XF 2.2 Automated bounced and unsubscribe email handler errors - authorization problems

bplein

Member
I have set up a new XenForo forums, and have set up outbound SMTP through my email system that I control.

I am now trying top set up the Automated bounced and unsubscribe email handlers, and and am getting Auth errors. I have tried IMAP TLS, IMAP (non encrypted) as well as POP3 non-encrypted and all of them are giving me authentication errors.

I know that my email server works, and I have successfully tested the accounts using macOS Mail.app (so I know I set the password correctly and IMAP is working fine).

Is there any extra debugging we can set on the client side (XenForo) to see a bit more about what is going on? On my server side, I get simple errors pointing to authentication:

Examples (redacted IPs and domain), one with pop3 and one with IMAP:
Code:
Jun  1 23:55:30 b6dbdf4fde68 dovecot: imap-login: Aborted login (auth failed, 1 attempts in 0 secs): user=<bouncebot@example.com>, rip=xxx.xxx.xxx.xxx, lip=yyy.yyy.yyy.yyy
Jun  2 06:57:54 b6dbdf4fde68 dovecot: pop3-login: Aborted login (auth failed, 1 attempts in 0 secs): user=<bouncebot@example.com>, rip=xxx.xxx.xxx.xxx, lip=yyy.yyy.yyy.yyy

Here is what is showing up in the XenForo logs in the WebUI:

Server error log
Code:
Laminas\Mail\Protocol\Exception\RuntimeException: Bounce connection error: last request failed src/vendor/laminas/laminas-mail/src/Protocol/Pop3.php:167
Generated by: Unknown account Jun 2, 2021 at 11:23 AM


Stack trace
Code:
#0 src/vendor/laminas/laminas-mail/src/Protocol/Pop3.php(197): Laminas\Mail\Protocol\Pop3->readResponse(false)
#1 src/vendor/laminas/laminas-mail/src/Protocol/Pop3.php(248): Laminas\Mail\Protocol\Pop3->request('USER bouncebot@...')
#2 src/XF/Mail/Storage/Pop3.php(27): Laminas\Mail\Protocol\Pop3->login('bouncebot@f150l...', '*****', true)
#3 src/XF/EmailBounce/Processor.php(252): XF\Mail\Storage\Pop3::setupFromHandler(Array)
#4 src/XF/SubContainer/Bounce.php(15): XF\EmailBounce\Processor::getDefaultBounceHandlerStorage(Object(XF\Cli\App))
#5 src/XF/Container.php(28): XF\SubContainer\Bounce->XF\SubContainer\{closure}(Object(XF\Container))
#6 src/XF/SubContainer/Bounce.php(43): XF\Container->offsetGet('storage')
#7 src/XF/Job/EmailBounce.php(20): XF\SubContainer\Bounce->storage()
#8 src/XF/Job/Manager.php(258): XF\Job\EmailBounce->run(8)
#9 src/XF/Job/Manager.php(200): XF\Job\Manager->runJobInternal(Array, 8)
#10 src/XF/Job/Manager.php(84): XF\Job\Manager->runJobEntry(Array, 8)
#11 src/XF/Cli/Command/RunJobs.php(59): XF\Job\Manager->runQueue(false, 8)
#12 src/vendor/symfony/console/Command/Command.php(255): XF\Cli\Command\RunJobs->execute(Object(Symfony\Component\Console\Input\ArgvInput), Object(Symfony\Component\Console\Output\ConsoleOutput))
#13 src/vendor/symfony/console/Application.php(992): Symfony\Component\Console\Command\Command->run(Object(Symfony\Component\Console\Input\ArgvInput), Object(Symfony\Component\Console\Output\ConsoleOutput))
#14 src/vendor/symfony/console/Application.php(255): Symfony\Component\Console\Application->doRunCommand(Object(XF\Cli\Command\RunJobs), Object(Symfony\Component\Console\Input\ArgvInput), Object(Symfony\Component\Console\Output\ConsoleOutput))
#15 src/vendor/symfony/console/Application.php(148): Symfony\Component\Console\Application->doRun(Object(Symfony\Component\Console\Input\ArgvInput), Object(Symfony\Component\Console\Output\ConsoleOutput))
#16 src/XF/Cli/Runner.php(109): Symfony\Component\Console\Application->run(Object(Symfony\Component\Console\Input\ArgvInput), Object(Symfony\Component\Console\Output\ConsoleOutput))
#17 cmd.php(15): XF\Cli\Runner->run()
#18 {main}


Request state
Code:
array(1) {
  ["cli"] => string(33) "/var/www/html/cmd.php xf:run-jobs"
}
 
Last edited:

bplein

Member
Really would like to know if it's possible to turn on some full logging so I could get more than the limited stack dump shown above. I know for a fact that IMAP is working fine.
 

bplein

Member
@Mike Thanks for your help on this issue.

For everyone else, this WAS a email server side configuration issue, not XenForo. The funny thing is that traditional clients (mobile and desktop) weren't throwing errors, there was a cert issue with my Dovecot install which affects both IMAP and POP.

When I rectified this cert issue, XenForo unsubscribe and bounce handling worked perfectly.

A good tool for testing from the XenForo side is the openssl cli itself.

Examples (change example.com to your mail server hostname):
SMTPS: openssl s_client -showcerts -connect example.com:465
IMAPS: openssl s_client -showcerts -connect example.com:993
POP3S: openssl s_client -showcerts -connect example.com:995

In each case, the CLI will make a connection to the server, and show you the chain of SSL certs it's verifying, and then show if you are connected to the SMTP/IMAP/POP server.

In my case, due to a messed up cert configuration for Dovecot, I was getting something like:

Code:
depth=0 CN = example.com
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 CN = example.com
verify error:num=21:unable to verify the first certificate
verify return:1

Between @Mike and the use of the "openssl" to test end to end from Xenforo instance to my mail server, I was able to figure it out.
 
Top