Roundcube unable to send images

Discussion in 'Server Operation' started by seattle, May 12, 2022.

  1. seattle

    seattle New Member

    roundcube 1.4.11
    installed plugins filesystem_attachments 1.0 , jqueryui 1.12
    MariaDB 10.3.28
    CentOS 8.5.2111
    Apache 2.4.37
    ________________
    Unable to send email with embedded images or attached images. Also unable to save to Drafts such emails.
    No error messages, just a small notification that constantly spins "Sending..." or "Saving ..."
    Hitting Cancel button does not result in anything, can only close the window.

    What am I missing in my configuration?
     
  2. Taleman

    Taleman Well-Known Member HowtoForge Supporter

    What do mail logs and other logs show? Is disk full or disk quota full? Are e-mails with no attatchments getting sent OK?
     
  3. seattle

    seattle New Member

    roundcube_access.log and roundcube_error.log are empty.
    secure and mailllog don't show anything related to emailing attempt, it doesn't even show in messages.

    What I can add is that if in plain text mode a file attachment can be sent, but if in HTML mode just get spinning wheels.
     
  4. Taleman

    Taleman Well-Known Member HowtoForge Supporter

    So this is not about e-mail attatchments, but you write HTML format e-mails and include images and files in the HTML? I have not tried to send HTML e-mail and have configured my e-mail clients to only show text, so I am unfamiliar with this concept.
    Where are you inserting the image files from?
    I just tried from my Roundcube sending HTML e-mail with inserted image file. It works OK.
     
  5. seattle

    seattle New Member

    I tried with copy-and-paste into the email body and with attaching an image.
    I'm stumped. Must be something wrong with the way the HTML is getting formatted but what? Is the problem with roundcube? apache? a library component? No error is being thrown, or at least not being thrown that the system catches.
     
  6. Jesse Norell

    Jesse Norell ISPConfig Developer Staff Member ISPConfig Developer

    Have you checked your browser console for errors? Maybe inspect the network requests made (by your browser, in the browser console) and look for clues (compare working html message and working txt with image to non-working html with image?)
     
  7. seattle

    seattle New Member

    When i start my message , the following shows up:
    DevTools failed to load source map: Could not load content for https://emailat.1234.xyz/roundcube/program/js/tinymce/skins/lightgray/skin.min.css.map: HTTP error: status code 404, net::ERR_HTTP_RESPONSE_CODE_FAILURE

    then after waiting a couple of minutes so that it tries to save a draft , this error:
    /roundcube/?_task=mail&_unlock=loading1652716032435&_framed=1&_lang=en_US:1
    POST https://emailat.1234.xyz/roundcube/?_task=mail&_unlock=loading1652716032435&_framed=1&_lang=en_US 403 (Forbidden)


    The file skin.min.css does exist:
    [[email protected] lightgray]# pwd
    /var/www/html/roundcube/program/js/tinymce/skins/lightgray
    [[email protected] lightgray]# ls -ltr
    total 84
    -rw-r--r--. 1 apache apache 27895 Jul 12 2020 skin.mobile.min.css
    -rw-r--r--. 1 apache apache 44049 Jul 12 2020 skin.min.css
    -rw-r--r--. 1 apache apache 234 Jul 12 2020 content.mobile.min.css
    -rw-r--r--. 1 apache apache 4017 Jul 12 2020 content.min.css
    -rw-r--r--. 1 apache apache 3611 Jul 12 2020 content.inline.min.css
    drwxr-xr-x. 2 apache apache 211 Feb 8 2021 fonts
    drwxr-xr-x. 2 apache apache 77 May 24 2021 img
     
  8. Jesse Norell

    Jesse Norell ISPConfig Developer Staff Member ISPConfig Developer

    Check your web server error log and maybe php daemon log as well, and maybe increase the relevant php error_reporting level. Likely something is logging something for this, likely the web server or application (roundcube).
     
  9. seattle

    seattle New Member

    [[email protected] httpd]# grep lightgr *_log
    ssl_access_log:192.168.1.16 - - [16/May/2022:08:44:12 -0700] "GET /roundcube/program/js/tinymce/skins/lightgray/skin.min.css?s=40091100 HTTP/1.1" 200 44049
    ssl_access_log:192.168.1.16 - - [16/May/2022:08:44:12 -0700] "GET /roundcube/program/js/tinymce/skins/lightgray/content.min.css?s=40091100 HTTP/1.1" 200 4017
    ssl_access_log:192.168.1.16 - - [16/May/2022:08:44:12 -0700] "GET /roundcube/program/js/tinymce/skins/lightgray/fonts/tinymce-small.woff HTTP/1.1" 200 9380
    ssl_access_log:192.168.1.16 - - [16/May/2022:08:44:29 -0700] "GET /roundcube/program/js/tinymce/skins/lightgray/skin.min.css.map HTTP/1.1" 404 196
    ssl_request_log:[16/May/2022:08:44:12 -0700] 192.168.1.16 TLSv1.3 TLS_AES_256_GCM_SHA384 "GET /roundcube/program/js/tinymce/skins/lightgray/skin.min.css?s=40091100 HTTP/1.1" 44049
    ssl_request_log:[16/May/2022:08:44:12 -0700] 192.168.1.16 TLSv1.3 TLS_AES_256_GCM_SHA384 "GET /roundcube/program/js/tinymce/skins/lightgray/content.min.css?s=40091100 HTTP/1.1" 4017
    ssl_request_log:[16/May/2022:08:44:12 -0700] 192.168.1.16 TLSv1.3 TLS_AES_256_GCM_SHA384 "GET /roundcube/program/js/tinymce/skins/lightgray/fonts/tinymce-small.woff HTTP/1.1" 9380
    ssl_request_log:[16/May/2022:08:44:29 -0700] 192.168.1.16 TLSv1.3 TLS_AES_256_GCM_SHA384 "GET /roundcube/program/js/tinymce/skins/lightgray/skin.min.css.map HTTP/1.1" 196

    the error.log and www-error.log in /var/log/php-fpm are empty. Here is the php.conf , i don't see mention of log level.
    [[email protected] php-fpm]# cat /etc/httpd/conf.d/php.conf
    #
    # The following lines prevent .user.ini files from being viewed by Web clients.
    #
    <Files ".user.ini">
    <IfModule mod_authz_core.c>
    Require all denied
    </IfModule>
    <IfModule !mod_authz_core.c>
    Order allow,deny
    Deny from all
    Satisfy All
    </IfModule>
    </Files>

    #
    # Allow php to handle Multiviews
    #
    AddType text/html .php

    #
    # Add index.php to the list of files that will be served as directory
    # indexes.
    #

    # mod_php options
    <IfModule mod_php7.c>
    #
    # Cause the PHP interpreter to handle files with a .php extension.
    #
    <FilesMatch \.(php|phar)$>
    SetHandler application/x-httpd-php
    </FilesMatch>

    #
    # Uncomment the following lines to allow PHP to pretty-print .phps
    # files as PHP source code:
    #
    #<FilesMatch \.phps$>
    # SetHandler application/x-httpd-php-source
    #</FilesMatch>

    #
    # Apache specific PHP configuration options
    # those can be override in each configured vhost
    #
    php_value session.save_handler "files"
    php_value session.save_path "/var/lib/php/session"
    php_value soap.wsdl_cache_dir "/var/lib/php/wsdlcache"

    #php_value opcache.file_cache "/var/lib/php/opcache"
    </IfModule>

    # Redirect to local php-fpm if mod_php (5 or 7) is not available
    <IfModule !mod_php5.c>
    <IfModule !mod_php7.c>
    # Enable http authorization headers
    SetEnvIfNoCase ^Authorization$ "(.+)" HTTP_AUTHORIZATION=$1

    <FilesMatch \.(php|phar)$>
    SetHandler "proxy:unix:/run/php-fpm/www.sock|fcgi://localhost"
    </FilesMatch>
    </IfModule>
    </IfModule>
     
  10. seattle

    seattle New Member

    Should I just give up on getting roundcube to work properly?
     
  11. Taleman

    Taleman Well-Known Member HowtoForge Supporter

    That is for you to decide. How important is it to send HTML e-mails?
    I do not send e-mails in HTML-format, and do not want to receive them.
    If you want to work with finding out why your installation works strangely, this may help: https://www.php.net/manual/en/function.error-reporting.php
     
    Last edited: May 20, 2022
  12. Jesse Norell

    Jesse Norell ISPConfig Developer Staff Member ISPConfig Developer

    So your web server log shows the request for the non-existent file (normal behavior), but doesn't show anything for the request where it supposedly sent a 403 error? Maybe something ahead of it like a reverse proxy is intercepting the request?
     
  13. seattle

    seattle New Member

    Here is what shows in Debug Console when I try saving an HTML draft
    upload_2022-5-20_8-26-48.png
    nothing shows up in the php-fpm/error.log or www-error.log,
    httpd/ssl_error_log does have some entries:
    [Fri May 20 08:24:35.490601 2022] [:error] [pid 657595:tid 139811008456448] [client 192.168.1.16:63519] [client 192.168.1.16] ModSecurity: Rule 55c97961caa0 [id "932100"][file "/etc/httpd/modsecurity.d/activated_rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "122"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "emailat.example.tld"] [uri "/roundcube/"] [unique_id "Yoeys6MGgFrV2WmFcQDbpQAAANU"], referer: https://emailat.example.tld/roundcube/?_task=mail&_action=compose&_id=10610413006287b2a8803c3

    [Fri May 20 08:24:35.490763 2022] [:error] [pid 657595:tid 139811008456448] [client 192.168.1.16:63519] [client 192.168.1.16] ModSecurity: Rule 55c979628890 [id "932105"][file "/etc/httpd/modsecurity.d/activated_rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"][line "158"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "emailat.example.tld"] [uri "/roundcube/"] [unique_id "Yoeys6MGgFrV2WmFcQDbpQAAANU"], referer: https://emailat.example.tld/roundcube/?_task=mail&_action=compose&_id=10610413006287b2a8803c3

    [Fri May 20 08:24:35.496492 2022] [:error] [pid 657595:tid 139811008456448] [client 192.168.1.16:63519] [client 192.168.1.16] ModSecurity: Warning. Pattern match "\\\\b(?:if(?:/i)?(?: not)?(?: exist\\\\b| defined\\\\b| errorlevel\\\\b| cmdextversion\\\\b|(?: |\\\\().*(?:\\\\bgeq\\\\b|\\\\bequ\\\\b|\\\\bneq\\\\b|\\\\bleq\\\\b|\\\\bgtr\\\\b|\\\\blss\\\\b|==))|for(?:/[dflr].*)? %+[^ ]+ in\\\\(.*\\\\)\\\\s?do)" at ARGS:_message. [file "/etc/httpd/modsecurity.d/activated_rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"] [line "412"] [id "932140"] [msg "Remote Command Execution: Windows FOR/IF Command Found"] [data "Matched Data: if they try to induce a sense of urgency no matter how<br/>&lsquo official&rsquo they seem.<br/><br/>&nbsp &nbsp &nbsp &nbsp &nbsp &nbsp &nbsp &nbsp &nbsp #4<br/><br/>&nbsp &nbsp &nbsp &nbsp &nbsp &nbsp &nbsp &nbsp &nbsp use a virtual private network(vpn) on all public wifi connections <br/><br/>&nbsp &nbsp &nbsp &nbsp &nbsp &nbsp &nbsp &nbsp &nbsp vpns like bitdefender add an extra layer of protection between your<br/>devices and the internet. most public hotspots offer little privacy<br/>..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.0"] [tag "application-multi"] [ [hostname "emailat.example.tld"] [uri "/roundcube/"] [unique_id "Yoeys6MGgFrV2WmFcQDbpQAAANU"], referer: https://emailat.example.tld/roundcube/?_task=mail&_action=compose&_id=10610413006287b2a8803c3

    [Fri May 20 08:24:35.526762 2022] [:error] [pid 657595:tid 139811008456448] [client 192.168.1.16:63519] [client 192.168.1.16] ModSecurity: Rule 55c978dff9d0 [id "941160"][file "/etc/httpd/modsecurity.d/activated_rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"][line "199"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "emailat.example.tld"] [uri "/roundcube/"] [unique_id "Yoeys6MGgFrV2WmFcQDbpQAAANU"], referer: https://emailat.example.tld/roundcube/?_task=mail&_action=compose&_id=10610413006287b2a8803c3

    [Fri May 20 08:24:35.534300 2022] [:error] [pid 657595:tid 139811008456448] [client 192.168.1.16:63519] [client 192.168.1.16] ModSecurity: Rule 55c978e23d00 [id "941200"][file "/etc/httpd/modsecurity.d/activated_rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"][line "299"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "emailat.example.tld"] [uri "/roundcube/"] [unique_id "Yoeys6MGgFrV2WmFcQDbpQAAANU"], referer: https://emailat.example.tld/roundcube/?_task=mail&_action=compose&_id=10610413006287b2a8803c3

    [Fri May 20 08:24:35.550924 2022] [:error] [pid 657595:tid 139811008456448] [client 192.168.1.16:63519] [client 192.168.1.16] ModSecurity: Rule 55c978e86d48 [id "941350"][file "/etc/httpd/modsecurity.d/activated_rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"][line "573"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "emailat.example.tld"] [uri "/roundcube/"] [unique_id "Yoeys6MGgFrV2WmFcQDbpQAAANU"], referer: https://emailat.example.tld/roundcube/?_task=mail&_action=compose&_id=10610413006287b2a8803c3

    [Fri May 20 08:24:35.587450 2022] [:error] [pid 657595:tid 139811008456448] [client 192.168.1.16:63519] [client 192.168.1.16] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/httpd/modsecurity.d/activated_rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "93"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "emailat.example.tld"] [uri "/roundcube/"] [unique_id "Yoeys6MGgFrV2WmFcQDbpQAAANU"], referer: https://emailat.example.tld/roundcube/?_task=mail&_action=compose&_id=10610413006287b2a8803c3

    [Fri May 20 08:24:35.587667 2022] [:error] [pid 657595:tid 139811008456448] [client 192.168.1.16:63519] [client 192.168.1.16] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/httpd/modsecurity.d/activated_rules/RESPONSE-980-CORRELATION.conf"] [line "91"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.0"] [tag "event-correlation"] [hostname "emailat.example.tld"] [uri "/roundcube/"] [unique_id "Yoeys6MGgFrV2WmFcQDbpQAAANU"], referer: https://emailat.example.tld/roundcube/?_task=mail&_action=compose&_id=10610413006287b2a8803c3

    httpd/modsec_audit.log shows:
    Apache-Error: [file "apache2_util.c"] [line 273] [level 3] [client 192.168.1.16] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/httpd/modsecurity.d/activated_rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "93"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "emailat.example.tld"] [uri "/roundcube/"] [unique_id "Yoeys6MGgFrV2WmFcQDbpQAAANU"]
    Apache-Error: [file "apache2_util.c"] [line 273] [level 3] [client 192.168.1.16] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/httpd/modsecurity.d/activated_rules/RESPONSE-980-CORRELATION.conf"] [line "91"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [ver "OWASP_CRS/3.3.0"] [tag "event-correlation"] [hostname "emailat.example.tld"] [uri "/roundcube/"] [unique_id "Yoeys6MGgFrV2WmFcQDbpQAAANU"]
    Action: Intercepted (phase 2)
    Stopwatch: 1653060275459076 128887 (- - -)
    Stopwatch2: 1653060275459076 128887; combined=117517, p1=523, p2=116860, p3=0, p4=0, p5=134, sr=139, sw=0, l=0, gc=0
    Response-Body-Transformed: Dechunked
    Producer: ModSecurity for Apache/2.9.2 (http://www.modsecurity.org/); OWASP_CRS/3.3.0.
    Server: Apache
    Engine-Mode: "ENABLED"​

    So there is something going on with the Apache. Seems to be in the modsecurity. Which i have a feeling is not working properly as the 403 error is not getting sent back via the main branch of Apache as the browser does not give the 403 error nor is it in the httpd log.
     
  14. Jesse Norell

    Jesse Norell ISPConfig Developer Staff Member ISPConfig Developer

    There you go, 'PCRE limits exceeded' means you need to bump some php config values, and then the modsecurity rules that are matching can be excluded for that site to fix the rest. Finding the correct log file is often all it takes....
     
  15. seattle

    seattle New Member

    i think changing the mod_security.conf so that SecRequestBodyAccess Off has the setup working as anticipated.
     

Share This Page