[Bug]: Cant sending mail plain text to 127.0.0.1 after update to 26.0.4 or cant use STARTTLS with TLS v1. The mail system require min TLS v1.2!

[sonic42]

⚠️ This issue respects the following points: ⚠️

• This is a bug, not a question or a configuration/webserver/proxy issue.
• This issue is not already reported on Github OR Nextcloud Community Forum (I've searched it).
• Nextcloud Server is up to date. See Maintenance and Release Schedule for supported versions.
• I agree to follow Nextcloud's Code of Conduct.

Bug description

After update to nexcloud server from 25.0.0.x to 26.0.0.4, sending mail is impossible.

The mail system require TLS 1.2 or higher.

Postfix log:

postfix/smtpd[24363]: connect from localhost.localdomain[127.0.0.1]
postfix/smtpd[24363]: SSL_accept error from localhost.localdomain[127.0.0.1]: -1
postfix/smtpd[24363]: warning: TLS library problem: error:0A000418:SSL routines::tlsv1 alert unknown ca:ssl/record/rec_layer_s3.c:1586:SSL alert number 48

Using Plaintext is impossible. Cannot disable STARTTLS in configuration.

Steps to reproduce

1. Try to send a mail to a mail server with minimum TLS 1.2 required.

Expected behavior

Please repair plaintext option or enable TLS 1.2 or higher by default for mail sending.
"Plain text" is not sending a STARTTLS command.

Installation method

None

Nextcloud Server version

26

Operating system

Other

PHP engine version

PHP 8.1

Web server

Apache (supported)

Database engine version

MariaDB

Is this bug present after an update or on a fresh install?

None

Are you using the Nextcloud Server Encryption module?

Encryption is Disabled

What user-backends are you using?

• Default user-backend (database)
• LDAP/ Active Directory
• SSO - SAML
• Other

Configuration report

'mail_smtpmode' => 'smtp',
  'mail_domain' => '',
  'mail_from_address' => 'nc',
  'mail_smtphost' => '127.0.0.1',
  'mail_smtpport' => '25',

List of activated Apps

No response

Nextcloud Signing status

No response

Nextcloud Logs

No response

Additional info

No response

[szaimen]

cc @come-nc @miaulalala

[joshtrichards]

Hi @sonic42 - Thanks for the report. I'm having difficulty interpreting your report.

Are you saying you do not want STARTTLS to be used? That's easy: just configure your SMTP server to not offer it:

https://www.postfix.org/postconf.5.html#smtpd_tls_security_level

We only use it if it's offered.

And we already do TLS v1.2

If that doesn't fix it, please provide the output of telnet localhost 25.

[sonic42]

Hi @joshtrichards Thanks for your answer. The Postfix instance is reachable from the internet. It isn't a good idea to disable STARTTLS. Nexcloud offers only TLS v1. Clearly again "plain text" is plain text and not secure the connection with a STARTTLS command. This can't be same control. With Nextcloud 25 that was two separate controls on configuration page. The primary problem for me is this possibly hard coded TLS v1 and not making a TLS handshake for supported TLS versions / ciphers.

An on the same linux system for testing installed Roundcube (separate Apache vhost) works well sending mail:
Anonymous TLS connection established from localhost[127.0.0.1]: TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384

I think, this is not a Apache / PHP or Postfix configuration issue. The only reason to using plain text is this TLS v1 problem. Without, i can disable plain text in Postfix configuration. The Postfix log from starting post says, the connection from Nexcloud (new Symfony mailer) not offering / using higher TLS versions / ciphers as v1.

The log from nmap --script ssl-enum-ciphers -p 25 127.0.0.1:

Starting Nmap 7.92 ( https://nmap.org ) at 2023-07-23 09:08 CEST
Nmap scan report for localhost.localdomain (127.0.0.1)
Host is up (0.000056s latency).

PORT   STATE SERVICE
25/tcp open  smtp
| ssl-enum-ciphers: 
|   TLSv1.2: 
|     ciphers: 
|       TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 (ecdh_x25519) - A
|       TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 (ecdh_x25519) - A
|       TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (ecdh_x25519) - A
|       TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (ecdh_x25519) - A
|       TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (ecdh_x25519) - A
|       TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (dh 2048) - A
|       TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (ecdh_x25519) - A
|     compressors: 
|       NULL
|     cipher preference: server
|     warnings: 
|       Key exchange (dh 2048) of lower strength than certificate key
|       Key exchange (ecdh_x25519) of lower strength than certificate key
|   TLSv1.3: 
|     ciphers: 
|       TLS_AKE_WITH_AES_256_GCM_SHA384 (ecdh_x25519) - A
|       TLS_AKE_WITH_CHACHA20_POLY1305_SHA256 (ecdh_x25519) - A
|       TLS_AKE_WITH_AES_128_GCM_SHA256 (ecdh_x25519) - A
|     cipher preference: server
|_  least strength: A

And we already do TLS v1.2

How can i test it?

System:
Linux xxx 6.1.38-xxx #1 SMP PREEMPT_DYNAMIC Tue Jul 11 07:48:52 GMT 2023 x86_64 GNU/Linux
OpenSSL 3.1.1 30 May 2023 (Library: OpenSSL 3.1.1 30 May 2023).
PHP 8.1.21 (cli) (built: Jul 22 2023 10:35:01) (ZTS)
Postfix 3.8.1

[kesselb]

tlsv1 alert unknown ca

"mail_smtpstreamoptions" => array(
    'ssl' => array(
        'allow_self_signed' => true,
        'verify_peer' => false,
        'verify_peer_name' => false
    )
),

Add the snippet above to your config.php.

If sending an email works then, it's an issue with your certificate (either the server does not trust the CA or the certificate is not valid for the hostname).

Symfony Mailer does not provide an option to not use STARTTLS.
Here is the upstream issue: symfony/symfony#49114

[sonic42]

HI @kesselb
The productive instances have a valid certificate. I added your suggestion to testing system and one productive instance.

The problem is not "tlsv1 alert unknown ca" it is TLS library problem: error:0A00010B:SSL routines::wrong version. After diving more into this, the encryption control on configuration page have no effect. All connection attempts from Nextcloud/symfony requires negotiation of TLS/SSL at connection setup inclusive STARTTLS configured.

After configuring a postfix port 465 (smtps in master.cf) with option -o smtpd_tls_wrappermode=yes,
the handshake is working and mails can be send again.

Thanks for your help...

[kesselb]

I added your suggestion to testing system and one productive instance

Did it work?

The problem is not "tlsv1 alert unknown ca" it is TLS library problem: error:0A00010B:SSL routines::wrong version. After diving more into this, the encryption control on configuration page have no effect. All connection attempts from Nextcloud/symfony requires negotiation of TLS/SSL at connection setup inclusive STARTTLS configured.

As I wrote before, the symfony/mailer does not provide an option to not use STARTTLS.

SSL/TLS and STARTTLS are not the same.

For STARTTLS the connection is established unencrypted, and the applications switch to encrypted when both parties are compatible. The usual configuration in Nextcloud 26 is port = 25 or port 587 and mail_smtpsecure = ''.

SSL/TLS port = 465 and mail_smtpsecure = 'ssl'. The smtp connection is wrapped inside a tls connection (similar to http and https).

For both cases: If you connect to 127.0.0.1 then your certificate needs to be valid for 127.0.0.1.

Thanks for your help...

You are welcome! Glad we could help.

[d33psky]

followup: I have the same situation, postfix on just tcp/25 and nextcloud throws

warning: TLS library problem: error:14094418:SSL routines:ssl3_read_bytes:tlsv1 alert unknown ca:../ssl/record/rec_layer_s3.c:1543:SSL alert number 48:

Adding this to config.php fixed it :

  'mail_smtpstreamoptions' => array(
    'ssl' => array(
        'allow_self_signed' => true,
        'verify_peer' => false,
        'verify_peer_name' => false
    ),
  ),