We are getting error
cannot connect to host ; error = fsockopen(): Unable to connect to ssl://"mail.xxx.nl":993 (Unknown error) (errno = 0 )

  • KevinTheJedi replied to this.

  • Hi KevinTheJedi my colleague and I fixed it!
    Seems you did not call the constructor from the laminas-mail protocoltrait class on line 318 in include/class.mail.php which is necessary to set the novalidatecert to true. So we add this call including "true" as the last parameter for the novalidatecert to fix it. All that was necessary is to add this line:
    parent::__construct($connect['host'], $connect['port'], $connect['ssl'], true);

    Here is how it looks then inside include/class.mail.php file:

        // MailBoxProtocolTrait
    use Laminas\Mail\Protocol\Imap as ImapProtocol;
    use Laminas\Mail\Protocol\Pop3 as Pop3Protocol;
    trait MailBoxProtocolTrait {
        final public function init(AccountSetting $setting) {
            // Attempt to connect to the mail server
            $connect = $setting->getConnectionConfig();
            // Let's go Brandon
            parent::__construct($connect['host'], $connect['port'], $connect['ssl'], true);
            parent::connect($connect['host'], $connect['port'],
                    $connect['ssl']);
            // Attempt authentication based on MailBoxAccount settings
            $auth = $setting->getAuthCredentials();

    Another fix as mentioned by someone else is to add the base64 encoded certificate of the mail / exchange server or the certificate of your CA to the local certificate store. To do this (for debian linux) place the cert under /usr/local/share/ca-certificates/ and name it e.g. mailserver.crt. Make sure to use .crt file extension. Then update the cert store by sudo update-ca-certificates. Output looks like this then:

    Updating certificates in /etc/ssl/certs...
1 added, 0 removed; done.
Running hooks in /etc/ca-certificates/update.d...
done.

      sakbari

      Try this:

      If that doesn't work then either you don't have OpenSSL installed on the server, you don't have php-openssl extension installed/enabled, your server has a firewall/blocked port, or maybe you need to whitelist your webserver on your mailserver. It'd be advisable to test a connection to the mail host and port from the server CLI. If you can't connect from there then definitely need to reach out to your webserver admin and mailserver admin for further assistance.

      Cheers.

        i have check my server

        hp -i | grep -i openssl
        SSL Version => OpenSSL/3.0.2
        libSSH Version => libssh/0.9.6/openssl/zlib
        openssl
        OpenSSL support => enabled
        OpenSSL Library Version => OpenSSL 3.0.2 15 Mar 2022
        OpenSSL Header Version => OpenSSL 3.0.2 15 Mar 2022
        Openssl default config => /usr/lib/ssl/openssl.cnf
        openssl.cafile => no value => no value
        openssl.capath => no value => no value
        Native OpenSSL support => enabled

        Do i need to change ?

          sakbari

          That should be fine but I canโ€™t tell what the issue is without more detailed errors. At this point I would review your server logs to see why the connection is failing.

          Have you applied the changes I linked above?

          Cheers.

            Dear KevinTheJedi

            I have change teh class.mail.php

                // Build out SmtpOptions options based on SmtpAccount Settings
    private function buildOptions(AccountSetting $setting) {
        // Dont send 'QUIT' on __destruct()
        -    //$config = ['use_complete_quit' => false];
        +$config = [
         +   'use_complete_quit' => false,
          +  'novalidatecert' => true
        ];



        // Set the connection settings
        $this->connection = [
            'host' => $host,
            'port' => $port,
            'ssl' => $ssl,
            'protocol' => strtoupper($account->getProtocol()),
            'name' => self::get_hostname(),
           + 'novalidatecert' => true
        ];

            but it still nog working

            my OST is running on ISPCONFIG

              sakbari

              You applied the changes wrong. You do not need the - and + characters; remove those. Those just show what lines were removed and what lines were added. Please look at guides online on how to apply a diff file.

              Cheers.

                Dear KevinTheJedi

                i revert change where can i find uides online on how to apply a diff file

                  Hi KevinTheJedi my colleague and I fixed it!
                  Seems you did not call the constructor from the laminas-mail protocoltrait class on line 318 in include/class.mail.php which is necessary to set the novalidatecert to true. So we add this call including "true" as the last parameter for the novalidatecert to fix it. All that was necessary is to add this line:
                  parent::__construct($connect['host'], $connect['port'], $connect['ssl'], true);

                  Here is how it looks then inside include/class.mail.php file:

                      // MailBoxProtocolTrait
    use Laminas\Mail\Protocol\Imap as ImapProtocol;
    use Laminas\Mail\Protocol\Pop3 as Pop3Protocol;
    trait MailBoxProtocolTrait {
        final public function init(AccountSetting $setting) {
            // Attempt to connect to the mail server
            $connect = $setting->getConnectionConfig();
            // Let's go Brandon
            parent::__construct($connect['host'], $connect['port'], $connect['ssl'], true);
            parent::connect($connect['host'], $connect['port'],
                    $connect['ssl']);
            // Attempt authentication based on MailBoxAccount settings
            $auth = $setting->getAuthCredentials();

                  Another fix as mentioned by someone else is to add the base64 encoded certificate of the mail / exchange server or the certificate of your CA to the local certificate store. To do this (for debian linux) place the cert under /usr/local/share/ca-certificates/ and name it e.g. mailserver.crt. Make sure to use .crt file extension. Then update the cert store by sudo update-ca-certificates. Output looks like this then:

                  Updating certificates in /etc/ssl/certs...
1 added, 0 removed; done.
Running hooks in /etc/ca-certificates/update.d...
done.

                      Chefkeks

                      Hey! Great to hear from you again! Hope yโ€™all are doing good!

                      Thank you, I will look into this deeper. Have you tried my patch for SMTP as well?

                      Cheers.

                          KevinTheJedi
                          Hey yes doing great, busy with a lot of work, but we're still using osTicket (the http auth plugin shows installed somewhen 2014 ๐Ÿ˜† ) and so happy with it. Watching the roadmap repo, issues etc. and so excited (like all other I guess ^^) what will come with v2 once it's final ๐Ÿ˜€

                          For us, with an internal / on-premise exchange server, only IMAP was important. Our SMTP is a different server which requires no authentication due to other security measures. So we have not tested the SMTP patch.

                          Cheers
                          Michael

                              Chefkeks

                              Gotcha! I couldn't test my patch either (both parts) as I cannot replicate this issue anywhere ๐Ÿ˜… Thanks for the feedback!

                              We should have an updated patch included in the next releases!

                              Cheers.

                                Write a Reply...