Mail app not starting under NC21 with php8.0 and nginx 1.19.8

Recently upgraded to NC21 and php8.0 and now the Mail app won’t start. I’ve deleted and reinstalled with no success. Further information available on request.

As ususaly check the content of the Nextcloud log file and post any related error messages when you install/access the mail app. In most cases a required php module is missing which can cause all kind of problems.

BTW, I assume that you’ve already restarted your web server to activate the new php version, right?

Couldn’t find anything else about the Mail app and PHP 8.0. Yes, I’ve restarted nginx, several times. Here’s the latest item from the nextcloud.error log:

2021/03/15 15:19:36 [error] 712029#712029: *20937 access forbidden by rule, client: 192.168.1.1, server: nextcloud.koalatyworks.com, request: “PROPFIND /.well-known/webdav/Notes/ HTTP/1.1”, host: “nextcloud.koalatyworks.com

I’ve disabled ModSecurity for testing purposes, but this error message still looks like ModSecurity is running. Is this a Nextcloud issue or a ModSec one?

Could you elaborate on what exactly doesn’t work?

FYI Restarting the web server has little to no influence on a php application.

When I try to start the Mail app I get an Internal Server Error. The Nextcloud error log shows the following:

2021/03/16 08:52:20 [error] 88579#88579: *3625 access forbidden by rule, client: 192.168.1.1, server: nextcloud.mydomain.com, request: “PROPFIND /.well-known/webdav/Notes/ HTTP/1.1”, host: “nextcloud.mydomain.com

The bit about “access forbidden by rule” kind of makes me think ModSecurity might have something to do with this.

I assume with start the app you mean access it in the browser?

The Mail app certainly doesn’t do a PROPFINd to .well-known. I think that is some other app that interferes with Mail.

Yes. I’ve got nextcloud.mydomain.com open with a line of apps in the upper left; one of them is Mail. When I clilck on that app, I get the Internal Server Error.

I have ModSecurity on the server, but I’ve commented out the lines that enable it in nginx.conf. Is it still interfering?

also check your nextcloud.log. it should have some info about the internal server error.

Here’s the output from /var/log/nginx/nextcloud.access:

192.168.1.1 - Ken [16/Mar/2021:10:29:36 -0400] “PROPFIND /remote.php/dav/files/Ken/ HTTP/1.1” 207 256 “-” “Mozilla/5.0 (Linux) mirall/3.1.3-20210218.151938.3842d306f-1.0~groovy1 (Nextcloud)”

Is there another logfile I should check? nextcloud.access and nextcloud.error are the only ones in that directory.

https://docs.nextcloud.com/server/latest/admin_manual/configuration_server/logging_configuration.html#file

Thanks! Now I know another place to check for information.

Here’s the output from nextcloud.log, grepped for “mail”:

{“reqId”:“0EOA0pwy5gz9ZspMcByM”,“level”:3,“time”:“2021-03-16T16:43:26+00:00”,“remoteAddr”:“174.128.182.40”,“user”:"–",“app”:“mail”,“method”:“GET”,“url”:"/cron.php",“message”:{“Exception”:“Exception”,“Message”:“HMAC does not match.”,“Code”:0,“Trace”:[{“file”:"/usr/share/nginx/nextcloud/apps/mail/lib/IMAP/IMAPClientFactory.php",“line”:66,“function”:“decrypt”,“class”:“OC\Security\Crypto”,“type”:"->",“args”:["*** sensitive parameters replaced ***"]},{“file”:"/usr/share/nginx/nextcloud/apps/mail/lib/IMAP/MailboxSync.php",“line”:90,“function”:“getClient”,“class”:“OCA\Mail\IMAP\IMAPClientFactory”,“type”:"->"},{“file”:"/usr/share/nginx/nextcloud/apps/mail/lib/BackgroundJob/SyncJob.php",“line”:91,“function”:“sync”,“class”:“OCA\Mail\IMAP\MailboxSync”,“type”:"->"},{“file”:"/usr/share/nginx/nextcloud/lib/public/BackgroundJob/Job.php",“line”:80,“function”:“run”,“class”:“OCA\Mail\BackgroundJob\SyncJob”,“type”:"->"},{“file”:"/usr/share/nginx/nextcloud/lib/public/BackgroundJob/TimedJob.php",“line”:61,“function”:“execute”,“class”:“OCP\BackgroundJob\Job”,“type”:"->"},{“file”:"/usr/share/nginx/nextcloud/cron.php",“line”:150,“function”:“execute”,“class”:“OCP\BackgroundJob\TimedJob”,“type”:"->"}],“File”:"/usr/share/nginx/nextcloud/lib/private/Security/Crypto.php",“Line”:147,“CustomMessage”:“Cron mail sync failed: HMAC does not match.”},“userAgent”:“Mozilla/5.0 (iPad; CPU OS 14_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.0.3 Mobile/15E148 Safari/604.1”,“version”:“21.0.0.18”}

I hope this makes sense!

I looked up HMAC from the nextcloud.log file, and now I’m wondering if it has anything to do with the fact that I’ve enabled GPG-signing of my email. This could be it, but is there a way to use GPG with the Mail app?

did you change the secret of your config.php?

Not intentionally!

Is it possible the fact there’s no php8.0-ldap available has something to do with this problem?

please check your backups to be sure. this value should never ever change.

Well, rats! I thought Duplicati was backing that up, but I was mistaken. Can you tell me where

secret

comes from? Maybe there’s a way to refresh it?

it’s generated during the initial setup

Then I think we may have the problem identified! I deleted and reinstalled NC21 when I was having problems; maybe this secret is from the original install? Maybe I need to re-create config.php from scratch? Does any of this make sense?

Hello? Anyone listening? Would this work, and can anyone advise me on how to go about it?