Announcement

Collapse
No announcement yet.

OX-Guard: Fehler nach dem Update zu 1.2

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • OX-Guard: Fehler nach dem Update zu 1.2

    Hallo,

    nach dem Update zur Version 1.2, habe ich einen Fehler festgestellt. Wenn der externe Mail-User auf die Mail antwortet, kommt folgende Fehlermeldung: Bei Senden der verschlüsselten E-Mail-Antwort trat ein Fehler auf.
    Der Rest scheint zu funktionieren. Auch die Fehler mit der Kodierung deutscher Umlauten und Cyrillic unter CentOS sind mit dieser Version weg.

    Die Kommunikation zwischen OXGuard Backend und Open-Xchange REST API erfolgt unverschlüsselt, com.openexchange.guard.backend_ssl=true ist nicht aktiviert.

    Die gesamte Installation ist auf einem Server. Der Server steht hinter HA-Proxy. Mit der Version 1.0 von OX Guard hat die Kommunikation einwandfrei funktioniert.

    rpm -qa |grep guard
    -------------------------
    open-xchange-guard-ui-1.2.0-3_3.1.noarch
    open-xchange-guard-ui-static-1.2.0-3_3.1.noarch
    open-xchange-guard-1.2.0-4_4.1.noarch

    Der Auszug aus guard.log
    --------------------------
    2015-01-16 09:48:00 INFO [qtp606861698-26] c.o.g.m.Incoming [Incoming.java:371] Success email send
    2015-01-16 09:48:46 INFO [qtp606861698-25] c.o.g.s.MainServlet [MainServlet.java:418] Action: guest From IP: 192.168.2.252
    2015-01-16 09:48:46 INFO [qtp606861698-27] c.o.g.s.MainServlet [MainServlet.java:418] Action: getmail From IP: 192.168.2.252
    2015-01-16 09:48:46 INFO [qtp606861698-27] c.o.g.s.UserData [UserData.java:102] Decode user data at 1421398126394
    2015-01-16 09:48:46 INFO [qtp606861698-27] c.o.g.e.Crypto [Crypto.java:295] Decoded item bdf6e26c-c10a-4628-8a06-07a03639b49a / 1421398126408
    2015-01-16 09:49:11 INFO [qtp606861698-25] c.o.g.s.MainServlet [MainServlet.java:418] Action: emailform From IP: 192.168.2.252
    2015-01-16 09:49:11 INFO [qtp606861698-25] c.o.g.s.UserData [UserData.java:102] Decode user data at 1421398151686
    2015-01-16 09:49:11 INFO [qtp606861698-25] c.o.g.e.Crypto [Crypto.java:147] Encrypted email1421398151764
    2015-01-16 09:49:12 ERROR [qtp606861698-25] c.o.g.s.Sender [Sender.java:239] Error sending email to "XXXX XXXXX"<xxxx@berlicall.local>
    javax.mail.MessagingException: Can't send command to SMTP host (javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderE xception: unable to find valid certification path to requested target)
    at com.sun.mail.smtp.SMTPTransport.sendCommand(SMTPTr ansport.java:1420) ~[mail-1.4.jar:1.4]
    at com.sun.mail.smtp.SMTPTransport.sendCommand(SMTPTr ansport.java:1408) ~[mail-1.4.jar:1.4]
    at com.sun.mail.smtp.SMTPTransport.ehlo(SMTPTransport .java:847) ~[mail-1.4.jar:1.4]
    at com.sun.mail.smtp.SMTPTransport.protocolConnect(SM TPTransport.java:384) ~[mail-1.4.jar:1.4]
    at javax.mail.Service.connect(Service.java:251) ~[geronimo-javamail_1.4_spec-1.7.1.jar:1.7.1]
    at com.openexchange.guard.server.Sender.send(Sender.j ava:233) ~[com.openexchange.guard.jar:na]
    at com.openexchange.guard.mail.SendNotice.sendEmailNo tice(SendNotice.java:150) [com.openexchange.guard.jar:na]
    at com.openexchange.guard.mail.Incoming.incomingEmail Form(Incoming.java:354) [com.openexchange.guard.jar:na]
    at com.openexchange.guard.server.MailHandler.incoming EmailForm(MailHandler.java:135) [com.openexchange.guard.jar:na]
    at com.openexchange.guard.server.MainServlet.doPost(M ainServlet.java:427) [com.openexchange.guard.jar:na]
    at javax.servlet.http.HttpServlet.service(HttpServlet .java:707) [javax.servlet-api-3.1.0.jar:3.1.0]
    at javax.servlet.http.HttpServlet.service(HttpServlet .java:790) [javax.servlet-api-3.1.0.jar:3.1.0]
    at org.eclipse.jetty.servlet.ServletHolder.handle(Ser vletHolder.java:696) [jetty-servlet-9.1.0.v20131115.jar:9.1.0.v20131115]
    at org.eclipse.jetty.servlet.ServletHandler.doHandle( ServletHandler.java:526) [jetty-servlet-9.1.0.v20131115.jar:9.1.0.v20131115]
    at org.eclipse.jetty.server.session.SessionHandler.do Handle(SessionHandler.java:219) [jetty-server-9.1.0.v20131115.jar:9.1.0.v20131115]
    at org.eclipse.jetty.server.handler.ContextHandler.do Handle(ContextHandler.java:1110) [jetty-server-9.1.0.v20131115.jar:9.1.0.v20131115]
    at org.eclipse.jetty.servlet.ServletHandler.doScope(S ervletHandler.java:453) [jetty-servlet-9.1.0.v20131115.jar:9.1.0.v20131115]
    at org.eclipse.jetty.server.session.SessionHandler.do Scope(SessionHandler.java:183) [jetty-server-9.1.0.v20131115.jar:9.1.0.v20131115]
    at org.eclipse.jetty.server.handler.ContextHandler.do Scope(ContextHandler.java:1044) [jetty-server-9.1.0.v20131115.jar:9.1.0.v20131115]
    at org.eclipse.jetty.server.handler.ScopedHandler.han dle(ScopedHandler.java:141) [jetty-server-9.1.0.v20131115.jar:9.1.0.v20131115]
    at org.eclipse.jetty.server.handler.ContextHandlerCol lection.handle(ContextHandlerCollection.java:199) [jetty-server-9.1.0.v20131115.jar:9.1.0.v20131115]
    at org.eclipse.jetty.server.handler.HandlerCollection .handle(HandlerCollection.java:109) [jetty-server-9.1.0.v20131115.jar:9.1.0.v20131115]
    at org.eclipse.jetty.server.handler.HandlerWrapper.ha ndle(HandlerWrapper.java:97) [jetty-server-9.1.0.v20131115.jar:9.1.0.v20131115]
    at org.eclipse.jetty.server.Server.handle(Server.java :459) [jetty-server-9.1.0.v20131115.jar:9.1.0.v20131115]
    at org.eclipse.jetty.server.HttpChannel.handle(HttpCh annel.java:280) [jetty-server-9.1.0.v20131115.jar:9.1.0.v20131115]
    at org.eclipse.jetty.server.HttpConnection.onFillable (HttpConnection.java:229) [jetty-server-9.1.0.v20131115.jar:9.1.0.v20131115]
    at org.eclipse.jetty.io.AbstractConnection$1.run(Abst ractConnection.java:505) [jetty-io-9.1.0.v20131115.jar:9.1.0.v20131115]
    at org.eclipse.jetty.util.thread.QueuedThreadPool.run Job(QueuedThreadPool.java:607) [jetty-util-9.1.0.v20131115.jar:9.1.0.v20131115]
    at org.eclipse.jetty.util.thread.QueuedThreadPool$3.r un(QueuedThreadPool.java:536) [jetty-util-9.1.0.v20131115.jar:9.1.0.v20131115]
    at java.lang.Thread.run(Thread.java:745) [na:1.7.0_71]
    Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderE xception: unable to find valid certification path to requested target
    at sun.security.ssl.Alerts.getSSLException(Alerts.jav a:192) ~[na:1.7.0_71]
    at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl .java:1884) ~[na:1.7.0_71]
    at sun.security.ssl.Handshaker.fatalSE(Handshaker.jav a:276) ~[na:1.7.0_71]
    at sun.security.ssl.Handshaker.fatalSE(Handshaker.jav a:270) ~[na:1.7.0_71]
    at sun.security.ssl.ClientHandshaker.serverCertificat e(ClientHandshaker.java:1439) ~[na:1.7.0_71]
    at sun.security.ssl.ClientHandshaker.processMessage(C lientHandshaker.java:209) ~[na:1.7.0_71]
    at sun.security.ssl.Handshaker.processLoop(Handshaker .java:878) ~[na:1.7.0_71]
    at sun.security.ssl.Handshaker.process_record(Handsha ker.java:814) ~[na:1.7.0_71]
    at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocke tImpl.java:1016) ~[na:1.7.0_71]
    at sun.security.ssl.SSLSocketImpl.performInitialHands hake(SSLSocketImpl.java:1312) ~[na:1.7.0_71]
    at sun.security.ssl.SSLSocketImpl.writeRecord(SSLSock etImpl.java:702) ~[na:1.7.0_71]
    at sun.security.ssl.AppOutputStream.write(AppOutputSt ream.java:122) ~[na:1.7.0_71]
    at com.sun.mail.util.TraceOutputStream.write(TraceOut putStream.java:101) ~[mail-1.4.jar:1.4]
    at java.io.BufferedOutputStream.flushBuffer(BufferedO utputStream.java:82) ~[na:1.7.0_71]
    at java.io.BufferedOutputStream.flush(BufferedOutputS tream.java:140) ~[na:1.7.0_71]
    at com.sun.mail.smtp.SMTPTransport.sendCommand(SMTPTr ansport.java:1418) ~[mail-1.4.jar:1.4]
    ... 29 common frames omitted
    Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderE xception: unable to find valid certification path to requested target
    at sun.security.validator.PKIXValidator.doBuild(PKIXV alidator.java:385) ~[na:1.7.0_71]
    at sun.security.validator.PKIXValidator.engineValidat e(PKIXValidator.java:292) ~[na:1.7.0_71]
    at sun.security.validator.Validator.validate(Validato r.java:260) ~[na:1.7.0_71]
    at sun.security.ssl.X509TrustManagerImpl.validate(X50 9TrustManagerImpl.java:326) ~[na:1.7.0_71]
    at sun.security.ssl.X509TrustManagerImpl.checkTrusted (X509TrustManagerImpl.java:231) ~[na:1.7.0_71]
    at sun.security.ssl.X509TrustManagerImpl.checkServerT rusted(X509TrustManagerImpl.java:126) ~[na:1.7.0_71]
    at sun.security.ssl.ClientHandshaker.serverCertificat e(ClientHandshaker.java:1421) ~[na:1.7.0_71]
    ... 40 common frames omitted
    Caused by: sun.security.provider.certpath.SunCertPathBuilderE xception: unable to find valid certification path to requested target
    at sun.security.provider.certpath.SunCertPathBuilder. engineBuild(SunCertPathBuilder.java:196) ~[na:1.7.0_71]
    at java.security.cert.CertPathBuilder.build(CertPathB uilder.java:268) ~[na:1.7.0_71]
    at sun.security.validator.PKIXValidator.doBuild(PKIXV alidator.java:380) ~[na:1.7.0_71]
    ... 46 common frames omitted
    ------------------------

  • #2
    Reproduziert :-(
    Wir prüfen mal, was da passiert ist.

    Comment


    • #3
      Vielen Dank für die schnelle Antwort!
      Gruß Johann

      Comment


      • #4
        Der Unterschied scheint zu sein, dass der Guard Default jetzt STARTTLS nutzt, wenn es vom SMTP Server angeboten wird.
        Allerdings (aufgrund des Java Defaults) nur mit bekannten CAs.
        D.h. man muss jetzt entweder die Verwendung von starttls abschalten oder das entsprechende Zertifikat (server oder CA) in Java importieren.
        Ersteres geht mit der Option
        com.openexchange.guard.usestarttls=false
        in /opt/open-xchange/guard/etc/guard.properties

        Comment

        Working...
        X