finfo is not null); if ($is_stream) { error_log(m6: calling finfo_buffer); $mime_type = finfo_buffer($finfo, $path); error_log(m7: done calling finfo_buffer); } else { error_log(m8: calling finfo_file); $mime_type = finfo_file($finfo, $path); error_log(m9: done calling finfo_file); } error_log(m10: calling finfo_close); finfo_close($finfo); error_log(m11:
[RCU] Attaching files is not working for me, what am I missing?
Hello list, I can't seem to get attaching files to work (Roundcube 1.0.1, Gentoo Linux, Apache 2.4.9, PHP 5.5.12). Whenever I click attach a file, select a file and then click upload, Apache logs messages like these: [core:notice] [pid 9155:tid 140489408571264] AH00052: child pid 9482 exit signal Aborted (6) [core:notice] [pid 9155:tid 140489408571264] AH00052: child pid 9493 exit signal Aborted (6) *** Error in `/usr/sbin/apache2': free(): invalid pointer: 0x7fc60035f9a8 *** I made sure that $config['temp_dir'] points to a directory writeable by the Apache user. PHP settings ensure that file uploads are allowed. Roundcube reports file_uploads: OK session.auto_start: OK zend.ze1_compatibility_mode: OK mbstring.func_overload: OK suhosin.session.encrypt: OK magic_quotes_runtime: OK magic_quotes_sybase: OK I wonder how to better debug this problem to figure out what I am doing wrong here. Can you guys help me with this? -R ___ Roundcube Users mailing list users@lists.roundcube.net http://lists.roundcube.net/mailman/listinfo/users
[RCU] Plugin to delete all messages in an IMAP folder using a single button click?
Hi folks, I am looking for a RoundCube plugin which allows me to do delete all messages in the currently selected IMAP folder by clicking just one button. This would allow me to emulate the way in which I avoid clutter when trying to catch up on some mailing lists using Thunderbird. Thanks for your comments. -Ralph -- List info: http://lists.roundcube.net/users/ BT/8f4f07cd
Re: [RCU] Plugin to delete all messages in an IMAP folder using a single button click?
On 07.05.11 11:43, Arthur Titeica wrote: there is a button for Select all just bellow the messages list. Yes, but as I wrote, I'd like to delete all messages in a folder with one single button click. Just a matter of personal convenience. -Ralph -- List info: http://lists.roundcube.net/users/ BT/8f4f07cd