Error configuring IMAP - stream_socket_client Unknown Error
- bueno en mi server cree una carpeta include/pluggins/certificates
- descargue el certificado de mi servidor
openssl s_client -connect mail.midominio:993 -showcerts | openssl x509 -outform PEM > certificado.crt - reinicie apache, e intente config nuevamente y no me funciona. quizás este haciendo algo mal o que deba hacer otra cosa.
epdguez Debo aportar más información, o captura de alguna pantalla?
Datos: Servidor de correo Zimbra 8.x el mismo que estaba config en la v de osticket 1.15 y funcionaba ok
puertos habilitados en el serv de correo
- Port #22 (ssh): listening
- Port #25 (smtp): listening
- Port #110 (pop3): listening
- Port #143 (imap): listening
- Port #389 (ldap): listening
- Port #443 (https): listening
- Port #993 (imaps): listening
- Port #995 (pop3s): listening
- Port #8443 (caldav-ssl): listening
El certificado es autofirmado, pero siguiendo sugerencias lo incorpore a include/pluggins/certificates
usando la sgte orden para descargarlo
openssl s_client -connect mail.midominio:993 -showcerts | openssl x509 -outform PEM > certificado.crt
pero no sé como comprobar que esta haciendo uso del certificado.
La verdad es que este detalle me tiene preocupado, pues la empresa usa el servicio para todos los reportes y desde la migración no recibimos los msg x correo, solo los que se agregan desde la web
it doesn't sound like you have a similar environment to me. We're using Exchange and running osTicket on a Windows server. It sounds like you're using different platforms for both the mail and web servers. So, I'm afraid I can't help you beyond what I've already posted above. Buena suerte!
- Edited
We have the same behaviour like jiit in our environment. We use exchange 2016 onpremise with osTicket installed on ubuntu Linux. With 1.16.6 everything ist fine, but with higher versions, we get the same error message.
cannot connect to host; error = stream_socket_client(): Unable to connect to ssl://myserver:993 (Unknown error) (errno = 0 )
We also use a self sgined certificate for IMAP on our exchange server for internal use.
My problem is, how and where to put the self signed certificate on the ubuntu server,
so that osTicket start pulling the mails?
Any ideas?
Best regards
Everyone,
I will post a patch in this thread shortly that should skip certificate validation for IMAP/POP3 and SMTP. If it works we'll see about adding it to core.
Cheers.
Everyone,
Please try this and let me know if this works without installing self-signed cert locally on the server:
diff --git a/include/class.mail.php b/include/class.mail.php
index 1a476de2..788af3f0 100644
--- a/include/class.mail.php
+++ b/include/class.mail.php
@@ -657,7 +657,10 @@ namespace osTicket\Mail {
// Build out SmtpOptions options based on SmtpAccount Settings
private function buildOptions(AccountSetting $setting) {
// Dont send 'QUIT' on __destruct()
- $config = ['use_complete_quit' => false];
+ $config = [
+ 'use_complete_quit' => false,
+ 'novalidatecert' => true
+ ];
$connect = $setting->getConnectionConfig();
$auth = $setting->getAuthCredentials();
switch (true) {
@@ -912,6 +915,7 @@ namespace osTicket\Mail {
'ssl' => $ssl,
'protocol' => strtoupper($account->getProtocol()),
'name' => self::get_hostname(),
+ 'novalidatecert' => true
];
// Set errors to null to clear validationCheers.
Since we've got it working by installing the self-signed cert, I'm not going to rock the boat by testing this fix presently. But I'll give it a try next time we do a deployment. We may be upgrading our own in a few months. In the meantime, I'll be interested to hear if anyone else has success with this. Thanks, KevinTheJedi !
Hi KevinTheJedi my colleague and I fixed it!
Seems you did not call the constructor from the laminas-mail protocoltrait class on line 318 in include/class.mail.php which is necessary to set the novalidatecert to true. So we add this call including "true" as the last parameter for the novalidatecert to fix it. All that was necessary is to add this line:
parent::__construct($connect['host'], $connect['port'], $connect['ssl'], true);
Here is how it looks then inside include/class.mail.php file:
// MailBoxProtocolTrait
use Laminas\Mail\Protocol\Imap as ImapProtocol;
use Laminas\Mail\Protocol\Pop3 as Pop3Protocol;
trait MailBoxProtocolTrait {
final public function init(AccountSetting $setting) {
// Attempt to connect to the mail server
$connect = $setting->getConnectionConfig();
// Let's go Brandon
parent::__construct($connect['host'], $connect['port'], $connect['ssl'], true);
parent::connect($connect['host'], $connect['port'],
$connect['ssl']);
// Attempt authentication based on MailBoxAccount settings
$auth = $setting->getAuthCredentials();Another fix as mentioned by someone else is to add the base64 encoded certificate of the mail / exchange server or the certificate of your CA to the local certificate store. To do this (for debian linux) place the cert under /usr/local/share/ca-certificates/ and name it e.g. mailserver.crt. Make sure to use .crt file extension. Then update the cert store by sudo update-ca-certificates. Output looks like this then:
Updating certificates in /etc/ssl/certs...
1 added, 0 removed; done.
Running hooks in /etc/ca-certificates/update.d...
done.This how my file looks
// Attempt to connect to the mail server
$connect = $setting->getConnectionConfig();
// Let's go Brandon
//parent::connect($connect['host'], $connect['port'],
// $connect['ssl']);
parent::__construct($connect['host'], $connect['port'], $connect['ssl'], true);
parent::connect($connect['host'], $connect['port'],
$connect['ssl']);
// Attempt authentication based on MailBoxAccount settings
but it;s does nog work
After looking into this a little deeper the only changes we need to successfully disable certificate validation for IMAP/POP3 and SMTP are the following:
diff --git a/include/class.mail.php b/include/class.mail.php
index 1e347f5a4..441fcf450 100644
--- a/include/class.mail.php
+++ b/include/class.mail.php
@@ -315,8 +315,8 @@ namespace osTicket\Mail {
// Attempt to connect to the mail server
$connect = $setting->getConnectionConfig();
// Let's go Brandon
- parent::connect($connect['host'], $connect['port'],
- $connect['ssl']);
+ parent::__construct($connect['host'], $connect['port'],
+ $connect['ssl'], true);
// Attempt authentication based on MailBoxAccount settings
$auth = $setting->getAuthCredentials();
switch (true) {
@@ -657,7 +657,10 @@ namespace osTicket\Mail {
// Build out SmtpOptions options based on SmtpAccount Settings
private function buildOptions(AccountSetting $setting) {
// Dont send 'QUIT' on __destruct()
- $config = ['use_complete_quit' => false];
+ $config = [
+ 'use_complete_quit' => false,
+ 'novalidatecert' => true
+ ];
$connect = $setting->getConnectionConfig();
$auth = $setting->getAuthCredentials();
switch (true) {I would like to thank you again for your input and testing! These changes will be included in the next set of releases, so please stay tuned.
Cheers.
You can apply my DIFF file above. If you don't know how to apply a diff file you can Google "how to apply a diff file"; it's very simple. Once the changes are applied you should restart the webserver and/or PHP-FPM (to ensure nothing is being cached) and retest.
Cheers.
Everyone,
Here is the official Pull Request for these changes:
If anything changes the pull request will be updated.
Cheers.
Where to change the setting in version 1.18
I changed the following lines and certificate verification was disabled
// Set the connection settings oraz
$this->connection = [
'host' => $host,
'port' => $port,
'ssl' => $ssl,
'protocol' => strtoupper($account->getProtocol()),
'name' => self::get_hostname(),
'use_complete_quit' => false,
'novalidatecert' => true
];private function buildOptions(AccountSetting $setting) {
// Dont send 'QUIT' on __destruct()
$config = ['use_complete_quit' => false,'novalidatecert' => true];
$connect = $setting->getConnectionConfig();
$auth = $setting->getAuthCredentials();
Hello
This is my /includes/class.mail.php, where do I change this in osTicket version 1.18 for the emails to work, I am using Gmail
Install the latest release of v1.18.1 from our website, install the latest build of the OAuth2 plugin from our website, install/enable the URL Rewrite module on your web server, follow the below guide to configure Gmail Modern Authentication (OAuth2):
Cheers.
KevinTheJedi This worked for me, Thanks so much!
KevinTheJedi Apparently after setting up the 0 Auth for Google, everything worked fine for a few days, (The Token Key Expires today, as per Screenshot) then the same error started happening again, also during ticket creation, It takes even 3-5 Minutes to submit a ticket, anything i should double check?
Access Tokens expire quickly (same day) and when expires we use the Refresh Token to refresh and get a new Access Token.
What error are you talking about specifically?
If it takes that long on ticket creation it could be different things but it sounds like it’s taking awhile to send an email.
Cheers.