thr3ads.net - dovecot - [Dovecot] Proxy to gmail not working [Oct 2013]

If this information is useful, please help other people find it:
Share via:

Alex Wanderley

2013-Oct-07 16:11 UTC

[Dovecot] Proxy to gmail not working

Hi,

I've been trying to build a password forwarding proxy to Gmail without
success... The SSL connection to Dovecot is happening no problem (as far as
I can tell), but for some reason the conversation between Dovecot and Gmail
is getting timed out.

I know this is supposed to be simple...  :-(    But could somebody please
give me some help by pointing what I'm not doing right?
No matter how much I've been researching about this, I can't find the
solution.

Thanks a lot,

Alex

# 2.2.5: /etc/dovecot/dovecot.conf
# OS: Linux 2.6.18-308.8.2.el5xen x86_64 CentOS release 5.8 (Final)
auth_cache_negative_ttl = 10 mins
auth_cache_size = 1 k
auth_cache_ttl = 10 mins
auth_debug = yes
auth_debug_passwords = yes
auth_mechanisms = cram-md5 digest-md5 apop login plain
auth_username_chars
abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@%
auth_username_translation %@AaBbCcDdEeFfGgHhIiJjKkLlMmNnOoPpQqRrSsTtUuVvWwXxYyZz
auth_verbose = yes
base_dir = /var/run/dovecot/
listen = 162.106.yyy.zzz
login_greeting = Dovecot Ready
login_log_format_elements = %u %r %m %c
mail_debug = yes
mail_max_userip_connections = 100
passdb {
  args = proxy=y nopassword=y user=remotemail destuser=remotemail at
gmail.comhostpop.gmail.com port=995 proxy_timeout=15 starttls=y
  driver = static
}
protocols = pop3
service pop3-login {
  client_limit = 200
  inet_listener pop3 {
    address = dserver
    port = 110
  }
  process_limit = 1
  process_min_avail = 1
  service_count = 0
  vsz_limit = 256 M
}
ssl = required
ssl_ca = </etc/pki/tls/certs/ca-bundle.crt
ssl_cert = </etc/pki/dovecot/certs/dovecot.pem
ssl_cipher_list
EECDH+AES:EDH+AES:-SHA1:EECDH+RC4:EDH+RC4:RC4-SHA:EECDH+AES256:EDH+AES256:AES256-SHA:HIGH:!aNULL:!eNULL:!EXP:!MD5:!LOW:!SSLv2
ssl_client_cert = </etc/pki/dovecot/certs/dovecot.pem
ssl_client_key = </etc/pki/dovecot/private/dovecot.pem
ssl_key = </etc/pki/dovecot/private/dovecot.pem
userdb {
  args = static uid=10000 gid=10000 home=/dev/null
  driver = static
}
verbose_ssl = yes
version_ignore = yes



Oct  7 09:32:51 dserver dovecot: pop3-login: Debug: SSL: where=0x10, ret=1:
before/accept initialization [162.106.xxx.yyy]
Oct  7 09:32:51 dserver dovecot: pop3-login: Debug: SSL: where=0x2001,
ret=1: before/accept initialization [162.106.xxx.yyy]
Oct  7 09:32:51 dserver dovecot: pop3-login: Debug: SSL: where=0x2001,
ret=1: SSLv3 read client hello A [162.106.xxx.yyy]
Oct  7 09:32:51 dserver dovecot: pop3-login: Debug: SSL: where=0x2001,
ret=1: SSLv3 write server hello A [162.106.xxx.yyy]
Oct  7 09:32:51 dserver dovecot: pop3-login: Debug: SSL: where=0x2001,
ret=1: SSLv3 write certificate A [162.106.xxx.yyy]
Oct  7 09:32:51 dserver dovecot: pop3-login: Debug: SSL: where=0x2001,
ret=1: SSLv3 write key exchange A [162.106.xxx.yyy]
Oct  7 09:32:51 dserver dovecot: pop3-login: Debug: SSL: where=0x2001,
ret=1: SSLv3 write server done A [162.106.xxx.yyy]
Oct  7 09:32:51 dserver dovecot: pop3-login: Debug: SSL: where=0x2001,
ret=1: SSLv3 flush data [162.106.xxx.yyy]
Oct  7 09:32:51 dserver dovecot: pop3-login: Debug: SSL: where=0x2002,
ret=-1: SSLv3 read client certificate A [162.106.xxx.yyy]
Oct  7 09:32:51 dserver dovecot: pop3-login: Debug: SSL: where=0x2002,
ret=-1: SSLv3 read client certificate A [162.106.xxx.yyy]
Oct  7 09:32:51 dserver dovecot: auth: Debug: Loading modules from
directory: /usr/lib64/dovecot/auth
Oct  7 09:32:51 dserver dovecot: auth: Debug: Module loaded:
/usr/lib64/dovecot/auth/libdriver_mysql.so
Oct  7 09:32:51 dserver dovecot: auth: Debug: Module loaded:
/usr/lib64/dovecot/auth/libdriver_pgsql.so
Oct  7 09:32:51 dserver dovecot: auth: Debug: Module loaded:
/usr/lib64/dovecot/auth/libdriver_sqlite.so
Oct  7 09:32:51 dserver dovecot: auth: Debug: Read auth token secret from
/var/run/dovecot//auth-token-secret.dat
Oct  7 09:32:51 dserver dovecot: auth: Debug: auth client connected
(pid=25878)
Oct  7 09:32:51 dserver dovecot: pop3-login: Debug: SSL: where=0x2001,
ret=1: SSLv3 read client key exchange A [162.106.xxx.yyy]
Oct  7 09:32:51 dserver dovecot: pop3-login: Debug: SSL: where=0x2001,
ret=1: SSLv3 read finished A [162.106.xxx.yyy]
Oct  7 09:32:51 dserver dovecot: pop3-login: Debug: SSL: where=0x2001,
ret=1: SSLv3 write change cipher spec A [162.106.xxx.yyy]
Oct  7 09:32:51 dserver dovecot: pop3-login: Debug: SSL: where=0x2001,
ret=1: SSLv3 write finished A [162.106.xxx.yyy]
Oct  7 09:32:51 dserver dovecot: pop3-login: Debug: SSL: where=0x2001,
ret=1: SSLv3 flush data [162.106.xxx.yyy]
Oct  7 09:32:51 dserver dovecot: pop3-login: Debug: SSL: where=0x20, ret=1:
SSL negotiation finished successfully [162.106.xxx.yyy]
Oct  7 09:32:51 dserver dovecot: pop3-login: Debug: SSL: where=0x2002,
ret=1: SSL negotiation finished successfully [162.106.xxx.yyy]
Oct  7 09:33:13 dserver dovecot: auth: Debug: client in: AUTH      2
PLAIN   service=pop3    secured session=oePRXijoMQCiat/X
lip=162.106.yyy.zzz rip=162.106.xxx.yyy     lport=995       rport=502
25     resp=AHNtYXJ0YnVzZWRtAHMwbWV0aGluZw== (previous base64 data may
contain sensitive data)
Oct  7 09:33:13 dserver dovecot: auth: Debug:
static(remotemail,162.106.xxx.yyy,<oePRXijoMQCiat/X>): lookup
Oct  7 09:33:13 dserver dovecot: auth: Debug:
static(remotemail,162.106.xxx.yyy,<oePRXijoMQCiat/X>): Allowing any
password
Oct  7 09:33:13 dserver dovecot: auth: Debug: client passdb out: OK
2       user=remotemail        proxy   nopassword=y    destuserremotemail at
gmail.com    host=pop.gmail.com      port=995        proxy
_timeout=15        starttls=y      hostip=74.125.142.108   pass=123456789
Oct  7 09:33:13 dserver dovecot: pop3-login: Debug: Ignoring unknown passdb
extra field: nopassword
Oct  7 09:33:28 dserver dovecot: pop3-login: Error: proxy(remotemail):
Login for pop.gmail.com:995 timed out in state=0 (after 15 secs,
local=162.106.yyy.zzz:59282)
Oct  7 09:33:34 dserver dovecot: pop3-login: Aborted login (internal
failure, 1 successful auths): remotemail, 162.106.xxx.yyy, PLAIN, TLS
Oct  7 09:33:34 dserver dovecot: pop3-login: Debug: SSL alert: close notify
[162.106.xxx.yyy]

Charles Marcus

2013-Oct-07 16:37 UTC

head link

[Dovecot] Proxy to gmail not working

On 2013-10-07 12:11 PM, Alex Wanderley <alex.wanderley at edmonton.ca>
wrote:> # OS: Linux 2.6.18-308.8.2.el5xen x86_64 CentOS release 5.8 (Final)
Aaaack!

Makes me wonder what vancient version of openssl, and maybe that is the 
culprit?

Joseph Tam

2013-Oct-07 22:22 UTC

head link

[Dovecot] Proxy to gmail not working

On Mon, 7 Oct 2013, Alex Wanderley writes:
> passdb {
>  args = proxy=y nopassword=y user=remotemail destuser=remotemail at
gmail.comhost> pop.gmail.com port=995 proxy_timeout=15 starttls=y
>  driver = static
> }
> ...
> Oct  7 09:33:13 dserver dovecot: auth: Debug: client passdb out: OK
> 2       user=remotemail        proxy   nopassword=y    destuser>
remotemail at gmail.com    host=pop.gmail.com      port=995        proxy
> _timeout=15        starttls=y      hostip=74.125.142.108   pass=123456789
> Oct  7 09:33:13 dserver dovecot: pop3-login: Debug: Ignoring unknown passdb
> extra field: nopassword
> Oct  7 09:33:28 dserver dovecot: pop3-login: Error: proxy(remotemail):
> Login for pop.gmail.com:995 timed out in state=0 (after 15 secs,
> local=162.106.yyy.zzz:59282)
Idle speculation, but remote port 995 usually means SSL type connection
(i.e. dive right into SSL protocol), whereas "starttls=y" starts out
in
plaintext, and SSL negotiations starts after a STARTTLS directive.

Looking at

 	http://wiki2.dovecot.org/PasswordDatabase/ExtraFields/Proxy

methinks you want to replace "starttls=y" with "ssl=yes".

Joseph Tam <jtam.home at gmail.com>

Possibly Parallel Threads

Search for more apparently analagous threads

dovecot - Oct 2013 - Proxy to gmail not working

[Dovecot] Proxy to gmail not working

[Dovecot] Proxy to gmail not working

[Dovecot] Proxy to gmail not working

Possibly Parallel Threads