receiving emails from imap ssl
Added by Zoltan Beck about 12 years ago
Hi All,
I've a problem with an Exchange 2010 server (there is used a cacert.org certificate). I can't download the mails with the following command:
/usr/local/bin/rake -f /home/redmine/redmine-2.1.2/Rakefile redmine:email:receive_imap RAILS_ENV="production" project=all ssl=1 port=993 host=xxxxx username=xxxxx password=xxxxx --trace
** Invoke redmine:email:receive_imap (first_time) ** Invoke environment (first_time) ** Execute environment ** Execute redmine:email:receive_imap rake aborted! LOGIN failed. /usr/lib/ruby/1.8/net/imap.rb:1004:in `pick_up_tagged_response' /usr/lib/ruby/1.8/net/imap.rb:997:in `get_tagged_response' /usr/lib/ruby/1.8/net/imap.rb:1055:in `send_command' /usr/lib/ruby/1.8/monitor.rb:242:in `synchronize' /usr/lib/ruby/1.8/net/imap.rb:1040:in `send_command' /usr/lib/ruby/1.8/net/imap.rb:380:in `login' /home/redmine/redmine-2.1.2/lib/redmine/imap.rb:30:in `check' /home/redmine/redmine-2.1.2/lib/tasks/email.rake:133 /var/lib/gems/1.8/gems/rake-0.9.2.2/lib/rake/task.rb:205:in `call' /var/lib/gems/1.8/gems/rake-0.9.2.2/lib/rake/task.rb:205:in `execute' /var/lib/gems/1.8/gems/rake-0.9.2.2/lib/rake/task.rb:200:in `each' /var/lib/gems/1.8/gems/rake-0.9.2.2/lib/rake/task.rb:200:in `execute' /var/lib/gems/1.8/gems/rake-0.9.2.2/lib/rake/task.rb:158:in `invoke_with_call_chain' /usr/lib/ruby/1.8/monitor.rb:242:in `synchronize' /var/lib/gems/1.8/gems/rake-0.9.2.2/lib/rake/task.rb:151:in `invoke_with_call_chain' /var/lib/gems/1.8/gems/rake-0.9.2.2/lib/rake/task.rb:144:in `invoke' /var/lib/gems/1.8/gems/rake-0.9.2.2/lib/rake/application.rb:116:in `invoke_task' /var/lib/gems/1.8/gems/rake-0.9.2.2/lib/rake/application.rb:94:in `top_level' /var/lib/gems/1.8/gems/rake-0.9.2.2/lib/rake/application.rb:94:in `each' /var/lib/gems/1.8/gems/rake-0.9.2.2/lib/rake/application.rb:94:in `top_level' /var/lib/gems/1.8/gems/rake-0.9.2.2/lib/rake/application.rb:133:in `standard_exception_handling' /var/lib/gems/1.8/gems/rake-0.9.2.2/lib/rake/application.rb:88:in `top_level' /var/lib/gems/1.8/gems/rake-0.9.2.2/lib/rake/application.rb:66:in `run' /var/lib/gems/1.8/gems/rake-0.9.2.2/lib/rake/application.rb:133:in `standard_exception_handling' /var/lib/gems/1.8/gems/rake-0.9.2.2/lib/rake/application.rb:63:in `run' /var/lib/gems/1.8/gems/rake-0.9.2.2/bin/rake:33 /usr/local/bin/rake:19:in `load' /usr/local/bin/rake:19 Tasks: TOP => redmine:email:receive_imap
Is there any way to configure the cacert for the redmine?
Best Regards,
bzg
Replies (34)
RE: receiving emails from imap ssl - Added by Mr Embedded about 12 years ago
I am having a similar issue with receiving emails from imap ssl.
I have just upgraded my installation from 1.4.4 to 2.1.2 on Debian Squeeze. In the process I have removed the default Debian binaries and installed the latest Ruby 1.9.3-p194 via RVM.
Everything seems to be working well so far exept that I am getting "SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed" when trying to retrieve email from that IMAP server which has a self signed certificate.
I have read about all the fixes for OpenSSL and HTTPS but I don't believe they solve the issue checking mail from a SSL enabled IMAP server with a self signed certificate. Is there a way to apply no-check-certificate to the rake command that is used to retrieve the mail?
RE: receiving emails from imap ssl - Added by Mr Embedded about 12 years ago
I have tried to manually add the certificate to my system certificates folder. Openssl can connect just fine:
OpenSSL> s_client -connect mail.myhost.com:993 CONNECTED(00000003)
However it seems the ruby connection chokes and I cannot get the SSL error to go away. I am guessing that a no-check-certificate style option can be added to the /lib/tasks/email.rake file? Can someone confirm?
RE: receiving emails from imap ssl - Added by Zoltan Beck about 12 years ago
Mr Embedded wrote:
I have tried to manually add the certificate to my system certificates folder. Openssl can connect just fine:
[...]However it seems the ruby connection chokes and I cannot get the SSL error to go away. I am guessing that a no-check-certificate style option can be added to the /lib/tasks/email.rake file? Can someone confirm?
The openssl can connect for me, too.
OpenSSL> s_client -connect mail.xxx.xx:993
CONNECTED
RE: receiving emails from imap ssl - Added by Mr Embedded about 12 years ago
I still have not found a solution to this. Is the only way to resolve this to get a non self-signed cert for Ruby 1.9.3?
RE: receiving emails from imap ssl - Added by Tony Ordner about 12 years ago
Try "ssl=true" instead of "ssl=1" and see if it works.
Our setup uses Exchange and I think a self signed cert and I do not have any problems polling via Imap. I run on Windows Server 2008 and use the following call:
call rake redmine:email:receive_imap RAILS_ENV="production" host=xxx port=993 ssl=true username=xxx\xxx password=xxx project=unsorted tracker=email-request unknown_user=accept --trace
Hope it helps.
tony
RE: receiving emails from imap ssl - Added by Mr Embedded about 12 years ago
Thanks for the suggestion.
Doesn't work for me. Even with SSL=true I'm still getting.
SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed
I have held off upgrading to the 2.x branch on all my instances until I can figure this out.
RE: receiving emails from imap ssl - Added by Tony Ordner about 12 years ago
Have you seen/tried this?
tony
RE: receiving emails from imap ssl - Added by Mr Embedded about 12 years ago
Yes I had seen that and a bunch of others solutions but they all seem to be geared for https while the problem I am having is with IMAP
http://stackoverflow.com/questions/8075170/certificate-issue-when-i-use-ruby-imap-to-read-icloud-email has a solution to turn off peer verification globally but I am not sure exactly where to put that. I tried fiddling with the /lib/tasks/email.rake file with no luck.
Here is another recommended solution that I am not sure how to go about implementing:
http://johnbintz.github.com/blog/2011/12/14/net-imap-ssl-verify-mode/
I truly believe this is an IMAP/SSL issue unless someone can show me otherwise.
RE: receiving emails from imap ssl - Added by Tony Ordner about 12 years ago
The link I attached mentions that it fixed someone else's gmail IMAP issue in a comment to the top rated answer.
SSL creates a "tunnel" between client and server somewhat akin to a VPN where it is connected end to end and data is then transmitted back and forth. It can be used by IMAP, POP, HTTP server etc. and is not really specific to any of them.
This appears to relate more to how Ruby is validating the certificate.
Does that help at all or make it any clearer?
tony
RE: receiving emails from imap ssl - Added by Mr Embedded about 12 years ago
Yes it is the Ruby validation specifically related to Net::IMAP and Ruby 1.9.3 as OpenSSL connects just fine.
I am trying to figure out how to make verify_mode = OpenSSL::SSL::VERIFY_NONE for Net::IMAP. I think that will fix this issue.
RE: receiving emails from imap ssl - Added by Mr Embedded about 12 years ago
The other thing is that I am NOT a programmer :D
RE: receiving emails from imap ssl - Added by Scott B about 12 years ago
We just upgraded to the latest Redmine, moving from Ruby 1.8 to 1.9 and ran into this same issue. None of the suggestions above appear to resolve the problem.
We tweaked lib/redmine/imap.rb:
imap = Net::IMAP.new(host, port, :ssl => { :verify_mode => OpenSSL::SSL::VERIFY_NONE })
and lib/tasks/email.rake:
options[:ssl => { :verify_mode => OpenSSL::SSL::VERIFY_NONE }]
We even tried the SSL=true vs SSL=1, for kicks. No win.
Have any of the Redmine/Ruby gurus out there found a way around this, yet?
Thanks.
RE: receiving emails from imap ssl - Added by Mr Embedded about 12 years ago
Im still having the issue also and have decided to remain with the 1.4.4 branch until there is a solution to this.
It seems to be a Ruby issue. We need the method to tell Net:IMAP optionally not to check the certificate.
RE: receiving emails from imap ssl - Added by Scott B about 12 years ago
FYI - This worked:
Create a new file config/initializers/bypass_ssl_verification.rb (the name of the file is not important)
In that file, put this:
require 'openssl'
OpenSSL::SSL::VERIFY_PEER = OpenSSL::SSL::VERIFY_NONE
You may or may not have to HUP the app. I did. IMAP SSL connections are working again (redmine 2.0.3 - ruby 1.9.3p194).
RE: receiving emails from imap ssl - Added by Mr Embedded about 12 years ago
I'll give it a try.
Isn't this basically disabling the SSL verification check for the entire application and all its processes? I was hoping to find a solution for the IMAP issue alone.
RE: receiving emails from imap ssl - Added by Mr Embedded almost 12 years ago
Just want to confirm that this fix definitely does work.
RE: receiving emails from imap ssl - Added by Yar n over 11 years ago
Mr Embedded, thank you!
it works!
redmine 2.2.3, ruby 1.9.3
RE: receiving emails from imap ssl - Added by Dmitry Nilsen over 11 years ago
we upgraded to redmine 2.3.0 and this solution doesn't work for us.
I created:
/opt/redmine/apps/redmine/htdocs/config/initializers/bypass_ssl_verification.rb
require 'openssl'
OpenSSL::SSL::VERIFY_PEER = OpenSSL::SSL::VERIFY_NONE
the string I am using to fetch email is:
rake redmine:email:receive_imap ssl=SSL RAILS_ENV="production" host=imap.xxx.xx port=993 username=xxx@xxx.com password=yyyy --trace
rake aborted!
Connection reset by peer - SSL_connect
...
I also tried ssl=1, ssl=true
any idea?
:(
Regards
RE: receiving emails from imap ssl - Added by Mr Embedded over 11 years ago
I have a box using Rev: 11691 from the 2.3 stable branch.
This is working fine for me.
Use:
ssl=true openssl_verify_mode=0
Let me know if that works. I may have done something else (I can't remember) and will dig further for you if it does not.
The other thing is that the hostname of the server you are connecting to must match the hostname listed in its cert even if it is self signed.
RE: receiving emails from imap ssl - Added by Mr Embedded over 11 years ago
Oh and that box is using ruby-1.9.3-p327 installed via RVM
RE: receiving emails from imap ssl - Added by Dmitry Nilsen over 11 years ago
no, its same error message.
how could I check if the certificate matches?
cheers.
RE: receiving emails from imap ssl - Added by Mr Embedded over 11 years ago
The easy way is if you have webmail check the certificate in your browser (more than likely it will be the same as the IMAP certificate). The hostname listed in the certificate should match the hostname you are typing in your browser address bar.
But you may be having a different issue altogether. Can you successfully receive email via IMAP SSL? Is the issue only with sending mail?
See the second note on this ticket and try that OpenSSL command to see if you can manually connect to your mailserver. I think the first step is to ensure you can receive mail properly and then sending should work based on the fix above.
RE: receiving emails from imap ssl - Added by Dmitry Nilsen over 11 years ago
the issue is only with receiving mails.. sending works ok.
openssl connect works:
OpenSSL> s_client -connect imap.kit.edu:993
CONNECTED
bash-3.2# rake redmine:email:receive_imap ssl=true openssl_verify_mode=0 RAILS_ENV="production" host=imap.kit.edu port=993 username="name" password=password --trace
- Invoke redmine:email:receive_imap (first_time)
- Invoke environment (first_time)
- Execute environment
- Execute redmine:email:receive_imap
rake aborted!
Connection reset by peer - SSL_connect
/opt/redmine/ruby/lib/ruby/1.9.1/net/imap.rb:1439:in `connect'
/opt/redmine/ruby/lib/ruby/1.9.1/net/imap.rb:1439:in `start_tls_session'
/opt/redmine/ruby/lib/ruby/1.9.1/net/imap.rb:1036:in `initialize'
/opt/redmine/apps/redmine/htdocs/lib/redmine/imap.rb:29:in `new'
/opt/redmine/apps/redmine/htdocs/lib/redmine/imap.rb:29:in `check'
/opt/redmine/apps/redmine/htdocs/lib/tasks/email.rake:133:in `block (3 levels) in <top (required)>'
/opt/redmine/ruby/lib/ruby/gems/1.9.1/gems/rake-0.9.2.2/lib/rake/task.rb:205:in `call'
/opt/redmine/ruby/lib/ruby/gems/1.9.1/gems/rake-0.9.2.2/lib/rake/task.rb:205:in `block in execute'
/opt/redmine/ruby/lib/ruby/gems/1.9.1/gems/rake-0.9.2.2/lib/rake/task.rb:200:in `each'
/opt/redmine/ruby/lib/ruby/gems/1.9.1/gems/rake-0.9.2.2/lib/rake/task.rb:200:in `execute'
/opt/redmine/ruby/lib/ruby/gems/1.9.1/gems/rake-0.9.2.2/lib/rake/task.rb:158:in `block in invoke_with_call_chain'
/opt/redmine/ruby/lib/ruby/1.9.1/monitor.rb:211:in `mon_synchronize'
/opt/redmine/ruby/lib/ruby/gems/1.9.1/gems/rake-0.9.2.2/lib/rake/task.rb:151:in `invoke_with_call_chain'
/opt/redmine/ruby/lib/ruby/gems/1.9.1/gems/rake-0.9.2.2/lib/rake/task.rb:144:in `invoke'
/opt/redmine/ruby/lib/ruby/gems/1.9.1/gems/rake-0.9.2.2/lib/rake/application.rb:116:in `invoke_task'
/opt/redmine/ruby/lib/ruby/gems/1.9.1/gems/rake-0.9.2.2/lib/rake/application.rb:94:in `block (2 levels) in top_level'
/opt/redmine/ruby/lib/ruby/gems/1.9.1/gems/rake-0.9.2.2/lib/rake/application.rb:94:in `each'
/opt/redmine/ruby/lib/ruby/gems/1.9.1/gems/rake-0.9.2.2/lib/rake/application.rb:94:in `block in top_level'
/opt/redmine/ruby/lib/ruby/gems/1.9.1/gems/rake-0.9.2.2/lib/rake/application.rb:133:in `standard_exception_handling'
/opt/redmine/ruby/lib/ruby/gems/1.9.1/gems/rake-0.9.2.2/lib/rake/application.rb:88:in `top_level'
/opt/redmine/ruby/lib/ruby/gems/1.9.1/gems/rake-0.9.2.2/lib/rake/application.rb:66:in `block in run'
/opt/redmine/ruby/lib/ruby/gems/1.9.1/gems/rake-0.9.2.2/lib/rake/application.rb:133:in `standard_exception_handling'
/opt/redmine/ruby/lib/ruby/gems/1.9.1/gems/rake-0.9.2.2/lib/rake/application.rb:63:in `run'
/opt/redmine/ruby/lib/ruby/gems/1.9.1/gems/rake-0.9.2.2/bin/rake:33:in `<top (required)>'
/opt/redmine/ruby/bin/rake:23:in `load'
/opt/redmine/ruby/bin/rake:23:in `<main>'
Tasks: TOP => redmine:email:receive_imap
RE: receiving emails from imap ssl - Added by Mr Embedded over 11 years ago
And you have verified that the hostname on the certificate matches the server hostname?
RE: receiving emails from imap ssl - Added by Mr Embedded over 11 years ago
BTW I have migrated my boxes to Rails 2.0 and its still working fine for me.