[Dovecot] Problem with managesieve proxy

Lance A. Brown lance at bearcircle.net
Thu Feb 21 23:36:52 EET 2013


Hi folks,

I'm setting up a new dovecot email service and have a proxy server running in
front of it to facilitate migrating users from my very old UW-IMAP-based mail
server to the new one.

I have a mysql proxy table that directs inbound IMAP and LMTP connections to
the correct server, works great.  Managesieve connections are not working
through the proxy using either with the sieverules plugin for RoundCube or the
Sieve plugin for Thunderbird.  If I point them directly at the actual dovecot
server everything works fine, so I must have something wrong in my proxy setup.

This is what I get in the maillogs when I try to connect to the managesieve proxy:

PROXY machine:
Feb 21 16:16:38 sortie dovecot: managesieve-login: Error: proxy: Remote
x.y.z.110:4190 disconnected: Connection closed (state=0, duration=0s):
user=<brown>, method=PLAIN, rip=x.y.z.83, lip=x.y.z.109, TLS,
session=<0jUal0LWswCYAxZT>
Feb 21 16:16:38 sortie dovecot: managesieve-login: Disconnected (internal
failure, 1 succesful auths): user=<brown>, method=PLAIN, rip=x.y.z.83,
lip=x.y.z.109, TLS, session=<0jUal0LWswCYAxZT>

SERVER machine:
Feb 21 16:16:38 postie dovecot: managesieve-login: Disconnected: Too many
invalid commands. (no auth attempts in 0 secs): user=<>, rip=x.y.z.109,
lip=x.y.z.110, session=<REgal0LWnQCYAxZt>

Output of a 'tcpdump -A' is attached as well if needed.

x.y.z.83  - Roundcube webmail server
x.y.z.109 - PROXY
x.y.z.110 - SERVER

If I turn off TLS all-around  I get an error in the roundcube log that says:

[20-Feb-2013 23:02:27] No supported authentication method found. The server
supports these methods: , but we want to use: PLAIN ():
[20-Feb-2013 23:02:27] Not currently in AUTHORISATION state (1):

I am using Pigeonhole 0.3.3 on both proxy and server.

Dovecot configurations for the proxy and server are attached below.

Here are the SQL files referenced in the proxy configs.  Long lines broke for
readability.

/etc/dovecot/dovecot-sql.conf.ext
driver = mysql
connect = host=localhost dbname=dovecot user=dovecot password=XXX
password_query = SELECT NULL AS password, 'any-cert' as 'ssl', \
                 'Y' as nopassword, host, user as destuser, \
                 'Y' AS proxy \
                 FROM proxy WHERE user = '%u'

/etc/dovecot/dovecot-sql-lmtp.conf.ext
driver = mysql
connect = host=localhost dbname=dovecot user=dovecot password=XXX
password_query = SELECT NULL AS password, 'any-cert' as 'ssl', \
                 'Y' as nopassword, host, user as destuser,
                 'Y' AS proxy \
                 FROM proxy WHERE user = '%n'

The proxy DB table looks like this:

-
-- Table structure for table `proxy`
--

CREATE TABLE IF NOT EXISTS `proxy` (
  `id` int(11) NOT NULL AUTO_INCREMENT,
  `user` varchar(255) NOT NULL,
  `email` varchar(64) NOT NULL,
  `host` varchar(16) DEFAULT NULL,
  PRIMARY KEY (`id`),
  UNIQUE KEY `user_index` (`user`)
) ENGINE=MyISAM  DEFAULT CHARSET=latin1 AUTO_INCREMENT=379 ;

--
-- Dumping data for table `proxy`
--

INSERT INTO `proxy` (`id`, `user`, `email`, `host`) VALUES
(1, 'brown', '', 'x.y.z.110'),
(2, 'fizgig', '', 'x.r.z.15'),

110 is the new dovecot IMAP server, 15 is the old UW-IMAP server.


Any advice on getting managesieve proxy running would be greatly appreciated.

Thanks,
  --[Lance]

-- 
 GPG Fingerprint: 409B A409 A38D 92BF 15D9 6EEE 9A82 F2AC 69AC 07B9
 CACert.org Assurer
-------------- next part --------------
16:24:14.079073 IP x.y.z.83.42168 > x.y.z.109.sieve: Flags [S], seq 4273974283, win 14600, options [mss 1460,sackOK,TS val 533787509 ecr 0,nop,wscale 5], length 0
E..<_~@. at .~w...S...m...^..........9.?..........
...u........
16:24:14.079103 IP x.y.z.109.sieve > x.y.z.83.42168: Flags [S.], seq 165429520, ack 4273974284, win 14480, options [mss 1460,sackOK,TS val 517181158 ecr 533787509,nop,wscale 5], length 0
E..<.. at .@......m...S.^..	.A.......8.F..........
.......u....
16:24:14.079206 IP x.y.z.83.42168 > x.y.z.109.sieve: Flags [.], ack 1, win 457, options [nop,nop,TS val 533787509 ecr 517181158], length 0
E..4_. at .@.~~...S...m...^....	.A......].....
...u....
16:24:14.084288 IP x.y.z.109.sieve > x.y.z.83.42168: Flags [P.], seq 1:316, ack 1, win 453, options [nop,nop,TS val 517181163 ecr 533787509], length 315
E..o.. at .@......m...S.^..	.A.........^(.....
.......u"IMPLEMENTATION" "Dovecot Pigeonhole"
"SIEVE" "fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave"
"NOTIFY" "mailto"
"SASL" ""
"STARTTLS"
"VERSION" "1.0"
OK "Dovecot ready."

16:24:14.084420 IP x.y.z.83.42168 > x.y.z.109.sieve: Flags [.], ack 316, win 490, options [nop,nop,TS val 533787514 ecr 517181163], length 0
E..4_. at .@.~}...S...m...^....	.BL...........
...z....
16:24:14.084676 IP x.y.z.83.42168 > x.y.z.109.sieve: Flags [P.], seq 1:13, ack 316, win 490, options [nop,nop,TS val 533787514 ecr 517181163], length 12
E.. at _.@. at .~p...S...m...^....	.BL....'k.....
...z....CAPABILITY

16:24:14.084680 IP x.y.z.109.sieve > x.y.z.83.42168: Flags [.], ack 13, win 453, options [nop,nop,TS val 517181164 ecr 533787514], length 0
E..4.. at .@......m...S.^..	.BL...............
.......z
16:24:14.084880 IP x.y.z.109.sieve > x.y.z.83.42168: Flags [P.], seq 316:638, ack 13, win 453, options [nop,nop,TS val 517181164 ecr 533787514], length 322
E..v.. at .@......m...S.^..	.BL........^/.....
.......z"IMPLEMENTATION" "Dovecot Pigeonhole"
"SIEVE" "fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave"
"NOTIFY" "mailto"
"SASL" ""
"STARTTLS"
"VERSION" "1.0"
OK "Capability completed."

16:24:14.085055 IP x.y.z.83.42168 > x.y.z.109.sieve: Flags [P.], seq 13:23, ack 638, win 524, options [nop,nop,TS val 533787515 ecr 517181164], length 10
E..>_. at .@.~q...S...m...^....	.C.....g......
...{....STARTTLS

16:24:14.085241 IP x.y.z.109.sieve > x.y.z.83.42168: Flags [P.], seq 638:671, ack 23, win 453, options [nop,nop,TS val 517181164 ecr 533787515], length 33
E..U.. at .@.
....m...S.^..	.C...."....]......
.......{OK "Begin TLS negotiation now."

16:24:14.085403 IP x.y.z.83.42168 > x.y.z.109.sieve: Flags [P.], seq 23:157, ack 671, win 524, options [nop,nop,TS val 533787515 ecr 517181164], length 134
E..._. at .@.}....S...m...^..."	.C.....wH.....
...{............}..Q&.~..e.c../..o5....6...=.A%.[*...:.9.8.....5.......
.3.2.....E.D./...A.........	..........................x.y.z.109.#..
16:24:14.090213 IP x.y.z.109.sieve > x.y.z.83.42168: Flags [.], seq 671:3567, ack 157, win 486, options [nop,nop,TS val 517181169 ecr 533787515], length 2896
E..... at .@......m...S.^..	.C.........h=.....
.......{....9...5..Q&.~2.t5K.
.]W.....2nO...,.^.;....9..
..........#......;...7..4..*0..&0.............\..d...._.W...0
.	*.H..
.....0Q1.0	..U....US1.0...U.
===CERT DETAILS ELIDED====
.	*.H..
...........L..).../v.c.@	.-.{...7.B.....	.. at ..q.GB..#....
E9q.4%
..>n..Z4P..8.N....h.Jq.L..4.*u..?...........'M*...{.....>J...Ht.8p....H'..-Kt=...a.l../.........B8....s`I..w... at ..|k.....,..C......8.....&.3..o.....g4.h.....}W..?+..../...ZD	XB.U#....!G...~..6./Vi.Y..V..:0..60.........
16:24:14.090224 IP x.y.z.109.sieve > x.y.z.83.42168: Flags [P.], seq 3567:4767, ack 157, win 486, options [nop,nop,TS val 517181169 ecr 533787515], length 1200
E..... at .@.	Q...m...S.^..	.N.........a......
.......{...'.....q*.... at c$}@W.T.T~..Ha.......M...
===CERT DETAILS ELIDED====
.	*.H..
...........f!.tE.K...2.)....$[..joP>...
..[....;V.....!.V;A1........
<G..\&.>...4n...g..I..|{d%..F.P..
!:I$...ehgh.E-G.....).r...6Ct....V.._ at X...~|.....\.f...........'....0.S.f..7....\ .6..b}.....a.I..<...d..e9E...A.....Va......f.")..=..*....	..........$......h.pf_.....
...	....&..oeSx.oe......Z.^.S.F.v1WjQu8.....M..g6z......'......q,^......b\..'....I.O.si........U+...;..Nv+.R....k......xJ	.W..]<'.2..........>....(..h\.
.{..
.9...Y....n.p .b...`....9.t..S._....9\_......#.4.O.f.*..{...	..Y...z8...D..b..&.a.K/,8..;a..8...h..Lj...CA.....~.&.	.s.x .sJi.....~.......?.g......y.....R..7...s....N.uI.:....].e..\r....FE............|"r.7...h.S.......E...I
16:24:14.090403 IP x.y.z.83.42168 > x.y.z.109.sieve: Flags [.], ack 4767, win 705, options [nop,nop,TS val 533787520 ecr 517181169], length 0
E..4_. at .@.~y...S...m...^....	.S............
........
16:24:14.090403 IP x.y.z.109.sieve > x.y.z.83.42168: Flags [P.], seq 4767:4920, ack 157, win 486, options [nop,nop,TS val 517181170 ecr 533787520], length 153
E..... at .@.
g...m...S.^..	.S.........]......
........
 ..Qk.k.U..M..A..]..i..J.<..f.v...M.T.......+..._.-..1.oc.r..z......(..].+t.3.<L....W..5..7N....)9..$..L....~.L.P.<...E........Te........D..............
16:24:14.093415 IP x.y.z.83.42168 > x.y.z.109.sieve: Flags [P.], seq 157:355, ack 4920, win 795, options [nop,nop,TS val 533787523 ecr 517181170], length 198
E..._. at .@.}....S...m...^....	.TH...........
....................C....
Z/#.4..../...e.?.G'_.i.Q.<8IVz.9...
...........ziy..a.X......M....{..{.-..IE..X%.../.=.w.Tg.o...i(.l.;.AW.&.AF<..8...T.*...........0.j...J...............yEx.+.3..0.cys.-"%A=....Z..
16:24:14.095289 IP x.y.z.109.sieve > x.y.z.83.42168: Flags [P.], seq 4920:5170, ack 355, win 520, options [nop,nop,TS val 517181175 ecr 533787523], length 250
E..... at .@.
....m...S.^..	.TH...n....]......
.......................A9..fTg!.. at .....s...o...z........Ns.....2.hA...F.......i)......y&..v.g..[o7..3..d...\95k...'._..*...G+[..c..0FB.#.5.5...s....|.;..;...+*i&.a4....+..Rs..c.....
g..n..j.nm....=............0..*.... Q..&E......-.4.krW5h_.._^......(...#3...
16:24:14.135050 IP x.y.z.83.42168 > x.y.z.109.sieve: Flags [.], ack 5170, win 886, options [nop,nop,TS val 533787565 ecr 517181175], length 0
E..4_. at .@.~w...S...m...^...n	.UB...v.......
........
16:24:14.135060 IP x.y.z.109.sieve > x.y.z.83.42168: Flags [P.], seq 5170:5484, ack 355, win 520, options [nop,nop,TS val 517181214 ecr 533787565], length 314
E..n.. at .@......m...S.^..	.UB...n....^'.....
............ .<.q. at ..W..._...pBy.O&....7Q..Q at .....P....@9..d	<..E.. at ........=<7O...v...!{0..k%..V...'@X^....vftRF>8rW.	b.O.2+.....)I*..)	U!..J...D..Wq../...W\..{`....T..2&.-d.!Y...4.;...+.s..Kt..f...V.^Sn...}.t.)Z.:.....C[,.v.=&R
.......\u.....y... ...!......x."...W...g%u...D....3....Z.Gb....co+........gQm..-...X.p..^...
16:24:14.135178 IP x.y.z.83.42168 > x.y.z.109.sieve: Flags [.], ack 5484, win 976, options [nop,nop,TS val 533787565 ecr 517181214], length 0
E..4_. at .@.~v...S...m...^...n	.V|...........
........
16:24:14.135404 IP x.y.z.83.42168 > x.y.z.109.sieve: Flags [P.], seq 355:408, ack 5484, win 976, options [nop,nop,TS val 533787565 ecr 517181214], length 53
E..i_. at .@.~@...S...m...^...n	.V|...........
............0.k.]...N.U8..V. ..0...s.9~..T..d(s...%.mTPW.K.F.
16:24:14.135494 IP x.y.z.109.sieve > x.y.z.83.42168: Flags [P.], seq 5484:5590, ack 408, win 520, options [nop,nop,TS val 517181215 ecr 533787565], length 106
E..... at .@.
....m...S.^..	.V|........]W.....
............ ..Y.....6..d...s4....I.E.X6...1&.... at ....f*..m.:.u....$B..Q..#G......{Z..m...K....>j.._U.K[:..Q.Zqtnl
16:24:14.135856 IP x.y.z.83.42168 > x.y.z.109.sieve: Flags [P.], seq 408:493, ack 5590, win 976, options [nop,nop,TS val 533787566 ecr 517181215], length 85
E..._. at .@.~....S...m...^....	.V......].....
............P./...Y....!.0.V...*D."zQ....[M..{..}..5k..b._.e.jK..&...A..~..b..T.. ....:%.PAY.
16:24:14.136683 IP x.y.z.109.40120 > x.y.z.110.sieve: Flags [S], seq 1687026055, win 14600, options [mss 1460,sackOK,TS val 517181216 ecr 0,nop,wscale 5], length 0
E..<v. at .@.g3...m...n...^d.........9............
... ........
16:24:14.136883 IP x.y.z.110.sieve > x.y.z.109.40120: Flags [S.], seq 2266448111, ack 1687026056, win 14480, options [mss 1460,sackOK,TS val 254861327 ecr 517181216,nop,wscale 7], length 0
E..<.. at .@......n...m.^.... at .d.....8.B..........
.0..... ....
16:24:14.136891 IP x.y.z.109.40120 > x.y.z.110.sieve: Flags [.], ack 1, win 457, options [nop,nop,TS val 517181216 ecr 254861327], length 0
E..4v. at .@.g:...m...n...^d..... at ............
... .0..
16:24:14.136984 IP x.y.z.109.40120 > x.y.z.110.sieve: Flags [P.], seq 1:114, ack 1, win 457, options [nop,nop,TS val 517181216 ecr 254861327], length 113
E...v. at .@.f....m...n...^d..... at .....]y.....
... .0......l...h..Q&.~pG.R.o.}8G...n..Q.F.`Y{.n.S...:.9.8.....5.......
.3.2.....E.D./...A.........	..................#..
16:24:14.137100 IP x.y.z.110.sieve > x.y.z.109.40120: Flags [.], ack 114, win 114, options [nop,nop,TS val 254861327 ecr 517181216], length 0
E..4.. at .@.<....n...m.^.... at .d......r.......
.0..... 
16:24:14.142492 IP x.y.z.110.sieve > x.y.z.109.40120: Flags [P.], seq 1:346, ack 114, win 114, options [nop,nop,TS val 254861335 ecr 517181216], length 345
E..... at .@.;....n...m.^.... at .d......r.......
.0..... "IMPLEMENTATION" "Dovecot Pigeonhole"
"SIEVE" "fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave editheader vnd.dovecot.filter"
"NOTIFY" "mailto"
"SASL" ""
"STARTTLS"
"VERSION" "1.0"
OK "Dovecot ready."

16:24:14.142501 IP x.y.z.109.40120 > x.y.z.110.sieve: Flags [.], ack 346, win 490, options [nop,nop,TS val 517181222 ecr 254861335], length 0
E..4v. at .@.g8...m...n...^d.....BI...........
...&.0..
16:24:14.142515 IP x.y.z.110.sieve > x.y.z.109.40120: Flags [FP.], seq 346:502, ack 114, win 114, options [nop,nop,TS val 254861335 ecr 517181216], length 156
E..... at .@.<E...n...m.^....BId......r.......
.0..... NO "Error in MANAGESIEVE command received by server."
NO "Error in MANAGESIEVE command received by server."
BYE "Too many invalid MANAGESIEVE commands."

16:24:14.142611 IP x.y.z.109.40120 > x.y.z.110.sieve: Flags [R.], seq 114, ack 503, win 524, options [nop,nop,TS val 517181222 ecr 254861335], length 0
E..4v. at .@.g7...m...n...^d.....B............
...&.0..
16:24:14.142907 IP x.y.z.109.sieve > x.y.z.83.42168: Flags [P.], seq 5590:5712, ack 493, win 520, options [nop,nop,TS val 517181222 ecr 533787566], length 122
E..... at .@.
....m...S.^..	.V.........]g.....
...&........ ...
>......vA....'..^"..b.s...m.....P.q.&.k...lO...A........F....U.f.u......%... ..]nuV.Oa0....U.M..^t_..y...8..%@..8
16:24:14.145988 IP x.y.z.83.42168 > x.y.z.109.sieve: Flags [P.], seq 493:530, ack 5712, win 976, options [nop,nop,TS val 533787576 ecr 517181222], length 37
E..Y_. at .@.~N...S...m...^....	.W`...........
.......&.... ..%Fr_.,..
..Z..w!..".\.....H...
16:24:14.146046 IP x.y.z.83.42168 > x.y.z.109.sieve: Flags [F.], seq 530, ack 5712, win 976, options [nop,nop,TS val 533787576 ecr 517181222], length 0
E..4_. at .@.~r...S...m...^....	.W`.....r.....
.......&
16:24:14.146085 IP x.y.z.109.sieve > x.y.z.83.42168: Flags [P.], seq 5712:5749, ack 531, win 520, options [nop,nop,TS val 517181225 ecr 533787576], length 37
E..Y.. at .@.
....m...S.^..	.W`........]......
...)........ ^3a.......`....)......k...{.\...
16:24:14.146117 IP x.y.z.109.sieve > x.y.z.83.42168: Flags [F.], seq 5749, ack 531, win 520, options [nop,nop,TS val 517181225 ecr 533787576], length 0
E..4.. at .@.
....m...S.^..	.W................
...)....
16:24:14.146335 IP x.y.z.83.42168 > x.y.z.109.sieve: Flags [R], seq 4273974814, win 0, length 0
E..(.. at .@..	...S...m...^........P....$........
16:24:14.146347 IP x.y.z.83.42168 > x.y.z.109.sieve: Flags [R], seq 4273974814, win 0, length 0
E..(.. at .@..	...S...m...^........P....$........

-------------- next part --------------
# 2.1.14: /etc/dovecot/dovecot.conf
# OS: Linux 2.6.32-279.22.1.el6.x86_64 x86_64 Scientific Linux release 6.3 (Carbon) 
auth_username_format = %Ln
mail_fsync = always
mail_location = maildir:~/Maildir
mail_nfs_index = yes
mail_nfs_storage = yes
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave editheader vnd.dovecot.filter
mbox_write_locks = fcntl
mmap_disable = yes
namespace inbox {
  inbox = yes
  location = 
  mailbox Drafts {
    special_use = \Drafts
  }
  mailbox Junk {
    special_use = \Junk
  }
  mailbox Sent {
    special_use = \Sent
  }
  mailbox "Sent Messages" {
    special_use = \Sent
  }
  mailbox Trash {
    special_use = \Trash
  }
  prefix = 
  separator = /
}
passdb {
  args = failure_show_msg=yes
  driver = pam
}
plugin {
  sieve = ~/.dovecot.sieve
  sieve_before = /etc/dovecot/sieve-before.d
  sieve_default = /etc/dovecot/sieve/default.sieve
  sieve_dir = ~/sieve
  sieve_extensions = +editheader +vnd.dovecot.filter
  sieve_filter_bin_dir = /etc/dovecot/sieve-filter
  sieve_plugins = sieve_extprograms
  sieve_user_log = ~/.dovecot.sieve.log
}
protocols = imap pop3 lmtp sieve
service lmtp {
  inet_listener lmtp {
    address = 152.3.22.110
    port = 24
  }
}
service managesieve-login {
  inet_listener sieve {
    port = 4190
  }
}
service pop3-login {
  inet_listener pop3 {
    port = 0
  }
  inet_listener pop3s {
    port = 0
  }
}
ssl = required
ssl_cert = </etc/pki/dovecot/certs/dovecot.pem
ssl_key = </etc/pki/dovecot/private/dovecot.pem
userdb {
  args = blocking=yes
  driver = passwd
  override_fields = gid=vmail home=/var/vmail/stat.duke.edu/%u
}
protocol lmtp {
  mail_plugins = " sieve"
}
protocol imap {
  mail_max_userip_connections = 30
}
-------------- next part --------------
# 2.1.14: /etc/dovecot/dovecot.conf
# OS: Linux 2.6.32-279.22.1.el6.x86_64 x86_64 Scientific Linux release 6.3 (Carbon) 
lmtp_proxy = yes
mail_gid = 500
mail_uid = 500
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave
mbox_write_locks = fcntl
namespace inbox {
  inbox = yes
  location = 
  mailbox Drafts {
    special_use = \Drafts
  }
  mailbox Junk {
    special_use = \Junk
  }
  mailbox Sent {
    special_use = \Sent
  }
  mailbox "Sent Messages" {
    special_use = \Sent
  }
  mailbox Trash {
    special_use = \Trash
  }
  prefix = 
}
passdb {
  args = /etc/dovecot/dovecot-sql.conf.ext
  driver = sql
}
protocols = imap pop3 lmtp sieve
service lmtp {
  inet_listener lmtp {
    address = 152.3.22.109
    port = 24
  }
}
service pop3-login {
  inet_listener pop3 {
    port = 0
  }
  inet_listener pop3s {
    port = 0
  }
}
ssl = required
ssl_cert = </etc/pki/dovecot/stat/imapd.pem-2011
ssl_key = </etc/pki/dovecot/stat/imapd.pem-2011
protocol lmtp {
  passdb {
    args = /etc/dovecot/dovecot-sql-lmtp.conf.ext
    driver = sql
  }
}
protocol sieve {
  passdb {
    args = /etc/dovecot/dovecot-sql-lmtp.conf.ext
    driver = sql
  }
}


More information about the dovecot mailing list