OTRS postmastermailbox.pl

RedOne picture RedOne · Feb 5, 2014 · Viewed 7.2k times · Source

i'm using otrs 3.2.11 on windows server 2008. i have an issue when running the module for fetching emails " otrs.postmastermailbox.pl"...it i used to be working very fine at the beggnig but now it says authantification faild!...i'm pretty sure it is not a mail account credential issue..i checked it out several times.

i'm usisng gmail account and usisng the pop3s/smtps to connect the otrs.

here is the output for executing the module using cmd.

C:\Ticket Manager\OTRS\bin>otrs.postmastermailbox.pl
 ERROR: OTRS-otrs.PostMasterMailbox.pl-14 Perl: 5.16.3 OS: MSWin32 Time: Wed Feb
  5 09:33:41 2014

  Message: POP3S: Auth for user ********@gmail.com/pop.gmail.com failed!

 Traceback (748):
  Module: Kernel::System::MailAccount::POP3S::_Fetch (OTRS 3.2.11) Line: 149
  Module: Kernel::System::MailAccount::POP3S::Fetch (OTRS 3.2.11) Line: 101
  Module: Kernel::System::MailAccount::MailAccountFetch (OTRS 3.2.11) Line: 419

  Module: main::Fetch (unknown version) Line: 177
  Module: C:\Ticket Manager\OTRS\bin\otrs.PostMasterMailbox.pl (unknown ver
  sion) Line: 90


  C:\Ticket Manager\OTRS\bin>

i'm not sure but i think it is due to perl module updates maybe...i don't remember the version of perl i used to use to have...here is the output for otrs.checkmodules.pl using cmd:

C:\Ticket Manager\OTRS\bin>otrs.checkmodules.pl
Set up gcc environment - 3.4.5 (mingw-vista special r3)
o CGI..............................ok (v3.63)
o Crypt::PasswdMD5.................ok (v1.3)
o Crypt::SSLeay....................ok (v0.60)
o CSS::Minifier....................ok (v0.01)
o Date::Format.....................ok (v2.24)
o Date::Pcalc......................ok (v1.2)
o DBI..............................ok (v1.630)
o DBD::mysql.......................ok (v4.022)
o DBD::ODBC........................ok (v1.45)
o DBD::Oracle......................FAILED! Not all prerequisites for this module correctly installed.
o DBD::Pg..........................ok (v2.19.3)
o Digest::MD5......................ok (v2.53)
o Digest::SHA::PurePerl............ok (v5.81)
o Digest::SHA......................ok (v5.85)
o Encode::HanExtra.................ok (v0.23)
o Encode::Locale...................ok (v1.03)
o GD...............................ok (v2.46)
o GD::Text.......................ok (v0.86)
o GD::Graph......................ok (v1.48)
o IO::Scalar.......................ok (v2.110)
o IO::Wrap.........................ok (v2.110)
o JavaScript::Minifier.............ok (v1.05)
o JSON.............................ok (v2.53)
o JSON::PP.......................ok (v2.27200)
o JSON::XS.......................ok (v2.34)
o Locale::Codes....................ok (v3.24)
o LWP::UserAgent...................ok (v6.04)
o Mail::Internet...................ok (v2.12)
o Mail::POP3Client.................ok (v1.2)
o IO::Socket::SSL................ok (v1.955)
o Mail::IMAPClient.................ok (v3.35)
o IO::Socket::SSL................ok (v1.955)
o MIME::Base64.....................ok (v3.13)
o MIME::Tools......................ok (v5.503)
o ModPerl::Util....................Not installed! (optional - Improves Performance on Apache webservers dramatically.)
o Apache::DBI....................ok (v1.11)
o Apache2::Reload................FAILED! Not all prerequisites for this module correctly installed.
o Net::DNS.........................ok (v0.73)
o Net::POP3........................ok (v2.30)
o Net::IMAP::Simple................ok (v1.2034)
o IO::Socket::SSL................ok (v1.955)
o Net::SMTP........................ok (v2.32)
o Authen::SASL...................ok (v2.16)
o Net::SMTP::SSL.................ok (v1.01)
o Net::SMTP::TLS::ButMaintained..ok (v0.20)
o Net::LDAP........................ok (v0.58)
o Net::SSL.........................ok (v2.85)
o PDF::API2........................ok (v2.020)
o Compress::Zlib.................ok (v2.063)
o Storable.........................ok (v2.45)
o SOAP::Lite.......................ok (v0.715)
o version........................ok (v0.9902)
o Class::Inspector...............ok (v1.28)
o Text::CSV........................ok (v1.21)
o Text::CSV_PP...................ok (v1.29)
o Text::CSV_XS...................ok (v1.02)
o Time::HiRes......................ok (v1.9726)
o XML::Parser......................ok (v2.41)
o HTTP::Message....................ok (v6.06)
o HTTP::Headers..................ok (v6.05)
o URI..............................ok (v1.60)
o URI::Escape....................ok (v3.31)
o Scalar::Util.....................ok (v1.35)
o YAML::XS.........................ok (v0.41)
o Win32::Daemon....................ok (v20110117)
o Win32::Service...................ok (v0.07)

C:\Ticket Manager\OTRS\bin>

i'm not very familir with perl modules...can someone help me please!!!

Answer

Steffen Ullrich picture Steffen Ullrich · Feb 7, 2014

From the source of OTRS I would suggest that it's not an authentication issue, but that it fails to establish an SSL connection. The reason might probably be, that you use a kind of recent IO::Socket::SSL version, which has certificate verification enabled by default. This version of IO::Socket::SSL already uses the default CA store location of OpenSSL, but on windows this might not work (openssl assumes either a file in PEM format or a hashed directory).

The bundled version of Mail::POP3Client is not aware of any certificate verification, e.g. it does neither provide useful certificates nor does it switch verification off. This is fixed in the current version of OTRS, where they don't use Mail::POP3Client any longer but instead the core module NET::POP3 enhanced through Net::SSLGlue::POP3 - and here they switch certificate verification simple off (which means, that man-in-the-middle attacks are easy).

What you could do:

  • the best way would be to get the necesary CA certificates and put them into a file, then let IO::Socket::SSL use this file. You might use Mozilla::CA for this (like LWP does) and then somewhere in your code (as early as possible) load IO::Socket::SSL and set the default verification path:

    IO::Socket::SSL::set_client_defaults( SSL_ca_file => Mozilla::CA::SSL_ca_file )

  • or switch verification off, like done in recent OTRS versions (and close your eyes to not see the obvious security problems), e.g. IO::Socket::SSL::set_client_defaults( SSL_verify_mode => 0 )

  • or upgrade to recent OTRS version which "fixes" the problem by disabling certificate verification