Apple mail fails with Submission

Stephan Bosch stephan at rename-it.nl
Sun Dec 23 12:45:52 EET 2018


Hi,

Below, you have only the submission-login debug log (authentication). 
I'm more interested in what happens after that. You'll need to enable 
mail_debug=yes (at least for the user involved) to get that.

Regards,

Stephan.

Op 18/12/2018 om 17:17 schreef Ruud Voorjans:
> Postfix debug peer logging
>
> Dec 18 17:08:11 mail postfix/submission/smtpd[10626]: > 
> server.example.org <http://server.example.org>[XX.XX.XX.XX]: 250 2.1.5 Ok
> Dec 18 17:08:11 mail postfix/submission/smtpd[10626]: watchdog_pat: 
> 0x55ef4ec020180
> Dec 18 17:08:11 mail postfix/submission/smtpd[10626]: 
> vstream_fflush_some: fd 10 flush 28
> Dec 18 17:08:11 mail postfix/submission/smtpd[10626]: 
> vstream_buf_get_ready: fd 10 got 15
> Dec 18 17:08:11 mail postfix/submission/smtpd[10626]: < 
> server.example.org <http://server.example.org> [ XX.XX.XX.XX]: BDAT 
> 326 LAST
> Dec 18 17:08:11 mail postfix/submission/smtpd[10626]: match_string: 
> smtpd_forbidden_commands: bdat ~? connect
> Dec 18 17:08:11 mail postfix/submission/smtpd[10626]: match_string: 
> smtpd_forbidden_commands: bdat ~? get
> Dec 18 17:08:11 mail postfix/submission/smtpd[10626]: match_string: 
> smtpd_forbidden_commands: bdat ~? post
> Dec 18 17:08:11 mail postfix/submission/smtpd[10626]: 
> match_list_match: BDAT: no match
> Dec 18 17:08:11 mail postfix/submission/smtpd[10626]: > 
> server.example.org <http://server.example.org> [ XX.XX.XX.XX]  : 502 
> 5.5.2 Error: command not recognized
> Dec 18 17:08:11 mail postfix/submission/smtpd[10626]: watchdog_pat: 
> 0x55ef4ec020180
> Dec 18 17:08:11 mail postfix/submission/smtpd[10626]: 
> vstream_fflush_some: fd 10 flush 41
> Dec 18 17:08:11 mail postfix/submission/smtpd[10626]: 
> vstream_buf_get_ready: fd 10 got 326
> Dec 18 17:08:11 mail postfix/submission/smtpd[10626]: < 
> server.example.org <http://server.example.org> [ XX.XX.XX.XX]  : 
> Content-Type: text/plain; charset=us-ascii
> Dec 18 17:08:11 mail postfix/submission/smtpd[10626]: warning: 
> non-SMTP command from server.example.org <http://server.example.org> 
> [ XX.XX.XX.XX]  : Content-Type: text/plain; charset=us-ascii
> Dec 18 17:08:11 mail postfix/submission/smtpd[10626]: > 
> server.example.org <http://server.example.org> [ XX.XX.XX.XX]  ]: 221 
> 2.7.0 Error: I can break rules, too. Goodbye.
>
>
> Op di 18 dec. 2018 om 17:01 schreef Ruud Voorjans 
> <ruud.voorjans at gmail.com <mailto:ruud.voorjans at gmail.com>>:
>
>     doveconf -n output:
>     # 2.3.2.1 (0719df592): /etc/dovecot/dovecot.conf
>     # Pigeonhole version 0.5.2 ()
>     # OS: Linux 4.18.0-12-generic x86_64 Ubuntu 18.10
>     # Hostname: mail.example.org <http://mail.example.org>
>     auth_debug = yes
>     auth_debug_passwords = yes
>     auth_mechanisms = plain login
>     auth_verbose = yes
>     director_mail_servers = XX.XX.XX.XX
>     hostname = mail.example.org <http://mail.example.org>
>     log_path = /var/log/dovecot.log
>     login_trusted_networks = XX.XX.XX.XX
>     mail_debug = yes
>     mail_location = mbox:~/mail:INBOX=/var/mail/%u
>     mail_privileged_group = mail
>     namespace inbox {
>       inbox = yes
>       location =
>       mailbox Drafts {
>         special_use = \Drafts
>       }
>       mailbox Junk {
>         special_use = \Junk
>       }
>       mailbox Sent {
>         special_use = \Sent
>       }
>       mailbox "Sent Messages" {
>         special_use = \Sent
>       }
>       mailbox Trash {
>         special_use = \Trash
>       }
>       prefix =
>     }
>     passdb {
>       args = proxy=y host=XX.XX.XX nopassword=y
>       driver = static
>     }
>     protocols = imap submission
>     service director {
>       fifo_listener login/proxy-notify {
>         mode = 0600
>         user = $default_login_user
>       }
>       inet_listener {
>         port = 9090
>       }
>       unix_listener director-userdb {
>         mode = 0600
>       }
>       unix_listener login/director {
>         mode = 0666
>       }
>     }
>     service imap-login {
>       executable = imap-login director
>     }
>     service submission-login {
>       executable = submission-login
>     }
>     ssl = required
>     ssl_cert = </etc/letsencrypt/live/mail.example.org/fullchain.pem
>     <http://mail.example.org/fullchain.pem>
>     ssl_cipher_list =
>     AES256+EECDH:AES256+EDH:ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5
>     ssl_dh =  # hidden, use -P to show it
>     ssl_key =  # hidden, use -P to show it
>     ssl_min_protocol = TLSv1.2
>     ssl_prefer_server_ciphers = yes
>     submission_relay_host = XX.XX.XX.XX
>     submission_relay_rawlog_dir = /var/log/dovecot.log
>     submission_relay_trusted = yes
>     verbose_ssl = yes
>
>
>     Logging:
>     Dec 18 16:36:39 submission-login: Debug: smtp-server: conn   [0]:
>     Connection created
>     Dec 18 16:36:39 submission-login: Debug: smtp-server: conn   [0]:
>     Received new command: EHLO [10.225.11.41]
>     Dec 18 16:36:39 submission-login: Debug: smtp-server: conn   [0]:
>     command EHLO; 250 reply: Submitted
>     Dec 18 16:36:39 submission-login: Debug: smtp-server: conn   [0]:
>     command EHLO: Ready to reply
>     Dec 18 16:36:39 submission-login: Debug: smtp-server: conn   [0]:
>     Trigger output
>     Dec 18 16:36:39 submission-login: Debug: smtp-server: conn   [0]:
>     Sending replies
>     Dec 18 16:36:39 submission-login: Debug: smtp-server: conn   [0]:
>     command EHLO: Completed
>     Dec 18 16:36:39 submission-login: Debug: smtp-server: conn   [0]:
>     Connection state reset
>     Dec 18 16:36:39 submission-login: Debug: smtp-server: conn   [0]:
>     command EHLO; 250 reply: Sent: 250-mail.example.org
>     <http://250-mail.example.org> 8BITMIME BURL imap CHUNKING
>     ENHANCEDSTATUSCODES SIZE STARTTLS PIPELINING
>     Dec 18 16:36:39 submission-login: Debug: smtp-server: conn   [0]:
>     command EHLO: Destroy
>     Dec 18 16:36:39 submission-login: Debug: smtp-server: conn   [0]:
>     command EHLO; 250 reply: Destroy
>     Dec 18 16:36:39 submission-login: Debug: smtp-server: conn   [0]:
>     Trigger output
>     Dec 18 16:36:39 submission-login: Debug: smtp-server: conn   [0]:
>     No more commands pending
>     Dec 18 16:36:39 submission-login: Debug: smtp-server: conn   [0]:
>     Sending replies
>     Dec 18 16:36:39 submission-login: Debug: smtp-server: conn   [0]:
>     No more commands pending
>     Dec 18 16:36:39 submission-login: Debug: smtp-server: conn   [0]:
>     Received new command: STARTTLS
>     Dec 18 16:36:39 submission-login: Debug: smtp-server: conn   [0]:
>     command STARTTLS: Next to reply
>     Dec 18 16:36:39 submission-login: Debug: smtp-server: conn   [0]:
>     command STARTTLS; 220 reply: Submitted
>     Dec 18 16:36:39 submission-login: Debug: smtp-server: conn   [0]:
>     command STARTTLS: Ready to reply
>     Dec 18 16:36:39 submission-login: Debug: smtp-server: conn   [0]:
>     Trigger output
>     Dec 18 16:36:39 submission-login: Debug: smtp-server: conn   [0]:
>     Sending replies
>     Dec 18 16:36:39 submission-login: Debug: smtp-server: conn   [0]:
>     command STARTTLS; 220 reply: Sent: 220 2.0.0 Begin TLS negotiation
>     now.
>     Dec 18 16:36:39 submission-login: Debug: smtp-server: conn   [0]:
>     command STARTTLS: Destroy
>     Dec 18 16:36:39 submission-login: Debug: smtp-server: conn   [0]:
>     Starting TLS
>     Dec 18 16:36:39 submission-login: Debug: smtp-server: conn   [0]:
>     Connection clear
>     Dec 18 16:36:39 submission-login: Debug: smtp-server: conn   [0]:
>     Connection state reset
>     Dec 18 16:36:39 submission-login: Debug: smtp-server: conn   [0]:
>     command STARTTLS; 220 reply: Destroy
>     Dec 18 16:36:39 submission-login: Debug: smtp-server: conn   [0]:
>     Trigger output
>     Dec 18 16:36:39 submission-login: Debug: smtp-server: conn   [0]:
>     No more commands pending
>     Dec 18 16:36:39 submission-login: Debug: SSL: where=0x10, ret=1:
>     before SSL initialization
>     Dec 18 16:36:39 submission-login: Debug: SSL: where=0x2001, ret=1:
>     before SSL initialization
>     Dec 18 16:36:39 submission-login: Debug: SSL: where=0x2002,
>     ret=-1: before SSL initialization
>     Dec 18 16:36:39 submission-login: Debug: SSL: where=0x2002,
>     ret=-1: before SSL initialization
>     Dec 18 16:36:39 submission-login: Debug: SSL: where=0x2002,
>     ret=-1: before SSL initialization
>     Dec 18 16:36:39 submission-login: Debug: SSL: where=0x2002,
>     ret=-1: before SSL initialization
>     Dec 18 16:36:39 submission-login: Debug: SSL: where=0x2001, ret=1:
>     before SSL initialization
>     Dec 18 16:36:39 submission-login: Debug: SSL: where=0x2001, ret=1:
>     SSLv3/TLS read client hello
>     Dec 18 16:36:39 submission-login: Debug: SSL: where=0x2001, ret=1:
>     SSLv3/TLS write server hello
>     Dec 18 16:36:39 submission-login: Debug: SSL: where=0x2001, ret=1:
>     SSLv3/TLS write certificate
>     Dec 18 16:36:39 submission-login: Debug: SSL: where=0x2001, ret=1:
>     SSLv3/TLS write key exchange
>     Dec 18 16:36:39 submission-login: Debug: SSL: where=0x2001, ret=1:
>     SSLv3/TLS write server done
>     Dec 18 16:36:39 submission-login: Debug: SSL: where=0x2002,
>     ret=-1: SSLv3/TLS write server done
>     Dec 18 16:36:39 submission-login: Debug: SSL: where=0x2002,
>     ret=-1: SSLv3/TLS write server done
>     Dec 18 16:36:39 submission-login: Debug: smtp-server: conn   [0]:
>     Sending replies
>     Dec 18 16:36:39 submission-login: Debug: SSL: where=0x2002,
>     ret=-1: SSLv3/TLS write server done
>     Dec 18 16:36:39 submission-login: Debug: smtp-server: conn   [0]:
>     No more commands pending
>     Dec 18 16:36:39 submission-login: Debug: SSL: where=0x2002,
>     ret=-1: SSLv3/TLS write server done
>     Dec 18 16:36:39 submission-login: Debug: SSL: where=0x2002,
>     ret=-1: SSLv3/TLS write server done
>     Dec 18 16:36:39 submission-login: Debug: SSL: where=0x2002,
>     ret=-1: SSLv3/TLS write server done
>     Dec 18 16:36:39 submission-login: Debug: SSL: where=0x2002,
>     ret=-1: SSLv3/TLS write server done
>     Dec 18 16:36:39 submission-login: Debug: SSL: where=0x2001, ret=1:
>     SSLv3/TLS write server done
>     Dec 18 16:36:39 submission-login: Debug: SSL: where=0x2002,
>     ret=-1: SSLv3/TLS read client key exchange
>     Dec 18 16:36:39 submission-login: Debug: SSL: where=0x2002,
>     ret=-1: SSLv3/TLS read client key exchange
>     Dec 18 16:36:39 submission-login: Debug: smtp-server: conn   [0]:
>     Sending replies
>     Dec 18 16:36:39 submission-login: Debug: SSL: where=0x2002,
>     ret=-1: SSLv3/TLS read client key exchange
>     Dec 18 16:36:39 submission-login: Debug: smtp-server: conn   [0]:
>     No more commands pending
>     Dec 18 16:36:39 submission-login: Debug: SSL: where=0x2002,
>     ret=-1: SSLv3/TLS read client key exchange
>     Dec 18 16:36:39 submission-login: Debug: SSL: where=0x2002,
>     ret=-1: SSLv3/TLS read client key exchange
>     Dec 18 16:36:39 submission-login: Debug: SSL: where=0x2002,
>     ret=-1: SSLv3/TLS read client key exchange
>     Dec 18 16:36:39 submission-login: Debug: SSL: where=0x2002,
>     ret=-1: SSLv3/TLS read client key exchange
>     Dec 18 16:36:39 submission-login: Debug: SSL: where=0x2001, ret=1:
>     SSLv3/TLS read client key exchange
>     Dec 18 16:36:39 submission-login: Debug: SSL: where=0x2001, ret=1:
>     SSLv3/TLS read change cipher spec
>     Dec 18 16:36:39 submission-login: Debug: SSL: where=0x2001, ret=1:
>     SSLv3/TLS read finished
>     Dec 18 16:36:39 submission-login: Debug: SSL: where=0x2001, ret=1:
>     SSLv3/TLS write change cipher spec
>     Dec 18 16:36:39 submission-login: Debug: SSL: where=0x2001, ret=1:
>     SSLv3/TLS write finished
>     Dec 18 16:36:39 submission-login: Debug: SSL: where=0x20, ret=1:
>     SSL negotiation finished successfully
>     Dec 18 16:36:39 submission-login: Debug: SSL: where=0x2002, ret=1:
>     SSL negotiation finished successfully
>     Dec 18 16:36:39 submission-login: Debug: smtp-server: conn   [0]:
>     Sending replies
>     Dec 18 16:36:39 submission-login: Debug: smtp-server: conn   [0]:
>     No more commands pending
>     Dec 18 16:36:39 submission-login: Debug: smtp-server: conn   [0]:
>     Received new command: EHLO [XX.XX.XX.XX]
>     Dec 18 16:36:39 submission-login: Debug: smtp-server: conn   [0]:
>     command EHLO; 250 reply: Submitted
>     Dec 18 16:36:39 submission-login: Debug: smtp-server: conn   [0]:
>     command EHLO: Ready to reply
>     Dec 18 16:36:39 submission-login: Debug: smtp-server: conn   [0]:
>     Trigger output
>     Dec 18 16:36:39 submission-login: Debug: smtp-server: conn   [0]:
>     Sending replies
>     Dec 18 16:36:39 submission-login: Debug: smtp-server: conn   [0]:
>     command EHLO: Completed
>     Dec 18 16:36:39 submission-login: Debug: smtp-server: conn   [0]:
>     Connection state reset
>     Dec 18 16:36:39 submission-login: Debug: smtp-server: conn   [0]:
>     command EHLO; 250 reply: Sent: 250-mail.example.org
>     <http://250-mail.example.org> 8BITMIME AUTH PLAIN LOGIN BURL imap
>     CHUNKING ENHANCEDSTATUSCODES SIZE PIPELINING
>     Dec 18 16:36:39 submission-login: Debug: smtp-server: conn   [0]:
>     command EHLO: Destroy
>     Dec 18 16:36:39 submission-login: Debug: smtp-server: conn   [0]:
>     command EHLO; 250 reply: Destroy
>     Dec 18 16:36:39 submission-login: Debug: smtp-server: conn   [0]:
>     Trigger output
>     Dec 18 16:36:39 submission-login: Debug: smtp-server: conn   [0]:
>     No more commands pending
>     Dec 18 16:36:39 submission-login: Debug: smtp-server: conn   [0]:
>     Sending replies
>     Dec 18 16:36:39 submission-login: Debug: smtp-server: conn   [0]:
>     No more commands pending
>     Dec 18 16:36:39 submission-login: Debug: smtp-server: conn   [0]:
>     Received new command: AUTH PLAIN
>     Dec 18 16:36:39 submission-login: Debug: smtp-server: conn   [0]:
>     command AUTH: Next to reply
>     Dec 18 16:36:39 auth: Debug: client in: AUTH    1    PLAIN 
>      service=submission      secured=tls  session=       
>     lip=XX.XX.XX.XX       rip=XX.XX.XX.XX   lport=587     
>      rport=49679     local_name=mail.example.org
>     <http://mail.example.org>  ssl_cipher=ECDHE-RSA-AES256-GCM-SHA384
>     ssl_cipher_bits=256     ssl_pfs= ssl_protocol=TLSv1.2 resp=
>     (previous base64 data may contain sensitive data)
>     Dec 18 16:36:39 auth: Debug: static(): lookup
>     Dec 18 16:36:39 auth: Debug: static(): Allowing any password
>     Dec 18 16:36:39 auth: Debug: client passdb out: OK   1     
>      user=    proxy   host=  XX.XX.XX.XX  pass=
>     Dec 18 16:36:39 submission-login: Debug: smtp-server: conn   [0]:
>     command AUTH; 235 reply: Submitted
>     Dec 18 16:36:39 submission-login: Debug: smtp-server: conn   [0]:
>     command AUTH: Ready to reply
>     Dec 18 16:36:39 submission-login: Debug: smtp-server: conn   [0]:
>     Trigger output
>     Dec 18 16:36:39 submission-login: Debug: smtp-server: conn   [0]:
>     Sending replies
>     Dec 18 16:36:39 submission-login: Debug: smtp-server: conn   [0]:
>     command AUTH: Completed
>     Dec 18 16:36:39 submission-login: Debug: smtp-server: conn   [0]:
>     command AUTH; 235 reply: Sent: 235 2.7.0 Authentication successful
>     Dec 18 16:36:39 submission-login: Debug: smtp-server: conn   [0]:
>     command AUTH: Destroy
>     Dec 18 16:36:39 submission-login: Info: proxy(  ): started
>     proxying to   XX.XX.XX.XX:587: user=<  >, method=PLAIN,
>     rip=XX.XX.XX.XX, lip=XX.XX.XX.XX, TLS, session=<>
>     Dec 18 16:36:39 submission-login: Debug: smtp-server: conn   [0]:
>     Disconnected: Connection closed
>     Dec 18 16:36:39 submission-login: Debug: smtp-server: conn   [0]:
>     command AUTH; 235 reply: Destroy
>     Dec 18 16:36:39 submission-login: Debug: smtp-server: conn   [0]:
>     Connection destroy
>     Dec 18 16:36:39 submission-login: Debug: smtp-server: conn   [0]:
>     Connection state reset
>     Dec 18 16:36:40 submission-login: Info: proxy(  ): disconnecting
>     XX.XX.XX.XX (Disconnected by server(0s idle, in=533, out=295)):
>     user=<  >, method=PLAIN, rip=XX.XX.XX.XX, lip=XX.XX.XX.XX, TLS,
>     session=<>
>     Dec 18 16:36:40 submission-login: Debug: SSL alert: close notify
>
>
>     Op di 18 dec. 2018 om 07:18 schreef Aki Tuomi
>     <aki.tuomi at open-xchange.com <mailto:aki.tuomi at open-xchange.com>>:
>
>
>>         On 18 December 2018 at 02:30 Adi Pircalabu via dovecot <
>>         dovecot at dovecot.org <mailto:dovecot at dovecot.org>> wrote:
>>
>>
>>         On 2018-12-18 07:33, Ruud Voorjans wrote:
>>>         Dear all,
>>>
>>>         I'm running dovecot # 2.3.2.1 - Pigeonhole version 0.5.2 ()
>>>         - OS:
>>>         Linux 4.18.0-12-generic x86_64 Ubuntu 18.10 with Submission.
>>>         It works great except with apple mail (Iphone).
>>>
>>>         I get an error with the MTA (postfix):
>>>         ""postfix/submission/smtpd[32552]: warning: non-SMTP command
>>>         from
>>>         mail.example.org <http://mail.example.org> [1][xx.xx.xx.xx]:
>>>         Content-Transfer-Encoding: 7bit""
>>>
>>>         with other mail-client(s) (Outlook (Desktop and Iphone app))
>>>         i have no
>>>         problem and it proxy-sends the e-mail beautiful out to the
>>>         recipient.
>>         Hardly anything to do with Dovecot. When it comes to email
>>         clients Apple
>>         Mail has been and is still one of the worst flops (no offence
>>         intended,
>>         just my opinion based on personal experience). If you can
>>         reliably
>>         reproduce it, try and log the raw SMTP conversation between
>>         Postfix and
>>         the client by enabling per IP debugging in Postfix:
>>         postconf -e "debug_peer_level = 20"
>>         postconf -e "debug_peer_list = xx.xx.xx.xx"
>>         postfix reload
>>         where xx.xx.xx.xx is the unlucky client IP address.
>>
>>         Possibly some crappy SMTP PIPELINING implementation at the
>>         Apple end,
>>         who knows.
>>
>>         -- 
>>         Adi Pircalabu
>
>         It's not unconceivable that there are bugs in submission
>         either. Can you provide doveconf -n and submission rawlogs?
>         See https://wiki.dovecot.org/Submission for settings.
>
>         ---
>         Aki Tuomi
>


More information about the dovecot mailing list