On Sat, Jun 30, 2012 at 4:52 AM, Charles Marcus
wrote:
> On 2012-06-29 5:41 PM, Zac Israel wrote:
>>
>> The system at 172.16.0.13 is a zimbra proxy. I can see in the logs
>> that it initially complains about my ssl cert, and if I remove
>> ssl=any-cert it fails because my cert is self signed, so I know it is
>> talking to the proxy and doing starttls which is a requirement of
>> zimbra. Unfortunately I have not found a way to see the full exchange
>> between dovecot and my zimbra proxy other than tcp dump, which just
>> shows a small packet exchange.
>
>
> And unfortunately you failed to provide critical evidence - in this case the
> actual logs (and the tcpdump since you already have it) of a failed session,
> rather than your interpretation of it. But at least you provided your config
> (Timo is so good that often that is enough by itself, but even his crystal
> ball sometimes has problems).
>
> I have found over the years that if you are having a problem to the point
> that you need to ask for help, it is time to step back and take a fresh look
> at *everything* - including having other eyes looking at *all* of the
> evidence.
>
> --
>
> Best regards,
>
> Charles
Very sorry for the omission, please find the dovecot logs and tcpdump
session attached. Please let me know if I can provide any other
information and thank you again for your time.
Zac
Jun 29 17:00:57 imap-test dovecot: master: Dovecot v2.0.19 starting up (core
dumps disabled)
Jun 29 17:00:58 imap-test dovecot: auth: Debug: Loading modules from directory:
/usr/lib/dovecot/modules/auth
Jun 29 17:00:58 imap-test dovecot: auth: Debug: auth client connected
(pid=31182)
Jun 29 17:00:58 imap-test dovecot: imap-login: Warning: SSL: where=0x10, ret=1:
before/accept initialization [127.0.0.1]
Jun 29 17:00:58 imap-test dovecot: imap-login: Warning: SSL: where=0x2001,
ret=1: before/accept initialization [127.0.0.1]
Jun 29 17:00:58 imap-test dovecot: imap-login: Warning: SSL: where=0x2001,
ret=1: SSLv3 read client hello A [127.0.0.1]
Jun 29 17:00:58 imap-test dovecot: imap-login: Warning: SSL: where=0x2001,
ret=1: SSLv3 write server hello A [127.0.0.1]
Jun 29 17:00:58 imap-test dovecot: imap-login: Warning: SSL: where=0x2001,
ret=1: SSLv3 write certificate A [127.0.0.1]
Jun 29 17:00:58 imap-test dovecot: imap-login: Warning: SSL: where=0x2001,
ret=1: SSLv3 write key exchange A [127.0.0.1]
Jun 29 17:00:58 imap-test dovecot: imap-login: Warning: SSL: where=0x2001,
ret=1: SSLv3 write server done A [127.0.0.1]
Jun 29 17:00:58 imap-test dovecot: imap-login: Warning: SSL: where=0x2001,
ret=1: SSLv3 flush data [127.0.0.1]
Jun 29 17:00:58 imap-test dovecot: imap-login: Warning: SSL: where=0x2001,
ret=1: SSLv3 read client key exchange A [127.0.0.1]
Jun 29 17:00:58 imap-test dovecot: imap-login: Warning: SSL: where=0x2001,
ret=1: SSLv3 read finished A [127.0.0.1]
Jun 29 17:00:58 imap-test dovecot: imap-login: Warning: SSL: where=0x2001,
ret=1: SSLv3 write session ticket A [127.0.0.1]
Jun 29 17:00:58 imap-test dovecot: imap-login: Warning: SSL: where=0x2001,
ret=1: SSLv3 write change cipher spec A [127.0.0.1]
Jun 29 17:00:58 imap-test dovecot: imap-login: Warning: SSL: where=0x2001,
ret=1: SSLv3 write finished A [127.0.0.1]
Jun 29 17:00:58 imap-test dovecot: imap-login: Warning: SSL: where=0x2001,
ret=1: SSLv3 flush data [127.0.0.1]
Jun 29 17:00:58 imap-test dovecot: imap-login: Warning: SSL: where=0x20, ret=1:
SSL negotiation finished successfully [127.0.0.1]
Jun 29 17:00:58 imap-test dovecot: imap-login: Warning: SSL: where=0x2002,
ret=1: SSL negotiation finished successfully [127.0.0.1]
Jun 29 17:01:10 imap-test dovecot: auth: Debug: client in: AUTH 1 PLAIN
service=imap secured lip=127.0.0.1 rip=127.0.0.1 lport=143 rport=49940
resp=
Jun 29 17:01:10 imap-test dovecot: auth: Debug:
static(zac.isr...@domain.com,127.0.0.1): lookup
Jun 29 17:01:10 imap-test dovecot: auth: Debug:
static(zac.isr...@domain.com,127.0.0.1): Allowing any password
Jun 29 17:01:10 imap-test dovecot: auth: Debug: client out: OK 1
user=zac.isr...@domain.com proxy host=172.16.0.13 port=143 proxy_timeout=5
starttls=y ssl=any-cert pass=
Jun 29 17:01:10 imap-test dovecot: imap-login: Warning: SSL: where=0x10, ret=1:
before/connect initialization [127.0.0.1]
Jun 29 17:01:10 imap-test dovecot: imap-login: Warning: SSL: where=0x1001,
ret=1: before/connect initialization [127.0.0.1]
Jun 29 17:01:10 imap-test dovecot: imap-login: Warning: SSL: where=0x1001,
ret=1: unknown state [127.0.0.1]
Jun 29 17:01:10 imap-test dovecot: imap-login: Warning: SSL: where=0x1002,
ret=-1: unknown state [127.0.0.1]
Jun 29 17:01:10 imap-test dovecot: imap-login: Warning: SSL: where=0x1001,
ret=1: SSLv3 read server hello A [127.0.0.1]
Jun 29 17:01:10 imap-test dovecot: imap-login: Invalid certificate: self signed
certificate in certificate chain:
/C=US/ST=State/L=City/O=COMPANY/OU=IT/CN=COMPANY CA/emailAddress=i...@domain.com
Jun 29 17:01:10 imap-test dovecot: imap-login: Invalid