Mind Dump, Tech And Life Blog
written by Ivan Alenko
published under license Attribution-ShareAlike 4.0 International (CC BY-SA 4.0)copy! share!
posted in category Digital Despotism / Linux
posted at 03. Jun '20

Howto Get Roundcube To Use SSL/TLS To Connect

I lied a bit, because it doesn’t work properly in Debian Buster. The system finally stopped using port 25 (SMTP) to accept emails from clients and used 587. But I wanted to use SSL or TLS (I configured TLS in Dovecot, and SSL uses different port - 465).

But I saw strange errors. What the hell is going on?

error:1408F10B:SSL routines:ssl3_get_record:wrong version number in /usr/share/php/Net/Socket.php on line 159
[05-Jan-2020 22:06:34 Europe/Berlin] PHP Warning:  stream_socket_client(): Failed to enable crypto in /usr/share/php/Net/Socket.php on line 159
[05-Jan-2020 22:06:34 Europe/Berlin] PHP Warning:  stream_socket_client(): unable to connect to ssl://localhost:587 (Unknown error) in /usr/share/php/Net/Socket.php on line 159
[05-Jan-2020 22:06:34 Europe/Berlin] ERROR: stream_socket_client(): unable to connect to ssl://localhost:587 (Unknown error) (0)
[05-Jan-2020 22:06:34 Europe/Berlin] ERROR: Failed to connect socket: stream_socket_client(): unable to connect to ssl://localhost:587 (Unknown error) ()
[05-Jan-2020 22:06:34 +0100]: <uefjhvlg> SMTP Error: Connection failed: Failed to connect socket: stream_socket_client(): unable to connect to ssl://localhost:587 (Unknown error) in /usr/share/roundcube/program/lib/Roundcube/rcube.php on line 1667 (POST /posta/?_task=mail&_unlock=loading1578258394092&_lang=undefined&_framed=1&_action=send)
[05-Jan-2020 22:06:45 Europe/Berlin] ERROR: STARTTLS failed ()
[05-Jan-2020 22:06:45 Europe/Berlin] ERROR: Invalid response code received from server (-1)
[05-Jan-2020 22:06:45 Europe/Berlin] ERROR: Failed to write to socket: unknown error ()
[05-Jan-2020 22:06:45 +0100]: <uefjhvlg> SMTP Error: Authentication failure: STARTTLS failed (Code: ) in /usr/share/roundcube/program/lib/Roundcube/rcube.php on line 1667 (POST /posta/?_task=mail&_unlock=loading1578258405185&_lang=undefined&_framed=1&_action=send)
[05-Jan-2020 22:09:54 Europe/Berlin] PHP Warning:  stream_socket_client(): SSL operation failed with code 1. OpenSSL Error messages:
error:1408F10B:SSL routines:ssl3_get_record:wrong version number in /usr/share/php/Net/Socket.php on line 159
[05-Jan-2020 22:09:54 Europe/Berlin] PHP Warning:  stream_socket_client(): Failed to enable crypto in /usr/share/php/Net/Socket.php on line 159
[05-Jan-2020 22:09:54 Europe/Berlin] PHP Warning:  stream_socket_client(): unable to connect to ssl://localhost:587 (Unknown error) in /usr/share/php/Net/Socket.php on line 159
[05-Jan-2020 22:09:54 Europe/Berlin] ERROR: stream_socket_client(): unable to connect to ssl://localhost:587 (Unknown error) (0)
[05-Jan-2020 22:09:54 Europe/Berlin] ERROR: Failed to connect socket: stream_socket_client(): unable to connect to ssl://localhost:587 (Unknown error) ()
[05-Jan-2020 22:09:54 +0100]: <uefjhvlg> SMTP Error: Connection failed: Failed to connect socket: stream_socket_client(): unable to connect to ssl://localhost:587 (Unknown error) in /usr/share/roundcube/program/lib/Roundcube/rcube.php on line 1667 (POST /posta/?_task=mail&_unlock=loading1578258594386&_lang=undefined&_framed=1&_action=send)

Roundcube handles protocols very specifically:

  • ssl:// is not TLS
  • tls:// is not STARTTLS

In the end I had to disable certificate verification (thanks internet), very good new year present. So the configuration looks like this.

// /etc/roundcube/config.inc.php
//....
// The mail host chosen to perform the log-in.
// Leave blank to show a textbox at login, give a list of hosts
// to display a pulldown menu or set one host as string.
// To use SSL/TLS connection, enter hostname with prefix ssl:// or tls://
// Supported replacement variables:
// %n - hostname ($_SERVER['SERVER_NAME'])
// %t - hostname without the first part
// %d - domain (http hostname $_SERVER['HTTP_HOST'] without the first part)
// %s - domain name after the '@' from e-mail address provided at login screen
// For example %n = mail.domain.tld, %t = domain.tld
$config['default_host'] = 'localhost';

// SMTP server host (for sending mails).
// To use SSL/TLS connection, enter hostname with prefix ssl:// or tls://
// If left blank, the PHP mail() function is used
// Supported replacement variables:
// %h - user's IMAP hostname
// %n - hostname ($_SERVER['SERVER_NAME'])
// %t - hostname without the first part
// %d - domain (http hostname $_SERVER['HTTP_HOST'] without the first part)
// %z - IMAP domain (IMAP hostname without the first part)
// For example %n = mail.domain.tld, %t = domain.tld
$config['smtp_server'] = 'tls://localhost';

// 2019-01-05 22:05 disable certificate verification since it's broken
$config['smtp_conn_options'] = array(
  'ssl' => array(
    'verify_peer'  => false,
    'verify_peer_name' => false,
    'allow_self_signed' => true
  ),
);

$config['smtp_auth_type'] = 'PLAIN';
// SMTP port (default is 25; use 587 for STARTTLS or 465 for the
// deprecated SSL over SMTP (aka SMTPS))
$config['smtp_port'] = 587;

// SMTP username (if required) if you use %u as the username Roundcube
// will use the current username for login
$config['smtp_user'] = '%u';

// SMTP password (if required) if you use %p as the password Roundcube
// will use the current user's password for login
$config['smtp_pass'] = '%p';
//....

That’s all.

Add Comment