SSL being cut off after authenticating(logged in) with Gmail Account

Technical assistance
1

Infos:

  • Used Zammad version: 6.5.2-1758702414.b18da133.noble
  • Used Zammad installation type: package installation on Ubuntu (APT install)
  • Operating system: Ubuntu 24.04.3 LTS
  • Browser + version: Chrome (latest)

Expected behavior:

  • Gmail channel (Inbound email) should connect normally using OAuth2 (auth_type = XOAUTH2) and fetch IMAP messages from imap.gmail.com:993.

Actual behavior:

  • Gmail OAuth setup works (login success), but fetching emails fails.
  • Zammad logs show:
ERROR -- : Can't use Channel::Driver::Imap: #<OpenSSL::SSL::SSLError: SSL_read: unexpected eof while reading>
app/models/channel/driver/imap.rb:147:in `new'
app/models/channel/driver/imap.rb:147:in `block in setup_connection'
app/models/channel/driver/imap.rb:146:in `setup_connection'
app/models/channel/driver/imap.rb:50:in `fetch'
  • SSL handshake works correctly when tested manually via:
openssl s_client -connect imap.gmail.com:993 -tls1_2

which returns:

Verification: OK
Verify return code: 0 (ok)
  • So the server can reach Gmail and validate certificates successfully, but Zammad’s IMAP driver aborts during SSL_read with unexpected eof while reading.

Steps to reproduce the behavior:

  1. Go to Admin → Channels → Email → Add Account → Gmail OAuth
  2. Authenticate with Google successfully (OAuth flow completes)
  3. Zammad creates the channel and attempts to fetch via IMAP using XOAUTH2
  4. Fetch fails with the error above
  5. Log entries show repeated:
fetching imap (imap.gmail.com/MY_EMAIL port=993,ssl=true,starttls=false,auth_type=XOAUTH2,ssl_verify=true)

followed by the SSL_read EOF error.

Additional notes:

  • IMAP is enabled inside Gmail settings.
  • The same server can connect to imap.gmail.com:993 without issue using openssl.
  • Time sync (NTP) is correct.
  • No firewall or proxy interfering.
  • Error happens every time, immediately after Zammad tries to read from the SSL socket.
2

IPv4 vs IPv6 maybe. If your DNS server resolves IPv6 but your Host can‘t use IPv6 to communicate, this would happen

3

Thank you so much!! Indeed it turned out to be an IPv6 issue on my server.

getent ahosts imap.gmail.com was returning both IPv4 and IPv6 addresses, and when I tested with:

openssl s_client -connect '[2404:6800:4003:c11::6c]:993' -servername imap.gmail.com

I got this line:

SSL routines:ssl3_read_n:unexpected eof while reading

So the TLS handshake over IPv6 would succeed initially, but then the connection would drop with an EOF, which matches the error Zammad was showing when trying to fetch emails from Gmail.

I disabled IPv6 on the host (since I don’t need it for this server):

sudo tee /etc/sysctl.d/90-disable-ipv6.conf << 'EOF'
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
EOF

sudo sysctl --system

After that, getent ahosts imap.gmail.com only returns IPv4 addresses, and Zammad connects to Gmail without any SSL_read / EOF errors.

4

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.