Hi folks,
I'm setting up a new dovecot email service and have a proxy server running
in
front of it to facilitate migrating users from my very old UW-IMAP-based mail
server to the new one.
I have a mysql proxy table that directs inbound IMAP and LMTP connections to
the correct server, works great. Managesieve connections are not working
through the proxy using either with the sieverules plugin for RoundCube or the
Sieve plugin for Thunderbird. If I point them directly at the actual dovecot
server everything works fine, so I must have something wrong in my proxy setup.
This is what I get in the maillogs when I try to connect to the managesieve
proxy:
PROXY machine:
Feb 21 16:16:38 sortie dovecot: managesieve-login: Error: proxy: Remote
x.y.z.110:4190 disconnected: Connection closed (state=0, duration=0s):
user=<brown>, method=PLAIN, rip=x.y.z.83, lip=x.y.z.109, TLS,
session=<0jUal0LWswCYAxZT>
Feb 21 16:16:38 sortie dovecot: managesieve-login: Disconnected (internal
failure, 1 succesful auths): user=<brown>, method=PLAIN, rip=x.y.z.83,
lip=x.y.z.109, TLS, session=<0jUal0LWswCYAxZT>
SERVER machine:
Feb 21 16:16:38 postie dovecot: managesieve-login: Disconnected: Too many
invalid commands. (no auth attempts in 0 secs): user=<>, rip=x.y.z.109,
lip=x.y.z.110, session=<REgal0LWnQCYAxZt>
Output of a 'tcpdump -A' is attached as well if needed.
x.y.z.83 - Roundcube webmail server
x.y.z.109 - PROXY
x.y.z.110 - SERVER
If I turn off TLS all-around I get an error in the roundcube log that says:
[20-Feb-2013 23:02:27] No supported authentication method found. The server
supports these methods: , but we want to use: PLAIN ():
[20-Feb-2013 23:02:27] Not currently in AUTHORISATION state (1):
I am using Pigeonhole 0.3.3 on both proxy and server.
Dovecot configurations for the proxy and server are attached below.
Here are the SQL files referenced in the proxy configs. Long lines broke for
readability.
/etc/dovecot/dovecot-sql.conf.ext
driver = mysql
connect = host=localhost dbname=dovecot user=dovecot password=XXX
password_query = SELECT NULL AS password, 'any-cert' as 'ssl', \
'Y' as nopassword, host, user as destuser, \
'Y' AS proxy \
FROM proxy WHERE user = '%u'
/etc/dovecot/dovecot-sql-lmtp.conf.ext
driver = mysql
connect = host=localhost dbname=dovecot user=dovecot password=XXX
password_query = SELECT NULL AS password, 'any-cert' as 'ssl', \
'Y' as nopassword, host, user as destuser,
'Y' AS proxy \
FROM proxy WHERE user = '%n'
The proxy DB table looks like this:
-
-- Table structure for table `proxy`
--
CREATE TABLE IF NOT EXISTS `proxy` (
`id` int(11) NOT NULL AUTO_INCREMENT,
`user` varchar(255) NOT NULL,
`email` varchar(64) NOT NULL,
`host` varchar(16) DEFAULT NULL,
PRIMARY KEY (`id`),
UNIQUE KEY `user_index` (`user`)
) ENGINE=MyISAM DEFAULT CHARSET=latin1 AUTO_INCREMENT=379 ;
--
-- Dumping data for table `proxy`
--
INSERT INTO `proxy` (`id`, `user`, `email`, `host`) VALUES
(1, 'brown', '', 'x.y.z.110'),
(2, 'fizgig', '', 'x.r.z.15'),
110 is the new dovecot IMAP server, 15 is the old UW-IMAP server.
Any advice on getting managesieve proxy running would be greatly appreciated.
Thanks,
--[Lance]
--
GPG Fingerprint: 409B A409 A38D 92BF 15D9 6EEE 9A82 F2AC 69AC 07B9
CACert.org Assurer
-------------- next part --------------
16:24:14.079073 IP x.y.z.83.42168 > x.y.z.109.sieve: Flags [S], seq
4273974283, win 14600, options [mss 1460,sackOK,TS val 533787509 ecr
0,nop,wscale 5], length 0
E..<_~@. at .~w...S...m...^..........9.?..........
...u........
16:24:14.079103 IP x.y.z.109.sieve > x.y.z.83.42168: Flags [S.], seq
165429520, ack 4273974284, win 14480, options [mss 1460,sackOK,TS val 517181158
ecr 533787509,nop,wscale 5], length 0
E..<.. at .@......m...S.^.. .A.......8.F..........
.......u....
16:24:14.079206 IP x.y.z.83.42168 > x.y.z.109.sieve: Flags [.], ack 1, win
457, options [nop,nop,TS val 533787509 ecr 517181158], length 0
E..4_. at .@.~~...S...m...^.... .A......].....
...u....
16:24:14.084288 IP x.y.z.109.sieve > x.y.z.83.42168: Flags [P.], seq 1:316,
ack 1, win 453, options [nop,nop,TS val 517181163 ecr 533787509], length 315
E..o.. at .@......m...S.^.. .A.........^(.....
.......u"IMPLEMENTATION" "Dovecot Pigeonhole"
"SIEVE" "fileinto reject envelope encoded-character vacation
subaddress comparator-i;ascii-numeric relational regex imap4flags copy include
variables body enotify environment mailbox date ihave"
"NOTIFY" "mailto"
"SASL" ""
"STARTTLS"
"VERSION" "1.0"
OK "Dovecot ready."
16:24:14.084420 IP x.y.z.83.42168 > x.y.z.109.sieve: Flags [.], ack 316, win
490, options [nop,nop,TS val 533787514 ecr 517181163], length 0
E..4_. at .@.~}...S...m...^.... .BL...........
...z....
16:24:14.084676 IP x.y.z.83.42168 > x.y.z.109.sieve: Flags [P.], seq 1:13,
ack 316, win 490, options [nop,nop,TS val 533787514 ecr 517181163], length 12
E.. at _.@. at .~p...S...m...^.... .BL....'k.....
...z....CAPABILITY
16:24:14.084680 IP x.y.z.109.sieve > x.y.z.83.42168: Flags [.], ack 13, win
453, options [nop,nop,TS val 517181164 ecr 533787514], length 0
E..4.. at .@......m...S.^.. .BL...............
.......z
16:24:14.084880 IP x.y.z.109.sieve > x.y.z.83.42168: Flags [P.], seq 316:638,
ack 13, win 453, options [nop,nop,TS val 517181164 ecr 533787514], length 322
E..v.. at .@......m...S.^.. .BL........^/.....
.......z"IMPLEMENTATION" "Dovecot Pigeonhole"
"SIEVE" "fileinto reject envelope encoded-character vacation
subaddress comparator-i;ascii-numeric relational regex imap4flags copy include
variables body enotify environment mailbox date ihave"
"NOTIFY" "mailto"
"SASL" ""
"STARTTLS"
"VERSION" "1.0"
OK "Capability completed."
16:24:14.085055 IP x.y.z.83.42168 > x.y.z.109.sieve: Flags [P.], seq 13:23,
ack 638, win 524, options [nop,nop,TS val 533787515 ecr 517181164], length 10
E..>_. at .@.~q...S...m...^.... .C.....g......
...{....STARTTLS
16:24:14.085241 IP x.y.z.109.sieve > x.y.z.83.42168: Flags [P.], seq 638:671,
ack 23, win 453, options [nop,nop,TS val 517181164 ecr 533787515], length 33
E..U.. at .@.
....m...S.^.. .C...."....]......
.......{OK "Begin TLS negotiation now."
16:24:14.085403 IP x.y.z.83.42168 > x.y.z.109.sieve: Flags [P.], seq 23:157,
ack 671, win 524, options [nop,nop,TS val 533787515 ecr 517181164], length 134
E..._. at .@.}....S...m...^..." .C.....wH.....
...{............}..Q&.~..e.c../..o5....6...=.A%.[*...:.9.8.....5.......
.3.2.....E.D./...A......... ..........................x.y.z.109.#..
16:24:14.090213 IP x.y.z.109.sieve > x.y.z.83.42168: Flags [.], seq 671:3567,
ack 157, win 486, options [nop,nop,TS val 517181169 ecr 533787515], length 2896
E..... at .@......m...S.^.. .C.........h=.....
.......{....9...5..Q&.~2.t5K.
.]W.....2nO...,.^.;....9..
..........#......;...7..4..*0..&0.............\..d...._.W...0
. *.H..
.....0Q1.0 ..U....US1.0...U.
===CERT DETAILS ELIDED===. *.H..
...........L..).../v.c.@ .-.{...7.B..... .. at ..q.GB..#....
E9q.4%
..>n..Z4P..8.N....h.Jq.L..4.*u..?...........'M*...{.....>J...Ht.8p....H'..-Kt=...a.l../.........B8....s`I..w...
at ..|k.....,..C......8.....&.3..o.....g4.h.....}W..?+..../...ZD
XB.U#....!G...~..6./Vi.Y..V..:0..60.........
16:24:14.090224 IP x.y.z.109.sieve > x.y.z.83.42168: Flags [P.], seq
3567:4767, ack 157, win 486, options [nop,nop,TS val 517181169 ecr 533787515],
length 1200
E..... at .@. Q...m...S.^.. .N.........a......
.......{...'.....q*.... at c$}@W.T.T~..Ha.......M...
===CERT DETAILS ELIDED===. *.H..
...........f!.tE.K...2.)....$[..joP>...
..[....;V.....!.V;A1........
<G..\&.>...4n...g..I..|{d%..F.P..
!:I$...ehgh.E-G.....).r...6Ct....V.._ at
X...~|.....\.f...........'....0.S.f..7....\
.6..b}.....a.I..<...d..e9E...A.....Va......f.")..=..*....
..........$......h.pf_.....
...
....&..oeSx.oe......Z.^.S.F.v1WjQu8.....M..g6z......'......q,^......b\..'....I.O.si........U+...;..Nv+.R....k......xJ
.W..]<'.2..........>....(..h\.
.{..
.9...Y....n.p .b...`....9.t..S._....9\_......#.4.O.f.*..{...
..Y...z8...D..b..&.a.K/,8..;a..8...h..Lj...CA.....~.&. .s.x
.sJi.....~.......?.g......y.....R..7...s....N.uI.:....].e..\r....FE............|"r.7...h.S.......E...I
16:24:14.090403 IP x.y.z.83.42168 > x.y.z.109.sieve: Flags [.], ack 4767, win
705, options [nop,nop,TS val 533787520 ecr 517181169], length 0
E..4_. at .@.~y...S...m...^.... .S............
........
16:24:14.090403 IP x.y.z.109.sieve > x.y.z.83.42168: Flags [P.], seq
4767:4920, ack 157, win 486, options [nop,nop,TS val 517181170 ecr 533787520],
length 153
E..... at .@.
g...m...S.^.. .S.........]......
........
..Qk.k.U..M..A..]..i..J.<..f.v...M.T.......+..._.-..1.oc.r..z......(..].+t.3.<L....W..5..7N....)9..$..L....~.L.P.<...E........Te........D..............
16:24:14.093415 IP x.y.z.83.42168 > x.y.z.109.sieve: Flags [P.], seq 157:355,
ack 4920, win 795, options [nop,nop,TS val 533787523 ecr 517181170], length 198
E..._. at .@.}....S...m...^.... .TH...........
....................C....
Z/#.4..../...e.?.G'_.i.Q.<8IVz.9...
...........ziy..a.X......M....{..{.-..IE..X%.../.=.w.Tg.o...i(.l.;.AW.&.AF<..8...T.*...........0.j...J...............yEx.+.3..0.cys.-"%A=....Z..
16:24:14.095289 IP x.y.z.109.sieve > x.y.z.83.42168: Flags [P.], seq
4920:5170, ack 355, win 520, options [nop,nop,TS val 517181175 ecr 533787523],
length 250
E..... at .@.
....m...S.^.. .TH...n....]......
.......................A9..fTg!.. at
.....s...o...z........Ns.....2.hA...F.......i)......y&..v.g..[o7..3..d...\95k...'._..*...G+[..c..0FB.#.5.5...s....|.;..;...+*i&.a4....+..Rs..c.....
g..n..j.nm....=............0..*.... Q..&E......-.4.krW5h_.._^......(...#3...
16:24:14.135050 IP x.y.z.83.42168 > x.y.z.109.sieve: Flags [.], ack 5170, win
886, options [nop,nop,TS val 533787565 ecr 517181175], length 0
E..4_. at .@.~w...S...m...^...n .UB...v.......
........
16:24:14.135060 IP x.y.z.109.sieve > x.y.z.83.42168: Flags [P.], seq
5170:5484, ack 355, win 520, options [nop,nop,TS val 517181214 ecr 533787565],
length 314
E..n.. at .@......m...S.^.. .UB...n....^'.....
............ .<.q. at ..W..._...pBy.O&....7Q..Q at .....P....@9..d
<..E.. at ........=<7O...v...!{0..k%..V...'@X^....vftRF>8rW.
b.O.2+.....)I*..)
U!..J...D..Wq../...W\..{`....T..2&.-d.!Y...4.;...+.s..Kt..f...V.^Sn...}.t.)Z.:.....C[,.v.=&R
.......\u.....y...
...!......x."...W...g%u...D....3....Z.Gb....co+........gQm..-...X.p..^...
16:24:14.135178 IP x.y.z.83.42168 > x.y.z.109.sieve: Flags [.], ack 5484, win
976, options [nop,nop,TS val 533787565 ecr 517181214], length 0
E..4_. at .@.~v...S...m...^...n .V|...........
........
16:24:14.135404 IP x.y.z.83.42168 > x.y.z.109.sieve: Flags [P.], seq 355:408,
ack 5484, win 976, options [nop,nop,TS val 533787565 ecr 517181214], length 53
E..i_. at .@.~@...S...m...^...n .V|...........
............0.k.]...N.U8..V. ..0...s.9~..T..d(s...%.mTPW.K.F.
16:24:14.135494 IP x.y.z.109.sieve > x.y.z.83.42168: Flags [P.], seq
5484:5590, ack 408, win 520, options [nop,nop,TS val 517181215 ecr 533787565],
length 106
E..... at .@.
....m...S.^.. .V|........]W.....
............ ..Y.....6..d...s4....I.E.X6...1&.... at
....f*..m.:.u....$B..Q..#G......{Z..m...K....>j.._U.K[:..Q.Zqtnl
16:24:14.135856 IP x.y.z.83.42168 > x.y.z.109.sieve: Flags [P.], seq 408:493,
ack 5590, win 976, options [nop,nop,TS val 533787566 ecr 517181215], length 85
E..._. at .@.~....S...m...^.... .V......].....
............P./...Y....!.0.V...*D."zQ....[M..{..}..5k..b._.e.jK..&...A..~..b..T..
....:%.PAY.
16:24:14.136683 IP x.y.z.109.40120 > x.y.z.110.sieve: Flags [S], seq
1687026055, win 14600, options [mss 1460,sackOK,TS val 517181216 ecr
0,nop,wscale 5], length 0
E..<v. at .@.g3...m...n...^d.........9............
... ........
16:24:14.136883 IP x.y.z.110.sieve > x.y.z.109.40120: Flags [S.], seq
2266448111, ack 1687026056, win 14480, options [mss 1460,sackOK,TS val 254861327
ecr 517181216,nop,wscale 7], length 0
E..<.. at .@......n...m.^.... at .d.....8.B..........
.0..... ....
16:24:14.136891 IP x.y.z.109.40120 > x.y.z.110.sieve: Flags [.], ack 1, win
457, options [nop,nop,TS val 517181216 ecr 254861327], length 0
E..4v. at .@.g:...m...n...^d..... at ............
... .0..
16:24:14.136984 IP x.y.z.109.40120 > x.y.z.110.sieve: Flags [P.], seq 1:114,
ack 1, win 457, options [nop,nop,TS val 517181216 ecr 254861327], length 113
E...v. at .@.f....m...n...^d..... at .....]y.....
... .0......l...h..Q&.~pG.R.o.}8G...n..Q.F.`Y{.n.S...:.9.8.....5.......
.3.2.....E.D./...A......... ..................#..
16:24:14.137100 IP x.y.z.110.sieve > x.y.z.109.40120: Flags [.], ack 114, win
114, options [nop,nop,TS val 254861327 ecr 517181216], length 0
E..4.. at .@.<....n...m.^.... at .d......r.......
.0.....
16:24:14.142492 IP x.y.z.110.sieve > x.y.z.109.40120: Flags [P.], seq 1:346,
ack 114, win 114, options [nop,nop,TS val 254861335 ecr 517181216], length 345
E..... at .@.;....n...m.^.... at .d......r.......
.0..... "IMPLEMENTATION" "Dovecot Pigeonhole"
"SIEVE" "fileinto reject envelope encoded-character vacation
subaddress comparator-i;ascii-numeric relational regex imap4flags copy include
variables body enotify environment mailbox date ihave editheader
vnd.dovecot.filter"
"NOTIFY" "mailto"
"SASL" ""
"STARTTLS"
"VERSION" "1.0"
OK "Dovecot ready."
16:24:14.142501 IP x.y.z.109.40120 > x.y.z.110.sieve: Flags [.], ack 346, win
490, options [nop,nop,TS val 517181222 ecr 254861335], length 0
E..4v. at .@.g8...m...n...^d.....BI...........
...&.0..
16:24:14.142515 IP x.y.z.110.sieve > x.y.z.109.40120: Flags [FP.], seq
346:502, ack 114, win 114, options [nop,nop,TS val 254861335 ecr 517181216],
length 156
E..... at .@.<E...n...m.^....BId......r.......
.0..... NO "Error in MANAGESIEVE command received by server."
NO "Error in MANAGESIEVE command received by server."
BYE "Too many invalid MANAGESIEVE commands."
16:24:14.142611 IP x.y.z.109.40120 > x.y.z.110.sieve: Flags [R.], seq 114,
ack 503, win 524, options [nop,nop,TS val 517181222 ecr 254861335], length 0
E..4v. at .@.g7...m...n...^d.....B............
...&.0..
16:24:14.142907 IP x.y.z.109.sieve > x.y.z.83.42168: Flags [P.], seq
5590:5712, ack 493, win 520, options [nop,nop,TS val 517181222 ecr 533787566],
length 122
E..... at .@.
....m...S.^.. .V.........]g.....
...&........ ...>......vA....'..^"..b.s...m.....P.q.&.k...lO...A........F....U.f.u......%...
..]nuV.Oa0....U.M..^t_..y...8..%@..8
16:24:14.145988 IP x.y.z.83.42168 > x.y.z.109.sieve: Flags [P.], seq 493:530,
ack 5712, win 976, options [nop,nop,TS val 533787576 ecr 517181222], length 37
E..Y_. at .@.~N...S...m...^.... .W`...........
.......&.... ..%Fr_.,..
..Z..w!..".\.....H...
16:24:14.146046 IP x.y.z.83.42168 > x.y.z.109.sieve: Flags [F.], seq 530, ack
5712, win 976, options [nop,nop,TS val 533787576 ecr 517181222], length 0
E..4_. at .@.~r...S...m...^.... .W`.....r.....
.......&
16:24:14.146085 IP x.y.z.109.sieve > x.y.z.83.42168: Flags [P.], seq
5712:5749, ack 531, win 520, options [nop,nop,TS val 517181225 ecr 533787576],
length 37
E..Y.. at .@.
....m...S.^.. .W`........]......
...)........ ^3a.......`....)......k...{.\...
16:24:14.146117 IP x.y.z.109.sieve > x.y.z.83.42168: Flags [F.], seq 5749,
ack 531, win 520, options [nop,nop,TS val 517181225 ecr 533787576], length 0
E..4.. at .@.
....m...S.^.. .W................
...)....
16:24:14.146335 IP x.y.z.83.42168 > x.y.z.109.sieve: Flags [R], seq
4273974814, win 0, length 0
E..(.. at .@.. ...S...m...^........P....$........
16:24:14.146347 IP x.y.z.83.42168 > x.y.z.109.sieve: Flags [R], seq
4273974814, win 0, length 0
E..(.. at .@.. ...S...m...^........P....$........
-------------- next part --------------
# 2.1.14: /etc/dovecot/dovecot.conf
# OS: Linux 2.6.32-279.22.1.el6.x86_64 x86_64 Scientific Linux release 6.3
(Carbon)
auth_username_format = %Ln
mail_fsync = always
mail_location = maildir:~/Maildir
mail_nfs_index = yes
mail_nfs_storage = yes
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope encoded-character
vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy
include variables body enotify environment mailbox date ihave editheader
vnd.dovecot.filter
mbox_write_locks = fcntl
mmap_disable = yes
namespace inbox {
inbox = yes
location =
mailbox Drafts {
special_use = \Drafts
}
mailbox Junk {
special_use = \Junk
}
mailbox Sent {
special_use = \Sent
}
mailbox "Sent Messages" {
special_use = \Sent
}
mailbox Trash {
special_use = \Trash
}
prefix =
separator = /
}
passdb {
args = failure_show_msg=yes
driver = pam
}
plugin {
sieve = ~/.dovecot.sieve
sieve_before = /etc/dovecot/sieve-before.d
sieve_default = /etc/dovecot/sieve/default.sieve
sieve_dir = ~/sieve
sieve_extensions = +editheader +vnd.dovecot.filter
sieve_filter_bin_dir = /etc/dovecot/sieve-filter
sieve_plugins = sieve_extprograms
sieve_user_log = ~/.dovecot.sieve.log
}
protocols = imap pop3 lmtp sieve
service lmtp {
inet_listener lmtp {
address = 152.3.22.110
port = 24
}
}
service managesieve-login {
inet_listener sieve {
port = 4190
}
}
service pop3-login {
inet_listener pop3 {
port = 0
}
inet_listener pop3s {
port = 0
}
}
ssl = required
ssl_cert = </etc/pki/dovecot/certs/dovecot.pem
ssl_key = </etc/pki/dovecot/private/dovecot.pem
userdb {
args = blocking=yes
driver = passwd
override_fields = gid=vmail home=/var/vmail/stat.duke.edu/%u
}
protocol lmtp {
mail_plugins = " sieve"
}
protocol imap {
mail_max_userip_connections = 30
}
-------------- next part --------------
# 2.1.14: /etc/dovecot/dovecot.conf
# OS: Linux 2.6.32-279.22.1.el6.x86_64 x86_64 Scientific Linux release 6.3
(Carbon)
lmtp_proxy = yes
mail_gid = 500
mail_uid = 500
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope encoded-character
vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy
include variables body enotify environment mailbox date ihave
mbox_write_locks = fcntl
namespace inbox {
inbox = yes
location =
mailbox Drafts {
special_use = \Drafts
}
mailbox Junk {
special_use = \Junk
}
mailbox Sent {
special_use = \Sent
}
mailbox "Sent Messages" {
special_use = \Sent
}
mailbox Trash {
special_use = \Trash
}
prefix =
}
passdb {
args = /etc/dovecot/dovecot-sql.conf.ext
driver = sql
}
protocols = imap pop3 lmtp sieve
service lmtp {
inet_listener lmtp {
address = 152.3.22.109
port = 24
}
}
service pop3-login {
inet_listener pop3 {
port = 0
}
inet_listener pop3s {
port = 0
}
}
ssl = required
ssl_cert = </etc/pki/dovecot/stat/imapd.pem-2011
ssl_key = </etc/pki/dovecot/stat/imapd.pem-2011
protocol lmtp {
passdb {
args = /etc/dovecot/dovecot-sql-lmtp.conf.ext
driver = sql
}
}
protocol sieve {
passdb {
args = /etc/dovecot/dovecot-sql-lmtp.conf.ext
driver = sql
}
}