Re: [Dovecot] Dovecot proxy to Microsoft Exchange 2013
Hello Timo, I tried to compile this patch again on version 2.2.5 and I got the same error: /imap-proxy.c: In function âproxy_write_loginâ:// //imap-proxy.c:95: error: âstruct clientâ has no member named âpre_proxy_authâ// //imap-proxy.c: In function âimap_proxy_parse_lineâ:// //imap-proxy.c:216: error: âstruct clientâ has no member named âproxy_bannerâ// //imap-proxy.c:287: error: âstruct clientâ has no member named âpost_proxy_authâ/ Thanks, Ricardo Machini Em 25/06/2013 01:23, Ricardo Machini Barbosa escreveu: Timo, thanks for your help. But I can't compile with this patch: /imap-proxy.c: In function âproxy_write_loginâ:// //imap-proxy.c:95: error: âstruct clientâ has no member named âpre_proxy_authâ// //imap-proxy.c: In function âimap_proxy_parse_lineâ:// //imap-proxy.c:217: error: âstruct clientâ has no member named âproxy_bannerâ// //imap-proxy.c:288: error: âstruct clientâ has no member named âpost_proxy_authâ/ Em 24/06/2013 19:22, Timo Sirainen escreveu: On Mon, 2013-06-24 at 23:40 +0300, Timo Sirainen wrote: Looks like Exchange 2013 IMAP has broken command pipelining :( See if it gets fixed byhttp://hg.dovecot.org/dovecot-2.2/rev/6e8bbc150fa9 and the attached patch on top of that? If it works, I'll commit that patch too. Attached another patch that doesn't crash on successful logins :)
Re: [Dovecot] Dovecot proxy to Microsoft Exchange 2013
I'm wondering if this could have anything to do with how Exchange 2013 broke recipient verification? Discussed recently on the postfix list: http://postfix.1071664.n5.nabble.com/Semi-OT-Exchange-2013-SMTP-Callout-td58922.html In that thread there is this link to a Technet discussion: http://social.technet.microsoft.com/Forums/en-US/exchangesvrdeploy/thread/91c26fd2-aa0c-4006-9326-ece609bf4f67/ On 2013-06-25 6:52 AM, Timo Sirainen wrote: On 25.6.2013, at 13.36, Jerry wrote: On Mon, 24 Jun 2013 23:40:57 +0300 Timo Sirainen articulated: Looks like Exchange 2013 IMAP has broken command pipelining :( See if it gets fixed by http://hg.dovecot.org/dovecot-2.2/rev/6e8bbc150fa9 and the attached patch on top of that? If it works, I'll commit that patch too. Timo, I have not really been following this thread very closely, so I am not quite sure what the problem is exactly. I have a friend who has a friend who has input on Microsoft Exchange development. If you could supply me, perhaps off list if you desire, specifics of exactly what you believe Microsoft Exchange 2013 is doing incorrectly, I could forward this information on. You would need to be quite specific though. Generalizations would not be of any use. Looking at the first mail in this thread, it looks like when Dovecot sends within one TCP packet: C CAPABILITY L LOGIN "u...@domain.com.br" "123456" Exchange replies only to the CAPABILITY command with: * CAPABILITY IMAP4 IMAP4rev1 AUTH=PLAIN STARTTLS UIDPLUS CHILDREN IDLE NAMESPACE LITERAL+ C OK CAPABILITY completed. Then the session gets stuck, because Dovecot doesn't send anything, only expects Exchange to also handle the LOGIN command, but it's not doing that, most likely because it didn't think that two commands could be within a single TCP packet. -- Best regards, Charles Marcus I.T. Director Media Brokers International, Inc. 678.514.6224 | 678.514.6299 fax
Re: [Dovecot] Dovecot proxy to Microsoft Exchange 2013
On 25.6.2013, at 13.36, Jerry wrote: > On Mon, 24 Jun 2013 23:40:57 +0300 > Timo Sirainen articulated: > >> Looks like Exchange 2013 IMAP has broken command pipelining :( See if >> it gets fixed by http://hg.dovecot.org/dovecot-2.2/rev/6e8bbc150fa9 >> and the attached patch on top of that? If it works, I'll commit that >> patch too. > > Timo, I have not really been following this thread very closely, so I > am not quite sure what the problem is exactly. I have a friend who has > a friend who has input on Microsoft Exchange development. If you could > supply me, perhaps off list if you desire, specifics of exactly what > you believe Microsoft Exchange 2013 is doing incorrectly, I could > forward this information on. You would need to be quite specific > though. Generalizations would not be of any use. Looking at the first mail in this thread, it looks like when Dovecot sends within one TCP packet: C CAPABILITY L LOGIN "u...@domain.com.br" "123456" Exchange replies only to the CAPABILITY command with: * CAPABILITY IMAP4 IMAP4rev1 AUTH=PLAIN STARTTLS UIDPLUS CHILDREN IDLE NAMESPACE LITERAL+ C OK CAPABILITY completed. Then the session gets stuck, because Dovecot doesn't send anything, only expects Exchange to also handle the LOGIN command, but it's not doing that, most likely because it didn't think that two commands could be within a single TCP packet.
Re: [Dovecot] Dovecot proxy to Microsoft Exchange 2013
On Mon, 24 Jun 2013 23:40:57 +0300 Timo Sirainen articulated: > Looks like Exchange 2013 IMAP has broken command pipelining :( See if > it gets fixed by http://hg.dovecot.org/dovecot-2.2/rev/6e8bbc150fa9 > and the attached patch on top of that? If it works, I'll commit that > patch too. Timo, I have not really been following this thread very closely, so I am not quite sure what the problem is exactly. I have a friend who has a friend who has input on Microsoft Exchange development. If you could supply me, perhaps off list if you desire, specifics of exactly what you believe Microsoft Exchange 2013 is doing incorrectly, I could forward this information on. You would need to be quite specific though. Generalizations would not be of any use. -- Jerry ♔ Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the Reply-To header. __
Re: [Dovecot] Dovecot proxy to Microsoft Exchange 2013
Timo, thanks for your help. But I can't compile with this patch: /imap-proxy.c: In function âproxy_write_loginâ:// //imap-proxy.c:95: error: âstruct clientâ has no member named âpre_proxy_authâ// //imap-proxy.c: In function âimap_proxy_parse_lineâ:// //imap-proxy.c:217: error: âstruct clientâ has no member named âproxy_bannerâ// //imap-proxy.c:288: error: âstruct clientâ has no member named âpost_proxy_authâ/ Em 24/06/2013 19:22, Timo Sirainen escreveu: On Mon, 2013-06-24 at 23:40 +0300, Timo Sirainen wrote: Looks like Exchange 2013 IMAP has broken command pipelining :( See if it gets fixed by http://hg.dovecot.org/dovecot-2.2/rev/6e8bbc150fa9 and the attached patch on top of that? If it works, I'll commit that patch too. Attached another patch that doesn't crash on successful logins :)
Re: [Dovecot] Dovecot proxy to Microsoft Exchange 2013
On Mon, 2013-06-24 at 23:40 +0300, Timo Sirainen wrote:
> Looks like Exchange 2013 IMAP has broken command pipelining :( See if it gets
> fixed by http://hg.dovecot.org/dovecot-2.2/rev/6e8bbc150fa9 and the attached
> patch on top of that? If it works, I'll commit that patch too.
Attached another patch that doesn't crash on successful logins :)
diff -r f68a955f4c5c src/imap-login/client.h
--- a/src/imap-login/client.h Tue Jun 25 00:10:39 2013 +0300
+++ b/src/imap-login/client.h Tue Jun 25 01:21:15 2013 +0300
@@ -19,6 +19,7 @@
unsigned int cmd_finished:1;
unsigned int proxy_sasl_ir:1;
unsigned int proxy_seen_banner:1;
+ unsigned int proxy_no_pipelining:1;
unsigned int skip_line:1;
unsigned int id_logged:1;
unsigned int client_ignores_capability_resp_code:1;
diff -r f68a955f4c5c src/imap-login/imap-proxy.c
--- a/src/imap-login/imap-proxy.c Tue Jun 25 00:10:39 2013 +0300
+++ b/src/imap-login/imap-proxy.c Tue Jun 25 01:21:15 2013 +0300
@@ -63,8 +63,12 @@
unsigned int len;
const char *mech_name, *error;
- if (client->proxy_backend_capability == NULL)
+ if (client->proxy_backend_capability == NULL &&
+ client->common.proxy_state != IMAP_PROXY_STATE_CAPABILITY) {
str_append(str, "C CAPABILITY\r\n");
+ if (client->proxy_no_pipelining)
+ return 0;
+ }
if (client->common.proxy_mech == NULL) {
/* logging in normally - use LOGIN command */
@@ -88,6 +92,7 @@
sasl_client_new(client->common.proxy_mech, &sasl_set);
mech_name = sasl_client_mech_get_name(client->common.proxy_mech);
+ client->common.pre_proxy_auth = ioloop_timeval;
str_append(str, "L AUTHENTICATE ");
str_append(str, mech_name);
if (client->proxy_sasl_ir) {
@@ -122,6 +127,11 @@
str_sanitize(line, 160)));
return -1;
}
+ if (strstr(line, "Microsoft Exchange") != NULL) {
+ /* Exchange 2013 hangs if we send the CAPABILITY pipelined
+ with LOGIN */
+ client->proxy_no_pipelining = TRUE;
+ }
str = t_str_new(128);
if (strncmp(line + 5, "[CAPABILITY ", 12) == 0) {
@@ -203,6 +213,7 @@
output = login_proxy_get_ostream(client->login_proxy);
if (!imap_client->proxy_seen_banner) {
/* this is a banner */
+ client->proxy_banner = ioloop_timeval;
client->proxy_state = IMAP_PROXY_STATE_BANNER;
imap_client->proxy_seen_banner = TRUE;
if (proxy_input_banner(imap_client, output, line) < 0) {
@@ -270,9 +281,10 @@
return -1;
}
o_stream_nsend(output, str_data(str), str_len(str));
- return 1;
+ return 0;
} else if (strncmp(line, "L OK ", 5) == 0) {
/* Login successful. Send this line to client. */
+ client->post_proxy_auth = ioloop_timeval;
client->proxy_state = IMAP_PROXY_STATE_LOGIN;
str = t_str_new(128);
client_send_login_reply(imap_client, str, line + 5);
@@ -328,6 +340,14 @@
} else if (strncmp(line, "C ", 2) == 0) {
/* Reply to CAPABILITY command we sent, ignore it */
client->proxy_state = IMAP_PROXY_STATE_CAPABILITY;
+ if (imap_client->proxy_no_pipelining) {
+ str = t_str_new(128);
+ if (proxy_write_login(imap_client, str) < 0) {
+client_proxy_failed(client, TRUE);
+return -1;
+ }
+ o_stream_nsend(output, str_data(str), str_len(str));
+ }
return 0;
} else if (strncasecmp(line, "I ", 2) == 0 ||
strncasecmp(line, "* ID ", 5) == 0) {
Re: [Dovecot] Dovecot proxy to Microsoft Exchange 2013
On 19.6.2013, at 20.54, Ricardo Machini Barbosa wrote: > I am trying to do a proxy with dovecot to IMAP backend server that are using > Microsoft Exchange 2013. > I already did this with Microsoft Exchange 2007 and Microsoft Exchange 2010 > and it works perfectly! But with Microsoft Exchange 2013 I can not perform > LOGIN. > > The error log message is: > /imap-login: Error: proxy(u...@domain.com.br): Login for > exchange2013.domain.com.br:143 timed out in state=4 (after 30 secs, > local=x.x.x.x:59640)/ > > My troubleshoot was: > > - tcpdump on dovecot server side: >I can see the commands sent/received by Microsoft Exchange. But no the "OK > LOGIN" response. > > /* OK The Microsoft Exchange IMAP4 service in is ready.// > //C CAPABILITY// > //L LOGIN "u...@domain.com.br" "123456"// > //* CAPABILITY IMAP4 IMAP4rev1 AUTH=PLAIN STARTTLS UIDPLUS CHILDREN IDLE > NAMESPACE LITERAL+// > //C OK CAPABILITY completed./ Looks like Exchange 2013 IMAP has broken command pipelining :( See if it gets fixed by http://hg.dovecot.org/dovecot-2.2/rev/6e8bbc150fa9 and the attached patch on top of that? If it works, I'll commit that patch too. diff Description: Binary data
[Dovecot] Dovecot proxy to Microsoft Exchange 2013
Hello,
I am trying to do a proxy with dovecot to IMAP backend server that are
using Microsoft Exchange 2013.
I already did this with Microsoft Exchange 2007 and Microsoft Exchange
2010 and it works perfectly! But with Microsoft Exchange 2013 I can not
perform LOGIN.
The error log message is:
/imap-login: Error: proxy(u...@domain.com.br): Login for
exchange2013.domain.com.br:143 timed out in state=4 (after 30 secs,
local=x.x.x.x:59640)/
My troubleshoot was:
- tcpdump on dovecot server side:
I can see the commands sent/received by Microsoft Exchange. But no
the "OK LOGIN" response.
/* OK The Microsoft Exchange IMAP4 service in is ready.//
//C CAPABILITY//
//L LOGIN "u...@domain.com.br" "123456"//
//* CAPABILITY IMAP4 IMAP4rev1 AUTH=PLAIN STARTTLS UIDPLUS CHILDREN IDLE
NAMESPACE LITERAL+//
//C OK CAPABILITY completed./
- tcpdump with telnet login on dovecot server side:
Works fine.
/* OK The Microsoft Exchange IMAP4 service in is ready.//
//a login "u...@domain.com.br" "123456"//
//a OK LOGIN completed.//
//a logout//
//* BYE Microsoft Exchange Server 2013 IMAP4 server signing off.//
//a OK LOGOUT completed./
- Log verbose on Microsoft Exchange 2013.
Look like that Microsoft Exchange did not receive the login command.
Someone already tried do this with Microsoft Exchange 2013 ?
See bellow some information about my dovecot configuration:
/# 2.2.2: dovecot.conf//
//# OS: Linux 2.6.32-358.2.1.el6.centos.plus.x86_64 x86_64 CentOS
release 6.4 (Final)//
//
//base_dir = /var/run/dovecot///
//disable_plaintext_auth = no//
//listen = x.x.x.x//
//mbox_write_locks = fcntl//
//passdb {//
// args = /etc/dovecot/dovecot-ldap.conf.ext//
// driver = ldap//
//}//
//
//protocols = imap pop3//
//service imap-login {//
// inet_listener imap {//
//port = 143//
// }//
// inet_listener imaps {//
//port = 993//
//ssl = yes//
// }//
// process_min_avail = 4//
// service_count = 0//
// vsz_limit = 512 M//
//}//
//service pop3-login {//
// inet_listener pop3 {//
//port = 110//
// }//
// inet_listener pop3s {//
//port = 995//
//ssl = yes//
// }//
// process_min_avail = 4//
// service_count = 0//
// vsz_limit = 512 M//
//}//
//ssl_cert =
