Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Pop3 issue 9.5.1 #7757

Closed
MaximPrlt opened this issue Jul 23, 2020 · 11 comments
Closed

Pop3 issue 9.5.1 #7757

MaximPrlt opened this issue Jul 23, 2020 · 11 comments

Comments

@MaximPrlt
Copy link

Describe the bug

Since the update to GLPI 9.5 and 9.5.1, my pop3 mail collector is crashing. I can't connect to my mail server. THe configuration below was ok with glpi 9.4

Collector config

{srv-mail.xx.xxxx.local:537/pop/ssl/validate-cert/notls}

I tried with the options validate-cert and no-validate-cert but the behavior is still the same

Logs
Here are some lines of my php-errors.log

[2020-07-23 09:50:01] glpiphplog.ERROR: MailCollector::collect() in /var/www/html/glpi/inc/mailcollector.class.php line 691
An error occured trying to connect to collector. cannot connect to host ; error = fsockopen(): unable to connect to ssl://srv-mail.cc.omdm.local:537 (Connection refused) (errno = 0 )
#0 /var/www/html/glpi/vendor/laminas/laminas-mail/src/Storage/Pop3.php(149): Laminas\Mail\Protocol\Pop3->connect('ssl://srv-mail....', '537', 'ssl')
#1 /var/www/html/glpi/inc/toolbox.class.php(2324): Laminas\Mail\Storage\Pop3->__construct(Object(stdClass))
#2 /var/www/html/glpi/inc/mailcollector.class.php(1309): Toolbox::getMailServerStorageInstance('pop', Array)
#3 /var/www/html/glpi/inc/mailcollector.class.php(685): MailCollector->connect()
#4 /var/www/html/glpi/inc/mailcollector.class.php(1740): MailCollector->collect(8)
#5 /var/www/html/glpi/inc/crontask.class.php(847): MailCollector::cronMailgate(Object(CronTask))
#6 /var/www/html/glpi/front/cron.php(83): CronTask::launch(2, '5')
#7 {main} {"user":"@srv-glpi"}

Screenshots

image

Your GLPI setup (you can find it in Setup > General menu, System tab)


[code]   GLPI 9.5.1 (/glpi => /var/www/html/glpi) Installation mode: TARBALL
--

Operating system: Linux srv-glpi 4.15.0-112-generic #113-Ubuntu SMP Thu Jul 9 23:41:39 UTC 2020 x86_64 PHP 7.2.24-0ubuntu0.18.04.6 apache2handler (Core, PDO, Phar, Reflection, SPL, SimpleXML, Zend OPcache, apache2handler, apc, 	apcu, bz2, calendar, ctype, curl, date, dom, exif, fileinfo, filter, ftp, gd, gettext, hash, iconv, imagick, imap, intl, json, 	ldap, libxml, mbstring, memcache, mysqli, mysqlnd, openssl, pcre, pdo_mysql, posix, pspell, readline, recode, session, shmop, 	snmp, soap, sockets, sodium, standard, sysvmsg, sysvsem, sysvshm, tidy, tokenizer, wddx, xml, xmlreader, xmlrpc, xmlwriter, xsl, 	zip, zlib) Setup: max_execution_time="180" memory_limit="128M" post_max_size="8M" safe_mode="" session.save_handler="files" 	upload_max_filesize="2M"  Software: Apache/2.4.29 (Ubuntu) (Apache/2.4.29 (Ubuntu) Server at srv-glpi Port 80) 	Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.89 Safari/537.36 Edg/84.0.522.40 Server Software: Ubuntu 18.04 	Server Version: 10.1.44-MariaDB-0ubuntu0.18.04.1 	Server SQL Mode:  	Parameters: glpiuser@localhost/glpidb 	Host info: Localhost via UNIX socket 	 PHP version is at least 7.2.0 - Perfect! Sessions support is available - Perfect! Allocated memory > 64 Mio - Perfect! mysqli extension is installed ctype extension is installed fileinfo extension is installed json extension is installed mbstring extension is installed iconv extension is installed zlib extension is installed curl extension is installed gd extension is installed simplexml extension is installed intl extension is installed ldap extension is installed apcu extension is installed Zend OPcache extension is installed xmlrpc extension is installed CAS extension is installed exif extension is installed zip extension is installed bz2 extension is installed sodium extension is installed Database version seems correct (10.1.44) - Perfect! Access to timezone database (mysql) is not allowed. The log file has been created successfully. Write access to /var/www/html/glpi/config has been validated. Write access to /var/www/html/glpi/files has been validated. Write access to /var/www/html/glpi/files/_dumps has been validated. Write access to /var/www/html/glpi/files/_sessions has been validated. Write access to /var/www/html/glpi/files/_cron has been validated. Write access to /var/www/html/glpi/files/_graphs has been validated. Write access to /var/www/html/glpi/files/_lock has been validated. Write access to /var/www/html/glpi/files/_plugins has been validated. Write access to /var/www/html/glpi/files/_tmp has been validated. Write access to /var/www/html/glpi/files/_cache has been validated. Write access to /var/www/html/glpi/files/_rss has been validated. Write access to /var/www/html/glpi/files/_uploads has been validated. Write access to /var/www/html/glpi/files/_pictures has been validated. Write access to /var/www/html/glpi/marketplace has been validated. Web access to the files directory should not be allowed Check the .htaccess file and the web server configuration.

GLPI_ROOT: /var/www/html/glpi GLPI_CONFIG_DIR: /var/www/html/glpi/config GLPI_VAR_DIR: /var/www/html/glpi/files GLPI_MARKETPLACE_DIR: /var/www/html/glpi/marketplace GLPI_USE_CSRF_CHECK: 1 GLPI_CSRF_EXPIRES: 7200 GLPI_CSRF_MAX_TOKENS: 100 GLPI_TELEMETRY_URI: https://telemetry.glpi-project.org GLPI_INSTALL_MODE: TARBALL GLPI_NETWORK_MAIL: glpi@teclib.com GLPI_NETWORK_SERVICES: https://services.glpi-network.com GLPI_MARKETPLACE_PRERELEASES:  GLPI_USER_AGENT_EXTRA_COMMENTS:  GLPI_AJAX_DASHBOARD: 1 GLPI_CALDAV_IMPORT_STATE: 0 GLPI_DEMO_MODE: 0 GLPI_FORCE_EMPTY_SQL_MODE: 1 GLPI_DOC_DIR: /var/www/html/glpi/files GLPI_CACHE_DIR: /var/www/html/glpi/files/_cache GLPI_CRON_DIR: /var/www/html/glpi/files/_cron GLPI_DUMP_DIR: /var/www/html/glpi/files/_dumps GLPI_GRAPH_DIR: /var/www/html/glpi/files/_graphs GLPI_LOCAL_I18N_DIR: /var/www/html/glpi/files/_locales GLPI_LOCK_DIR: /var/www/html/glpi/files/_lock GLPI_LOG_DIR: /var/www/html/glpi/files/_log GLPI_PICTURE_DIR: /var/www/html/glpi/files/_pictures GLPI_PLUGIN_DOC_DIR: /var/www/html/glpi/files/_plugins GLPI_RSS_DIR: /var/www/html/glpi/files/_rss GLPI_SESSION_DIR: /var/www/html/glpi/files/_sessions GLPI_TMP_DIR: /var/www/html/glpi/files/_tmp GLPI_UPLOAD_DIR: /var/www/html/glpi/files/_uploads GLPI_NETWORK_REGISTRATION_API_URL: https://services.glpi-network.com/api/registration/ GLPI_MARKETPLACE_PLUGINS_API_URI: https://services.glpi-network.com/api/glpi-plugins/ GLPI_I18N_DIR: /var/www/html/glpi/locales GLPI_VERSION: 9.5.1 GLPI_SCHEMA_VERSION: 9.5.0 GLPI_MIN_PHP: 7.2.0 GLPI_YEAR: 2020

htmlawed/htmlawed version 1.2.5 in (/var/www/html/glpi/vendor/htmlawed/htmlawed) phpmailer/phpmailer version 6.1.6 in (/var/www/html/glpi/vendor/phpmailer/phpmailer/src) simplepie/simplepie version 1.5.5 in (/var/www/html/glpi/vendor/simplepie/simplepie/library) tecnickcom/tcpdf version 6.3.5 in (/var/www/html/glpi/vendor/tecnickcom/tcpdf) michelf/php-markdown in (/var/www/html/glpi/vendor/michelf/php-markdown/Michelf) true/punycode in (/var/www/html/glpi/vendor/true/punycode/src) iamcal/lib_autolink in (/var/www/html/glpi/vendor/iamcal/lib_autolink) sabre/dav in (/var/www/html/glpi/vendor/sabre/dav/lib/DAV) sabre/http in (/var/www/html/glpi/vendor/sabre/http/lib) sabre/uri in (/var/www/html/glpi/vendor/sabre/uri/lib) sabre/vobject in (/var/www/html/glpi/vendor/sabre/vobject/lib) laminas/laminas-cache in (/var/www/html/glpi/vendor/laminas/laminas-cache/src) laminas/laminas-i18n in (/var/www/html/glpi/vendor/laminas/laminas-i18n/src) laminas/laminas-serializer in (/var/www/html/glpi/vendor/laminas/laminas-serializer/src) monolog/monolog in (/var/www/html/glpi/vendor/monolog/monolog/src/Monolog) sebastian/diff in (/var/www/html/glpi/vendor/sebastian/diff/src) elvanto/litemoji in (/var/www/html/glpi/vendor/elvanto/litemoji/src) symfony/console in (/var/www/html/glpi/vendor/symfony/console) scssphp/scssphp in (/var/www/html/glpi/vendor/scssphp/scssphp/src) laminas/laminas-mail in (/var/www/html/glpi/vendor/laminas/laminas-mail/src/Protocol) laminas/laminas-mime in (/var/www/html/glpi/vendor/laminas/laminas-mime/src) rlanvin/php-rrule in (/var/www/html/glpi/vendor/rlanvin/php-rrule/src) blueimp/jquery-file-upload in (/var/www/html/glpi/vendor/blueimp/jquery-file-upload/server/php) ramsey/uuid in (/var/www/html/glpi/vendor/ramsey/uuid/src) psr/log in (/var/www/html/glpi/vendor/psr/log/Psr/Log) psr/simple-cache in (/var/www/html/glpi/vendor/psr/simple-cache/src) mexitek/phpcolors in (/var/www/html/glpi/vendor/mexitek/phpcolors/src/Mexitek/PHPColors) guzzlehttp/guzzle in (/var/www/html/glpi/vendor/guzzlehttp/guzzle/src) wapmorgan/unified-archive in (/var/www/html/glpi/vendor/wapmorgan/unified-archive/src) paragonie/sodium_compat in (/var/www/html/glpi/vendor/paragonie/sodium_compat/src) phpCas version 1.3.3 in (/usr/share/php)

Server: '10.0.90.20', Port: '389', BaseDN: 'OU=CDC,DC=cc,DC=omdm,DC=local', Connection filter: 		'(&(objectClass=user)(objectCategory=person)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))', RootDN: 		'CN=Administrateur,CN=Users,DC=cc,DC=omdm,DC=local', Use TLS: none Server: '10.0.90.20', Port: '389', BaseDN: 'OU=Elus,DC=cc,DC=omdm,DC=local', Connection filter: 		'(&(objectClass=user)(objectCategory=person)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))', RootDN: 		'CN=Administrateur,CN=Users,DC=cc,DC=omdm,DC=local', Use TLS: none

Not active

Way of sending emails: SMTP (anonymous@10.0.90.25)

Name: 'supportdsi@omdm.fr' Active: Yes 	Server: '{srv-mail.cc.omdm.local:537/pop/ssl/validate-cert/notls}' Login: 'supportdsi@cc.omdm.local' Password: Yes

addressing           Name: Adressage IP                   Version: 2.8.0      State: Installed / not activated 	advancedplanning     Name: advancedplanning               Version: 0.1        State: Enabled 	webapplications      Name: Applications Web               Version: 2.6.0      State: Installed / not activated 	bettermailimporter   Name: Better Mail Importer           Version: 1.0.1      State: Installed / not activated 	accounts             Name: Comptes                        Version: 2.5.0      State: Installed / not activated 	uninstall            Name: Cycle de vie des matériels (un Version: 2.7.0      State: Enabled 	useditemsexport      Name: Export des éléments utilisés   Version: 2.4.0      State: To update 	formcreator          Name: Form Creator                   Version: 2.10.0     State: Enabled 	fusioninventory      Name: FusionInventory                Version: 9.4.0+1.0  State: Not installed 	itilcategorygroups   Name: Helpdesk catégories groupes    Version: 2.4.0      State: Enabled 	tasklists            Name: Liste des tâches               Version: 1.5.0      State: Installed / not activated 	notifications        Name: Notifications                  Version: 9.3+1.0    State: Enabled 	resources            Name: Ressources humaines            Version: 2.6.1      State: Installed / not activated
[/code]


Additional context

Add any other context about the problem here.

@cedric-anne
Copy link
Member

Hi,

Do you use a self-signed certificate ?

Regards

@MaximPrlt
Copy link
Author

MaximPrlt commented Jul 23, 2020 via email

@cedric-anne
Copy link
Member

In GLPI 9.5, we removed dependency to PHP imap-ext which is unmaintained from a while and we replaced it by usage of laminas/mail component

We recently figure out that the no-validate-cert option has no effect. We proposed an evolution in laminas/mail and we are waiting for a code validation from their side. See #7693.

I do not know if your problem comes from this point or not. Maybe you should try to debug on your side to see if anything can lead to a certificate refusal from your GLPI server.

@aagz
Copy link

aagz commented Jul 31, 2020

I use a certificate created by Let’s encrypt (https://letsencrypt.org/fr/certificates/) De : Cédric Anne notifications@github.com Envoyé : jeudi 23 juillet 2020 10:09 À : glpi-project/glpi glpi@noreply.github.com Cc : Maxime PREAULT maxime.preault@omdm.fr; Author author@noreply.github.com Objet : Re: [glpi-project/glpi] Pop3 issue 9.5.1 (#7757) Hi, Do you use a self-signed certificate ? Regards — You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub<#7757 (comment)>, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AQMAJFVBICZ53DIKV6GLOETR47VZ7ANCNFSM4PFO4AAA.

Hi! Please try change server field value to an external name of mailserver. It helped me.
Before update glpi knew local mailserver name, after 9.5.0 mailcollector works with external name only, for me.

@MaximPrlt
Copy link
Author

MaximPrlt commented Jul 31, 2020 via email

@trasher trasher closed this as completed Aug 4, 2020
@JeanBonDeParme
Copy link

Hi! The issue can be closed. I modified the spectrum of the certificate to include my pop server. It was exclude before. Thank you for the help ! De : aagz notifications@github.com Envoyé : vendredi 31 juillet 2020 09:44 À : glpi-project/glpi glpi@noreply.github.com Cc : Maxime PREAULT maxime.preault@omdm.fr; Author author@noreply.github.com Objet : Re: [glpi-project/glpi] Pop3 issue 9.5.1 (#7757) I use a certificate created by Let’s encrypt (https://letsencrypt.org/fr/certificates/) De : Cédric Anne notifications@github.commailto:notifications@github.com Envoyé : jeudi 23 juillet 2020 10:09 À : glpi-project/glpi glpi@noreply.github.commailto:glpi@noreply.github.com Cc : Maxime PREAULT maxime.preault@omdm.frmailto:maxime.preault@omdm.fr; Author author@noreply.github.commailto:author@noreply.github.com Objet : Re: [glpi-project/glpi] Pop3 issue 9.5.1 (#7757<#7757>) Hi, Do you use a self-signed certificate ? Regards — You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub<#7757 (comment)<#7757 (comment)>>, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AQMAJFVBICZ53DIKV6GLOETR47VZ7ANCNFSM4PFO4AAA. Hi! Please try change server field value to an external name of mailserver. It helped me. Before update glpi knew local mailserver name, after 9.5.0 mailcollector works with external name only, for me. — You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub<#7757 (comment)>, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AQMAJFUPK22WEJXR5GU3ED3R6JY3TANCNFSM4PFO4AAA.

Hello, what is the work around? What did you do?

@matt-source
Copy link

Hi,
we're having the same issue after update from 9.4.3 to 9.5.1. The mail server auth is failing.

Log from mail server :
Pop3SSLServer-5] [ip=X.X.X.X;cid=5858;] pop - Error detected by SSL subsystem, dropping connection:javax.net.ssl.SSLHandshakeException: SSL handshake failed.

We rolled back to GLPI 9.4.3 which works fine with the exact same setup and configuration.

Is there a known workaround to this problem ?
Regards

@cedric-anne
Copy link
Member

Log from mail server :
Pop3SSLServer-5] [ip=X.X.X.X;cid=5858;] pop - Error detected by SSL subsystem, dropping connection:javax.net.ssl.SSLHandshakeException: SSL handshake failed.

You should take a look on your certificate. Even if backend code changed on GLPI 9.5 for POP/IMAP connections, it should not affect certificate validity.
I quickly searched on Google and I found this thread. Maybe you will find a response there.

Regards

@matt-source
Copy link

Thanks for the answer.
We use valid letsEncrypt certs on our GLPI and the communication with our mail server works fine with GLPI 9.4.3.
Is there a way to revert to former POP backend on GLPI 9.5 just to try it out ?
Regards.

@cedric-anne
Copy link
Member

Hundreds of lines of code have been changed in different files, so no, it is not really possible.

@matt-source
Copy link

Of course I understand. We'll keep 9.4 for now since we'll stop using the mail server for GLPI auth in a few months.
Thank you.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

6 participants