[Dovecot] Problem with managesieve proxy
Hi folks,
I'm setting up a new dovecot email service and have a proxy server running in front of it to facilitate migrating users from my very old UW-IMAP-based mail server to the new one.
I have a mysql proxy table that directs inbound IMAP and LMTP connections to the correct server, works great. Managesieve connections are not working through the proxy using either with the sieverules plugin for RoundCube or the Sieve plugin for Thunderbird. If I point them directly at the actual dovecot server everything works fine, so I must have something wrong in my proxy setup.
This is what I get in the maillogs when I try to connect to the managesieve proxy:
PROXY machine: Feb 21 16:16:38 sortie dovecot: managesieve-login: Error: proxy: Remote x.y.z.110:4190 disconnected: Connection closed (state=0, duration=0s): user=<brown>, method=PLAIN, rip=x.y.z.83, lip=x.y.z.109, TLS, session=<0jUal0LWswCYAxZT> Feb 21 16:16:38 sortie dovecot: managesieve-login: Disconnected (internal failure, 1 succesful auths): user=<brown>, method=PLAIN, rip=x.y.z.83, lip=x.y.z.109, TLS, session=<0jUal0LWswCYAxZT>
SERVER machine: Feb 21 16:16:38 postie dovecot: managesieve-login: Disconnected: Too many invalid commands. (no auth attempts in 0 secs): user=<>, rip=x.y.z.109, lip=x.y.z.110, session=<REgal0LWnQCYAxZt>
Output of a 'tcpdump -A' is attached as well if needed.
x.y.z.83 - Roundcube webmail server x.y.z.109 - PROXY x.y.z.110 - SERVER
If I turn off TLS all-around I get an error in the roundcube log that says:
[20-Feb-2013 23:02:27] No supported authentication method found. The server supports these methods: , but we want to use: PLAIN (): [20-Feb-2013 23:02:27] Not currently in AUTHORISATION state (1):
I am using Pigeonhole 0.3.3 on both proxy and server.
Dovecot configurations for the proxy and server are attached below.
Here are the SQL files referenced in the proxy configs. Long lines broke for readability.
/etc/dovecot/dovecot-sql.conf.ext
driver = mysql
connect = host=localhost dbname=dovecot user=dovecot password=XXX
password_query = SELECT NULL AS password, 'any-cert' as 'ssl',
'Y' as nopassword, host, user as destuser,
'Y' AS proxy
FROM proxy WHERE user = '%u'
/etc/dovecot/dovecot-sql-lmtp.conf.ext
driver = mysql
connect = host=localhost dbname=dovecot user=dovecot password=XXX
password_query = SELECT NULL AS password, 'any-cert' as 'ssl',
'Y' as nopassword, host, user as destuser,
'Y' AS proxy
FROM proxy WHERE user = '%n'
The proxy DB table looks like this:
-- Table structure for table
proxy
CREATE TABLE IF NOT EXISTS proxy
(
id
int(11) NOT NULL AUTO_INCREMENT,
user
varchar(255) NOT NULL,
email
varchar(64) NOT NULL,
host
varchar(16) DEFAULT NULL,
PRIMARY KEY (id
),
UNIQUE KEY user_index
(user
)
) ENGINE=MyISAM DEFAULT CHARSET=latin1 AUTO_INCREMENT=379 ;
--
-- Dumping data for table proxy
INSERT INTO proxy
(id
, user
, email
, host
) VALUES
(1, 'brown', '', 'x.y.z.110'),
(2, 'fizgig', '', 'x.r.z.15'),
110 is the new dovecot IMAP server, 15 is the old UW-IMAP server.
Any advice on getting managesieve proxy running would be greatly appreciated.
Thanks, --[Lance]
-- GPG Fingerprint: 409B A409 A38D 92BF 15D9 6EEE 9A82 F2AC 69AC 07B9 CACert.org Assurer
I found it.
I needed to tell the sieve service to specify STARTTLS instead of SSL when connecting to the backend server in the SQL statement:
/etc/dovecot/dovecot-sql-lmtp.conf.ext password_query = SELECT NULL AS password,
'any-cert' as 'starttls',
...
instead of
... 'any-cert' as 'ssl',
...
Once I got that right everything fell into place.
--[Lance]
-- GPG Fingerprint: 409B A409 A38D 92BF 15D9 6EEE 9A82 F2AC 69AC 07B9 CACert.org Assurer
participants (1)
-
Lance A. Brown