Hello,
I understand the matter of using Dovecot as a forward proxy to Gmail is very popular (and even trivial), but my lack of Dovecot experience took me to at point where I truly need your help...
I'm starting my task by trying to have something simple, where I can test connectivity to Gmail by sending a telnet to our Dovecot server.
The Dovecot server accepts the telnet request, but for some reason (and here I guess is something related to SSL/TLS), I can't get to Gmail.
Here my configuration and logs/outputs:
==> OS: * I'm using an old Centos 5.8 server as a proof of concept. ############################################################# ==> Dovecot configuration: # 2.2.5: /etc/dovecot/dovecot.conf # OS: Linux 2.6.18-308.8.2.el5xen x86_64 CentOS release 5.8 (Final) auth_cache_negative_ttl = 10 mins auth_cache_size = 1 k auth_cache_ttl = 10 mins auth_debug = yes auth_debug_passwords = yes auth_mechanisms = cram-md5 digest-md5 apop login plain auth_username_chars = abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@% auth_username_translation = %@AaBbCcDdEeFfGgHhIiJjKkLlMmNnOoPpQqRrSsTtUuVvWwXxYyZz auth_verbose = yes base_dir = /var/run/dovecot/ disable_plaintext_auth = no listen = XXX.XXX.XXX.XXX login_greeting = Dovecot Ready login_log_format_elements = %u %r %m %c mail_debug = yes mail_max_userip_connections = 100 passdb { args = /etc/dovecot/sql.conf driver = sql } protocols = pop3 service pop3-login { client_limit = 200 inet_listener pop3 { address = dovecotserver.<full domain> port = 110 } process_limit = 1 process_min_avail = 1 service_count = 0 vsz_limit = 256 M } shutdown_clients = no ssl_ca = /etc/pki/dovecot/certs/dovecot.pem ssl_cert = sql.conf file driver = mysql connect = host=/var/lib/mysql/mysql.sock dbname=mysql user=root password=xxxxxx password_query = SELECT NULL AS password, host, destuser, proxy, 'Y' AS starttls, '995' AS port, 'Y' AS nopassword FROM DovecotProxy WHERE user = '%u' ############################################################# ==> DovecotProxy table mysql> select * from DovecotProxy where user = 'MYUSER'; +-------------+---------------+-----------------------+------------------------------------------------+-------+ | user | host | destuser | password | proxy | +-------------+---------------+-----------------------+------------------------------------------------+-------+ | MYUSER | pop.gmail.com | MYUSER@gmail.com | {MD5-CRYPT}$1$L824LVh4$r.hyZ icsE5tmGaeJrY/dw/ | Y | +-------------+---------------+-----------------------+------------------------------------------------+-------+
##>> I understand "proxy" and "password" are not required there. That happened for testing. ############################################################# ==> Telnet session: xxxxxx [/tmp] > telnet dovecotserver 110 Trying XXX.XXX.XXX.XXX... Connected to dovecotserver. Escape character is '^]'. +OK Dovecot Ready 6111.1.524dad13.VYOVkhqfe1Ox7Wz+VfogMg==@dovecotserver user MYUSER +OK pass PASSWD -ERR Account is temporarily unavailable. quit +OK Logging out Connection to dovecotserver closed by foreign host. ############################################################# ==> Logged messages in /var/log/mailllog: Oct 3 12:23:02 dovecotserver dovecot: master: Warning: Killed with signal 15 (by pid=26790 uid=0 code=kill) Oct 3 12:23:53 dovecotserver dovecot: master: Dovecot v2.2.5 starting up (core dumps disabled) Oct 3 12:23:53 dovecotserver dovecot: auth: Debug: Loading modules from directory: /usr/lib64/dovecot/auth Oct 3 12:23:53 dovecotserver dovecot: auth: Debug: Module loaded: /usr/lib64/dovecot/auth/libdriver_mysql.so Oct 3 12:23:53 dovecotserver dovecot: auth: Debug: Module loaded: /usr/lib64/dovecot/auth/libdriver_pgsql.so Oct 3 12:23:53 dovecotserver dovecot: auth: Debug: Module loaded: /usr/lib64/dovecot/auth/libdriver_sqlite.so Oct 3 12:23:53 dovecotserver dovecot: auth: Debug: Read auth token secret from /var/run/dovecot//auth-token-secret.dat Oct 3 12:23:53 dovecotserver dovecot: auth: Debug: auth client connected (pid=26810) Oct 3 12:24:30 dovecotserver dovecot: auth: Debug: client in: AUTH 1 PLAIN service=pop3 session=/IH8S9rnzACiat/X lip=162.106.XXX.YYY rip=162.106.XXX.ZZZ lport=110 rport=37836 resp=AHNtYXJ0YnVzZWRtAHMwbWV0aGluZw== (previous base64 data may contain sensitive data) Oct 3 12:24:30 dovecotserver dovecot: auth: Debug: cache(MYUSER,162.106.223.215,): miss Oct 3 12:24:30 dovecotserver dovecot: auth-worker(26823): Debug: Loading modules from directory: /usr/lib64/dovecot/auth Oct 3 12:24:30 dovecotserver dovecot: auth-worker(26823): Debug: Module loaded: /usr/lib64/dovecot/auth/libdriver_mysql.so Oct 3 12:24:30 dovecotserver dovecot: auth-worker(26823): Debug: Module loaded: /usr/lib64/dovecot/auth/libdriver_pgsql.so Oct 3 12:24:30 dovecotserver dovecot: auth-worker(26823): Debug: Module loaded: /usr/lib64/dovecot/auth/libdriver_sqlite.so Oct 3 12:24:30 dovecotserver dovecot: auth-worker(26823): Debug: sql(MYUSER,162.106.XXX.ZZZ): query: SELECT NULL AS password, host, destuser, proxy, 'Y' AS starttls, '995' AS port, 'Y' AS nopassword FROM DovecotProxy WHERE user = 'MYUSER' Oct 3 12:24:30 dovecotserver dovecot: auth: Debug: client passdb out: OK 1 user=MYUSER host=pop.gmail.com destuser= MYUSER@gmail.com proxy starttls=Y port=995 nopassword=Y hostip=74.125.142.108 pass=XXXXXXXXX Oct 3 12:24:30 dovecotserver dovecot: pop3-login: Debug: Ignoring unknown passdb extra field: nopassword Oct 3 12:25:00 dovecotserver dovecot: pop3-login: Error: proxy(MYUSER): Login for pop.gmail.com:995 timed out in state=0 (after 30 secs, local=162.106.XXX.YYY:51196) Oct 3 12:25:12 dovecotserver dovecot: pop3-login: Aborted login (internal failure, 1 successful auths): MYUSER, 162.106.XXX.ZZZ, PLAIN
==> Something that caught my attention here: "....proxy starttls=Y..." shouldn't look like "...proxy=Y starttls=Y..." ??? I didn't see "...proxy=Y..." even after setting the sql query like "...'Y' as proxy...". #############################################################
If you had the patience to read this far, thanks a lot for trying to help...
Alex