Hello,
I understand the matter of using Dovecot as a forward proxy to Gmail is
very popular (and even trivial), but my lack of Dovecot experience took me
to at point where I truly need your help...
I'm starting my task by trying to have something simple, where I can test
connectivity to Gmail by sending a telnet to our Dovecot server.
The Dovecot server accepts the telnet request, but for some reason (and
here I guess is something related to SSL/TLS), I can't get to Gmail.
Here my configuration and logs/outputs:
==> OS:
* I'm using an old Centos 5.8 server as a proof of concept.
#############################################################
==> Dovecot configuration:
# 2.2.5: /etc/dovecot/dovecot.conf
# OS: Linux 2.6.18-308.8.2.el5xen x86_64 CentOS release 5.8 (Final)
auth_cache_negative_ttl = 10 mins
auth_cache_size = 1 k
auth_cache_ttl = 10 mins
auth_debug = yes
auth_debug_passwords = yes
auth_mechanisms = cram-md5 digest-md5 apop login plain
auth_username_chars
abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@%
auth_username_translation %@AaBbCcDdEeFfGgHhIiJjKkLlMmNnOoPpQqRrSsTtUuVvWwXxYyZz
auth_verbose = yes
base_dir = /var/run/dovecot/
disable_plaintext_auth = no
listen = XXX.XXX.XXX.XXX
login_greeting = Dovecot Ready
login_log_format_elements = %u %r %m %c
mail_debug = yes
mail_max_userip_connections = 100
passdb {
args = /etc/dovecot/sql.conf
driver = sql
}
protocols = pop3
service pop3-login {
client_limit = 200
inet_listener pop3 {
address = dovecotserver.<full domain>
port = 110
}
process_limit = 1
process_min_avail = 1
service_count = 0
vsz_limit = 256 M
}
shutdown_clients = no
ssl_ca = /etc/pki/dovecot/certs/dovecot.pem
ssl_cert = </etc/pki/dovecot/certs/dovecot.pem
ssl_cipher_list
EECDH+AES:EDH+AES:-SHA1:EECDH+RC4:EDH+RC4:RC4-SHA:EECDH+AES256:EDH+AES256:AES256-SHA:HIGH:!aNULL:!eNULL:!EXP:!MD5:!LOW:!SSLv2
ssl_key = </etc/pki/dovecot/private/dovecot.pem
userdb {
args = static uid=10000 gid=10000 home=/dev/null
driver = static
}
verbose_ssl = yes
version_ignore = yes
#############################################################
==> sql.conf file
driver = mysql
connect = host=/var/lib/mysql/mysql.sock dbname=mysql user=root
password=xxxxxx
password_query = SELECT NULL AS password, host, destuser, proxy, 'Y' AS
starttls, '995' AS port, 'Y' AS nopassword FROM DovecotProxy
WHERE user '%u'
#############################################################
==> DovecotProxy table
mysql> select * from DovecotProxy where user = 'MYUSER';
+-------------+---------------+-----------------------+------------------------------------------------+-------+
| user | host | destuser |
password | proxy |
+-------------+---------------+-----------------------+------------------------------------------------+-------+
| MYUSER | pop.gmail.com | MYUSER at gmail.com | {MD5-CRYPT}$1$L824LVh4$r.hyZ
icsE5tmGaeJrY/dw/ | Y |
+-------------+---------------+-----------------------+------------------------------------------------+-------+
##>> I understand "proxy" and "password" are not
required there. That
happened for testing.
#############################################################
==> Telnet session:
xxxxxx [/tmp] > telnet dovecotserver 110
Trying XXX.XXX.XXX.XXX...
Connected to dovecotserver.
Escape character is '^]'.
+OK Dovecot Ready <6111.1.524dad13.VYOVkhqfe1Ox7Wz+VfogMg==@dovecotserver>
user MYUSER
+OK
pass PASSWD
-ERR Account is temporarily unavailable.
quit
+OK Logging out
Connection to dovecotserver closed by foreign host.
#############################################################
==> Logged messages in /var/log/mailllog:
Oct 3 12:23:02 dovecotserver dovecot: master: Warning: Killed with signal
15 (by pid=26790 uid=0 code=kill)
Oct 3 12:23:53 dovecotserver dovecot: master: Dovecot v2.2.5 starting up
(core dumps disabled)
Oct 3 12:23:53 dovecotserver dovecot: auth: Debug: Loading modules from
directory: /usr/lib64/dovecot/auth
Oct 3 12:23:53 dovecotserver dovecot: auth: Debug: Module loaded:
/usr/lib64/dovecot/auth/libdriver_mysql.so
Oct 3 12:23:53 dovecotserver dovecot: auth: Debug: Module loaded:
/usr/lib64/dovecot/auth/libdriver_pgsql.so
Oct 3 12:23:53 dovecotserver dovecot: auth: Debug: Module loaded:
/usr/lib64/dovecot/auth/libdriver_sqlite.so
Oct 3 12:23:53 dovecotserver dovecot: auth: Debug: Read auth token secret
from /var/run/dovecot//auth-token-secret.dat
Oct 3 12:23:53 dovecotserver dovecot: auth: Debug: auth client connected
(pid=26810)
Oct 3 12:24:30 dovecotserver dovecot: auth: Debug: client in: AUTH
1 PLAIN service=pop3 session=/IH8S9rnzACiat/X
lip=162.106.XXX.YYY rip=162.106.XXX.ZZZ lport=110
rport=37836 resp=AHNtYXJ0YnVzZWRtAHMwbWV0aGluZw== (previous base64 data
may contain sensitive data)
Oct 3 12:24:30 dovecotserver dovecot: auth: Debug:
cache(MYUSER,162.106.223.215,</IH8S9rnzACiat/X>): miss
Oct 3 12:24:30 dovecotserver dovecot: auth-worker(26823): Debug: Loading
modules from directory: /usr/lib64/dovecot/auth
Oct 3 12:24:30 dovecotserver dovecot: auth-worker(26823): Debug: Module
loaded: /usr/lib64/dovecot/auth/libdriver_mysql.so
Oct 3 12:24:30 dovecotserver dovecot: auth-worker(26823): Debug: Module
loaded: /usr/lib64/dovecot/auth/libdriver_pgsql.so
Oct 3 12:24:30 dovecotserver dovecot: auth-worker(26823): Debug: Module
loaded: /usr/lib64/dovecot/auth/libdriver_sqlite.so
Oct 3 12:24:30 dovecotserver dovecot: auth-worker(26823): Debug:
sql(MYUSER,162.106.XXX.ZZZ): query: SELECT NULL AS password, host,
destuser, proxy, 'Y' AS starttls, '995' AS port, 'Y' AS
nopassword FROM
DovecotProxy WHERE user = 'MYUSER'
Oct 3 12:24:30 dovecotserver dovecot: auth: Debug: client passdb out:
OK 1 user=MYUSER host=pop.gmail.com destuserMYUSER at
gmail.com proxy starttls=Y port=995 nopassword=Y
hostip=74.125.142.108 pass=XXXXXXXXX
Oct 3 12:24:30 dovecotserver dovecot: pop3-login: Debug: Ignoring unknown
passdb extra field: nopassword
Oct 3 12:25:00 dovecotserver dovecot: pop3-login: Error: proxy(MYUSER):
Login for pop.gmail.com:995 timed out in state=0 (after 30 secs,
local=162.106.XXX.YYY:51196)
Oct 3 12:25:12 dovecotserver dovecot: pop3-login: Aborted login (internal
failure, 1 successful auths): MYUSER, 162.106.XXX.ZZZ, PLAIN
==> Something that caught my attention here: "....proxy
starttls=Y..."
shouldn't look like "...proxy=Y starttls=Y..." ???
I didn't see "...proxy=Y..." even after setting the sql
query like
"...'Y' as proxy...".
#############################################################
If you had the patience to read this far, thanks a lot for trying to help...
Alex