Christian, Hi Thanks for the pointers - yes sogo-activesync was installed, and I've turned up the debug in the sogo.log and the apache.log
Mar 27 17:07:08 sogod [5979]: |SOGo| starting method 'GET' on uri '/SOGo/Microsoft-Server-ActiveSync?' Mar 27 17:07:08 sogod [5979]: |SOGo| traverse(acquire): SOGo => Microsoft-Server-ActiveSync Mar 27 17:07:08 sogod [5979]: |SOGo| do traverse name: 'SOGo' Mar 27 17:07:08 sogod [5979]: |SOGo| do traverse name: 'Microsoft-Server-ActiveSync' Mar 27 17:07:08 sogod [5979]: |SOGo| set clientObject: <SOGo[0x0x5559b85e49c0]: name=SOGo> Mar 27 17:07:08 sogod [5979]: <0x0x5559bd382640[SOGoActiveSyncDispatcher]> EAS - Forbidden access for user (null) Mar 27 17:07:08 sogod [5979]: |SOGo| request took 0.000676 seconds to execute Mar 27 17:07:08 sogod [5979]: 192.168.205.113 "GET /SOGo/Microsoft-Server-ActiveSync? HTTP/1.1" 403 0/0 0.002 - - 0 Which implies to me that apache (for some reason) isn't getting a username - which is unsurprising as it doesn’t request any Authorisation. [Mon Mar 27 16:07:08.916479 2017] [authz_core:debug] [pid 9790] mod_authz_core.c(835): [client 192.168.205.113:53478] AH01628: authorization result: granted (no directives) [Mon Mar 27 16:07:08.916690 2017] [proxy:debug] [pid 9790] mod_proxy.c(1160): [client 192.168.205.113:53478] AH01143: Running scheme http handler (attempt 0) [Mon Mar 27 16:07:08.916807 2017] [proxy:debug] [pid 9790] proxy_util.c(2160): AH00942: HTTP: has acquired connection for (127.0.0.1) [Mon Mar 27 16:07:08.916893 2017] [proxy:debug] [pid 9790] proxy_util.c(2213): [client 192.168.205.113:53478] AH00944: connecting http://127.0.0.1:20000/SOGo/Microsoft-Server-ActiveSync? to 127.0.0.1:20000 [Mon Mar 27 16:07:08.916996 2017] [proxy:debug] [pid 9790] proxy_util.c(2422): [client 192.168.205.113:53478] AH00947: connected /SOGo/Microsoft-Server-ActiveSync? to 127.0.0.1:20000 [Mon Mar 27 16:07:08.917225 2017] [proxy:debug] [pid 9790] proxy_util.c(2799): AH02824: HTTP: connection established with 127.0.0.1:20000 (127.0.0.1) [Mon Mar 27 16:07:08.917319 2017] [proxy:debug] [pid 9790] proxy_util.c(2965): AH00962: HTTP: connection complete to 127.0.0.1:20000 (127.0.0.1) [Mon Mar 27 16:07:08.922994 2017] [proxy:debug] [pid 9790] proxy_util.c(2175): AH00943: http: has released connection for (127.0.0.1) I would have expected the server to request username+password the same way as it does for autodiscover - but that's done by OCSmanager. I'm assuming that Sogo does it for EAS and why would it work for normal Sogo requests - but not EAS requests...? What is the process that requests and then handles the HTTP Authorisation request for username + password? Any pointers would be useful. Thanks!! My sogo.conf is :- --------------------------------------- { // SOGoEnableDomainBasedUID = YES; // SOGoLoginDomains = (acme.com, widgets.com); domains = { acme.com = { SOGoMailDomain = acme.com; SOGoUserSources = ( { type = ldap; CNFieldName = displayName; IDFieldName = cn; UIDFieldName = cn; baseDN = "ou=acme,ou=tenants,dc=exch,dc=smtp-engine,dc=com"; bindDN = "cn=administrator,cn=Users,dc=exch,dc=smtp-engine,dc=com"; bindPassword = "%%%%%%"; bindFields = ( mail, cn ); canAuthenticate = YES; displayName = "Shared Addresses"; hostname = ldap://127.0.0.1:389; id = public_acme; isAddressBook = YES; } ); }; widgets.com = { SOGoMailDomain = widgets.com; SOGoUserSources = ( { type = ldap; CNFieldName = displayName; IDFieldName = cn; UIDFieldName = cn; baseDN = "ou=widgets,ou=tenants,dc=exch,dc=smtp-engine,dc=com"; bindDN = "cn=administrator,cn=Users,dc=exch,dc=smtp-engine,dc=com"; bindPassword = "%%%%%%%"; bindFields = ( mail, cn ); canAuthenticate = YES; displayName = "Shared Addresses"; hostname = ldap://127.0.0.1:389; id = public_widgets; isAddressBook = YES; } ); }; }; /* Database configuration */ SOGoProfileURL = mysql://sogo_user:%%%%%@127.0.0.1:3306/sogo/sogo_user_profile; OCSFolderInfoURL = mysql://sogo_user:%%%%@127.0.0.1:3306/sogo/sogo_folder_info; OCSEMailAlarmsFolderURL = mysql://sogo_user:%%%%%%%@127.0.0.1:3306/sogo/sogo_alarms_folder; OCSSessionsFolderURL = mysql://sogo_user:%%%%%@127.0.0.1:3306/sogo/sogo_sessions_info; /* General */ SOGoLanguage = English; SOGoTimeZone = "Europe/London"; SOGoEnableEMailAlarms = YES; SOGoCalendarDefaultRoles = ("PublicDAndTViewer"); //SOGoSuperUsernames = (administrator); /* Web Interface */ SOGoPageTitle = SMTP-Engine; SOGoVacationEnabled = YES; SOGoForwardEnabled = YES; SOGoSieveScriptsEnabled = YES; //SOGoMailAuxiliaryUserAccountsEnabled = YES; SOGoTrustProxyAuthentication = NO; /* Mail */ SOGoDraftsFolderName = Drafts; SOGoSentFolderName = Sent; SOGoTrashFolderName = Trash; SOGoIMAPServer = 127.0.0.1:143; SOGoSieveServer = sieve://127.0.0.1:4190; SOGoSMTPServer = 127.0.0.1; //SOGoMailDomain = domain.local; SOGoMailingMechanism = smtp; //SOGoForceExternalLoginWithEmail = NO; //SOGoMailSpoolPath = /var/spool/sogo; //NGImap4ConnectionStringSeparator = "/"; /* Notifications */ SOGoAppointmentSendEMailNotifications = YES; //SOGoACLsSendEMailNotifications = NO; //SOGoFoldersSendEMailNotifications = NO; /* Authentication */ //SOGoPasswordChangeEnabled = YES; /* Debugging */ LDAPDebugEnabled = YES; //MySQL4DebugEnabled = YES; OCSFolderManagerSQLDebugEnabled = YES; PGDebugEnabled = YES; SOGoDebugRequests = YES; WODebugTakeValues = YES; SOGoUIxDebugEnabled = YES; SaxDebugReaderFactory = YES; SaxObjectDecoderDebugEnabled = YES; SoDebugObjectTraversal = YES; SoSecurityManagerDebugEnabled = YES; VSSaxDriverDebugEnabled = YES; WODebugResourceLookup = YES; WEResourceManagerDebugEnabled = YES; WEResourceManagerComponentDebugEnabled = YES; SOgoEASDebugEnabled = YES; }
smime.p7s
Description: S/MIME cryptographic signature