receiving emails from imap ssl

Added by Zoltan Beck about 5 years ago

Hi All,

I've a problem with an Exchange 2010 server (there is used a cacert.org certificate). I can't download the mails with the following command:

/usr/local/bin/rake -f /home/redmine/redmine-2.1.2/Rakefile redmine:email:receive_imap RAILS_ENV="production" project=all ssl=1 port=993 host=xxxxx username=xxxxx password=xxxxx --trace

** Invoke redmine:email:receive_imap (first_time)
** Invoke environment (first_time)
** Execute environment
** Execute redmine:email:receive_imap
rake aborted!
LOGIN failed.
/usr/lib/ruby/1.8/net/imap.rb:1004:in `pick_up_tagged_response'
/usr/lib/ruby/1.8/net/imap.rb:997:in `get_tagged_response'
/usr/lib/ruby/1.8/net/imap.rb:1055:in `send_command'
/usr/lib/ruby/1.8/monitor.rb:242:in `synchronize'
/usr/lib/ruby/1.8/net/imap.rb:1040:in `send_command'
/usr/lib/ruby/1.8/net/imap.rb:380:in `login'
/home/redmine/redmine-2.1.2/lib/redmine/imap.rb:30:in `check'
/home/redmine/redmine-2.1.2/lib/tasks/email.rake:133
/var/lib/gems/1.8/gems/rake-0.9.2.2/lib/rake/task.rb:205:in `call'
/var/lib/gems/1.8/gems/rake-0.9.2.2/lib/rake/task.rb:205:in `execute'
/var/lib/gems/1.8/gems/rake-0.9.2.2/lib/rake/task.rb:200:in `each'
/var/lib/gems/1.8/gems/rake-0.9.2.2/lib/rake/task.rb:200:in `execute'
/var/lib/gems/1.8/gems/rake-0.9.2.2/lib/rake/task.rb:158:in `invoke_with_call_chain'
/usr/lib/ruby/1.8/monitor.rb:242:in `synchronize'
/var/lib/gems/1.8/gems/rake-0.9.2.2/lib/rake/task.rb:151:in `invoke_with_call_chain'
/var/lib/gems/1.8/gems/rake-0.9.2.2/lib/rake/task.rb:144:in `invoke'
/var/lib/gems/1.8/gems/rake-0.9.2.2/lib/rake/application.rb:116:in `invoke_task'
/var/lib/gems/1.8/gems/rake-0.9.2.2/lib/rake/application.rb:94:in `top_level'
/var/lib/gems/1.8/gems/rake-0.9.2.2/lib/rake/application.rb:94:in `each'
/var/lib/gems/1.8/gems/rake-0.9.2.2/lib/rake/application.rb:94:in `top_level'
/var/lib/gems/1.8/gems/rake-0.9.2.2/lib/rake/application.rb:133:in `standard_exception_handling'
/var/lib/gems/1.8/gems/rake-0.9.2.2/lib/rake/application.rb:88:in `top_level'
/var/lib/gems/1.8/gems/rake-0.9.2.2/lib/rake/application.rb:66:in `run'
/var/lib/gems/1.8/gems/rake-0.9.2.2/lib/rake/application.rb:133:in `standard_exception_handling'
/var/lib/gems/1.8/gems/rake-0.9.2.2/lib/rake/application.rb:63:in `run'
/var/lib/gems/1.8/gems/rake-0.9.2.2/bin/rake:33
/usr/local/bin/rake:19:in `load'
/usr/local/bin/rake:19
Tasks: TOP => redmine:email:receive_imap

Is there any way to configure the cacert for the redmine?

Best Regards,
bzg

Replies (31)

RE: receiving emails from imap ssl - Added by Mr Embedded about 5 years ago

I am having a similar issue with receiving emails from imap ssl.

I have just upgraded my installation from 1.4.4 to 2.1.2 on Debian Squeeze. In the process I have removed the default Debian binaries and installed the latest Ruby 1.9.3-p194 via RVM.

Everything seems to be working well so far exept that I am getting "SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed" when trying to retrieve email from that IMAP server which has a self signed certificate.

I have read about all the fixes for OpenSSL and HTTPS but I don't believe they solve the issue checking mail from a SSL enabled IMAP server with a self signed certificate. Is there a way to apply no-check-certificate to the rake command that is used to retrieve the mail?

RE: receiving emails from imap ssl - Added by Mr Embedded about 5 years ago

I have tried to manually add the certificate to my system certificates folder. Openssl can connect just fine:

OpenSSL> s_client -connect mail.myhost.com:993
CONNECTED(00000003)

However it seems the ruby connection chokes and I cannot get the SSL error to go away. I am guessing that a no-check-certificate style option can be added to the /lib/tasks/email.rake file? Can someone confirm?

RE: receiving emails from imap ssl - Added by Zoltan Beck about 5 years ago

Mr Embedded wrote:

I have tried to manually add the certificate to my system certificates folder. Openssl can connect just fine:
[...]

However it seems the ruby connection chokes and I cannot get the SSL error to go away. I am guessing that a no-check-certificate style option can be added to the /lib/tasks/email.rake file? Can someone confirm?

The openssl can connect for me, too.

OpenSSL> s_client -connect mail.xxx.xx:993
CONNECTED

RE: receiving emails from imap ssl - Added by Mr Embedded about 5 years ago

I still have not found a solution to this. Is the only way to resolve this to get a non self-signed cert for Ruby 1.9.3?

RE: receiving emails from imap ssl - Added by Tony Ordner about 5 years ago

Try "ssl=true" instead of "ssl=1" and see if it works.

Our setup uses Exchange and I think a self signed cert and I do not have any problems polling via Imap. I run on Windows Server 2008 and use the following call:

call rake redmine:email:receive_imap RAILS_ENV="production" host=xxx port=993 ssl=true username=xxx\xxx password=xxx project=unsorted tracker=email-request unknown_user=accept --trace

Hope it helps.

tony

RE: receiving emails from imap ssl - Added by Mr Embedded about 5 years ago

Thanks for the suggestion.

Doesn't work for me. Even with SSL=true I'm still getting.

SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed

I have held off upgrading to the 2.x branch on all my instances until I can figure this out.

RE: receiving emails from imap ssl - Added by Mr Embedded about 5 years ago

Yes I had seen that and a bunch of others solutions but they all seem to be geared for https while the problem I am having is with IMAP

http://stackoverflow.com/questions/8075170/certificate-issue-when-i-use-ruby-imap-to-read-icloud-email has a solution to turn off peer verification globally but I am not sure exactly where to put that. I tried fiddling with the /lib/tasks/email.rake file with no luck.

Here is another recommended solution that I am not sure how to go about implementing:
http://johnbintz.github.com/blog/2011/12/14/net-imap-ssl-verify-mode/

I truly believe this is an IMAP/SSL issue unless someone can show me otherwise.

RE: receiving emails from imap ssl - Added by Tony Ordner about 5 years ago

The link I attached mentions that it fixed someone else's gmail IMAP issue in a comment to the top rated answer.

SSL creates a "tunnel" between client and server somewhat akin to a VPN where it is connected end to end and data is then transmitted back and forth. It can be used by IMAP, POP, HTTP server etc. and is not really specific to any of them.

This appears to relate more to how Ruby is validating the certificate.

Does that help at all or make it any clearer?

tony

RE: receiving emails from imap ssl - Added by Mr Embedded about 5 years ago

Yes it is the Ruby validation specifically related to Net::IMAP and Ruby 1.9.3 as OpenSSL connects just fine.

I am trying to figure out how to make verify_mode = OpenSSL::SSL::VERIFY_NONE for Net::IMAP. I think that will fix this issue.

RE: receiving emails from imap ssl - Added by Mr Embedded about 5 years ago

The other thing is that I am NOT a programmer :D

RE: receiving emails from imap ssl - Added by Scott B about 5 years ago

We just upgraded to the latest Redmine, moving from Ruby 1.8 to 1.9 and ran into this same issue. None of the suggestions above appear to resolve the problem.

We tweaked lib/redmine/imap.rb:
imap = Net::IMAP.new(host, port, :ssl => { :verify_mode => OpenSSL::SSL::VERIFY_NONE })

and lib/tasks/email.rake:
options[:ssl => { :verify_mode => OpenSSL::SSL::VERIFY_NONE }]

We even tried the SSL=true vs SSL=1, for kicks. No win.

Have any of the Redmine/Ruby gurus out there found a way around this, yet?

Thanks.

RE: receiving emails from imap ssl - Added by Mr Embedded about 5 years ago

Im still having the issue also and have decided to remain with the 1.4.4 branch until there is a solution to this.

It seems to be a Ruby issue. We need the method to tell Net:IMAP optionally not to check the certificate.

RE: receiving emails from imap ssl - Added by Scott B about 5 years ago

FYI - This worked:

Create a new file config/initializers/bypass_ssl_verification.rb (the name of the file is not important)

In that file, put this:
require 'openssl'
OpenSSL::SSL::VERIFY_PEER = OpenSSL::SSL::VERIFY_NONE

You may or may not have to HUP the app. I did. IMAP SSL connections are working again (redmine 2.0.3 - ruby 1.9.3p194).

RE: receiving emails from imap ssl - Added by Mr Embedded about 5 years ago

I'll give it a try.

Isn't this basically disabling the SSL verification check for the entire application and all its processes? I was hoping to find a solution for the IMAP issue alone.

RE: receiving emails from imap ssl - Added by Mr Embedded almost 5 years ago

Just want to confirm that this fix definitely does work.

RE: receiving emails from imap ssl - Added by Yar n over 4 years ago

Mr Embedded, thank you!
it works!

redmine 2.2.3, ruby 1.9.3

RE: receiving emails from imap ssl - Added by Dmitry Nilsen over 4 years ago

we upgraded to redmine 2.3.0 and this solution doesn't work for us.

I created:
/opt/redmine/apps/redmine/htdocs/config/initializers/bypass_ssl_verification.rb

require 'openssl'
OpenSSL::SSL::VERIFY_PEER = OpenSSL::SSL::VERIFY_NONE

the string I am using to fetch email is:
rake redmine:email:receive_imap ssl=SSL RAILS_ENV="production" host=imap.xxx.xx port=993 username= password=yyyy --trace
rake aborted!
Connection reset by peer - SSL_connect
...

I also tried ssl=1, ssl=true

any idea?
:(

Regards

RE: receiving emails from imap ssl - Added by Mr Embedded over 4 years ago

I have a box using Rev: 11691 from the 2.3 stable branch.

This is working fine for me.

Use:

ssl=true openssl_verify_mode=0

Let me know if that works. I may have done something else (I can't remember) and will dig further for you if it does not.

The other thing is that the hostname of the server you are connecting to must match the hostname listed in its cert even if it is self signed.

RE: receiving emails from imap ssl - Added by Mr Embedded over 4 years ago

Oh and that box is using ruby-1.9.3-p327 installed via RVM

RE: receiving emails from imap ssl - Added by Dmitry Nilsen over 4 years ago

no, its same error message.
how could I check if the certificate matches?

cheers.

RE: receiving emails from imap ssl - Added by Mr Embedded over 4 years ago

The easy way is if you have webmail check the certificate in your browser (more than likely it will be the same as the IMAP certificate). The hostname listed in the certificate should match the hostname you are typing in your browser address bar.

But you may be having a different issue altogether. Can you successfully receive email via IMAP SSL? Is the issue only with sending mail?

See the second note on this ticket and try that OpenSSL command to see if you can manually connect to your mailserver. I think the first step is to ensure you can receive mail properly and then sending should work based on the fix above.

RE: receiving emails from imap ssl - Added by Dmitry Nilsen over 4 years ago

the issue is only with receiving mails.. sending works ok.

openssl connect works:
OpenSSL> s_client -connect imap.kit.edu:993
CONNECTED

here is full trace:
bash-3.2# rake redmine:email:receive_imap ssl=true openssl_verify_mode=0 RAILS_ENV="production" host=imap.kit.edu port=993 username="name" password=password --trace
  • Invoke redmine:email:receive_imap (first_time)
  • Invoke environment (first_time)
  • Execute environment
  • Execute redmine:email:receive_imap
    rake aborted!
    Connection reset by peer - SSL_connect
    /opt/redmine/ruby/lib/ruby/1.9.1/net/imap.rb:1439:in `connect'
    /opt/redmine/ruby/lib/ruby/1.9.1/net/imap.rb:1439:in `start_tls_session'
    /opt/redmine/ruby/lib/ruby/1.9.1/net/imap.rb:1036:in `initialize'
    /opt/redmine/apps/redmine/htdocs/lib/redmine/imap.rb:29:in `new'
    /opt/redmine/apps/redmine/htdocs/lib/redmine/imap.rb:29:in `check'
    /opt/redmine/apps/redmine/htdocs/lib/tasks/email.rake:133:in `block (3 levels) in <top (required)>'
    /opt/redmine/ruby/lib/ruby/gems/1.9.1/gems/rake-0.9.2.2/lib/rake/task.rb:205:in `call'
    /opt/redmine/ruby/lib/ruby/gems/1.9.1/gems/rake-0.9.2.2/lib/rake/task.rb:205:in `block in execute'
    /opt/redmine/ruby/lib/ruby/gems/1.9.1/gems/rake-0.9.2.2/lib/rake/task.rb:200:in `each'
    /opt/redmine/ruby/lib/ruby/gems/1.9.1/gems/rake-0.9.2.2/lib/rake/task.rb:200:in `execute'
    /opt/redmine/ruby/lib/ruby/gems/1.9.1/gems/rake-0.9.2.2/lib/rake/task.rb:158:in `block in invoke_with_call_chain'
    /opt/redmine/ruby/lib/ruby/1.9.1/monitor.rb:211:in `mon_synchronize'
    /opt/redmine/ruby/lib/ruby/gems/1.9.1/gems/rake-0.9.2.2/lib/rake/task.rb:151:in `invoke_with_call_chain'
    /opt/redmine/ruby/lib/ruby/gems/1.9.1/gems/rake-0.9.2.2/lib/rake/task.rb:144:in `invoke'
    /opt/redmine/ruby/lib/ruby/gems/1.9.1/gems/rake-0.9.2.2/lib/rake/application.rb:116:in `invoke_task'
    /opt/redmine/ruby/lib/ruby/gems/1.9.1/gems/rake-0.9.2.2/lib/rake/application.rb:94:in `block (2 levels) in top_level'
    /opt/redmine/ruby/lib/ruby/gems/1.9.1/gems/rake-0.9.2.2/lib/rake/application.rb:94:in `each'
    /opt/redmine/ruby/lib/ruby/gems/1.9.1/gems/rake-0.9.2.2/lib/rake/application.rb:94:in `block in top_level'
    /opt/redmine/ruby/lib/ruby/gems/1.9.1/gems/rake-0.9.2.2/lib/rake/application.rb:133:in `standard_exception_handling'
    /opt/redmine/ruby/lib/ruby/gems/1.9.1/gems/rake-0.9.2.2/lib/rake/application.rb:88:in `top_level'
    /opt/redmine/ruby/lib/ruby/gems/1.9.1/gems/rake-0.9.2.2/lib/rake/application.rb:66:in `block in run'
    /opt/redmine/ruby/lib/ruby/gems/1.9.1/gems/rake-0.9.2.2/lib/rake/application.rb:133:in `standard_exception_handling'
    /opt/redmine/ruby/lib/ruby/gems/1.9.1/gems/rake-0.9.2.2/lib/rake/application.rb:63:in `run'
    /opt/redmine/ruby/lib/ruby/gems/1.9.1/gems/rake-0.9.2.2/bin/rake:33:in `<top (required)>'
    /opt/redmine/ruby/bin/rake:23:in `load'
    /opt/redmine/ruby/bin/rake:23:in `<main>'
    Tasks: TOP => redmine:email:receive_imap

RE: receiving emails from imap ssl - Added by Mr Embedded over 4 years ago

And you have verified that the hostname on the certificate matches the server hostname?

RE: receiving emails from imap ssl - Added by Mr Embedded over 4 years ago

BTW I have migrated my boxes to Rails 2.0 and its still working fine for me.

1 2 (1-25/31)