You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
... I understand that not following the below instructions will result in immediate closure and/or deletion of my issue.
... I have understood that this bug report is dedicated for bugs, and not for support-related inquiries.
... I have understood that answers are voluntary and community-driven, and not commercial support.
... I have verified that my issue has not been already answered in the past. I also checked previous issues.
Description
Using the default install, Nextcloud 26 can no longer use mailcow for internal mails.
Trying to send mail results in an TLS Certificate error.
Details:
Nextcloud side:
Since version 26, Nextcloud uses symfony/mailer to deliver mail.
Symfony mailer seems to use StartTLS opportunistically, whenever the server advertises it regardless of what is chosen as encryption in the Nextcloud config UI
Symfony mailer treats any TLS-error as fatal, so any certificate error will result in mails not sent.
Integration script side:
Since its inception, the nextcloud helper script uses the following mail settings to integrate with mailcow:
Mode smtp (as opposed to sendmail)
domain as ${MAILCOW_HOSTNAME}
smtphost as postfix
smtpport as 588
Postfix side:
Port 588 is apparently designated for SOGo and allows internal mails from within the mailcow docker setup.
Error indication:
Since nextcloud tries to connect to postfix, but the cert presented does not have the bare name in its sANs, symfony errors and mails cannot be sent:
Unable to connect with STARTTLS: stream_socket_enable_crypto(): Peer certificate CN=`[REDACTED HOSTNAME]' did not match expected CN=`postfix'
Possible workaround (not yet tried):
disable TLS altogether on 588 (does SOGo need it?)
use ${MAILCOW_HOSTNAME} instead of postfix (but this forfeits the usefullness of the internal network)
create a new postfix service with dedicated port and NO TLS for services like nextcloud
Logs:
{"reqId":"4oVRMJM8ndqQMsQ0tTil","level":0,"time":"2023-06-26T07:11:18+00:00","remoteAddr":"[REDACTED IP]","user":"admin","app":"no app in context","method":"POST","url":"/index.phpadmin/mailtest","message":"Email transport \"Symfony\\Component\\Mailer\\Transport\\Smtp\\SmtpTransport\" starting","userAgent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:109.0) Gecko/20100101 Firefox/114.0","version":"26.0.3.2","data":[]}
{"reqId":"4oVRMJM8ndqQMsQ0tTil","level":0,"time":"2023-06-26T07:11:18+00:00","remoteAddr":"[REDACTED IP]","user":"admin","app":"core","method":"POST","url":"/index.phpadmin/mailtest","message":"Sending mail to \"Array\n(\n [tobias@netshed.de] => admin\n)\n\" with subject \"Test der E-Mail-Einstellungen\" failed","userAgent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:109.0) Gecko/20100101 Firefox/114.0","version":"26.0.3.2","exception":{"Exception":"Symfony\\Component\\Mailer\\Exception\\TransportException","Message":"Unable to connect with STARTTLS: stream_socket_enable_crypto(): Peer certificate CN=`[REDACTED HOSTNAME]' did not match expected CN=`postfix'","Code":0,"Trace":[{"function":"Symfony\\Component\\Mailer\\Transport\\Smtp\\Stream\\{closure}","class":"Symfony\\Component\\Mailer\\Transport\\Smtp\\Stream\\SocketStream","type":"->","args":["*** sensitive parameters replaced ***"]},{"file":"/web/nextcloud/3rdparty/symfony/mailer/Transport/Smtp/Stream/SocketStream.php","line":174,"function":"stream_socket_enable_crypto","args":[null,true]},{"file":"/web/nextcloud/3rdparty/symfony/mailer/Transport/Smtp/EsmtpTransport.php","line":115,"function":"startTLS","class":"Symfony\\Component\\Mailer\\Transport\\Smtp\\Stream\\SocketStream","type":"->","args":[]},{"file":"/web/nextcloud/3rdparty/symfony/mailer/Transport/Smtp/SmtpTransport.php","line":253,"function":"doHeloCommand","class":"Symfony\\Component\\Mailer\\Transport\\Smtp\\EsmtpTransport","type":"->","args":[]},{"file":"/web/nextcloud/3rdparty/symfony/mailer/Transport/Smtp/SmtpTransport.php","line":194,"function":"start","class":"Symfony\\Component\\Mailer\\Transport\\Smtp\\SmtpTransport","type":"->","args":[]},{"file":"/web/nextcloud/3rdparty/symfony/mailer/Transport/AbstractTransport.php","line":72,"function":"doSend","class":"Symfony\\Component\\Mailer\\Transport\\Smtp\\SmtpTransport","type":"->","args":[["Symfony\\Component\\Mailer\\SentMessage"]]},{"file":"/web/nextcloud/3rdparty/symfony/mailer/Transport/Smtp/SmtpTransport.php","line":136,"function":"send","class":"Symfony\\Component\\Mailer\\Transport\\AbstractTransport","type":"->","args":[["Symfony\\Component\\Mailer\\SentMessage"],["Symfony\\Component\\Mailer\\DelayedEnvelope"]]},{"file":"/web/nextcloud/3rdparty/symfony/mailer/Mailer.php","line":45,"function":"send","class":"Symfony\\Component\\Mailer\\Transport\\Smtp\\SmtpTransport","type":"->","args":[["Symfony\\Component\\Mime\\Email"],null]},{"file":"/web/nextcloud/lib/private/Mail/Mailer.php","line":217,"function":"send","class":"Symfony\\Component\\Mailer\\Mailer","type":"->","args":[["Symfony\\Component\\Mime\\Email"]]},{"file":"/web/nextcloud/apps/settings/lib/Controller/MailSettingsController.php","line":168,"function":"send","class":"OC\\Mail\\Mailer","type":"->","args":[["OC\\Mail\\Message"]]},{"file":"/web/nextcloud/lib/private/AppFramework/Http/Dispatcher.php","line":230,"function":"sendTestMail","class":"OCA\\Settings\\Controller\\MailSettingsController","type":"->","args":[]},{"file":"/web/nextcloud/lib/private/AppFramework/Http/Dispatcher.php","line":137,"function":"executeController","class":"OC\\AppFramework\\Http\\Dispatcher","type":"->","args":[["OCA\\Settings\\Controller\\MailSettingsController"],"sendTestMail"]},{"file":"/web/nextcloud/lib/private/AppFramework/App.php","line":183,"function":"dispatch","class":"OC\\AppFramework\\Http\\Dispatcher","type":"->","args":[["OCA\\Settings\\Controller\\MailSettingsController"],"sendTestMail"]},{"file":"/web/nextcloud/lib/private/Route/Router.php","line":315,"function":"main","class":"OC\\AppFramework\\App","type":"::","args":["OCA\\Settings\\Controller\\MailSettingsController","sendTestMail",["OC\\AppFramework\\DependencyInjection\\DIContainer"],["settings.MailSettings.sendTestMail"]]},{"file":"/web/nextcloud/lib/base.php","line":1060,"function":"match","class":"OC\\Route\\Router","type":"->","args":["/settings/admin/mailtest"]},{"file":"/web/nextcloud/index.php","line":36,"function":"handleRequest","class":"OC","type":"::","args":[]}],"File":"/web/nextcloud/3rdparty/symfony/mailer/Transport/Smtp/Stream/SocketStream.php","Line":171,"message":"Sending mail to \"Array\n(\n [tobias@netshed.de] => admin\n)\n\" with subject \"Test der E-Mail-Einstellungen\" failed","exception":{},"CustomMessage":"Sending mail to \"Array\n(\n [[REDACTED EMAIL]] => admin\n)\n\" with subject \"Test der E-Mail-Einstellungen\" failed"}}
Steps to reproduce:
1. Install nextcloud via script with defaults
2. Try to send a test email via the backed.
3. Receive an error akin to "Beim Senden der E-Mail ist ein Problem aufgetreten. Bitte überprüfe deine Einstellungen. (Fehler: E-Mail konnte nicht versandt werden. Prüfe dein E-Mail-Server-Protokoll)"
I don't install Nextcloud on the same servers as Mailcow however I also had this issue and switched to using usr/sbin/sendmail, however I expect this isn't a solution that will work in a Docker container.
Contribution guidelines
I've found a bug and checked that ...
Description
Using the default install, Nextcloud 26 can no longer use mailcow for internal mails.
Trying to send mail results in an TLS Certificate error.
Details:
Nextcloud side:
Since version 26, Nextcloud uses symfony/mailer to deliver mail.
Symfony mailer seems to use StartTLS opportunistically, whenever the server advertises it regardless of what is chosen as encryption in the Nextcloud config UI
Symfony mailer treats any TLS-error as fatal, so any certificate error will result in mails not sent.
Integration script side:
smtp
(as opposed tosendmail
)domain
as${MAILCOW_HOSTNAME}
smtphost
aspostfix
smtpport
as588
Postfix side:
Error indication:
Since nextcloud tries to connect to
postfix
, but the cert presented does not have the bare name in its sANs, symfony errors and mails cannot be sent:Possible workaround (not yet tried):
${MAILCOW_HOSTNAME}
instead ofpostfix
(but this forfeits the usefullness of the internal network)Logs:
Steps to reproduce:
Which branch are you using?
master
Operating System:
Debian GNU/Linux 11 (bullseye)
Server/VM specifications:
12 GM RAM, 10 Cores
Is Apparmor, SELinux or similar active?
yes, apparmor
Virtualization technology:
KVM
Docker version:
24.0.2
docker-compose version or docker compose version:
v2.18.1
mailcow version:
2023-05a
Reverse proxy:
mailcow default (nginx)
Logs of git diff:
Logs of iptables -L -vn:
Logs of ip6tables -L -vn:
Logs of iptables -L -vn -t nat:
Logs of ip6tables -L -vn -t nat:
DNS check:
The text was updated successfully, but these errors were encountered: