Mind Dump, Tech And Life Blog
written by Ivan Alenko
published under license Attribution-ShareAlike 4.0 International (CC BY-SA 4.0)copy! share!
posted in category Systems Software / Roundcube
posted at 03. Jun '20
last updated at 24. Aug '21

Howto Get Roundcube To Use SSL/TLS To Connect

I lied a bit, because it doesn’t work properly in Debian Buster. The system finally stopped using port 25 (SMTP) to accept emails from clients and used 587. But I wanted to use SSL or TLS (I configured TLS in Dovecot, and SSL uses different port - 465).

But I saw strange errors. What the hell is going on?

error:1408F10B:SSL routines:ssl3_get_record:wrong version number in /usr/share/php/Net/Socket.php on line 159
[05-Jan-2020 22:06:34 Europe/Berlin] PHP Warning:  stream_socket_client(): Failed to enable crypto in /usr/share/php/Net/Socket.php on line 159
[05-Jan-2020 22:06:34 Europe/Berlin] PHP Warning:  stream_socket_client(): unable to connect to ssl://localhost:587 (Unknown error) in /usr/share/php/Net/Socket.php on line 159
[05-Jan-2020 22:06:34 Europe/Berlin] ERROR: stream_socket_client(): unable to connect to ssl://localhost:587 (Unknown error) (0)
[05-Jan-2020 22:06:34 Europe/Berlin] ERROR: Failed to connect socket: stream_socket_client(): unable to connect to ssl://localhost:587 (Unknown error) ()
[05-Jan-2020 22:06:34 +0100]: <uefjhvlg> SMTP Error: Connection failed: Failed to connect socket: stream_socket_client(): unable to connect to ssl://localhost:587 (Unknown error) in /usr/share/roundcube/program/lib/Roundcube/rcube.php on line 1667 (POST /posta/?_task=mail&_unlock=loading1578258394092&_lang=undefined&_framed=1&_action=send)
[05-Jan-2020 22:06:45 Europe/Berlin] ERROR: STARTTLS failed ()
[05-Jan-2020 22:06:45 Europe/Berlin] ERROR: Invalid response code received from server (-1)
[05-Jan-2020 22:06:45 Europe/Berlin] ERROR: Failed to write to socket: unknown error ()
[05-Jan-2020 22:06:45 +0100]: <uefjhvlg> SMTP Error: Authentication failure: STARTTLS failed (Code: ) in /usr/share/roundcube/program/lib/Roundcube/rcube.php on line 1667 (POST /posta/?_task=mail&_unlock=loading1578258405185&_lang=undefined&_framed=1&_action=send)
[05-Jan-2020 22:09:54 Europe/Berlin] PHP Warning:  stream_socket_client(): SSL operation failed with code 1. OpenSSL Error messages:
error:1408F10B:SSL routines:ssl3_get_record:wrong version number in /usr/share/php/Net/Socket.php on line 159
[05-Jan-2020 22:09:54 Europe/Berlin] PHP Warning:  stream_socket_client(): Failed to enable crypto in /usr/share/php/Net/Socket.php on line 159
[05-Jan-2020 22:09:54 Europe/Berlin] PHP Warning:  stream_socket_client(): unable to connect to ssl://localhost:587 (Unknown error) in /usr/share/php/Net/Socket.php on line 159
[05-Jan-2020 22:09:54 Europe/Berlin] ERROR: stream_socket_client(): unable to connect to ssl://localhost:587 (Unknown error) (0)
[05-Jan-2020 22:09:54 Europe/Berlin] ERROR: Failed to connect socket: stream_socket_client(): unable to connect to ssl://localhost:587 (Unknown error) ()
[05-Jan-2020 22:09:54 +0100]: <uefjhvlg> SMTP Error: Connection failed: Failed to connect socket: stream_socket_client(): unable to connect to ssl://localhost:587 (Unknown error) in /usr/share/roundcube/program/lib/Roundcube/rcube.php on line 1667 (POST /posta/?_task=mail&_unlock=loading1578258594386&_lang=undefined&_framed=1&_action=send)

Roundcube handles protocols very specifically:

  • ssl:// is not TLS
  • tls:// is not STARTTLS

In the end I had to disable certificate verification (thanks internet), very good new year present. So the configuration looks like this. It’s connecting to localhost anyways. DO NOT USE WHEN ROUNDCUBE CONNECTS TO AN OUTSIDE MACHINE or just risk it, I’ve seen disabled certificate verification in very disturbing places.

// /etc/roundcube/config.inc.php
//....
// The mail host chosen to perform the log-in.
// Leave blank to show a textbox at login, give a list of hosts
// to display a pulldown menu or set one host as string.
// To use SSL/TLS connection, enter hostname with prefix ssl:// or tls://
// Supported replacement variables:
// %n - hostname ($_SERVER['SERVER_NAME'])
// %t - hostname without the first part
// %d - domain (http hostname $_SERVER['HTTP_HOST'] without the first part)
// %s - domain name after the '@' from e-mail address provided at login screen
// For example %n = mail.domain.tld, %t = domain.tld
$config['default_host'] = 'localhost';

// SMTP server host (for sending mails).
// To use SSL/TLS connection, enter hostname with prefix ssl:// or tls://
// If left blank, the PHP mail() function is used
// Supported replacement variables:
// %h - user's IMAP hostname
// %n - hostname ($_SERVER['SERVER_NAME'])
// %t - hostname without the first part
// %d - domain (http hostname $_SERVER['HTTP_HOST'] without the first part)
// %z - IMAP domain (IMAP hostname without the first part)
// For example %n = mail.domain.tld, %t = domain.tld
$config['smtp_server'] = 'tls://localhost';

// 2019-01-05 22:05 disable certificate verification since it's broken
$config['smtp_conn_options'] = array(
  'ssl' => array(
    'verify_peer'  => false,
    'verify_peer_name' => false,
    'allow_self_signed' => true
  ),
);

$config['smtp_auth_type'] = 'PLAIN';
// SMTP port (default is 25; use 587 for STARTTLS or 465 for the
// deprecated SSL over SMTP (aka SMTPS))
$config['smtp_port'] = 587;

// SMTP username (if required) if you use %u as the username Roundcube
// will use the current username for login
$config['smtp_user'] = '%u';

// SMTP password (if required) if you use %p as the password Roundcube
// will use the current user's password for login
$config['smtp_pass'] = '%p';
//....

That’s all.

Add Comment