On 27/07/2019 23:13, Stephan Bosch via dovecot wrote:
On 23/07/2019 17:13, Jean-Daniel Dupas via dovecot wrote:
Hello,
I'm having trouble configuring the submission proxy.
I have configured the submission service as follow:
submission_host = smtp.example.com
submission_relay_host = localhost
submission_relay_port = 8587
submission_relay_rawlog_dir = /var/log/dovecot/
submission_relay_trusted = yes
My main issue is that until I login, dovecot-submission won't connect
to the backend and query the capabilities and so won't report the
right capabilities.
That is true and expected. No connection to the relay server is made
until the user is logged in.
That mean that the first EHLO message don't get the right
capabilities list.
"
EHLO example.com
250-smtp.example.com
250-8BITMIME
250-AUTH PLAIN LOGIN
250-BURL imap
250-CHUNKING
250-ENHANCEDSTATUSCODES
250-SIZE
250 PIPELINING
"
This list don't contains VRFY, DNS, and SIZE is not specified (all of
these is present in backend EHLO response).
After login, if I send an new EHLO command, everything is properly
reported. The raw log shows that unlike what the documentation says,
dovecot don't try to connect to the backend until the user is
properly logged.
Oh, then we need to adjust the documentation. This is normal behavior.
In my raw log I show that after I logged in dovecot-submission, the
later open a connection to the backend and send a X-CLIENT command.
Now, if I try to force the capabilities by using:
submission_backend_capabilities = VRFY 8BITMIME DSN
dovecot properly reports all SMTP capabilities in the first EHLO
response, but it completely stops emitting X-CLIENT command to the
backend
and try to simply forward the command without authentication, which
result in postfix rejecting the command with an unauthorized user error.
Yes, that is a bug. I have reproduced it here. We will look into it.
Tracking this bug as DOP-1323.
Regards,
Stephan.
