SMTP and IMAP/STARTTLS

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

SMTP and IMAP/STARTTLS

Rich Lott
Hi

I have two questions

1. Roundcube allows a list of domains for IMAP through the
$config['default_host'] = Array() config option. The different hosts
require different SMTP settings also, but it seems that the smtp
settings are assumed to be static. Is there a hook or such that allows
me to set some config after a user is logged in, and based on the host
(etc) they selected? i.e. someone who selects foo.com as the host needs
to send to smtp.foo.mailserver.com and someone who selects bar.com as
the host needs to send via localhost.


2. My (externally controlled) IMAP host offers STARTTLS over port 143
(it does not open port 993). It's not clear to me whether RC is moving
to TLS after the initial unencrypted connection. I don't want to use an
insecure connection, but I can't see a way to check or specify that
STARTTLS must be done?


Many thanks, and apols if these are daft questions, but I have read the
config files and wiki, I promise :-)



--
Rich
_______________________________________________
Roundcube Users mailing list
[hidden email]
http://lists.roundcube.net/mailman/listinfo/users
Reply | Threaded
Open this post in threaded view
|

Re: SMTP and IMAP/STARTTLS

Rich Lott
Hi

On my first issue: wanting to use different SMTP settings for different hosts, I've found this plugin: https://gitlab.com/kolab-roundcube-plugins/ude-login
which is not quite what I wanted but will do.

However, I'm still having problems with starttls. There's two situations where I need to check/fix STARTTLS

1. When roundcube accesses a remote IMAP server to fetch mail.

2. When roundcube accesses a remote SMTP server to send mail.


On 11/10/17 14:57, Reindl Harald wrote:
it does always when the server offers TLS and frankly it does even on 127.0.0.1 and then complain about certificte not machting - but why don#t you see the TLS connection in your maillog on the smtp server?

Thanks, but in my situation I do not control either of the remote servers, so I cannot check their logs.


I enabled imap_debug on roundcube but it does not seem to be clear :

[11-Oct-2017 15:32:49 +0100]: <vgbmv43h> [50AA] S: * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE STARTTLS AUTH=PLAIN] Dovecot ready.
[11-Oct-2017 15:32:49 +0100]: <vgbmv43h> [50AA] C: A0001 ID ("name" "Roundcube" "version" "1.3.0 " "php" "7.0.19-1" "os" "Linux" "command" "/?_task=mail&_action=refresh")
[11-Oct-2017 15:32:49 +0100]: <vgbmv43h> [50AA] S: * ID ("name" "Dovecot")
[11-Oct-2017 15:32:49 +0100]: <vgbmv43h> [50AA] S: A0001 OK ID completed.
[11-Oct-2017 15:32:49 +0100]: <vgbmv43h> [50AA] C: A0002 AUTHENTICATE PLAIN ****** [37]
[11-Oct-2017 15:32:49 +0100]: <vgbmv43h> [50AA] S: A0002 OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS THREAD=ORDEREDSUBJECT MULTIAPPEND URL-PARTIAL CATENATE UNSELECT CHILDREN NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH ESORT SEARCHRES WITHIN CONTEXT=SEARCH LIST-STATUS BINARY MOVE] Logged in





I have enabled smtp_debug on roundcube. Here's the chat while SENDING to the SMTP server:


Send: EHLO (xxxxx removed xxxx)
Recv: 250-xxxxxx removed xxxxxx
Recv: 250-PIPELINING
Recv: 250-SIZE 30240000
Recv: 250-VRFY
Recv: 250-ETRN
Recv: 250-STARTTLS
Recv: 250-ENHANCEDSTATUSCODES
Recv: 250-8BITMIME
Recv: 250 DSN
Send: RSET
Recv: 530 5.7.0 Must issue a STARTTLS command first
Send: QUIT
Recv: 221 2.0.0 Bye

So it looks like RC is not sending STARTTLS back in response?

?


-- 
Rich 

_______________________________________________
Roundcube Users mailing list
[hidden email]
http://lists.roundcube.net/mailman/listinfo/users
Reply | Threaded
Open this post in threaded view
|

Re: SMTP and IMAP/STARTTLS

Rich Lott
Hi



On 11/10/17 15:41, Reindl Harald wrote:
fix your servers so that they don't allow login without TLS to start with

As I said, I do not own nor control these servers. So I cannot reconfigure them, nor check their logs.

My servers do work the way you suggest, but I'm working with somebody else's :-)




Anyway I have now resolved the problem. I had been confused because the user config is stored in session, so my changes were not taking affect without a log out/log in to RC.

All fixed now anyway. Thanks for your time.


-- 
Rich

_______________________________________________
Roundcube Users mailing list
[hidden email]
http://lists.roundcube.net/mailman/listinfo/users
Reply | Threaded
Open this post in threaded view
|

Re: SMTP and IMAP/STARTTLS

A.L.E.C
In reply to this post by Rich Lott
On 10/11/2017 04:37 PM, Rich Lott wrote:

> 1. When roundcube accesses a remote IMAP server to fetch mail.
>
> 2. When roundcube accesses a remote SMTP server to send mail.

Use tls:// prefix.

--
Aleksander 'A.L.E.C' Machniak
Kolab Groupware Developer         [http://kolab.org]
Roundcube Webmail Developer   [http://roundcube.net]
----------------------------------------------------
PGP: 19359DC1 # Blog: https://kolabian.wordpress.com
_______________________________________________
Roundcube Users mailing list
[hidden email]
http://lists.roundcube.net/mailman/listinfo/users