Steps to reproduce
- Configure working owncloud server, https, LDAP, import Cert
- Configure Email Server to connect to Exchange 2016 on prem, SMTP, STARTTLS, Auth required
- Confirmed ports and TLS working on exchange.
Expected behaviour
Owncloud relay mail through exchange 2016
Actual behaviour
A problem occurred while sending the email. Please revise your settings. (Error: Unable to connect with TLS encryption)
Server configuration
Operating system: Ubuntu 20.04
Web server: Apache2
Database: MariaDB
PHP version: v7.4.16
ownCloud version: 10.8.04
Updated from an older ownCloud or fresh install: Fresh Install
Where did you install ownCloud from: Install ownCloud on Ubuntu 20.04 :: ownCloud Documentation
Signing status (ownCloud 9.0 and above):
No errors have been found.
The content of config/config.php:
{
"system": {
"passwordsalt": "***REMOVED SENSITIVE VALUE***",
"secret": "***REMOVED SENSITIVE VALUE***",
"trusted_domains": [
"localhost",
"10.111.2.8",
"cloud.wweyecenters.com"
],
"datadirectory": "\/mnt\/owncloud\/data",
"files_external_allow_create_new_local": "true",
"overwrite.cli.url": "http:\/\/localhost",
"dbtype": "mysql",
"version": "10.8.0.4",
"dbname": "owncloud",
"dbhost": "localhost",
"dbtableprefix": "oc_",
"mysql.utf8mb4": true,
"dbuser": "***REMOVED SENSITIVE VALUE***",
"dbpassword": "***REMOVED SENSITIVE VALUE***",
"logtimezone": "UTC",
"apps_paths": [
{
"path": "\/var\/www\/owncloud\/apps",
"url": "\/apps",
"writable": false
},
{
"path": "\/var\/www\/owncloud\/apps-external",
"url": "\/apps-external",
"writable": true
}
],
"installed": true,
"instanceid": "ocqaiiqbmelv",
"memcache.local": "\\OC\\Memcache\\APCu",
"memcache.locking": "\\OC\\Memcache\\Redis",
"redis": {
"host": "127.0.0.1",
"port": "6379"
},
"ldapIgnoreNamingRules": false,
"maintenance": false,
"mail_domain": "***REMOVED SENSITIVE VALUE***",
"mail_from_address": "***REMOVED SENSITIVE VALUE***",
"mail_smtpmode": "smtp",
"mail_smtphost": "***REMOVED SENSITIVE VALUE***",
"mail_smtpauth": 1,
"mail_smtpname": "***REMOVED SENSITIVE VALUE***",
"mail_smtppassword": "***REMOVED SENSITIVE VALUE***",
"mail_smtpport": "25",
"mail_smtpsecure": "tls",
"mail_smtpauthtype": "LOGIN",
"loglevel": 0
}
}
List of activated apps:
Enabled:
- comments:
- Version: 0.3.0
- Path: /var/www/owncloud/apps/comments
- configreport:
- Version: 0.2.0
- Path: /var/www/owncloud/apps/configreport
- dav:
- Version: 0.6.0
- Path: /var/www/owncloud/apps/dav
- federatedfilesharing:
- Version: 0.5.0
- Path: /var/www/owncloud/apps/federatedfilesharing
- federation:
- Version: 0.1.0
- Path: /var/www/owncloud/apps/federation
- files:
- Version: 1.5.2
- Path: /var/www/owncloud/apps/files
- files_external:
- Version: 0.8.0
- Path: /var/www/owncloud/apps/files_external
- files_mediaviewer:
- Version: 1.0.4
- Path: /var/www/owncloud/apps/files_mediaviewer
- files_sharing:
- Version: 0.14.0
- Path: /var/www/owncloud/apps/files_sharing
- files_trashbin:
- Version: 0.9.1
- Path: /var/www/owncloud/apps/files_trashbin
- files_versions:
- Version: 1.3.0
- Path: /var/www/owncloud/apps/files_versions
- firstrunwizard:
- Version: 1.2.0
- Path: /var/www/owncloud/apps/firstrunwizard
- guests:
- Version: 0.9.3
- Path: /var/www/owncloud/apps-external/guests
- impersonate:
- Version: 0.5.0
- Path: /var/www/owncloud/apps-external/impersonate
- market:
- Version: 0.6.1
- Path: /var/www/owncloud/apps/market
- notifications:
- Version: 0.5.4
- Path: /var/www/owncloud/apps/notifications
- provisioning_api:
- Version: 0.5.0
- Path: /var/www/owncloud/apps/provisioning_api
- systemtags:
- Version: 0.3.0
- Path: /var/www/owncloud/apps/systemtags
- updatenotification:
- Version: 0.2.1
- Path: /var/www/owncloud/apps/updatenotification
- user_ldap:
- Version: 0.15.4
- Path: /var/www/owncloud/apps-external/user_ldap
Disabled:
- encryption:
- Path: /var/www/owncloud/apps/encryption
- external:
- Path: /var/www/owncloud/apps/external
- user_external:
- Path: /var/www/owncloud/apps/user_external
- wallpaper:
- Path: /var/www/owncloud/apps-external/wallpaper
Are you using external storage, if yes which one: No
Are you using encryption: NO
Are you using an external user-backend, if yes which one: LDAP/ActiveDirectory
+-------------------------------+----------------------------------------------------------------------------------------------------------------------------------------+
| Configuration | |
+-------------------------------+----------------------------------------------------------------------------------------------------------------------------------------+
| hasMemberOfFilterSupport | 1 |
| hasPagedResultSupport | |
| homeFolderNamingRule | |
| lastJpegPhotoLookup | 0 |
| ldapAgentName | cn=owncloud,cn=users,dc=domain,dc=local |
| ldapAgentPassword | *** |
| ldapAttributesForGroupSearch | |
| ldapAttributesForUserSearch | |
| ldapBackupHost | |
| ldapBackupPort | |
| ldapBase | dc=domain,dc=local |
| ldapBaseGroups | dc=domain,dc=local |
| ldapBaseUsers | dc=domain,dc=local |
| ldapCacheTTL | 600 |
| ldapConfigurationActive | 1 |
| ldapDynamicGroupMemberURL | |
| ldapEmailAttribute | mail |
| ldapExperiencedAdmin | 0 |
| ldapExpertUUIDGroupAttr | |
| ldapExpertUUIDUserAttr | objectguid |
| ldapExpertUsernameAttr | |
| ldapGroupDisplayName | cn |
| ldapGroupFilter | (|(cn=WWECCloud)) |
| ldapGroupFilterGroups | WWECCloud |
| ldapGroupFilterMode | 0 |
| ldapGroupFilterObjectclass | |
| ldapGroupMemberAssocAttr | uniqueMember |
| ldapHost | 10.xxx.x.xx |
| ldapIgnoreNamingRules | |
| ldapLoginFilter | (&(&(|(objectclass=person))(|(|(memberof=CN=WWECCloud,CN=Users,DC=domain,DC=local)(primaryGroupID=4623))))(samaccountname=%uid)) |
| ldapLoginFilterAttributes | |
| ldapLoginFilterEmail | 0 |
| ldapLoginFilterMode | 0 |
| ldapLoginFilterUsername | 1 |
| ldapNestedGroups | 0 |
| ldapNetworkTimeout | 2 |
| ldapOverrideMainServer | |
| ldapPagingSize | 500 |
| ldapPort | 389 |
| ldapQuotaAttribute | |
| ldapQuotaDefault | |
| ldapTLS | 0 |
| ldapUserDisplayName | displayName |
| ldapUserDisplayName2 | |
| ldapUserFilter | (&(|(objectclass=person))(|(|(memberof=CN=WWECCloud,CN=Users,DC=wweyecenters,DC=local)(primaryGroupID=4623)))) |
| ldapUserFilterGroups | WWECCloud |
| ldapUserFilterMode | 0 |
| ldapUserFilterObjectclass | person |
| ldapUserName | samaccountname |
| ldapUuidGroupAttribute | auto |
| ldapUuidUserAttribute | auto |
| turnOffCertCheck | 0 |
| useMemberOfToDetectMembership | 1 |
+-------------------------------+----------------------------------------------------------------------------------------------------------------------------------------+
ownCloud log (data/owncloud.log)
{"reqId":"4ftxHQZ9nu0fEfOGfp7D","level":3,"time":"2021-10-01T12:30:31+00:00","remoteAddr":"10.111.2.186","user":"85788CA4-5F14-4CC9-8B62-799B8DF1D387","app":"PHP","method":"POST","url":"\/index.php\/settings\/admin\/mailtest","message":"stream_socket_enable_crypto(): SSL operation failed with code 1. OpenSSL Error messages:\nerror:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed at \/var\/www\/owncloud\/lib\/composer\/swiftmailer\/swiftmailer\/lib\/classes\/Swift\/Transport\/StreamBuffer.php#94"}
openssl s_client -connect 10.111.2.40:25 -starttls smtp
CONNECTED(00000003)
Can't use SSL_get_servername
depth=0 CN = VMExchSvr
verify error:num=18:self signed certificate
verify return:1
depth=0 CN = VMExchSvr
verify return:1
---
Certificate chain
0 s:CN = VMExchSvr
i:CN = VMExchSvr
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIDGzCCAgOgAwIBAgIQHF84IpOuCItI06f9XOD/JDANBgkqhkiG9w0BAQUFADAU
MRIwEAYDVQQDEwlWTUV4Y2hTdnIwHhcNMjEwNjE2MTQxMTM2WhcNMjYwNjE2MTQx
MTM2WjAUMRIwEAYDVQQDEwlWTUV4Y2hTdnIwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDBfWFwRXDEUX13WU/qnGt+nduL1SVaBwm3/cxTpB/MXVj88AlA
LpZrqjlVdaHEYIVi9wjAlGHBILu31mzrmZ0ps8QzGUeW7UfK8lA26PN91M2NbzmC
SqOFnR9pLu38AdoS8XIwxsgBE+hA6XdFVLHst9o39bEwW/bQUcgUEYVTyz8y/+hI
rXWKMSV0K3QJkaU+3UfDqYXDmdiyO4B3P+tosKJTuLH2MKWgyRi/KelMVEd1DudP
lR8UU9F6JSiIwBuoZ89N/6kxvIEr2LCvMEHYM8kvF8ju68Q26S2ks2OrDkn5B0uV
J9EViPD/cHcoaSwIRy4ti+ZTITIje0c7Dds1AgMBAAGjaTBnMA4GA1UdDwEB/wQE
AwIFoDAyBgNVHREEKzApgglWTUV4Y2hTdnKCHFZNRXhjaFN2ci53d2V5ZWNlbnRl
cnMubG9jYWwwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADANBgkq
hkiG9w0BAQUFAAOCAQEAjSr+uY9V2r3nRhAAx97BzSxq3kIYvBMiJbdLoEvnx+Cd
IoDqRyxTtrHvqVaXpFVQ1PiP7TLAJhhw19CT8vqJwbPzddqm5/TYSn9YO+4B3N4H
OzIlGsz8/3nhP8nmToAWSYISG2ackfIFNBxktTwVGCW3uOf0CNmfSSbNCH3dGgH8
RJcZE6hEa3KJ6NU1uyOx/6xDSSD9JOrrrDG8h8rBY+Zy5aa+zCMvncCN1UeBYQYD
eBap0mN+wzzf6sQ5o4UA+yB2jfUjSlQUMcJMNRXCVo3VkRICw2Ics+QtzGA49dgn
8lmKHsTKbNC4cZxAYYGpTUmsNXQ9/QkUYBxav2E6PQ==
-----END CERTIFICATE-----
subject=CN = VMExchSvr
issuer=CN = VMExchSvr
---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: RSA
Server Temp Key: ECDH, P-256, 256 bits
---
SSL handshake has read 1670 bytes and written 442 bytes
Verification error: self signed certificate
---
New, TLSv1.2, Cipher is ECDHE-RSA-AES128-GCM-SHA256
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES128-GCM-SHA256
Session-ID: C31900008F825B247AD6FE39E1676F4090ADF28201485ED8C482E610F16A703B
Session-ID-ctx:
Master-Key: 9930042F7075E3DFF3C1E5584BA249B089A9F04AD3FD0DC9C452B41A1050F140625F946332452128A9029B6BA308E689
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1633026634
Timeout : 7200 (sec)
Verify return code: 18 (self signed certificate)
Extended master secret: yes
---
250 XRDST
451 4.7.0 Timeout waiting for client input
read:errno=0
000-default.conf
<VirtualHost *:443>
# The ServerName directive sets the request scheme, hostname and port that
# the server uses to identify itself. This is used when creating
# redirection URLs. In the context of virtual hosts, the ServerName
# specifies what hostname must appear in the request's Host: header to
# match this virtual host. For the default virtual host (this file) this
# value is not decisive as it is used as a last resort host regardless.
# However, you must set it for any further virtual host explicitly.
#ServerName www.example.com
ServerAdmin webmaster@localhost
DocumentRoot /var/www/owncloud
#Enables Strict Transport Security to force HTTPS://
<IfModule mod_headers.c>
Header always set Strict-Transport-Security "max-age=15552000; includeSubDomains"
</IfModule>
#Enables SSLEngine and defines the paths for the ceritificate from DigiCert
SSLEngine on
SSLCertificateFile /etc/ssl/certs/cloud_wweyecenters_com.crt
SSLCertificateKeyFile /etc/ssl/certs/cloud_wweyecenters_com.key
SSLCertificateChainFile /etc/ssl/certs/DigiCertCA.crt
# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
# error, crit, alert, emerg.
# It is also possible to configure the loglevel for particular
# modules, e.g.
#LogLevel info ssl:warn
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
# For most configuration files from conf-available/, which are
# enabled or disabled at a global level, it is possible to
# include a line for only one particular virtual host. For example the
# following line enables the CGI configuration for this host only
# after it has been globally disabled with "a2disconf".
#Include conf-available/serve-cgi-bin.conf
</VirtualHost>
I think my issue has something to do with a certificate error, but the certificate for OwnCloud and my Exchange 2016 server are valid.