Op 14-11-2023 om 14:35 schreef Aki Tuomi:
On 14/11/2023 14:59 EET Kees van Vloten keesvanvloten@gmail.com wrote:
Hi all,
After upgrading Debian Bullseye (Dovecot 2.3.13) to Bookworm (Dovcecot 2.3.19), submission-login returns an error on Kerberos authentication: "Client sent invalid command: Command line is too long".
When I initially set this up on Bullseye I have seen the same issue, but adding "imap_max_line_length = 2M" solved it.
Now with 2.3.19 kerberos authentication still works (with this setting) for imap connections but it stopped working for submission.
Is there a new config setting for submission-login that I missed? Or is this a bug in 2.3.19?
- Kees.
You are probably running into a client-side issue. SMTP RFC says that all commands, including sasl ir, must be at most 998 bytes. Can you check if the client is sending AUTH KERBEROS which is longer than 998 lines?
After AUTH KERBEROS you can send longer lines.
The client has not changed. I have just upgraded the server from Bullseye to Bookworm, without configuration changes to Dovecot. The only change is version 2.3.13 to 2.3.19, that is why my first suspicion is that something changed in dovecot submission-login.
The client is Thunderbird 102 and that has not changed for a long time (a year or so).
Is there a way to create debug logs that show the client communication to submission-login? I had enabled "auth_debug" and "auth_verbose" in Dovecot but that seems to log the server side communication only (see below).
And even with that information, would it be possible to convince Thunderbird to send 'AUTH KERBEROS' if it does not do that already?
I logging I have is this:
Nov 14 13:44:37 mailserver dovecot: submission-login: Debug: smtp-server: Sent: 220 mailserver.example.com Dovecot ready. Nov 14 13:44:37 mailserver dovecot: submission-login: Debug: smtp-server: Sending replies Nov 14 13:44:37 mailserver dovecot: submission-login: Debug: smtp-server: No more commands pending Nov 14 13:44:37 mailserver dovecot: submission-login: Debug: smtp-server: Received new command: EHLO [192.168.1.106] Nov 14 13:44:37 mailserver dovecot: submission-login: Debug: smtp-server: command EHLO: New command Nov 14 13:44:37 mailserver dovecot: submission-login: Debug: smtp-server: command EHLO: Execute command Nov 14 13:44:37 mailserver dovecot: submission-login: Debug: smtp-server: command EHLO: Pipeline blocked Nov 14 13:44:37 mailserver dovecot: submission-login: Debug: smtp-server: command EHLO: 250 reply: Submitted Nov 14 13:44:37 mailserver dovecot: submission-login: Debug: smtp-server: command EHLO: Replied Nov 14 13:44:37 mailserver dovecot: submission-login: Debug: smtp-server: command EHLO: Ready to reply Nov 14 13:44:37 mailserver dovecot: submission-login: Debug: smtp-server: Trigger output Nov 14 13:44:37 mailserver dovecot: submission-login: Debug: smtp-server: command EHLO: Next to reply Nov 14 13:44:37 mailserver dovecot: submission-login: Debug: smtp-server: Sending replies Nov 14 13:44:37 mailserver dovecot: submission-login: Debug: smtp-server: command EHLO: Next to reply Nov 14 13:44:37 mailserver dovecot: submission-login: Debug: smtp-server: command EHLO: Completed Nov 14 13:44:37 mailserver dovecot: submission-login: Debug: smtp-server: command EHLO: Pipeline unblocked Nov 14 13:44:37 mailserver dovecot: submission-login: Debug: smtp-server: Connection state reset Nov 14 13:44:37 mailserver dovecot: submission-login: Debug: smtp-server: command EHLO: 250 reply: Sent: 250-mailserver.example.com 8BITMIME AUTH GSSAPI GSS-SPNEGO PLAIN BURL imap CHUNKING ENHANCEDSTATUSCODES SIZE PIPELINING Nov 14 13:44:37 mailserver dovecot: submission-login: Debug: smtp-server: command EHLO: Finished Nov 14 13:44:37 mailserver dovecot: submission-login: Debug: smtp-server: command EHLO: Destroy Nov 14 13:44:37 mailserver dovecot: submission-login: Debug: smtp-server: command EHLO: 250 reply: Destroy Nov 14 13:44:37 mailserver dovecot: submission-login: Debug: smtp-server: Trigger output Nov 14 13:44:37 mailserver dovecot: submission-login: Debug: smtp-server: No more commands pending Nov 14 13:44:37 mailserver dovecot: submission-login: Debug: smtp-server: Sending replies Nov 14 13:44:37 mailserver dovecot: submission-login: Debug: smtp-server: No more commands pending Nov 14 13:44:37 mailserver dovecot: submission-login: Debug: smtp-server: Client sent invalid command: Command line is too long Nov 14 13:44:37 mailserver dovecot: submission-login: Debug: smtp-server: command [unknown]: Invalid command Nov 14 13:44:37 mailserver dovecot: submission-login: Debug: smtp-server: command [unknown]: 500 reply: Submitted Nov 14 13:44:37 mailserver dovecot: submission-login: Debug: smtp-server: command [unknown]: Replied Nov 14 13:44:37 mailserver dovecot: submission-login: Debug: smtp-server: command [unknown]: Ready to reply Nov 14 13:44:37 mailserver dovecot: submission-login: Debug: smtp-server: Trigger output Nov 14 13:44:37 mailserver dovecot: submission-login: Debug: smtp-server: Sending replies Nov 14 13:44:37 mailserver dovecot: submission-login: Debug: smtp-server: command [unknown]: Next to reply Nov 14 13:44:37 mailserver dovecot: submission-login: Debug: smtp-server: command [unknown]: Completed Nov 14 13:44:37 mailserver dovecot: submission-login: Debug: smtp-server: command [unknown]: 500 reply: Sent: 500 5.5.2 Line too long Nov 14 13:44:37 mailserver dovecot: submission-login: Debug: smtp-server: command [unknown]: Finished Nov 14 13:44:37 mailserver dovecot: submission-login: Debug: smtp-server: command [unknown]: Destroy Nov 14 13:44:37 mailserver dovecot: submission-login: Debug: smtp-server: command [unknown]: 500 reply: Destroy Nov 14 13:44:37 mailserver dovecot: submission-login: Debug: smtp-server: Trigger output Nov 14 13:44:37 mailserver dovecot: submission-login: Debug: smtp-server: No more commands pending Nov 14 13:44:37 mailserver dovecot: submission-login: Debug: smtp-server: Sending replies Nov 14 13:44:37 mailserver dovecot: submission-login: Debug: smtp-server: No more commands pending Nov 14 13:44:37 mailserver dovecot: submission-login: Debug: smtp-server: Remote closed connection: Connection closed
Do note that I redacted a column with the server ipaddress to make the lines a bit shorter and more readable.
- Kees
Aki