Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SMTP over STARTTLS on 587 not work #7952

Closed
Boia11 opened this issue Jan 19, 2018 · 6 comments
Closed

SMTP over STARTTLS on 587 not work #7952

Boia11 opened this issue Jan 19, 2018 · 6 comments

Comments

@Boia11
Copy link

Boia11 commented Jan 19, 2018

Steps to reproduce

  1. Set SMTP with STARTTLS on 587 with access authentication
  2. "Test Email" but not wotk with error

Expected behaviour

Send mail like in 12.0.3

Actual behaviour

stream_socket_enable_crypto(): SSL operation failed with code 1. OpenSSL Error messages: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed at /var/www/nextcloud/3rdparty/swiftmailer/swiftmailer/lib/classes/Swift/Transport/StreamBuffer.php#95

Server configuration

Operating system: Debian 8.10 (Jessie)
Linux Rock64 4.4.77-rockchip-ayufan-136 #1 SMP Thu Oct 12 09:14:48 UTC 2017 aarch64

Web server: Apache 2.4.10

Database: MariaDB 10.0.32

PHP version: 5.6.33

Nextcloud version: 12.0.4

Updated from an older Nextcloud/ownCloud or fresh install: update from fresh install of 12.0.3

Mail server configuration:

Mail server 
If you have access to your command line run e.g.:
sudo -u www-data php occ config:list system
from within your Nextcloud installation folder

or 

Insert your config.php content here. 
Make sure to remove all sensitive content such as passwords. (e.g. database password, passwordsalt, secret, smtp password, …)

Postfix + Dovecot
SSL Certificate: Let’s Encrypt

Nextcloud log (data/nextcloud.log)

Nextcloud log {"reqId":"LQJnpNL4jR0w7lJGwbo2","level":0,"time":"January 18, 2018 22:15:03","remoteAddr":"","user":"--","app":"cron","method":"--","url":"--","message":"Invalidating session tokens older than 2018-01-17T22:15:03+00:00","userAgent":"--","version":"12.0.4.3"} {"reqId":"LQJnpNL4jR0w7lJGwbo2","level":0,"time":"January 18, 2018 22:15:03","remoteAddr":"","user":"--","app":"cron","method":"--","url":"--","message":"Invalidating remembered session tokens older than 2018-01-03T22:15:03+00:00","userAgent":"--","version":"12.0.4.3"} {"reqId":"LQJnpNL4jR0w7lJGwbo2","level":0,"time":"January 18, 2018 22:15:03","remoteAddr":"","user":"--","app":"cron","method":"--","url":"--","message":"Finished OC\\Authentication\\Token\\DefaultTokenCleanupJob job with ID 15 in 0 seconds","userAgent":"--","version":"12.0.4.3"} {"reqId":"LQJnpNL4jR0w7lJGwbo2","level":0,"time":"January 18, 2018 22:15:03","remoteAddr":"","user":"--","app":"cron","method":"--","url":"--","message":"Run OCA\\UpdateNotification\\ResetTokenBackgroundJob job with ID 23","userAgent":"--","version":"12.0.4.3"} {"reqId":"LQJnpNL4jR0w7lJGwbo2","level":0,"time":"January 18, 2018 22:15:03","remoteAddr":"","user":"--","app":"cron","method":"--","url":"--","message":"Finished OCA\\UpdateNotification\\ResetTokenBackgroundJob job with ID 23 in 0 seconds","userAgent":"--","version":"12.0.4.3"} {"reqId":"sAM9H7abcLp3iM4f9ZkK","level":3,"time":"January 18, 2018 22:15:53","remoteAddr":"185.38.150.118","user":"--","app":"PHP","method":"GET","url":"\/cp\/FolderSearch?v=1.4","message":"Exception: The requested uri(\/cp\/FolderSearch) cannot be processed by the script '\/core\/templates\/404.php') at \/var\/www\/nextcloud\/lib\/private\/AppFramework\/Http\/Request.php#729","userAgent":"Mozilla\/5.0 (Windows NT 6.1; WOW64; rv:43.0) Gecko\/20100101 Firefox\/43.0","version":"12.0.4.3"} {"reqId":"nORHd6kGluqPYnSIbaAg","level":3,"time":"January 18, 2018 22:17:35","remoteAddr":"192.168.1.254","user":"Admin","app":"no app in context","method":"GET","url":"\/index.php\/settings\/admin\/additional","message":"Exception: {\"Exception\":\"OCP\\\\AppFramework\\\\QueryException\",\"Message\":\"Could not resolve OCA\\\\BruteForceSettings\\\\Settings\\\\IPWhitelist! Class OCA\\\\BruteForceSettings\\\\Settings\\\\IPWhitelist does not exist\",\"Code\":0,\"Trace\":\"#0 \\\/var\\\/www\\\/nextcloud\\\/lib\\\/private\\\/AppFramework\\\/Utility\\\/SimpleContainer.php(117): OC\\\\AppFramework\\\\Utility\\\\SimpleContainer->resolve('OCA\\\\\\\\BruteForceS...')\\n#1 \\\/var\\\/www\\\/nextcloud\\\/lib\\\/private\\\/ServerContainer.php(132): OC\\\\AppFramework\\\\Utility\\\\SimpleContainer->query('OCA\\\\\\\\BruteForceS...')\\n#2 \\\/var\\\/www\\\/nextcloud\\\/lib\\\/private\\\/Settings\\\/Manager.php(261): OC\\\\ServerContainer->query('OCA\\\\\\\\BruteForceS...')\\n#3 \\\/var\\\/www\\\/nextcloud\\\/lib\\\/private\\\/Settings\\\/Manager.php(352): OC\\\\Settings\\\\Manager->query('OCA\\\\\\\\BruteForceS...')\\n#4 \\\/var\\\/www\\\/nextcloud\\\/settings\\\/Controller\\\/AdminSettingsController.php(138): OC\\\\Settings\\\\Manager->getAdminSettings('security')\\n#5 \\\/var\\\/www\\\/nextcloud\\\/settings\\\/Controller\\\/AdminSettingsController.php(72): OC\\\\Settings\\\\Controller\\\\AdminSettingsController->getNavigationParameters('additional')\\n#6 [internal function]: OC\\\\Settings\\\\Controller\\\\AdminSettingsController->index('additional')\\n#7 \\\/var\\\/www\\\/nextcloud\\\/lib\\\/private\\\/AppFramework\\\/Http\\\/Dispatcher.php(160): call_user_func_array(Array, Array)\\n#8 \\\/var\\\/www\\\/nextcloud\\\/lib\\\/private\\\/AppFramework\\\/Http\\\/Dispatcher.php(90): OC\\\\AppFramework\\\\Http\\\\Dispatcher->executeController(Object(OC\\\\Settings\\\\Controller\\\\AdminSettingsController), 'index')\\n#9 \\\/var\\\/www\\\/nextcloud\\\/lib\\\/private\\\/AppFramework\\\/App.php(114): OC\\\\AppFramework\\\\Http\\\\Dispatcher->dispatch(Object(OC\\\\Settings\\\\Controller\\\\AdminSettingsController), 'index')\\n#10 \\\/var\\\/www\\\/nextcloud\\\/lib\\\/private\\\/AppFramework\\\/Routing\\\/RouteActionHandler.php(47): OC\\\\AppFramework\\\\App::main('AdminSettingsCo...', 'index', Object(OC\\\\AppFramework\\\\DependencyInjection\\\\DIContainer), Array)\\n#11 [internal function]: OC\\\\AppFramework\\\\Routing\\\\RouteActionHandler->__invoke(Array)\\n#12 \\\/var\\\/www\\\/nextcloud\\\/lib\\\/private\\\/Route\\\/Router.php(299): call_user_func(Object(OC\\\\AppFramework\\\\Routing\\\\RouteActionHandler), Array)\\n#13 \\\/var\\\/www\\\/nextcloud\\\/lib\\\/base.php(1004): OC\\\\Route\\\\Router->match('\\\/settings\\\/admin...')\\n#14 \\\/var\\\/www\\\/nextcloud\\\/index.php(48): OC::handleRequest()\\n#15 {main}\",\"File\":\"\\\/var\\\/www\\\/nextcloud\\\/lib\\\/private\\\/AppFramework\\\/Utility\\\/SimpleContainer.php\",\"Line\":102}","userAgent":"Mozilla\/5.0 (Windows NT 10.0; Win64; x64; rv:57.0) Gecko\/20100101 Firefox\/57.0","version":"12.0.4.3"} {"reqId":"pKK5R8SGw2QeEQtZehxO","level":3,"time":"January 18, 2018 22:17:54","remoteAddr":"192.168.1.254","user":"Admin","app":"PHP","method":"POST","url":"\/index.php\/settings\/admin\/mailtest","message":"stream_socket_enable_crypto(): SSL operation failed with code 1. OpenSSL Error messages:\nerror:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed at \/var\/www\/nextcloud\/3rdparty\/swiftmailer\/swiftmailer\/lib\/classes\/Swift\/Transport\/StreamBuffer.php#95","userAgent":"Mozilla\/5.0 (Windows NT 10.0; Win64; x64; rv:57.0) Gecko\/20100101 Firefox\/57.0","version":"12.0.4.3"} {"reqId":"LTCPhlzLKcRDFVN3adfe","level":3,"time":"January 18, 2018 22:17:57","remoteAddr":"192.168.1.254","user":"Admin","app":"no app in context","method":"GET","url":"\/index.php\/settings\/admin\/tips-tricks","message":"Exception: {\"Exception\":\"OCP\\\\AppFramework\\\\QueryException\",\"Message\":\"Could not resolve OCA\\\\BruteForceSettings\\\\Settings\\\\IPWhitelist! Class OCA\\\\BruteForceSettings\\\\Settings\\\\IPWhitelist does not exist\",\"Code\":0,\"Trace\":\"#0 \\\/var\\\/www\\\/nextcloud\\\/lib\\\/private\\\/AppFramework\\\/Utility\\\/SimpleContainer.php(117): OC\\\\AppFramework\\\\Utility\\\\SimpleContainer->resolve('OCA\\\\\\\\BruteForceS...')\\n#1 \\\/var\\\/www\\\/nextcloud\\\/lib\\\/private\\\/ServerContainer.php(132): OC\\\\AppFramework\\\\Utility\\\\SimpleContainer->query('OCA\\\\\\\\BruteForceS...')\\n#2 \\\/var\\\/www\\\/nextcloud\\\/lib\\\/private\\\/Settings\\\/Manager.php(261): OC\\\\ServerContainer->query('OCA\\\\\\\\BruteForceS...')\\n#3 \\\/var\\\/www\\\/nextcloud\\\/lib\\\/private\\\/Settings\\\/Manager.php(352): OC\\\\Settings\\\\Manager->query('OCA\\\\\\\\BruteForceS...')\\n#4 \\\/var\\\/www\\\/nextcloud\\\/settings\\\/Controller\\\/AdminSettingsController.php(138): OC\\\\Settings\\\\Manager->getAdminSettings('security')\\n#5 \\\/var\\\/www\\\/nextcloud\\\/settings\\\/Controller\\\/AdminSettingsController.php(72): OC\\\\Settings\\\\Controller\\\\AdminSettingsController->getNavigationParameters('tips-tricks')\\n#6 [internal function]: OC\\\\Settings\\\\Controller\\\\AdminSettingsController->index('tips-tricks')\\n#7 \\\/var\\\/www\\\/nextcloud\\\/lib\\\/private\\\/AppFramework\\\/Http\\\/Dispatcher.php(160): call_user_func_array(Array, Array)\\n#8 \\\/var\\\/www\\\/nextcloud\\\/lib\\\/private\\\/AppFramework\\\/Http\\\/Dispatcher.php(90): OC\\\\AppFramework\\\\Http\\\\Dispatcher->executeController(Object(OC\\\\Settings\\\\Controller\\\\AdminSettingsController), 'index')\\n#9 \\\/var\\\/www\\\/nextcloud\\\/lib\\\/private\\\/AppFramework\\\/App.php(114): OC\\\\AppFramework\\\\Http\\\\Dispatcher->dispatch(Object(OC\\\\Settings\\\\Controller\\\\AdminSettingsController), 'index')\\n#10 \\\/var\\\/www\\\/nextcloud\\\/lib\\\/private\\\/AppFramework\\\/Routing\\\/RouteActionHandler.php(47): OC\\\\AppFramework\\\\App::main('AdminSettingsCo...', 'index', Object(OC\\\\AppFramework\\\\DependencyInjection\\\\DIContainer), Array)\\n#11 [internal function]: OC\\\\AppFramework\\\\Routing\\\\RouteActionHandler->__invoke(Array)\\n#12 \\\/var\\\/www\\\/nextcloud\\\/lib\\\/private\\\/Route\\\/Router.php(299): call_user_func(Object(OC\\\\AppFramework\\\\Routing\\\\RouteActionHandler), Array)\\n#13 \\\/var\\\/www\\\/nextcloud\\\/lib\\\/base.php(1004): OC\\\\Route\\\\Router->match('\\\/settings\\\/admin...')\\n#14 \\\/var\\\/www\\\/nextcloud\\\/index.php(48): OC::handleRequest()\\n#15 {main}\",\"File\":\"\\\/var\\\/www\\\/nextcloud\\\/lib\\\/private\\\/AppFramework\\\/Utility\\\/SimpleContainer.php\",\"Line\":102}","userAgent":"Mozilla\/5.0 (Windows NT 10.0; Win64; x64; rv:57.0) Gecko\/20100101 Firefox\/57.0","version":"12.0.4.3"} {"reqId":"66VJFi1Ix3iiEiIiAFTP","level":0,"time":"January 18, 2018 22:18:23","remoteAddr":"88.198.160.138","user":"--","app":"core","method":"GET","url":"\/nextcloud\/status.php","message":"Scss is disabled for \/var\/www\/nextcloud\/core\/css\/server.scss, ignoring","userAgent":"scan.nextcloud.com","version":"12.0.4.3"} {"reqId":"gvbG9NLORvRugwKSgm6E","level":0,"time":"January 18, 2018 22:18:23","remoteAddr":"88.198.160.138","user":"--","app":"core","method":"GET","url":"\/oc\/status.php","message":"Scss is disabled for \/var\/www\/nextcloud\/core\/css\/server.scss, ignoring","userAgent":"scan.nextcloud.com","version":"12.0.4.3"} {"reqId":"66VJFi1Ix3iiEiIiAFTP","level":0,"time":"January 18, 2018 22:18:23","remoteAddr":"88.198.160.138","user":"--","app":"core","method":"GET","url":"\/nextcloud\/status.php","message":"Scss is disabled for \/var\/www\/nextcloud\/core\/css\/share.scss, ignoring","userAgent":"scan.nextcloud.com","version":"12.0.4.3"} {"reqId":"gvbG9NLORvRugwKSgm6E","level":0,"time":"January 18, 2018 22:18:23","remoteAddr":"88.198.160.138","user":"--","app":"core","method":"GET","url":"\/oc\/status.php","message":"Scss is disabled for \/var\/www\/nextcloud\/core\/css\/share.scss, ignoring","userAgent":"scan.nextcloud.com","version":"12.0.4.3"} {"reqId":"36C6WUyVsCjB9hs7sLCI","level":0,"time":"January 18, 2018 22:18:23","remoteAddr":"88.198.160.138","user":"--","app":"core","method":"GET","url":"\/owncloud\/status.php","message":"Scss is disabled for \/var\/www\/nextcloud\/core\/css\/server.scss, ignoring","userAgent":"scan.nextcloud.com","version":"12.0.4.3"} {"reqId":"36C6WUyVsCjB9hs7sLCI","level":0,"time":"January 18, 2018 22:18:23","remoteAddr":"88.198.160.138","user":"--","app":"core","method":"GET","url":"\/owncloud\/status.php","message":"Scss is disabled for \/var\/www\/nextcloud\/core\/css\/share.scss, ignoring","userAgent":"scan.nextcloud.com","version":"12.0.4.3"} {"reqId":"FFIq46MZ3AynHYGvkWX4","level":0,"time":"January 18, 2018 22:18:23","remoteAddr":"88.198.160.138","user":"--","app":"core","method":"GET","url":"\/oc-shib\/status.php","message":"Scss is disabled for \/var\/www\/nextcloud\/core\/css\/server.scss, ignoring","userAgent":"scan.nextcloud.com","version":"12.0.4.3"} {"reqId":"
@tflidd
Copy link
Contributor

tflidd commented Jan 20, 2018

You often get this error if the certificate on the mail server is not correctly installed. You can test your mail server here: https://ssl-tools.net/mailservers
In NC 12.0.4 there have been no changes compared to NC 12.0.3 regarding the swift-mailer:
https://github.com/nextcloud/3rdparty/tree/stable12/swiftmailer/swiftmailer/lib

@Boia11
Copy link
Author

Boia11 commented Jan 20, 2018

@tflidd I have test email, this is result of scan:
screenshot 2018-01-20 16 00 07
There are problems?

@tflidd
Copy link
Contributor

tflidd commented Jan 20, 2018

Hm, in curl it was sometimes a problem that the root certificates were a bit old. With this error you find a couple of topics where swiftmailer is used. Some just recommend to disable the certificate verification but that's a dirty workaround. A strange thing is that it worked for you on NC 12.0.3.

Personally, I pass mails directly to sendmail and use ssmtp to send the mails. It is very small, easy to set up and has a proper logfile for debugging.

@roboto-cloud
Copy link

roboto-cloud commented Feb 19, 2018
edited
Loading

Hi, I have the same issue..

@tflidd can you explain step by step how do it?
thanks in advance,

stream_socket_enable_crypto(): SSL operation failed with code 1. OpenSSL Error messages: error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure at /var/www/html/3rdparty/swiftmailer/swiftmailer/lib/classes/Swift/Transport/StreamBuffer.php#94

@tflidd
Copy link
Contributor

tflidd commented Feb 20, 2018

There is a general guide which should be quite similar for other distributions:
https://wiki.archlinux.org/index.php/SSMTP
In Nextcloud you can just use the sendmode "PHP" (or sendmail should probably work as well).

I you have a similar configuration like the OP where SSLv3 is disabled, it's not surprising that a sslv3-handshake fails. You must support TLS 1.0, because newer versions are not supported:
#7421

@Boia11 Boia11 closed this as completed Mar 19, 2018
@nextcloud-bot nextcloud-bot mentioned this issue Sep 14, 2018
Closed
@nextcloud-bot nextcloud-bot mentioned this issue Oct 15, 2018
Closed
@nextcloud-bot nextcloud-bot mentioned this issue Nov 28, 2018
Closed
@LeGast00n
Copy link

I had the same issue, thought what I needed was SSL/465, and finally had it work by setting STARTTLS on port 465. Weird.

@j-ed j-ed mentioned this issue Sep 13, 2019
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@LeGast00n @tflidd @Boia11 @roboto-cloud