Roundcube mailfilters not able to connect to server

Lebmann, Paul paul at lebmann.net
Thu Aug 20 09:44:00 CEST 2015 

Hi,

I'm using kolab on Debian GNU/Linux 8.1 (jessie) and somehow I can't 
connect to timsieved from roundcube.

When I try configuring filters I get: Unable to connect to server.

If I hit vacation I get: Unknown server error.


I already invested some hours of researching and trying stuff on the 
production system and setting up a testsystem.
The difference between production and test is that I installed a 
StartSSL Class 1 certificate on the production system following the 
guide on https://docs.kolab.org/howtos/secure-kolab-server.html.
On the testsystem I just installed Kolab, ran setup-kolab and added one 
testuser.
Those are my results for now:


I think it is not a problem with timsieved itself because connecting to 
it via sivtest seems to work on the test and on the production system.


sivtest -t "" -u lebmann -a lebmann -w ********************** localhost

testsystem:
S: "IMPLEMENTATION" "Cyrus timsieved 
git2.5+0-Debian-2.5~dev2015021301-0~kolab1"
S: "SASL" ""
S: "SIEVE" "comparator-i;ascii-numeric fileinto reject vacation 
imapflags notify include envelope body relational regex subaddress copy 
date"
S: "STARTTLS"
S: "UNAUTHENTICATE"
S: OK
C: STARTTLS
S: OK "Begin TLS negotiation now"
verify error:num=18:self signed certificate
TLS connection established: TLSv1.2 with cipher 
ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
S: "IMPLEMENTATION" "Cyrus timsieved 
git2.5+0-Debian-2.5~dev2015021301-0~kolab1"
S: "SASL" "PLAIN LOGIN"
S: "SIEVE" "comparator-i;ascii-numeric fileinto reject vacation 
imapflags notify include envelope body relational regex subaddress copy 
date"
S: "UNAUTHENTICATE"
S: OK
C: AUTHENTICATE "PLAIN" {48+}
bGVibWFubgBsZWJtYW5uADZ1c3RFUFNXZ0NkMmNuUDJGR1JL
S: OK
Authenticated.
Security strength factor: 256

production system:

S: "IMPLEMENTATION" "Cyrus timsieved 
git2.5+0-Debian-2.5~dev2015021301-0~kolab1"
S: "SASL" ""
S: "SIEVE" "comparator-i;ascii-numeric fileinto reject vacation 
imapflags notify include envelope body relational regex subaddress copy 
date"
S: "STARTTLS"
S: "UNAUTHENTICATE"
S: OK
C: STARTTLS
S: OK "Begin TLS negotiation now"
verify error:num=20:unable to get local issuer certificate
verify error:num=27:certificate not trusted
verify error:num=21:unable to verify the first certificate
TLS connection established: TLSv1.2 with cipher 
ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
S: "IMPLEMENTATION" "Cyrus timsieved 
git2.5+0-Debian-2.5~dev2015021301-0~kolab1"
S: "SASL" "PLAIN LOGIN"
S: "SIEVE" "comparator-i;ascii-numeric fileinto reject vacation 
imapflags notify include envelope body relational regex subaddress copy 
date"
S: "UNAUTHENTICATE"
S: OK
C: AUTHENTICATE "PLAIN" {48+}
bGVibWFubgBsZWJtYW5uADZ1c3RFUFNXZ0NkMmNuUDJGR1JL
S: OK
Authenticated.
Security strength factor: 256
^CC: LOGOUT
Connection closed.



As far as I can interpret it, there are additional TLS errors concerning 
the Certification chain on the production system, but otherwise it seems 
to work.



The following logs are from the testsystem:

Trying to get to the filter configuration in roundcube I get:

Aug 2 11:09:54 kolab sieve[4281]: STARTTLS failed: localhost [::1]

in mail.log respectively journalctl



In /var/log/roundcubemail/sieve I get junks like:

[02-Aug-2015 11:20:22,000000 +0200]: <96g21o0q> S: "IMPLEMENTATION" 
"Cyrus timsieved git2.5+0-Debian-2.5~dev2015021301-0~kolab1"
[02-Aug-2015 11:20:22,000000 +0200]: <96g21o0q> S: "SASL" ""
[02-Aug-2015 11:20:22,000000 +0200]: <96g21o0q> S: "SIEVE" 
"comparator-i;ascii-numeric fileinto reject vacation imapflags notify 
include envelope body relational regex subaddress copy date"
[02-Aug-2015 11:20:22,000000 +0200]: <96g21o0q> S: "STARTTLS"
[02-Aug-2015 11:20:22,000000 +0200]: <96g21o0q> S: "UNAUTHENTICATE"
[02-Aug-2015 11:20:22,000000 +0200]: <96g21o0q> S: OK
[02-Aug-2015 11:20:22,000000 +0200]: <96g21o0q> C: CAPABILITY
[02-Aug-2015 11:20:22,000000 +0200]: <96g21o0q> S: "IMPLEMENTATION" 
"Cyrus timsieved git2.5+0-Debian-2.5~dev2015021301-0~kolab1"
[02-Aug-2015 11:20:22,000000 +0200]: <96g21o0q> S: "SASL" ""
[02-Aug-2015 11:20:22,000000 +0200]: <96g21o0q> S: "SIEVE" 
"comparator-i;ascii-numeric fileinto reject vacation imapflags notify 
include envelope body relational regex subaddress copy date"
[02-Aug-2015 11:20:22,000000 +0200]: <96g21o0q> S: "STARTTLS"
[02-Aug-2015 11:20:22,000000 +0200]: <96g21o0q> S: "UNAUTHENTICATE"
[02-Aug-2015 11:20:22,000000 +0200]: <96g21o0q> S: OK
[02-Aug-2015 11:20:22,000000 +0200]: <96g21o0q> C: STARTTLS
[02-Aug-2015 11:20:22,000000 +0200]: <96g21o0q> S: OK "Begin TLS 
negotiation now"
[02-Aug-2015 11:20:22,000000 +0200]: <96g21o0q> C: LOGOUT
[02-Aug-2015 11:20:22,000000 +0200]: <96g21o0q> S: 
^V^C^A^AK^L^@^AG^C^@^WA^D%÷ÅðÖÿ¥+.³qëâ¯]^L´<8b>ÈpRß<87>¥<82>)Î<98>é<93>z<93>Ûw#<92>é6~Ì^KKý^[0bÔ^?ó^Gþ'6^]H£ò^KÁ^G<91>¸ÿ 
^A^@<99>9<90>nv$È^Ya<96>Ò¡^Z~Î/<81>h<82>Ê<87>`E<9e>Mã¿Ê<´<91>}îÆêL^V<9b>^V=ÏB^X<81>¼<81>±­lõÜëÓÛ~cn^OS%J¨? 
NBô^OK$F,Ê^V^P^A²x^Oy^Ql<87>u)©úç^L[B¨<8b><9f>ÛÀÜÔ<wÃ^?S;þ¯<þN9µÎ©Àª<89>^S^Vêñ§<8c>T]F<8a><86>U-2Ñ<85>k,0E<9e>^Dì¨Ç<8b>°a^]^CæSËku<80>1|wcÆÛcãÖÕ<90>Ç^\÷=^_Ê®^B5^]Å^\\7þ#ù·^MF#^XNÇQðb^Fó®4<9b>¿VQ¬Éäß<8e>Ä`<ÒwzG<8f>O¦½!ï<85>ô©<8a>^KÍ 
ÏhD<9f>&ë^Wi^A^R<85><93>Â%Ãô^DQGW^N^B+<90>­ß\jtÂ<96><8d><88>^V^C^A^@^D^N^@^@^@NO 
"Starttls failed"
[02-Aug-2015 11:20:22,000000 +0200]: <96g21o0q> S: OK "Logout Complete"



/var/log/roundcubemail/errors give me:

[02-Aug-2015 11:20:22 Europe/Vienna] PHP Deprecated:  Non-static method 
PEAR::isError() should not be called statically, assuming $this from 
incompatible context in /usr/share/php/Net/Sieve.php on line 995
[02-Aug-2015 11:20:22 Europe/Vienna] PHP Warning:  
stream_socket_enable_crypto(): SSL operation failed with code 1. OpenSSL 
Error messages:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate 
verify failed in /usr/share/php/Net/Sieve.php on line 1180
[02-Aug-2015 11:20:22 Europe/Vienna] PHP Deprecated:  Non-static method 
PEAR::raiseError() should not be called statically, assuming $this from 
incompatible context in /usr/share/php/Net/Sieve.php on line 1181
[02-Aug-2015 11:20:22 Europe/Vienna] ERROR: Failed to establish TLS 
connection (2)
[02-Aug-2015 11:20:22,000000 +0200]: <96g21o0q> PHP Error: Unable to 
connect to managesieve on localhost:4190 in 
/usr/share/roundcubemail/plugins/managesieve/lib/Roundcube/rcube_sieve_engine.php 
on line 216 (GET 
/roundcubemail/d7dcfcc5c4207fe6/?_task=settings&_action=plugin.managesieve-vacation)
[02-Aug-2015 11:20:22 Europe/Vienna] PHP Deprecated:  Non-static method 
PEAR::raiseError() should not be called statically, assuming $this from 
incompatible context in /usr/share/php/Net/Sieve.php on line 823
[02-Aug-2015 11:20:22 Europe/Vienna] ERROR: Not currently in 
AUTHORISATION state (1)
[02-Aug-2015 11:20:22 Europe/Vienna] PHP Deprecated:  Non-static method 
PEAR::isError() should not be called statically, assuming $this from 
incompatible context in /usr/share/php/Net/Sieve.php on line 455
[02-Aug-2015 11:20:22 Europe/Vienna] PHP Deprecated:  Non-static method 
PEAR::raiseError() should not be called statically, assuming $this from 
incompatible context in /usr/share/php/Net/Sieve.php on line 857
[02-Aug-2015 11:20:22 Europe/Vienna] ERROR: Not currently in 
AUTHORISATION state (1)
[02-Aug-2015 11:20:22 Europe/Vienna] PHP Deprecated:  Non-static method 
PEAR::isError() should not be called statically, assuming $this from 
incompatible context in /usr/share/php/Net/Sieve.php on line 887

and lots of other errors like the last one on different lines.



It feels like there were misconfigurations in the TLS setup. But in my 
opinion it should at least work on a fresh install with absolutely no 
changes made (except enabling debugging).

Please help me.

What else can I try to observe? Are there any other debug switches I can 
use to get more information?

Did anyone run into a similar issue?

Thanks and regards!

Paul

More information about the users mailing list