On 09/20/2018 10:24 PM, Stephan Bosch wrote:
Op 20/09/2018 om 13:39 schreef Michael Goth:
On 09/20/2018 12:56 PM, Robert Schetterer wrote:
Am 20.09.2018 um 11:04 schrieb Michael Goth:
Hello,
I'm setting up Dovecot 2.3.2.1 as a submission proxy to a Postfix
backend server. Dovecot announces CHUNKING, but the Postfix backend
does not support (or announce) it.
HELO from Postfix:
220 backend.mydomain.com ESMTP Postfix (Ubuntu)
ehlo test
250-backend.mydomain.com
250-PIPELINING
250-SIZE 104857600
250-VRFY
250-ETRN
250-STARTTLS
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
HELO from Dovecot proxy:
220 proxy.mydomain.com Dovecot ready.
ehlo test
250-proxy.mydomain.com
250-8BITMIME
250-AUTH PLAIN LOGIN
250-BURL imap
250-CHUNKING
250-ENHANCEDSTATUSCODES
250-SIZE
250-STARTTLS
250 PIPELINING
When a client sends BDAT, Postfix closes the connection. Here's a
log snippet from Postfix:
< MAIL FROM:<u...@mydomain.com>
> 250 2.1.0 Ok
< RCPT TO:<s...@recipient.com>
> 250 2.1.5 Ok
< BDAT 114098 LAST
> 502 5.5.2 Error: command not recognized
< Content-Type: multipart/alternative;
boundary=Apple-Mail-55D35F74-2EB7-4B3B-A607-E421DD71C07A
> 221 2.7.0 Error: I can break rules, too. Goodbye.
Apple Mail seems to ignore the fact that Postfix does not understand
BDAT and Postfix does not like that :-)
From a quick glance at the code it seems CHUNKING is always added
to the capabilities and that's not configurable. Is this a bug or am
I doing something wrong?
Thanks,
Michael
that "may" version depend
http://www.postfix.org/features.html
...
Postfix 3.4 SMTP server support for RFC 3030 CHUNKING (without
BINARYMIME).
...
As far as I understand, Dovecot always adds certain capabilities. This
is the responsible code (I think):
https://github.com/dovecot/core/blob/c8d03c3cab68328947a5afb47f48aef5b5a1e4ab/src/submission/submission-client.c#L95
Dovecot adds the capability to the server side (facing the client), but
not on the proxy client side (facing Postfix). If Postfix doesn't
support CHUNKING, Dovecot will translate between BDAT from client and
DATA towards Postfix. That's the way it is supposed to work anyway. I
cannot reproduce your problem here with a quick test.
I just did a test with telnet and got the same results as before:
mg@mymachine:~$ telnet proxy.mydomain.com 25
Trying 195.201.36.46...
Connected to proxy.mydomain.com.
Escape character is '^]'.
220 proxy.mydomain.com Dovecot ready.
EHLO test
250-mail2.mydomain.com
250-8BITMIME
250-AUTH PLAIN LOGIN
250-BURL imap
250-CHUNKING
250-ENHANCEDSTATUSCODES
250-SIZE
250-STARTTLS
250 PIPELINING
AUTH PLAIN AHRlc3RAbXlkb21haW4uY29tAHBhc3N3b3Jk
235 2.7.0 Authentication successful
MAIL FROM:<t...@mydomain.com>
250 2.1.0 Ok
RCPT TO:<m...@webflow.de>
250 2.1.5 Ok
BDAT 114098 LAST
502 5.5.2 Error: command not recognized
Content-Type: multipart/alternative;
boundary=Apple-Mail-55D35F74-2EB7-4B3B-A607-E421DD71C07A
221 2.7.0 Error: I can break rules, too. Goodbye.
Connection closed by foreign host.
Can you enable mail_debug=yes (e.g. for that particular user) and show
me the debug log of the proxy activity?
I did enable mail_debug=yes and restarted Dovecot, but I don't see any
debug messages in /var/log/mail.log ?
'doveadm log find' tells me debug logging goes to /var/log/mail.log
The output from `dovecot -n` would also be helpful.
Please see the attached dovecot.conf, I'm running 2.3.2.1 installed from
repo.dovecot.org
Regards,
Michael
# 2.3.2.1 (0719df592): /etc/dovecot/dovecot.conf
# Pigeonhole version 0.5.2 (5d6d7c92)
# OS: Linux 4.15.0-33-generic x86_64 Ubuntu 18.04.1 LTS
# Hostname: proxy.mydomain.com
auth_mechanisms = plain login
auth_verbose = yes
disable_plaintext_auth = no
listen = *
mail_debug = yes
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope encoded-character
vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy
include variables body enotify environment mailbox date index ihave duplicate
mime foreverypart extracttext
passdb {
args = /dev/null
driver = passwd-file
}
protocols = imap pop3 submission sieve
service imap-login {
inet_listener imap_10143 {
address = *
port = 10143
ssl = yes
}
}
service pop3-login {
inet_listener imap_10110 {
address = *
port = 10110
ssl = yes
}
}
service submission-login {
inet_listener smtp {
address = *
port = 25
}
inet_listener smtp_10025 {
address = *
port = 10025
ssl = yes
}
inet_listener smtps {
address = *
port = 465
ssl = yes
}
inet_listener submission {
address = *
port = 587
}
}
ssl_ca = </etc/ssl/certs/ca-certificates.crt
ssl_cert = </etc/dovecot/private/wildcard.mydomain.com.pem
ssl_dh = # hidden, use -P to show it
ssl_key = # hidden, use -P to show it
ssl_require_crl = no
userdb {
args = static uid=65534 gid=65534 home=/dev/null
driver = static
}
protocol imap {
passdb {
args = /etc/dovecot/dovecot-sql.conf
driver = sql
name =
}
passdb {
args = proxy=y nopassword=y host=legacy-proxy.mydomain.com port=993 ssl=y
driver = static
name =
}
}
protocol pop3 {
passdb {
args = /etc/dovecot/dovecot-sql.conf
driver = sql
name =
}
passdb {
args = proxy=y nopassword=y host=legacy-proxy.mydomain.com port=995 ssl=y
driver = static
name =
}
}
protocol submission {
passdb {
args = /etc/dovecot/dovecot-sql.conf
driver = sql
name =
}
passdb {
args = proxy=y nopassword=y host=legacy-proxy.mydomain.com port=465 ssl=y
driver = static
name =
}
}
protocol sieve {
passdb {
args = /etc/dovecot/dovecot-sql.conf
driver = sql
name =
}
}
