well solved the real problem: it was a bad coding from the stupid author https://github.com/roundcube/roundcubemail/issues/7691 i patched and corected..
although aleck's code is secure and fulfills its purpose it is not legally correct, since it assumes that every connection is always secure and that if the connection is not secure then it assumes that it is a spoofing attack, which is incorrect if the environment is an intranet for simple mail handling with staff who have no knowledge (the browser would give certificate error) or migrations of old versions (it goes from https to http without knowing from the user) so the cookie must respect the http/https way.. https://qgqlochekone.blogspot.com/2021/04/roundcube-invalid-request-no-data-was.html El dom, 4 de abr. de 2021 a la(s) 16:59, PICCORO McKAY Lenz ( mckaygerh...@gmail.com) escribió: > El dom, 4 de abr. de 2021 a la(s) 12:03, Sam Varshavchik ( > mr...@courier-mta.com) escribió: > >> PICCORO McKAY Lenz writes: >> > now roundcube try to check the cert file of courier imap connection so >> it >> > fails. workaround is tho added >> I have a recollection that lets encrypt's CA cert is cross-signed. To >> have >> > yes .. that's the most common problem > > >> it validate to a trusted root anchor, one needs to include the >> intermediate >> cert in the TLS_CERTFILE. > > some days ago I visited a page that indicated how to do the process > correctly using lest-encriup but I couldn't find it, I wanted to put it > here... it indicated which file to use and how to use them. > > >> TLS_CERTFILE would actually have two certificates, >> your actual certificate and the intermediate certificate. I do not >> recall >> the details, but they also have to be in a specific order. >> >> It's just the way it is: setting up a mail server in today's world >> requires >> subject matter expertise in multiple technologies. >> > this is the reason why i am recently asking so much, i am currently > documenting for debian and alpine, > > i m using 3 types of cases, in all of them used hybrid users way, mail > service that has both system users and virtual users, the only thing i have > not been able to configure is spamn since spamassassing needs the HOME/USER > variable of the user and this is not provided correctly since one user > handles all virtual ones.... > > > >> >> _______________________________________________ >> Courier-imap mailing list >> Courier-imap@lists.sourceforge.net >> Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-imap >> >
_______________________________________________ Courier-imap mailing list Courier-imap@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-imap
