David W

Our issue is resolved, and I’m guessing that our solution will help you. The issue on our end was that, after we moved the website over to use SSL by default (https://our-domain.com instead of https://our-domain.com), whenever users clicked on “Login”, Wild Apricot wouldn’t accept the referring URL, because “https://” is a different URL than “https://”.

I had to edit our settings inside Wild Apricot admin dashboard (Settings -> Security -> Authorized Applications -> “WordPress” (the name of our application) -> and then scroll to the very bottom and enter in https://our-domain.com into the text area for the Trusted redirect domains.

This recently cropped up on a system that I manage for a client as well, with the same exact error message. The client first emailed me about the problem today.

The only changes on the site are that we just migrated the website OFF of GoDaddy onto our own web hosting infrastructure, and we migrated the website to use SSL. Other than that, nothing has changed (other than keeping WordPress code and 3rd party plugins, like Wild Apricot Login, up-to-date.

I’m digging into the issue, and will reply if I make progress.

This is what is showing up in the error log:
wa_integration_oauth2_error: Unable to get OAuth2 token.

The mail server is actually fairly new, as of earlier this year. I split the mail server off of the web server for better security.

So the SSL certificate is indeed “new” in the sense that I only generated it earlier this year.

The output of this looks interesting (note the “-showcerts” directive which I found by reviewing https://www.cyberciti.biz/faq/test-ssl-certificates-diagnosis-ssl-certificate/):

openssl s_client -showcerts -connect mail.developcents.com:587
{snip}
Verify return code: 21 (unable to verify the first certificate)

Turns out I didn’t have the certificate chain setup properly. See https://unix.stackexchange.com/questions/146415/specify-certificate-of-ca-in-dovecot.

I had everything in Postfix configured correctly, but not in Dovecot (I was referencing the individual certificates by themselves, I hadn’t created a chain of the cert I was issued, followed by the contents of my caroot certificates).

Running the above command, I’m now getting this output:

Start Time: 1438338906
Timeout : 300 (sec)
Verify return code: 19 (self signed certificate in certificate chain)

The cert is definitely not self-signed, but this is going in the right direction.

Anyway, after making all those changes, I ran the testconfig in Postie, and…

Still not working. ??

So I guess my next step is to figure out why Dovecot is reporting the certificate is self-signed when it’s actually signed by trusted CA.

Possibly. This is a very similar situation: https://serverfault.com/questions/701137/can-not-connect-with-imap-open-but-openssl-s-client-works (I just left a comment there).

I just read through your conversation at https://www.ads-software.com/support/topic/postiegmail-connection-problem?replies=5, but see that wasn’t fully resolved (at least via the thread). I’ll research this some more, and if it does turn out to be a server issue of some sort, I’ll come back and let you know.

I just ran a “check for mail manually with full debug”…. here are the top portion of the results:

Checking for mail manually with debug output
Starting mail fetch
Postie Version: 1.7.2
Wordpress Version: 4.2.2
PHP Version: 5.4.16
OS: Linux myers.developcents.com 4.1.0-x86_64-linode59 #1 SMP Mon Jun 22 10:39:23 EDT 2015 x86_64
Debug mode: On
Time: 2015-07-21 21:38:52 GMT
Error log:
TMP dir: /tmp/
Postie is in /home/www/theagapepuppets.org/www/wp-content/plugins/postie/
Cron: On
Alternate Cron: Off
iconv: installed
imap: installed
mbstring: installed
wp_content_path: /home/www/theagapepuppets.org/www/wp-content
imap: TLS enabled
Connecting to imap.gmail.com:995 (imap-ssl) with TLS
imap: using Google INBOX
imap: connection string – {imap.gmail.com:995/service=imap/ssl/tls/novalidate-cert}INBOX
imap: disabling GSSAPI
Mail Connection Time Out
Common Reasons: Server Down, Network Issue, Port/Protocol MisMatch
Array
(
[0] => Can’t open mailbox {imap.gmail.com:995/service=imap/ssl/tls/novalidate-cert}INBOX: invalid remote specification
)

The Server said:
imap: closing connection
There are 0 messages to process
memory at start of email processing:37139392

Ok, I just enabled IMAP access onto my gmail account (for testing purposes only), and entered in my gmail address / password, configured settings and ports for IMAP-SSL (instead of POP3-SSL).

Got the same results.

Full log output:

[Tue Jul 21 19:46:23.477094 2015] [:error] [pid 19942] [client 74.221.189.99:56559] PHP Warning: imap_open(): Couldn’t open stream {imap.gmail.com:995/service=imap/ssl/tls/novalidate-cert}INBOX in /home/www/theagapepuppets.org/www/wp-content/plugins/postie/postieIMAP.php on line 89, referer: https://new.theagapepuppets.org/wp-admin/admin.php?page=postie-settings
[Tue Jul 21 19:46:23.477111 2015] [:error] [pid 19942] [client 74.221.189.99:56559] Postie: imap_open failed: Can’t open mailbox {imap.gmail.com:995/service=imap/ssl/tls/novalidate-cert}INBOX: invalid remote specification, referer: https://new.theagapepuppets.org/wp-admin/admin.php?page=postie-settings
[Tue Jul 21 19:46:23.477147 2015] [:error] [pid 19942] [client 74.221.189.99:56559] Postie: Unable to connect. The server said:, referer: https://new.theagapepuppets.org/wp-admin/admin.php?page=postie-settings
[Tue Jul 21 19:46:23.477166 2015] [:error] [pid 19942] [client 74.221.189.99:56559] Postie: , referer: https://new.theagapepuppets.org/wp-admin/admin.php?page=postie-settings

I’ve tested on both IMAP-SSL as well as POP3-SSL. When I use “mail protocol” of IMAP-SSL on wp-admin/admin.php?page=postie-settings, I specify the port as 993.

And when I use POP3-SSL, I specify the port as 995.

Either way produces the same symptoms, and the same error in the apache log (although the port changes, obviously).

[Tue Jul 21 15:22:57.679589 2015] [:error] [pid 16809] [client 74.221.189.99:49552] PHP Warning: imap_open(): Couldn’t open stream {mail.developcents.com:993/service=imap/ssl/tls/novalidate-cert} in /home/www/theagapepuppets.org/www/wp-content/plugins/postie/postieIMAP.php on line 89, referer: https://new.theagapepuppets.org/wp-admin/admin.php?page=postie-settings

No worries. Happens to the best of us.

This is what I’m seeing in the Apache log:

[Mon Jul 13 10:58:05.416138 2015] [:error] [pid 8419] [client 74.221.189.99:36390] PHP Warning: imap_open(): Couldn’t open stream {my.mailserver.com:995/service=pop3/ssl/tls/novalidate-cert} in /home/www/my.website/www/wp-content/plugins/postie/postieIMAP.php on line 89, referer: https://my.website.org/wp-admin/admin.php?page=postie-settings

I appreciate that you’re trying to help, and am biting my tongue so that I don’t reply with a snarky comment.

That said, if you re-read my last response, one of the tests I provided was from the server in question. I provided tests from 3 environments:
1) The actual web server where WordPress is installed
2) mxtoolbox.com
3) My local environment

Again, I can confirm that the mail server is correctly configured. That isn’t the issue.

The following is compliments of my local environment:

david@Develop-CENTS:~$ openssl s_client -connect mail.developcents.com:993
CONNECTED(00000003)

{snip}

* OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE AUTH=PLAIN AUTH=LOGIN] Dovecot ready.

The following is compliments of the shell on the web server (where WordPress / Postie is installed), connecting successfully to the mail server:

* OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE AUTH=PLAIN AUTH=LOGIN] Dovecot ready.

{snip}

[root@myers ~]# openssl s_client -connect mail.developcents.com:993
CONNECTED(00000003)

The following is compliments of https://mxtoolbox.com/SuperTool.aspx?action=mx%3adevelopcents.com&run=toolpage#

Session Transcript:
Connecting to 45.56.70.117

220 mail.developcents.com ESMTP Postfix [672 ms]
EHLO PWS3.mxtoolbox.com
250-mail.developcents.com
250-PIPELINING
250-SIZE 20480000
250-VRFY
250-ETRN
250-STARTTLS
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN [609 ms]
MAIL FROM:<[email protected]>
250 2.1.0 Ok [609 ms]
RCPT TO:<[email protected]>
454 4.7.1 <[email protected]>: Relay access denied [609 ms]

PWS3v2 3142ms

Well, I’m the mail server administrator, and I can confirm port settings are correct (and the firewall on the mail server is allowing communication on those ports).

I just checked the web server (where the website resides, outgoing connection) and did find that outgoing TCP ports 993 and 995 were disabled. After enabling that port on the web server (outgoing TCP port 993), I’m still getting the same results.

So, ports are correct on both servers now.

I can also confirm the email address is valid & working (I just set it up in Thunderbird to ensure connectivity).

The mail server supports both POP3 and IMAP, on ports 995 and 993, respectively. I’ve tested postie with both protocols (unsuccessfully), but have successfully connected to the mail server using a mail client in my local environment.

Thanks for the response.

After starting to work on this and do some research, I was starting to suspect that.

Whenever you get a chance, I think it would be a good idea to update the project homepage (https://www.ads-software.com/plugins/simple-cart-buy-now/) to indicate this change.

But anyway, this makes sense – thanks again.