Ricardo Machini Barbosa
2013-Jun-19 17:54 UTC
[Dovecot] Dovecot proxy to Microsoft Exchange 2013
Hello,
I am trying to do a proxy with dovecot to IMAP backend server that are
using Microsoft Exchange 2013.
I already did this with Microsoft Exchange 2007 and Microsoft Exchange
2010 and it works perfectly! But with Microsoft Exchange 2013 I can not
perform LOGIN.
The error log message is:
/imap-login: Error: proxy(user at domain.com.br): Login for
exchange2013.domain.com.br:143 timed out in state=4 (after 30 secs,
local=x.x.x.x:59640)/
My troubleshoot was:
- tcpdump on dovecot server side:
I can see the commands sent/received by Microsoft Exchange. But no
the "OK LOGIN" response.
/* OK The Microsoft Exchange IMAP4 service in xxxx is ready.//
//C CAPABILITY//
//L LOGIN "user at domain.com.br" "123456"//
//* CAPABILITY IMAP4 IMAP4rev1 AUTH=PLAIN STARTTLS UIDPLUS CHILDREN IDLE
NAMESPACE LITERAL+//
//C OK CAPABILITY completed./
- tcpdump with telnet login on dovecot server side:
Works fine.
/* OK The Microsoft Exchange IMAP4 service in xxxx is ready.//
//a login "user at domain.com.br" "123456"//
//a OK LOGIN completed.//
//a logout//
//* BYE Microsoft Exchange Server 2013 IMAP4 server signing off.//
//a OK LOGOUT completed./
- Log verbose on Microsoft Exchange 2013.
Look like that Microsoft Exchange did not receive the login command.
Someone already tried do this with Microsoft Exchange 2013 ?
See bellow some information about my dovecot configuration:
/# 2.2.2: dovecot.conf//
//# OS: Linux 2.6.32-358.2.1.el6.centos.plus.x86_64 x86_64 CentOS
release 6.4 (Final)//
//
//base_dir = /var/run/dovecot///
//disable_plaintext_auth = no//
//listen = x.x.x.x//
//mbox_write_locks = fcntl//
//passdb {//
// args = /etc/dovecot/dovecot-ldap.conf.ext//
// driver = ldap//
//}//
//
//protocols = imap pop3//
//service imap-login {//
// inet_listener imap {//
// port = 143//
// }//
// inet_listener imaps {//
// port = 993//
// ssl = yes//
// }//
// process_min_avail = 4//
// service_count = 0//
// vsz_limit = 512 M//
//}//
//service pop3-login {//
// inet_listener pop3 {//
// port = 110//
// }//
// inet_listener pop3s {//
// port = 995//
// ssl = yes//
// }//
// process_min_avail = 4//
// service_count = 0//
// vsz_limit = 512 M//
//}//
//ssl_cert = </etc/dovecot/certificate/chained.crt//
//ssl_key = </etc/dovecot/certificate/cert.key//
//userdb {//
// driver = prefetch//
//}//
//
///etc/dovecot/dovecot-ldap.conf.ext//
//hosts = x.x.x.x//
//dn = cn=admin,o=email//
//dnpass = xxxxxxx//
//ldap_version = 3//
//base = o=email//
//scope=subtree//
//pass_filter = mail=%u//
//pass_attrs = uid=user,=password=,=proxy=y,mailHost=host,=nopassword=y/
Thanks,
Ricardo Machini
On 19.6.2013, at 20.54, Ricardo Machini Barbosa <ricardomachini at gmail.com> wrote:> I am trying to do a proxy with dovecot to IMAP backend server that are using Microsoft Exchange 2013. > I already did this with Microsoft Exchange 2007 and Microsoft Exchange 2010 and it works perfectly! But with Microsoft Exchange 2013 I can not perform LOGIN. > > The error log message is: > /imap-login: Error: proxy(user at domain.com.br): Login for exchange2013.domain.com.br:143 timed out in state=4 (after 30 secs, local=x.x.x.x:59640)/ > > My troubleshoot was: > > - tcpdump on dovecot server side: > I can see the commands sent/received by Microsoft Exchange. But no the "OK LOGIN" response. > > /* OK The Microsoft Exchange IMAP4 service in xxxx is ready.// > //C CAPABILITY// > //L LOGIN "user at domain.com.br" "123456"// > //* CAPABILITY IMAP4 IMAP4rev1 AUTH=PLAIN STARTTLS UIDPLUS CHILDREN IDLE NAMESPACE LITERAL+// > //C OK CAPABILITY completed./Looks like Exchange 2013 IMAP has broken command pipelining :( See if it gets fixed by http://hg.dovecot.org/dovecot-2.2/rev/6e8bbc150fa9 and the attached patch on top of that? If it works, I'll commit that patch too. -------------- next part -------------- A non-text attachment was scrubbed... Name: diff Type: application/octet-stream Size: 2387 bytes Desc: not available URL: <http://dovecot.org/pipermail/dovecot/attachments/20130624/99b636b8/attachment.obj> -------------- next part --------------