Dovecot submission announces CHUNKING but backend Postfix does not support it

Michael Goth mg at webflow.de
Fri Sep 21 11:39:18 EEST 2018


On 09/20/2018 10:24 PM, Stephan Bosch wrote:
> Op 20/09/2018 om 13:39 schreef Michael Goth:
>> On 09/20/2018 12:56 PM, Robert Schetterer wrote:
>>> Am 20.09.2018 um 11:04 schrieb Michael Goth:
>>>> Hello,
>>>>
>>>> I'm setting up Dovecot 2.3.2.1 as a submission proxy to a Postfix 
>>>> backend server. Dovecot announces CHUNKING, but the Postfix backend 
>>>> does not support (or announce) it.
>>>>
>>>> HELO from Postfix:
>>>>
>>>>    220 backend.mydomain.com ESMTP Postfix (Ubuntu)
>>>>    ehlo test
>>>>    250-backend.mydomain.com
>>>>    250-PIPELINING
>>>>    250-SIZE 104857600
>>>>    250-VRFY
>>>>    250-ETRN
>>>>    250-STARTTLS
>>>>    250-ENHANCEDSTATUSCODES
>>>>    250-8BITMIME
>>>>    250 DSN
>>>>
>>>>
>>>> HELO from Dovecot proxy:
>>>>
>>>>    220 proxy.mydomain.com Dovecot ready.
>>>>    ehlo test
>>>>    250-proxy.mydomain.com
>>>>    250-8BITMIME
>>>>    250-AUTH PLAIN LOGIN
>>>>    250-BURL imap
>>>>    250-CHUNKING
>>>>    250-ENHANCEDSTATUSCODES
>>>>    250-SIZE
>>>>    250-STARTTLS
>>>>    250 PIPELINING
>>>>
>>>>
>>>> When a client sends BDAT, Postfix closes the connection. Here's a 
>>>> log snippet from Postfix:
>>>>
>>>>    < MAIL FROM:<user at mydomain.com>
>>>>    > 250 2.1.0 Ok
>>>>    < RCPT TO:<some at recipient.com>
>>>>    > 250 2.1.5 Ok
>>>>    < BDAT 114098 LAST
>>>>    > 502 5.5.2 Error: command not recognized
>>>>    < Content-Type: multipart/alternative; 
>>>> boundary=Apple-Mail-55D35F74-2EB7-4B3B-A607-E421DD71C07A
>>>>    > 221 2.7.0 Error: I can break rules, too. Goodbye.
>>>>
>>>>
>>>> Apple Mail seems to ignore the fact that Postfix does not understand 
>>>> BDAT and Postfix does not like that :-)
>>>>
>>>>
>>>>  From a quick glance at the code it seems CHUNKING is always added 
>>>> to the capabilities and that's not configurable. Is this a bug or am 
>>>> I doing something wrong?
>>>>
>>>>
>>>> Thanks,
>>>>
>>>>   Michael
>>>
>>> that "may" version depend
>>>
>>> http://www.postfix.org/features.html
>>> ...
>>> Postfix 3.4     SMTP server support for RFC 3030 CHUNKING (without 
>>> BINARYMIME).
>>> ...
>>>
>>
>> As far as I understand, Dovecot always adds certain capabilities. This 
>> is the responsible code (I think):
>>
>> https://github.com/dovecot/core/blob/c8d03c3cab68328947a5afb47f48aef5b5a1e4ab/src/submission/submission-client.c#L95 
>>
> 
> Dovecot adds the capability to the server side (facing the client), but 
> not on the proxy client side (facing Postfix). If Postfix doesn't 
> support CHUNKING, Dovecot will translate between BDAT from client and 
> DATA towards Postfix. That's the way it is supposed to work anyway. I 
> cannot reproduce your problem here with a quick test.

I just did a test with telnet and got the same results as before:

mg at mymachine:~$ telnet proxy.mydomain.com 25
Trying 195.201.36.46...
Connected to proxy.mydomain.com.
Escape character is '^]'.
220 proxy.mydomain.com Dovecot ready.
EHLO test
250-mail2.mydomain.com
250-8BITMIME
250-AUTH PLAIN LOGIN
250-BURL imap
250-CHUNKING
250-ENHANCEDSTATUSCODES
250-SIZE
250-STARTTLS
250 PIPELINING
AUTH PLAIN AHRlc3RAbXlkb21haW4uY29tAHBhc3N3b3Jk
235 2.7.0 Authentication successful
MAIL FROM:<test at mydomain.com>
250 2.1.0 Ok
RCPT TO:<mg at webflow.de>
250 2.1.5 Ok
BDAT 114098 LAST
502 5.5.2 Error: command not recognized
Content-Type: multipart/alternative; 
boundary=Apple-Mail-55D35F74-2EB7-4B3B-A607-E421DD71C07A
221 2.7.0 Error: I can break rules, too. Goodbye.
Connection closed by foreign host.


> Can you enable mail_debug=yes (e.g. for that particular user) and show 
> me the debug log of the proxy activity?

I did enable mail_debug=yes and restarted Dovecot, but I don't see any 
debug messages in /var/log/mail.log ?

'doveadm log find' tells me debug logging goes to /var/log/mail.log

> The output from `dovecot -n` would also be helpful.

Please see the attached dovecot.conf, I'm running 2.3.2.1 installed from 
repo.dovecot.org


Regards,
   Michael

-------------- next part --------------
# 2.3.2.1 (0719df592): /etc/dovecot/dovecot.conf
# Pigeonhole version 0.5.2 (5d6d7c92)
# OS: Linux 4.15.0-33-generic x86_64 Ubuntu 18.04.1 LTS
# Hostname: proxy.mydomain.com
auth_mechanisms = plain login
auth_verbose = yes
disable_plaintext_auth = no
listen = *
mail_debug = yes
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date index ihave duplicate mime foreverypart extracttext
passdb {
  args = /dev/null
  driver = passwd-file
}
protocols = imap pop3 submission sieve
service imap-login {
  inet_listener imap_10143 {
    address = *
    port = 10143
    ssl = yes
  }
}
service pop3-login {
  inet_listener imap_10110 {
    address = *
    port = 10110
    ssl = yes
  }
}
service submission-login {
  inet_listener smtp {
    address = *
    port = 25
  }
  inet_listener smtp_10025 {
    address = *
    port = 10025
    ssl = yes
  }
  inet_listener smtps {
    address = *
    port = 465
    ssl = yes
  }
  inet_listener submission {
    address = *
    port = 587
  }
}
ssl_ca = </etc/ssl/certs/ca-certificates.crt
ssl_cert = </etc/dovecot/private/wildcard.mydomain.com.pem
ssl_dh =  # hidden, use -P to show it
ssl_key =  # hidden, use -P to show it
ssl_require_crl = no
userdb {
  args = static uid=65534 gid=65534 home=/dev/null
  driver = static
}
protocol imap {
  passdb {
    args = /etc/dovecot/dovecot-sql.conf
    driver = sql
    name =
  }
  passdb {
    args = proxy=y nopassword=y host=legacy-proxy.mydomain.com port=993 ssl=y
    driver = static
    name =
  }
}
protocol pop3 {
  passdb {
    args = /etc/dovecot/dovecot-sql.conf
    driver = sql
    name =
  }
  passdb {
    args = proxy=y nopassword=y host=legacy-proxy.mydomain.com port=995 ssl=y
    driver = static
    name =
  }
}
protocol submission {
  passdb {
    args = /etc/dovecot/dovecot-sql.conf
    driver = sql
    name =
  }
  passdb {
    args = proxy=y nopassword=y host=legacy-proxy.mydomain.com port=465 ssl=y
    driver = static
    name =
  }
}
protocol sieve {
  passdb {
    args = /etc/dovecot/dovecot-sql.conf
    driver = sql
    name =
  }
}


More information about the dovecot mailing list