dovecot - Nov 2019 - Dovecot mangesieve proxy - internal failure

Hello list,

i'm running an internal dovecot instance with working managesieve. But
on my external dovecot-proxy instance i got an internal error. Nothing
logs on internal dovecot.


Nov 06 14:55:12 managesieve-login: Error: proxy: Remote sent invalid
response: * OK [CAPABILITY IMAP4rev1 SASL-IR LOGIN-REFERRALS ID ENABLE
IDLE LITERAL+ AUTH=PLAIN AUTH=LOGIN AUTH=GSSAPI] Dovecot (Ubuntu)
ready.??: user=<user>, method=PLAIN, rip=remote_ip, lip=local_ip, TLS,
session=</G/K5a2WzMFNDVcl>
Nov 06 14:55:12 managesieve-login: Debug: server.intra.lan: SSL alert:
close notify
Nov 06 14:55:12 managesieve-login: Info: Aborted login (internal
failure, 1 successful auths): user=<user>, method=PLAIN, rip=remote_ip,
lip=local_ip, TLS, session=</G/K5a2WzMFNDVcl>


# 2.3.4.1 (f79e8e7e4): /etc/dovecot-proxy/dovecot-proxy.conf
# Pigeonhole version 0.5.4 ()
# OS: Linux 4.15.0-66-generic x86_64 Ubuntu 18.04.3 LTS
# Hostname: server.lan
auth_username_format = %Ln
base_dir = /var/run/dovecot-proxy/
instance_name = dovecot-proxy
listen = <myip>
log_path = /var/log/dovecot/dovecot-proxy.log
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope
encoded-character vacation subaddress comparator-i;ascii-numeric
relational regex imap4flags copy include variables body enotify
environment mailbox date index ihave duplicate mime foreverypart extracttext
passdb {
   args = /etc/dovecot-proxy/dovecot-ldap-passdb.conf.ext
   default_fields = proxy=y host=server.intra.lan port=993 ssl=yes
master=proxy pass=#hidden_use-P_to_show#
   driver = ldap
}
protocols = imap sieve
service auth {
   unix_listener /var/spool/postfix/private/proxy-auth {
     mode = 0666
   }
}
service imap-login {
   inet_listener imap {
     port = 0
   }
   inet_listener imaps {
     port = 993
     ssl = yes
   }
}
ssl = required
ssl_ca = </etc/ssl/mycacert.pem
ssl_cert = </etc/ssl/mycert.pem
ssl_cipher_list = ALL:!SSLv2:!ADH:!LOW:!MEDIUM:!aNULL:!EXP
ssl_dh = # hidden, use -P to show it
ssl_key = # hidden, use -P to show it
ssl_min_protocol = TLSv1.2
ssl_require_crl = no
userdb {
   args = /etc/dovecot-proxy/dovecot-ldap-userdb.conf.ext
   driver = ldap
}
protocol imap {
   mail_max_userip_connections = 20
   ssl_cert = </etc/ssl/letsencrypt.ca-bundle
   ssl_key = # hidden, use -P to show it
}
protocol sieve {
   ssl_cert = </etc/ssl/letsencrypt.ca-bundle
   ssl_key = # hidden, use -P to show it
}

> On 06/11/2019 16:15 telsch via dovecot <dovecot at dovecot.org>
wrote:
> 
>  
> Hello list,
> 
> i'm running an internal dovecot instance with working managesieve. But
> on my external dovecot-proxy instance i got an internal error. Nothing
> logs on internal dovecot.
> 
> 

It seems you are trying to connect to STARTTLS port using SSL. You should
probably tell in your passdb that the connection needs to use STARTTLS security,
or configure the backend listener with ssl=yes.

Aki

If i change it to:

passdb {
   args = /etc/dovecot-proxy/dovecot-ldap-passdb.conf.ext
   default_fields = proxy=y host=server.intra.lan port=143 starttls=yes
master=proxy pass=#hidden_use-P_to_show#
   driver = ldap
}

I still got the same error for mangesieve. IMAP login works with both
SSL/STARTTLS.

On 11/6/19 3:19 PM, Aki Tuomi via dovecot wrote:
>
>> On 06/11/2019 16:15 telsch via dovecot <dovecot at dovecot.org>
wrote:
>>
>>
>> Hello list,
>>
>> i'm running an internal dovecot instance with working managesieve.
But
>> on my external dovecot-proxy instance i got an internal error. Nothing
>> logs on internal dovecot.
>>
>>
>
>
> It seems you are trying to connect to STARTTLS port using SSL. You should
probably tell in your passdb that the connection needs to use STARTTLS security,
or configure the backend listener with ssl=yes.
>
> Aki
>