submission configuration issues
Bob Gustafson
bobgus at rcn.com
Sat Jul 27 23:39:39 EEST 2019
service submission-login {
inet_listener submissions {
haproxy = no
port = 465
reuse_port = no
ssl = yes
}
}
Shouldn't the port be 587 here?
My config file looks like:
service submission-login {
inet_listener submission {
#port = 587
}
}
The # comment must also mean something..
On 7/27/19 3:21 PM, Jean-Daniel via dovecot wrote:
>
>
>> Le 27 juil. 2019 à 14:30, Stephan Bosch <stephan at rename-it.nl
>> <mailto:stephan at rename-it.nl>> a écrit :
>>
>> On 23/07/2019 17:13, Jean-Daniel Dupas via dovecot wrote:
>>> Hello,
>>>
>>> I'm having trouble configuring the submission proxy.
>>>
>>> I have configured the submission service as follow:
>>>
>>> submission_host = smtp.example.com <http://smtp.example.com>
>>> submission_relay_host = localhost
>>> submission_relay_port = 8587
>
>
>> Le 27 juil. 2019 à 14:30, Stephan Bosch <stephan at rename-it.nl
>> <mailto:stephan at rename-it.nl>> a écrit :
>>
>> On 23/07/2019 17:13, Jean-Daniel Dupas via dovecot wrote:
>>> Hello,
>>>
>>> I'm having trouble configuring the submission proxy.
>>>
>>> I have configured the submission service as follow:
>>>
>>> submission_host = smtp.example.com <http://smtp.example.com>
>>> submission_relay_host = localhost
>>> submission_relay_port = 8587
>>> submission_relay_rawlog_dir = /var/log/dovecot/
>>> submission_relay_trusted = yes
>>>
>>> My main issue is that until I login, dovecot-submission won't
>>> connect to the backend and query the capabilities and so won't
>>> report the right capabilities.
>>>
>>> That mean that the first EHLO message don't get the right
>>> capabilities list.
>>>
>>> "
>>> EHLO example.com <http://example.com>
>>>
>>> 250-smtp.example.com <http://250-smtp.example.com>
>>> 250-8BITMIME
>>> 250-AUTH PLAIN LOGIN
>>> 250-BURL imap
>>> 250-CHUNKING
>>> 250-ENHANCEDSTATUSCODES
>>> 250-SIZE
>>> 250 PIPELINING
>>> "
>>>
>>> This list don't contains VRFY, DNS, and SIZE is not specified (all
>>> of these is present in backend EHLO response).
>>> After login, if I send an new EHLO command, everything is properly
>>> reported. The raw log shows that unlike what the documentation says,
>>> dovecot don't try to connect to the backend until the user is
>>> properly logged.
>>>
>>> In my raw log I show that after I logged in dovecot-submission, the
>>> later open a connection to the backend and send a X-CLIENT command.
>>>
>>>
>>> Now, if I try to force the capabilities by using:
>>>
>>> submission_backend_capabilities = VRFY 8BITMIME DSN
>>>
>>> dovecot properly reports all SMTP capabilities in the first EHLO
>>> response, but it completely stops emitting X-CLIENT command to the
>>> backend
>>> and try to simply forward the command without authentication, which
>>> result in postfix rejecting the command with an unauthorized user error.
>>>
>>> What is wrong with my configuration ?
>>> Thanks.
>>
>> Can you send us your complete configuration (output from `dovecot -n`)?
>
> Yes (see below).
>
> Some additional information:
>
> ===============
>
> When I connect directly to dovecot-submission using nc and send an
> EHLO command, I got the following result (the SIZE is configured in
> dovecot config, that’s why it is properly announced), but no raw_log
> are generated at all.
>
> $ nc smtp.example.com <http://smtp.example.com> 587
>
> 220 smtp.example.com <http://smtp.example.com> Dovecot ready.
> EHLO mydomain.com <http://mydomain.com>
> 250-smtp.example.com <http://250-smtp.example.com>
> 250-8BITMIME
> 250-AUTH
> 250-BURL imap
> 250-CHUNKING
> 250-ENHANCEDSTATUSCODES
> 250-SIZE 41943040
> 250-STARTTLS
> 250 PIPELINING
> QUIT
> 221 2.0.0 Bye
>
> ===============
>
> Ditto if I use openssl s_client -starttls smtp -crlf -connect
> smtp.example.com:587 <http://smtp.example.com:587> and send the EHLO
> after STARTTLS.
>
> ===============
>
> For the record, here is the result of a direct connect to postfix:
>
> $ nc 127.0.0.1 8587
> 220 smtp.example.com <http://smtp.example.com> ESMTP Postfix
> EHLO example.com <http://example.com>
> 250-smtp.example.com <http://250-smtp.example.com>
> 250-PIPELINING
> 250-SIZE 41943040
> 250-VRFY
> 250-ETRN
> 250-STARTTLS
> 250-AUTH PLAIN LOGIN
> 250-XCLIENT NAME ADDR PROTO HELO REVERSE_NAME PORT LOGIN DESTADDR DESTPORT
> 250-ENHANCEDSTATUSCODES
> 250-8BITMIME
> 250-DSN
> 250 SMTPUTF8
>
> ===============
>
> And here is the content of the row logs when a mail is sent.
>
> ======== rawlog.in <http://rawlog.in>
>
> 1564258521.813430 220 smtp.example.com <http://smtp.example.com> ESMTP
> Postfix
> 1564258521.814206 250-smtp.example.com <http://250-smtp.example.com>
> 1564258521.814206 250-PIPELINING
> 1564258521.814206 250-SIZE 41943040
> 1564258521.814206 250-VRFY
> 1564258521.814206 250-ETRN
> 1564258521.814206 250-STARTTLS
> 1564258521.814206 250-AUTH PLAIN LOGIN
> 1564258521.814206 250-XCLIENT NAME ADDR PROTO HELO REVERSE_NAME PORT
> LOGIN DESTADDR DESTPORT
> 1564258521.814206 250-ENHANCEDSTATUSCODES
> 1564258521.814206 250-8BITMIME
> 1564258521.814206 250-DSN
> 1564258521.814206 250 SMTPUTF8
> 1564258521.848159 220 smtp.example.com <http://smtp.example.com> ESMTP
> Postfix
> 1564258521.849506 250-smtp.example.com <http://250-smtp.example.com>
> 1564258521.849506 250-PIPELINING
> 1564258521.849506 250-SIZE 41943040
> 1564258521.849506 250-VRFY
> 1564258521.849506 250-ETRN
> 1564258521.849506 250-STARTTLS
> 1564258521.849506 250-AUTH PLAIN LOGIN
> 1564258521.849506 250-XCLIENT NAME ADDR PROTO HELO REVERSE_NAME PORT
> LOGIN DESTADDR DESTPORT
> 1564258521.849506 250-ENHANCEDSTATUSCODES
> 1564258521.849506 250-8BITMIME
> 1564258521.849506 250-DSN
> 1564258521.849506 250 SMTPUTF8
> 1564258521.854093 250 2.1.0 Ok
> 1564258521.909487 250 2.1.5 Ok
> 1564258521.983093 354 End data with <CR><LF>.<CR><LF>
> 1564258522.115312 250 2.0.0 Ok: queued as DDBCCD53B
>
> ======== rawlog.out
>
> 1564258521.813739 EHLO smtp.example.com <http://smtp.example.com>
> 1564258521.846054 XCLIENT HELO=[10.188.153.106] PROTO=ESMTP LOGIN=info
> PORT=47564 ADDR=46.193.33.66
> 1564258521.848701 EHLO smtp.example.com <http://smtp.example.com>
> 1564258521.850122 MAIL FROM:<service at example.com
> <mailto:service at example.com>> AUTH=info
> 1564258521.889896 RCPT TO:<jddupas at xooloo.com <mailto:jddupas at xooloo.com>>
> 1564258521.981094 DATA
> 1564258521.983757 Received: from [10.188.153.106] ([46.193.33.66])
> 1564258521.983757 by smtp.example.com <http://smtp.example.com> with
> ESMTPSA
> 1564258521.983757 id cSDvMtmwPF14TAAABU9jsA
> 1564258521.983757 (envelope-from <service at example.com
> <mailto:service at example.com>>)
> 1564258521.983757 for <jddupas at xooloo.com
> <mailto:jddupas at xooloo.com>>; Sat, 27 Jul 2019 22:15:21 +0200
> 1564258521.984065 From: Jean-Daniel Dupas <service at example.com
> <mailto:service at example.com>>
> 1564258521.984065 Content-Type: text/plain
> 1564258521.984065 Content-Transfer-Encoding: 7bit
> 1564258521.984065 Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.11\))
> 1564258521.984065 Subject: Send test
> 1564258521.984065 Message-Id:
> <827EAD17-6C27-4BDF-AD94-F106E37745C1 at example.com
> <mailto:827EAD17-6C27-4BDF-AD94-F106E37745C1 at example.com>>
> 1564258521.984065 Date: Sat, 27 Jul 2019 22:15:19 +0200
> 1564258521.984065 To: Jean-Daniel Dupas <jddupas at xooloo.com
> <mailto:jddupas at xooloo.com>>
> 1564258521.984065 X-Mailer: Apple Mail (2.3445.104.11)
> 1564258521.984065
> 1564258521.984280 .
> 1564258543.105429 QUIT
>
>
> ================== doveconf -n
>
> # 2.3.7.1 (0152c8b10): /etc/dovecot/dovecot.conf
> # Pigeonhole version 0.5.7.1 (db5c74be)
> # OS: Linux 4.15.0-55-generic x86_64 Ubuntu 18.04.2 LTS
> # Hostname: example.com <http://example.com>
> auth_mechanisms = plain login
> auth_verbose = yes
> hostname = smtp.example.com <http://smtp.example.com>
> imap_hibernate_timeout = 1 mins
> mail_attribute_dict = file:%h/metadata
> mail_gid = vmail
> mail_location = mdbox:~/mail
> mail_plugins = fts fts_xapian
> mail_server_admin = mailto:sysadmin at example.com
> mail_uid = vmail
> managesieve_notify_capability = mailto
> managesieve_sieve_capability = fileinto reject envelope
> encoded-character vacation subaddress comparator-i;ascii-numeric
> relational regex imap4flags copy include variables body enotify
> environment mailbox date index ihave duplicate mime foreverypart
> extracttext imapsieve vnd.dovecot.imapsieve
> namespace inbox {
> inbox = yes
> location =
> mailbox Archive {
> auto = subscribe
> special_use = \Archive
> }
> mailbox Drafts {
> auto = subscribe
> special_use = \Drafts
> }
> mailbox Junk {
> auto = subscribe
> special_use = \Junk
> }
> mailbox Sent {
> auto = subscribe
> special_use = \Sent
> }
> mailbox Trash {
> auto = subscribe
> special_use = \Trash
> }
> prefix =
> separator = /
> }
> passdb {
> args = /etc/dovecot/dovecot-ldap.conf.ext
> driver = ldap
> }
> plugin {
> fts = xapian
> fts_autoindex = yes
> fts_autoindex_exclude = \Junk
> fts_autoindex_exclude2 = \Trash
> fts_enforced = yes
> fts_languages = fr en
> fts_xapian = partial=2 full=20
> imapsieve_mailbox1_before =
> file:/var/lib/vmail/imapsieve/learn-spam.sieve
> imapsieve_mailbox1_causes = COPY
> imapsieve_mailbox1_name = Junk
> imapsieve_mailbox2_before =
> file:/var/lib/vmail/imapsieve/learn-ham.sieve
> imapsieve_mailbox2_causes = COPY
> imapsieve_mailbox2_from = Junk
> imapsieve_mailbox2_name = *
> imapsieve_mailbox3_before = file:/var/lib/vmail/imapsieve/unflag.sieve
> imapsieve_mailbox3_causes = COPY
> imapsieve_mailbox3_name = Trash
> plugin = fts fts_xapian
> sieve = file:~/sieve;active=~/.dovecot.sieve
> sieve_after = /var/lib/vmail/sieve-after
> sieve_global_extensions = +vnd.dovecot.pipe +vnd.dovecot.environment
> sieve_pipe_bin_dir = /var/lib/vmail/sieve-pipe
> sieve_plugins = sieve_imapsieve sieve_extprograms
> }
> postmaster_address =
> protocols = " imap lmtp sieve submission"
> recipient_delimiter = -
> service auth-worker {
> user = $default_internal_user
> }
> service auth {
> unix_listener /var/spool/postfix/private/auth {
> group = postfix
> mode = 0600
> user = postfix
> }
> }
> service doveadm {
> vsz_limit = 1 G
> }
> service imap-hibernate {
> unix_listener imap-hibernate {
> group = vmail
> mode = 0660
> }
> user = vmail
> }
> service imap-login {
> inet_listener imap {
> port = 0
> }
> inet_listener imaps {
> port = 993
> }
> process_min_avail = 2
> }
> service imap {
> unix_listener imap-master {
> user = vmail
> }
> }
> service indexer-worker {
> vsz_limit = 1 G
> }
> service lmtp {
> unix_listener /var/spool/postfix/private/dovecot-lmtp {
> group = postfix
> mode = 0600
> user = postfix
> }
> }
> service managesieve-login {
> inet_listener sieve {
> address = localhost
> }
> }
> service submission-login {
> inet_listener submissions {
> haproxy = no
> port = 465
> reuse_port = no
> ssl = yes
> }
> }
> ssl_alt_cert = </var/lib/acme/imap.example.com/rsa/cert.pem
> <http://imap.example.com/rsa/cert.pem>
> ssl_alt_key = # hidden, use -P to show it
> ssl_cert = </var/lib/acme/imap.example.com/ecdsa/cert.pem
> <http://imap.example.com/ecdsa/cert.pem>
> ssl_cipher_list =
> TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384:TLS_AES_128_GCM_SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS
> ssl_dh = # hidden, use -P to show it
> ssl_key = # hidden, use -P to show it
> ssl_min_protocol = TLSv1.1
> ssl_prefer_server_ciphers = yes
> submission_host = smtp.example.com <http://smtp.example.com>
> submission_max_mail_size = 40 M
> submission_relay_host = localhost
> submission_relay_port = 8587
> submission_relay_trusted = yes
> userdb {
> driver = prefetch
> }
> userdb {
> args = /etc/dovecot/dovecot-ldap.conf.ext
> driver = ldap
> }
> protocol lmtp {
> mail_plugins = fts fts_xapian sieve
> }
> protocol imap {
> imap_metadata = yes
> mail_max_userip_connections = 25
> mail_plugins = fts fts_xapian imap_zlib imap_sieve
> namespace inbox {
> location =
> mailbox Junk {
> autoexpunge = 30 days
> }
> mailbox Trash {
> autoexpunge = 30 days
> }
> prefix =
> }
> }
>>> submission_relay_rawlog_dir = /var/log/dovecot/
>>> submission_relay_trusted = yes
>>>
>>> My main issue is that until I login, dovecot-submission won't
>>> connect to the backend and query the capabilities and so won't
>>> report the right capabilities.
>>>
>>> That mean that the first EHLO message don't get the right
>>> capabilities list.
>>>
>>> "
>>> EHLO example.com <http://example.com>
>>>
>>> 250-smtp.example.com <http://250-smtp.example.com>
>>> 250-8BITMIME
>>> 250-AUTH PLAIN LOGIN
>>> 250-BURL imap
>>> 250-CHUNKING
>>> 250-ENHANCEDSTATUSCODES
>>> 250-SIZE
>>> 250 PIPELINING
>>> "
>>>
>>> This list don't contains VRFY, DNS, and SIZE is not specified (all
>>> of these is present in backend EHLO response).
>>> After login, if I send an new EHLO command, everything is properly
>>> reported. The raw log shows that unlike what the documentation says,
>>> dovecot don't try to connect to the backend until the user is
>>> properly logged.
>>>
>>> In my raw log I show that after I logged in dovecot-submission, the
>>> later open a connection to the backend and send a X-CLIENT command.
>>>
>>>
>>> Now, if I try to force the capabilities by using:
>>>
>>> submission_backend_capabilities = VRFY 8BITMIME DSN
>>>
>>> dovecot properly reports all SMTP capabilities in the first EHLO
>>> response, but it completely stops emitting X-CLIENT command to the
>>> backend
>>> and try to simply forward the command without authentication, which
>>> result in postfix rejecting the command with an unauthorized user error.
>>>
>>> What is wrong with my configuration ?
>>> Thanks.
>>
>> Can you send us your complete configuration (output from `dovecot -n`)?
>>
>> Regards,
>>
>> Stephan.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://dovecot.org/pipermail/dovecot/attachments/20190727/918441ec/attachment-0001.html>
More information about the dovecot
mailing list