Hi KevinTheJedi my colleague and I fixed it!
Seems you did not call the constructor from the laminas-mail protocoltrait class on line 318 in include/class.mail.php which is necessary to set the novalidatecert to true. So we add this call including "true" as the last parameter for the novalidatecert to fix it. All that was necessary is to add this line:
parent::__construct($connect['host'], $connect['port'], $connect['ssl'], true);

Here is how it looks then inside include/class.mail.php file:

    // MailBoxProtocolTrait
    use Laminas\Mail\Protocol\Imap as ImapProtocol;
    use Laminas\Mail\Protocol\Pop3 as Pop3Protocol;
    trait MailBoxProtocolTrait {
        final public function init(AccountSetting $setting) {
            // Attempt to connect to the mail server
            $connect = $setting->getConnectionConfig();
            // Let's go Brandon
            parent::__construct($connect['host'], $connect['port'], $connect['ssl'], true);
            parent::connect($connect['host'], $connect['port'],
                    $connect['ssl']);
            // Attempt authentication based on MailBoxAccount settings
            $auth = $setting->getAuthCredentials();

Another fix as mentioned by someone else is to add the base64 encoded certificate of the mail / exchange server or the certificate of your CA to the local certificate store. To do this (for debian linux) place the cert under /usr/local/share/ca-certificates/ and name it e.g. mailserver.crt. Make sure to use .crt file extension. Then update the cert store by sudo update-ca-certificates. Output looks like this then:

Updating certificates in /etc/ssl/certs...
1 added, 0 removed; done.
Running hooks in /etc/ca-certificates/update.d...
done.

@Chefkeks

This how my file looks

// Attempt to connect to the mail server
$connect = $setting->getConnectionConfig();
// Let's go Brandon
//parent::connect($connect['host'], $connect['port'],
// $connect['ssl']);
parent::__construct($connect['host'], $connect['port'], $connect['ssl'], true);
parent::connect($connect['host'], $connect['port'],
$connect['ssl']);
// Attempt authentication based on MailBoxAccount settings

but it;s does nog work

Chefkeks

After looking into this a little deeper the only changes we need to successfully disable certificate validation for IMAP/POP3 and SMTP are the following:

diff --git a/include/class.mail.php b/include/class.mail.php
index 1e347f5a4..441fcf450 100644
--- a/include/class.mail.php
+++ b/include/class.mail.php
@@ -315,8 +315,8 @@ namespace osTicket\Mail {
             // Attempt to connect to the mail server
             $connect = $setting->getConnectionConfig();
             // Let's go Brandon
-            parent::connect($connect['host'], $connect['port'],
-                    $connect['ssl']);
+            parent::__construct($connect['host'], $connect['port'],
+                    $connect['ssl'], true);
             // Attempt authentication based on MailBoxAccount settings
             $auth = $setting->getAuthCredentials();
             switch (true) {
@@ -657,7 +657,10 @@ namespace osTicket\Mail {
         // Build out SmtpOptions options based on SmtpAccount Settings
         private function buildOptions(AccountSetting $setting) {
             // Dont send 'QUIT' on __destruct()
-            $config = ['use_complete_quit' => false];
+            $config = [
+                'use_complete_quit' => false,
+                'novalidatecert' => true
+            ];
             $connect = $setting->getConnectionConfig();
             $auth = $setting->getAuthCredentials();
             switch (true) {

I would like to thank you again for your input and testing! These changes will be included in the next set of releases, so please stay tuned.

Cheers.

sakbari

You can apply my DIFF file above. If you don't know how to apply a diff file you can Google "how to apply a diff file"; it's very simple. Once the changes are applied you should restart the webserver and/or PHP-FPM (to ensure nothing is being cached) and retest.

Cheers.

Everyone,

Here is the official Pull Request for these changes:

• https://github.com/osTicket/osTicket/pull/6618

If anything changes the pull request will be updated.

Cheers.

Where to change the setting in version 1.18

I changed the following lines and certificate verification was disabled
// Set the connection settings
$this->connection = [
'host' => $host,
'port' => $port,
'ssl' => $ssl,
'protocol' => strtoupper($account->getProtocol()),
'name' => self::get_hostname(),
'use_complete_quit' => false,
'novalidatecert' => true
]; oraz private function buildOptions(AccountSetting $setting) {
// Dont send 'QUIT' on __destruct()
$config = ['use_complete_quit' => false,'novalidatecert' => true];
$connect = $setting->getConnectionConfig();
$auth = $setting->getAuthCredentials();

Hello
This is my /includes/class.mail.php, where do I change this in osTicket version 1.18 for the emails to work, I am using Gmail

asadler

Install the latest release of v1.18.1 from our website, install the latest build of the OAuth2 plugin from our website, install/enable the URL Rewrite module on your web server, follow the below guide to configure Gmail Modern Authentication (OAuth2):

• https://docs.osticket.com/en/latest/OAuth2/Google%20Authorization%20Guide.html

Cheers.

KevinTheJedi Apparently after setting up the 0 Auth for Google, everything worked fine for a few days, (The Token Key Expires today, as per Screenshot) then the same error started happening again, also during ticket creation, It takes even 3-5 Minutes to submit a ticket, anything i should double check?

asadler

Access Tokens expire quickly (same day) and when expires we use the Refresh Token to refresh and get a new Access Token.

What error are you talking about specifically?

If it takes that long on ticket creation it could be different things but it sounds like it’s taking awhile to send an email.

Cheers.

KevinTheJedi I am not yet familiar with the Refresh Tokens, how do I go about it and what steps can I take to get the refresh tokens? I realized that it takes a while to send an email.!

asadler

The refresh token is already retrieved when you authorize the email. Then every time the access token is refreshed automatically the refresh token is updated as well.

Cheers.

KevinTheJedi Thanks for the feedback, however still the emails are not yet being received even when the tokens are updated! How do I proceed from There?

asadler

Did you enable email fetching globally (Admin Panel > Emails > Settings > Email Fetching > Enabled) and setup a cron job?

• https://docs.osticket.com/en/latest/Getting%20Started/POP3-IMAP%20Settings.html

Cheers.

When i do this, I run into the above error!

KevinTheJedi Yes i do have email fetching enabled globally

asadler

Ahh network unreachable is the error. Seems like that host or port is blocked on your server. You need to contact your server admin and/or hosting provider to have them look into why you cannot connect to that host and port from your webserver.

Cheers.