Try setting Authentication to “Select Type”, set status to Disable, input the appropriate host information, and save changes. Now set Authentication to Basic Authentication, click Config button, add correct auth info, and try to submit the popup. If you get the same error you’ll have to look at your server logs and/or mail server logs to see why the connection failed. It says Unknown Error so we can’t really tell what’s going on without more detailed logs.
Cheers.
Hi Kevin,
The status for e-mail fetching is currently set to Disable. When I set the Authentication to "Select Type" and hit save, it says "Successfully updated this e-mail," however, the authentication setting reverts back to Basic Authentication. So it does not actually allow the type to be changed, though it doesn't give an error when you try to.
There doesn't appear to be any connection showing up in the mail server logs. When you attempt to connect, the error appears so instantaneously that I doubt it is even attempting to actually contact the server.
Then you will need to look at the logs on the webserver. Maybe even the PHP error logs. I cannot replicate this so I'm not sure what's going on.
Cheers.
Hi Kevin, thanks for your guidance looking at this. I found I did need to enable to IMAP logs on the mail server, and was able to collect some logs.
From the osTicket v1.18 server, the following connection appears in the logs on the mail server when trying to add the IMAP account in osTicket:
dateTime: 2023-08-30T17:56:17.842Z
sessionId: 17
seqNumber: 0
sIp: [mail server]:993
cIp: [osticket server]:53180
user:
duration: 28
rqsize: 0
rpsize: 0
command: OpenSession
parameters:
context:
puid:
So, all it appears to do is try to open a session. In contrast, if I perform the same action on the osTicket v1.16 server, I get logs for a similar Open Session command, but additional "capability", "login", and "CloseSession" commands. The v1.18 does not appear to be attempting any of these commands.
The fact that rqsize and rpsize are both 0 seems odd, but I'm not sure what is normal for this.
Hopefully that provides some helpful information for further steps. I will try to look into the PHP logs, though I'm not familiar with what to do there. I'll update if I find anything.
Hi Kevin,
I've confirmed there are no IMAP-related entries recorded in the PHP error log. It was an easy check because the log was so short, just a couple unrelated entries from when it was first installed, and nothing at all from the last few days.
As a test, I also tried downgrading from PHP 8.2.9 to 8.2.8 and 8.1. Same result on all versions.
Besides testing osTicket v1.16 successfully, I've also now tested v1.17 and IMAP connects successfully to the same mail server using the same settings and account. So there must be something in the osTicket or PHP configuration of my 1.18 version that is breaking it.
Looks like I'll have to install osTicket version 1.17 and start this setup from scratch to get e-mail to work. 
I wish I could be more helpful but I’m unable to assist without any further errors. I’m also unable to replicate this using v1.18 and PHP 8.2. Of course I don’t have a local exchange server so not too sure if it’s PHP related or mailserver related.
Make sure you have enabled all PHP extensions for your version of PHP. It’s possible you are missing some extensions on the new version of PHP.
Cheers.
Hi Kevin,
We found the issue, so I'll post it here for anyone else's benefit who comes across this thread.
The error was due to the fact that Exchange was using a self-signed SSL certificate for the IMAP service, and osTicket did not trust that certificate. Once we installed the self-signed certificate locally to the trusted store on our osTicket server, the problem was resolved.
It appears this requirement to have a trusted SSL certificate must have been added to a relatively recent version of osTicket or PHP. It's too bad the error message doesn't indicate anything about the cert, and just gives "Unknown Error." Not sure if that's something osTicket can update to improve, or if that's purely a PHP thing.
(As to why we wouldn't just use a signed SSL certificate issued by a public CA: We do have one installed on the Exchange server, but it does not allow us to use it for IMAP. It might be because the cert is a wildcard certificate, but we didn't troubleshoot that part any further, because it doesn't matter at this point. IMAP is only going to be used internally, not open to the web, and the osTicket server is internal.)
epdguez Debo aportar más información, o captura de alguna pantalla?
Datos: Servidor de correo Zimbra 8.x el mismo que estaba config en la v de osticket 1.15 y funcionaba ok
puertos habilitados en el serv de correo
pero no sé como comprobar que esta haciendo uso del certificado.
La verdad es que este detalle me tiene preocupado, pues la empresa usa el servicio para todos los reportes y desde la migración no recibimos los msg x correo, solo los que se agregan desde la web
it doesn't sound like you have a similar environment to me. We're using Exchange and running osTicket on a Windows server. It sounds like you're using different platforms for both the mail and web servers. So, I'm afraid I can't help you beyond what I've already posted above. Buena suerte!
We have the same behaviour like jiit in our environment. We use exchange 2016 onpremise with osTicket installed on ubuntu Linux. With 1.16.6 everything ist fine, but with higher versions, we get the same error message.
cannot connect to host; error = stream_socket_client(): Unable to connect to ssl://myserver:993 (Unknown error) (errno = 0 )
We also use a self sgined certificate for IMAP on our exchange server for internal use.
My problem is, how and where to put the self signed certificate on the ubuntu server,
so that osTicket start pulling the mails?
Any ideas?
Best regards
Everyone,
I will post a patch in this thread shortly that should skip certificate validation for IMAP/POP3 and SMTP. If it works we'll see about adding it to core.
Cheers.
Everyone,
Please try this and let me know if this works without installing self-signed cert locally on the server:
diff --git a/include/class.mail.php b/include/class.mail.php
index 1a476de2..788af3f0 100644
--- a/include/class.mail.php
+++ b/include/class.mail.php
@@ -657,7 +657,10 @@ namespace osTicket\Mail {
// Build out SmtpOptions options based on SmtpAccount Settings
private function buildOptions(AccountSetting $setting) {
// Dont send 'QUIT' on __destruct()
- $config = ['use_complete_quit' => false];
+ $config = [
+ 'use_complete_quit' => false,
+ 'novalidatecert' => true
+ ];
$connect = $setting->getConnectionConfig();
$auth = $setting->getAuthCredentials();
switch (true) {
@@ -912,6 +915,7 @@ namespace osTicket\Mail {
'ssl' => $ssl,
'protocol' => strtoupper($account->getProtocol()),
'name' => self::get_hostname(),
+ 'novalidatecert' => true
];
// Set errors to null to clear validationCheers.
Since we've got it working by installing the self-signed cert, I'm not going to rock the boat by testing this fix presently. But I'll give it a try next time we do a deployment. We may be upgrading our own in a few months. In the meantime, I'll be interested to hear if anyone else has success with this. Thanks, KevinTheJedi !
Hi KevinTheJedi my colleague and I fixed it!
Seems you did not call the constructor from the laminas-mail protocoltrait class on line 318 in include/class.mail.php which is necessary to set the novalidatecert to true. So we add this call including "true" as the last parameter for the novalidatecert to fix it. All that was necessary is to add this line:
parent::__construct($connect['host'], $connect['port'], $connect['ssl'], true);
Here is how it looks then inside include/class.mail.php file:
// MailBoxProtocolTrait
use Laminas\Mail\Protocol\Imap as ImapProtocol;
use Laminas\Mail\Protocol\Pop3 as Pop3Protocol;
trait MailBoxProtocolTrait {
final public function init(AccountSetting $setting) {
// Attempt to connect to the mail server
$connect = $setting->getConnectionConfig();
// Let's go Brandon
parent::__construct($connect['host'], $connect['port'], $connect['ssl'], true);
parent::connect($connect['host'], $connect['port'],
$connect['ssl']);
// Attempt authentication based on MailBoxAccount settings
$auth = $setting->getAuthCredentials();Another fix as mentioned by someone else is to add the base64 encoded certificate of the mail / exchange server or the certificate of your CA to the local certificate store. To do this (for debian linux) place the cert under /usr/local/share/ca-certificates/ and name it e.g. mailserver.crt. Make sure to use .crt file extension. Then update the cert store by sudo update-ca-certificates. Output looks like this then:
Updating certificates in /etc/ssl/certs...
1 added, 0 removed; done.
Running hooks in /etc/ca-certificates/update.d...
done.This how my file looks
// Attempt to connect to the mail server
$connect = $setting->getConnectionConfig();
// Let's go Brandon
//parent::connect($connect['host'], $connect['port'],
// $connect['ssl']);
parent::__construct($connect['host'], $connect['port'], $connect['ssl'], true);
parent::connect($connect['host'], $connect['port'],
$connect['ssl']);
// Attempt authentication based on MailBoxAccount settings
but it;s does nog work
After looking into this a little deeper the only changes we need to successfully disable certificate validation for IMAP/POP3 and SMTP are the following:
diff --git a/include/class.mail.php b/include/class.mail.php
index 1e347f5a4..441fcf450 100644
--- a/include/class.mail.php
+++ b/include/class.mail.php
@@ -315,8 +315,8 @@ namespace osTicket\Mail {
// Attempt to connect to the mail server
$connect = $setting->getConnectionConfig();
// Let's go Brandon
- parent::connect($connect['host'], $connect['port'],
- $connect['ssl']);
+ parent::__construct($connect['host'], $connect['port'],
+ $connect['ssl'], true);
// Attempt authentication based on MailBoxAccount settings
$auth = $setting->getAuthCredentials();
switch (true) {
@@ -657,7 +657,10 @@ namespace osTicket\Mail {
// Build out SmtpOptions options based on SmtpAccount Settings
private function buildOptions(AccountSetting $setting) {
// Dont send 'QUIT' on __destruct()
- $config = ['use_complete_quit' => false];
+ $config = [
+ 'use_complete_quit' => false,
+ 'novalidatecert' => true
+ ];
$connect = $setting->getConnectionConfig();
$auth = $setting->getAuthCredentials();
switch (true) {I would like to thank you again for your input and testing! These changes will be included in the next set of releases, so please stay tuned.
Cheers.
You can apply my DIFF file above. If you don't know how to apply a diff file you can Google "how to apply a diff file"; it's very simple. Once the changes are applied you should restart the webserver and/or PHP-FPM (to ensure nothing is being cached) and retest.
Cheers.
Everyone,
Here is the official Pull Request for these changes:
If anything changes the pull request will be updated.
Cheers.