[Dovecot] Proxy config help please
Hello, I am new to dovecot and I am initially trying to setup a basic imap proxy with password forwarding, I can start the dovecot service, connect and give it my password, and that is where I hang. My config is:
root@imap-test:/etc/dovecot# doveconf -n # 2.0.19: /etc/dovecot/dovecot.conf # OS: Linux 3.2.0-24-generic x86_64 Ubuntu 12.04 LTS auth_debug = yes auth_verbose = yes debug_log_path = syslog first_valid_uid = 100 imap_capability = CAPABILITY IMAP4rev1 ACL BINARY CATENATE CHILDREN CONDSTORE ENABLE ESEARCH ESORT I18NLEVEL=1 ID IDLE LIST-EXTENDED LIST-STATUS LITERAL+ LOGIN-REFERRALS MULTIAPPEND NAMESPACE QRESYNC QUOTA RIGHTS=ektx SASL-IR SEARCHRES SORT THREAD=ORDEREDSUBJECT UIDPLUS UNSELECT WITHIN XLIST last_valid_uid = 200 mail_debug = yes mail_gid = 107 mail_uid = 107 passdb { args = proxy=proxy_always nopassword=y host=172.16.0.13 port=143 proxy_timeout=5 starttls=y ssl=any-cert driver = static } protocols = imap service imap-login { inet_listener imap { address = * port = 143 } } ssl = required ssl_cert = </etc/courier/imapd.pem ssl_key = </etc/courier/imapd.pem verbose_ssl = yes
The system at 172.16.0.13 is a zimbra proxy. I can see in the logs that it initially complains about my ssl cert, and if I remove ssl=any-cert it fails because my cert is self signed, so I know it is talking to the proxy and doing starttls which is a requirement of zimbra. Unfortunately I have not found a way to see the full exchange between dovecot and my zimbra proxy other than tcp dump, which just shows a small packet exchange. Please let me know if I can provide any other information and thanks in advance for any help.
-Zac
On 2012-06-29 5:41 PM, Zac Israel <zac.israel@gmail.com> wrote:
The system at 172.16.0.13 is a zimbra proxy. I can see in the logs that it initially complains about my ssl cert, and if I remove ssl=any-cert it fails because my cert is self signed, so I know it is talking to the proxy and doing starttls which is a requirement of zimbra. Unfortunately I have not found a way to see the full exchange between dovecot and my zimbra proxy other than tcp dump, which just shows a small packet exchange.
And unfortunately you failed to provide critical evidence - in this case the actual logs (and the tcpdump since you already have it) of a failed session, rather than your interpretation of it. But at least you provided your config (Timo is so good that often that is enough by itself, but even his crystal ball sometimes has problems).
I have found over the years that if you are having a problem to the point that you need to ask for help, it is time to step back and take a fresh look at *everything* - including having other eyes looking at *all* of the evidence.
--
Best regards,
Charles
On Sat, Jun 30, 2012 at 4:52 AM, Charles Marcus <CMarcus@media-brokers.com> wrote:
On 2012-06-29 5:41 PM, Zac Israel <zac.israel@gmail.com> wrote:
The system at 172.16.0.13 is a zimbra proxy. I can see in the logs that it initially complains about my ssl cert, and if I remove ssl=any-cert it fails because my cert is self signed, so I know it is talking to the proxy and doing starttls which is a requirement of zimbra. Unfortunately I have not found a way to see the full exchange between dovecot and my zimbra proxy other than tcp dump, which just shows a small packet exchange.
And unfortunately you failed to provide critical evidence - in this case the actual logs (and the tcpdump since you already have it) of a failed session, rather than your interpretation of it. But at least you provided your config (Timo is so good that often that is enough by itself, but even his crystal ball sometimes has problems).
I have found over the years that if you are having a problem to the point that you need to ask for help, it is time to step back and take a fresh look at *everything* - including having other eyes looking at *all* of the evidence.
--
Best regards,
Charles
Very sorry for the omission, please find the dovecot logs and tcpdump session attached. Please let me know if I can provide any other information and thank you again for your time.
Zac
On 30.6.2012, at 0.41, Zac Israel wrote:
# 2.0.19: /etc/dovecot/dovecot.conf .. passdb { args = proxy=proxy_always nopassword=y host=172.16.0.13 port=143 proxy_timeout=5 starttls=y ssl=any-cert
v2.0 has some problems with this. You should use v2.1 and use server name as the "host" value instead of IP. But anyway, the main problem is that you haven't specified ssl_ca setting that contains the accepted CA certificate.
participants (3)
-
Charles Marcus
-
Timo Sirainen
-
Zac Israel