Failure connecting to mail server about dmarc-srg HOT 14 CLOSED

I should mention I'm running Centos 7.9, cPanel/WHM, PHP7.3, Dovecot and my IMAP port is 993. Let me know if you need anything else.

Thank you for any help you can give me. Also, thank you for this much needed script.

from dmarc-srg.

Update: I'm sure there must be some problem on my end. Since I'm just reading mail from one site located on the same server as the other site, I changed line 60 on MailBox.php to...

$this->server = sprintf('{%s/imap/ssl/novalidate-cert}', $this->host);

This solution is working fine until I can figure out why I'm getting the SSL error.

from dmarc-srg.

Hello! I'm glad that my script helps you. As for your problem, I see three reasons why it happens:

• You have not configured a properly signed certificate for Dovecot. Check ssl_cert and ssl_key parameters in your 10-ssl.conf and restart Dovecot.
• In the settings (conf.php) you have specified not the domain name of your mail server, but the server's ip-address or localhost or a domain name that is not in your certificate. Correct the field host in array $mailboxes in your conf.php
• Something wrong is in my script. This needs to be investigated, but I will at least add an option to ignore the certificate validation.

from dmarc-srg.

I just added the ability to skip the certificate validation: d1f6be9

from dmarc-srg.

Thanks for the update!

There's no place on github for a wish list, but if you just happen to already be adding a new sort by feature on the report list (in addition to the Date column that's already there), I would find the ability to sort the Domain column helpful.

from dmarc-srg.

You can create a new issue for this. Honestly, I thought that the filter feature for the report list would be enough.

from dmarc-srg.

I actually forgot about the filter feature. It would probably be enough except that it just says "Error!" when the modal pops up. I'll create an issue for that instead.

from dmarc-srg.

I'm closing this issue. If you have questions about this, just open it again.

from dmarc-srg.

Hello,
First, let me thank you for that very promising tool.
I reopen that issue because I face same difficulty than fingerprn.

In my browser, I have following msg: "[-100] NetworkError when attempting to fetch resource."
When running php utils/fetch_reports.php source=email, it says : "TLS/SSL failure for xxx: SSL negotiation failed"

In my conf.php, I set
$mailboxes = [ 'name' => '[email protected]', 'host' => 'ns1.dom.tld', (I try also with ip) 'encryption' => 'starttls', 'novalidate-cert' => true, (I try also false) 'username' => '[email protected]', 'password' => 'toto', 'mailbox' => 'INBOX' ];

I made few tests : telnet ns1.dom.tld:143 is working
I check Dovecot cert. There is one, but, not ns1.dom.tld.
I don't want to change anything about cert, I use ISPConfig and I connect correctly to that imap mailbox...

I am quite surprise: 'novalidate-cert', false or true, seems to have no impact...

Thank you for your help

from dmarc-srg.

As for error "[-100] NetworkError when attempting to fetch resource.", it's my fault. I gave a wrong example of header Content-Security-Policy in README. I just updated it. I'm sorry for that.

As for the rest, I'll write a little later.

from dmarc-srg.

Unfortunately, I was unable to reproduce your problem with TLS/SSL failure. I could get the same error only when I specifed a wrong ip address and port. Are you sure that you have STARTTLS configured on the server? Is this visible in the telnet session?

I use ISPConfig and I connect correctly to that imap mailbox...

Is it possible that ISPConfig is accessing your mail server using SSL/TLS (not STARTTLS) on a different port? It is usually port 993.

from dmarc-srg.

Thanks a lot for your help : content security update solve first issue

For SSL/TLS
root@ns3:~# telnet ns1.dom.tld 143
Trying 2axx:yy:uu:ttt::1...
Connected to ns1.dom.tld.
Escape character is '^]'.

• OK [CAPABILITY IMAP4rev1 SASL-IR LOGIN-REFERRALS ID ENABLE IDLE LITERAL+ STARTTLS AUTH=PLAIN AUTH=LOGIN] Dovecot (Ubuntu) ready.

It looks good, isn't it ?

I try telnet ns1.dom.tls 993, it gives no answer...
Nevertheless, I move conf.php to
'encryption' => 'ssl',
'novalidate-cert' => true,

and rerun php utils/fetch_reports.php source=email
it works now !

I miss something, somewhere... but only results are important.

from dmarc-srg.

your tool is amazing ! Thank you very much :-)

from dmarc-srg.

It looks good, isn't it ?

Yes, you are right. It looks good.

I try telnet ns1.dom.tls 993, it gives no answer...

Everything is okay. This port should be checked with tools like openssl.

it works now !

I miss something, somewhere... but only results are important.

Maybe something wrong with starttls on your server? I have no idea, sorry. However, I'm glad my utility works for you. And thank you for your kind words.

from dmarc-srg.