Mails not being fetched from Exchange 2016 after update of Ubuntu & Zammad (SSLError: SSL_write)


Expected behavior:

  • Mails are fetched from the Exchange server.

Actual behavior:

  • Mails are not fetched from the mail server.
  • Health status says: “Channel: Email::Account in Can’t use Channel::Driver::Imap: #<OpenSSL::SSL::SSLError: SSL_write>”.

Steps to reproduce the behavior:

  • Update/upgrade the system from Ubuntu 18.04.? LTS and Zammad 3.?.? to Ubuntu 18.04.5 LTS and Zammad 3.4.x via ‘sudo apt-get update && sudo apt-get upgrade’
  • Login to Zammad to see that there are no new tickets although the respective Exchange mail account has new mails.

Additional information:

Could it be that the Ubuntu upgrade changed TLS settings and is less forgiving than the previous version? The ticket below discusses TLS, but the error message is different from ours.

Thanks in advance for any ideas!

No ideas?
Today I tried updating the system again (not sure it helps but it shouldn’t harm), and it gives an error (first words in German but the message should be clear anyway):

“Fehlschlag beim Holen von[...] 500 Internal Server Error [IP: 443]”
(I shortened the token).

Opening this URL in Firefox gives:
“We’re sorry, but something went wrong.
If you are the application owner check the logs for more information.”

I do not know if this could be responsible for my problem (maybe the Zammad update was incomplete), at least it is worth noting that something at goes wrong.

Greetings :slight_smile:

Thanks, I will watch that ticket.

Now the update was installed successfully, but it didn’t help regarding the original problem.

After reading the docs again (I wanted to switch to POP3 because IMAP didn’t work), I read about port 993 for IMAP. We had 143 configured - which was working fine for 1.5 years, and after setting it to 993 Zammad now works again.

Was that announced somewhere in release notes? Probably I missed it.

Anyway, it is working again now :slight_smile:

Glad you could solve your issue.

To help solve this mystery: No, there was no change in “ports we require” as this is absolutely depending on your. However, what we did is we dropped no longer supported / suggested encryptions. Especially everything with SSL and I think TLSv1.0 as well.

This usually isn’t an issue, but may require you to upgrade the cyphers on your exchange server (or update it). Not entirely sure on the exchange end.

The reason why port 993 does work instead of 143 proberbly is the encryption being used or possible.

This topic was automatically closed 120 days after the last reply. New replies are no longer allowed.