New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Mail App Unexpected error during account creation #2971
Comments
No matter what user and/or email account , always says: Unexpected error during account creation. Operating system: Debian 9 Client: |
The idea of this bug template is to use it 😉 The Nextcloud mail app offers an extensive logging system to make it easier identifying and tracking down bugs. Please enable debug mode and set the log level to debug in your admin settings. Then, try to reproduce your issue and take another look at |
This comment has been minimized.
This comment has been minimized.
Try imap with plain no tls auth and same thing. Just once,(uninstalling and reinstalling app) I could enter to gmail. So, I removed connection and retried, but no luck again. |
|
How exactly is my previous comment 'off-topic'? btw, logs don't yield anything useful:
Mail app v1.3.3 |
Because you hijack a unrelated report. In your case it's crystal clear what the issue is: your TLS connection fails. That is not the case with OP.
Once again see https://github.com/nextcloud/mail/releases/tag/v1.1.4. This is easily fixable for self-hosted (or wrongly configured) mail servers. |
Not the case here. If anything I pointed out what the root cause might be. The OP is only citing what the App says, not what the logs say. The app indeed says "Unexpected error during account creation." How do you think I landed on this report in the first place? I take a little offense in you pointing out the same thing twice while expecting me to ignore it. My server is configured correctly, which is somewhat implied in my first comment - now I'm just stating it explicitly. |
I did not mean to offend. Believe it or not, but so many people ignore my comments containing solutions if you don't point them to it a few times. In your case it is definitely a TLS issue. For OP it could be the same, but it could be anything else as well. "Unexpected error during account creation." is the generic part that is always shown/logged. What matters are the details after.
Can you connect to it with openssl on the CLI? |
I can connect to my server with various clients and I ran I think it's not TLS related as the problem prevails in the same manner the OP's does - no matter the (non)security settings, the app just won't connect. The only thing that changes is the error message in the log which just says "Creating account failed: Could not connect to IMAP: Error connecting to mail server." instead. Nothing specific in debug logs except stuff like "I'm going to try to connect to IMAP now". I'll see if I can pull some useful logs from the IMAP server but I wouldn't count on it. I've tried to convince Dovecot to log IMAP session when I was debugging a different issue with |
But can you see the established connection on the IMAP server when Mail tries to connect? |
edit: only TLS is affected, plaintext login (on port 143) works when enabled on the server side, which no sanely configured server has. Login attempt to a properly configured server on port 143 without STARTTLS yields Nope, it appears the app doesn't even try to connect beyond initializing the IMAP session,
|
I can confirm what @cptMikky said. Here's my Mailcow Dovecot log:
Doesn't matter if IMAP Security is 'none', 'SSL/TLS' or 'STARTTLS', the message on Dovecot's log is the same. Mail App
Server configuration
Client configurationBrowser: Firefox 75.0 |
Maybe can be related. I had the same error "Unexpected error during account creation" and the following entries where logged in the log files. dovecot log: nextcloud log: Applying the config changes to the file apps.config.php referenced by @ChristophWurst did solved the problem. See:
Nextcloud 18.0.4.2 |
I've tried disabling peer verification, too. It works, which leads me to believe that there's probably something wrong with the verification itself. I'll dig deeper. |
Ok, I'm confused now: changed the settings back to I only did one thing: "Miniscule" as in a couple of downstream patches, not even increasing the package version. I'm going through the diffs now to see if there's something that might be related. @nestorf5: what's your openssl and libssl package version? Mine are
upgraded from |
A little info: I struggled with the exact same problem. Reason was that I simply put in 'localhost' for the IMAP and SMTP server since they run on the same machine. However, it seems this always fails TLS verification. When entering the DNS name of the server, everything ran fine. This is a bit unfortunate, in my opinion. |
This is how SSL/TLS works in the first place. The server presents a certificate with a DNS name in it. The name presented in the cert must match the name the client used to resolve the server's address, hence the term verification. As a rule of thumb, don't use Also it doesn't make much sense to encrypt loopback traffic so try again with no encryption and see if the problem prevails. |
I know. I admit it is naive to assume that 'localhost' would be exempt from TLS verification. What is needed though is an error message which clearly says that 'localhost' is missing from the certificate's CN. It's not even clear this is due to TLS verification at all. The Log only says "Creating account failed: Could not connect to IMAP: Error connecting to mail server."
Of course not, but it is good practice to disable unencrypted connections completely, especially for SMTP.
As I've written, I could fix this by using the external DNS names. Disabling TLS verification also works. |
Yes, ideally we should do that. We just have to check if Horde exposes this as we don't open the connection ourselves. As far as I know php's openssl is used for the verification. So whichever cert chains this has access to your LE cert might be considered valid or not. |
Horde uses This method should have access to whatever the system OpenSSL has access to. An error message can be extracted from there, too, but that would require patching the Horde Socket code. |
This solved the issue. Don't know how much affects server security , but
works.
Thank you so much
…On 24/4/2020 5:57 PM, filipiff wrote:
Maybe can be related. I had the same error "Unexpected error during
account creation" and the following entries where logged in the log files.
dovecot log:
|Apr 24 21:50:42 mail dovecot: imap-login: Disconnected (no auth
attempts in 0 secs): user=<>, rip=10.16.0.8, lip=10.16.0.4, TLS,
session=<+9Msrg6kcqUKEAAI>|
nextcloud log:
|cloudix | 172.16.0.3 - - [24/Apr/2020:21:50:41 +0200] "POST
/index.php/apps/mail/api/accounts HTTP/1.1" 400 925 "-" "Mozilla/5.0
(Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko)
Chrome/80.0.3987.16 3 Safari/537.36"|
Applying the config changes to the file /apps.config.php/ referenced
by @ChristophWurst <https://github.com/ChristophWurst> did solved the
problem. See:
Once again see
https://github.com/nextcloud/mail/releases/tag/v1.1.4. This is
easily fixable for self-hosted (or wrongly configured) mail servers.
Nextcloud 18.0.4.2
Mail 1.3.3
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
<#2971 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AIB3E36SDZT2OSJUTCSD77TROH4KFANCNFSM4MOKSUVA>.
|
@cptMikky that is correct. Do you have specific changes in mind that we could send to Horde? They've integrated a few of our fixes. They might also accept small enhancements. |
Maybe we could leverage Let me create a you-get-the-idea PR. |
Phew. That looks like this could either be very helpful or be pure PITA. The problem with the callback is that it breaks all the sequential control flow and I can't know which errors are already being handled by Horde as I assume they also do their specific tricks. I have my doubts about the usefulness of this. It would be much more straight forward if the error is caught in Horde and get a dedicated error code or if we are able to derive this from the existing Horde error. |
Maybe I misunderstand the concept of callback but it looks to me like the callback is performed asynchronously and has no impact on the flow at all. It's just informative so the original idea was to only provide useful logs, not error handling. |
It's processed synchronous, like everything in php. But like you'd call a method on Horde and before that returns your callback runs somewhere else. There is no connection between these two paths. We'd need some global variable or similar to exchange the data. |
The flow I would like to see is that I call a Horde method and it just throws an exception with the details that I can use to react accordingly. Hope that makes sense. |
Just so that we are on the same page: I'm only trying to solve error reporting here, not error handling so from my perspective no connection between a method call and a log isn't that big of an issue, especially when the log message is verbose enough for a human to figure out the connection in their head. Think of it as an "admin" perspective in contrast to the "dev" perspective which you have. An admin isn't interested in call stack, he's interested in logs which tell him what's wrong. And in most cases the problem will not be in the code anyway so the dev will likely not be bothered about the problem in the first place. Switching back to "dev" perspective, exceptions would of course be ideal. But that would mean code and error-handling paradigm changes in multiple Horde libraries. Callback is the only way I can think of that would not require Horde-side changes. On the other hand, for starters, we could update Horde lib functions to return the actual error code instead of just true/false. It's better than nothing but we'll still not have the actual upstream error message, just the general error code. Getting the message would require rewriting the methods' definitions and/or making them return a touple [int, string] instead of a single value. And that looks like an antipattern to me, not to mention breaking everything that uses those libs. |
Got it. Yet I think that the reported errors aren't that bad. What we really lack is good transportation of common error cases the user, as written in #3006. The specific reason of a TLS error is secondary. |
Do you differentiate between user and admin for the purpose of this discussion? I agree that the user should be given an error message that is specific enough for them to have an idea of what's going on (as in #3006). The admin, on the other hand, should have the option to debug the issue, which requires specifics in log messages. Such messages should be in a debug log, not in the UI, because users don't care about them. Like in my case, I still have no idea what was wrong and I'm not happy that it started working "on its own". That almost always means it's gonna come back to bite me in my behind exactly when I'll expect it the least :) |
It's not black and white. Like if there is an organization that uses Nextcloud and the users can't connect to their mail server then the admin will want to have a look. But if you have a personal instance of Nextcloud hosted somewhere and can't add your gmail account or similar then you'd like to know what is going on without having to get in contact with the support system of the hoster. In any case, I do see your point. But this callback thing is very suspicious to me and I'm the one who has to maintain this code, so I'm very hesitant to blindly add this to our code base. |
I get your point, too. And in no case I want to force anything on you - the callback is just another crazy idea you may or may not consider. I certainly wouldn't mind if you drop it :) Also:
That's not necessarily implied, it mostly depends on how the hosting works. As long as you can enable Let's close this one in favor of #3006 and let it sit for a few days. Maybe someone comes up with a better idea. |
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions. |
Expected behavior
Open email account
Actual behavior
Cannot connect
Mail app
Mail app version: (see apps admin page, e.g. 0.5.3)
Mailserver or service: (e.g. Outlook, Yahoo, Gmail, Exchange,...)
Server configuration
Operating system: Debian 9
Web server: Apache
Database: MariaDB
PHP version: 7.4
Nextcloud Version: 18.0.3
Client configuration
Browser: chrome, edge, firefox
Operating system: W10
The text was updated successfully, but these errors were encountered: