Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

virtual domains #9

Open
buzzheavyyear opened this issue Jun 17, 2015 · 63 comments
Open

virtual domains #9

buzzheavyyear opened this issue Jun 17, 2015 · 63 comments

Comments

@buzzheavyyear
Copy link

Would be excellent if there was more than one domain, with virtual users - is this much work to fix?
@gregtatcam
Copy link
Owner

It seems straightforward if I just add multiple domain support to SMTP. Virtual user directory then will be “user@domain”. So all domain users will have the account in the same folder. To make the user folder like “user/domain” will require more work, and more work to make each domain home folder configurable, for instance /var/mail/accounts/domain1/user and /etc/domain2/user. Could do the change incrementally though. I have checked in the multiple domain support for SMTP. I’ll try to add the proper user account folder handling this week.

On Jun 17, 2015, at 5:22 PM, buzzheavyyear [email protected] wrote:

Would be excellent if there was more than one domain, with virtual users - is this much work to fix?


Reply to this email directly or view it on GitHub #9.

@buzzheavyyear
Copy link
Author

That's very generous of you - let me know if I can help out with anything. Cheers

@gregtatcam
Copy link
Owner

No problem. I’m happy to get the feedback and good suggestions for enhancement.

On Jun 17, 2015, at 6:51 PM, buzzheavyyear [email protected] wrote:

That's very generous of you - let me know if I can help out with anything. Cheers


Reply to this email directly or view it on GitHub #9 (comment).

@gregtatcam
Copy link
Owner

I checked in the second change, i.e. the user account folder for user@domain is domain/user.
Making each domain’s folder configurable requires some rework so I’m going to put it on hold for now. I think current implementation covers most of the cases, even if you want to have a separate partition for each domain.

On Jun 17, 2015, at 6:51 PM, buzzheavyyear [email protected] wrote:

That's very generous of you - let me know if I can help out with anything. Cheers


Reply to this email directly or view it on GitHub #9 (comment).

@buzzheavyyear
Copy link
Author

Excellent - thanks for adding this in - I'll try it out this afternoon. I also need to read through the code thoroughly - I read http://javiermunhoz.com/blog/2014/04/19/detecting-and-removing-computer-virus-with-ocaml.html last year - I might try and find some time to see if I could add something to imaplet. Thanks for making this available.

@gregtatcam
Copy link
Owner

Cool. It’ll be great if this system is improved/grown by the community.

On Jun 18, 2015, at 11:14 AM, buzzheavyyear [email protected] wrote:

Excellent - thanks for adding this in - I'll try it out this afternoon. I also need to read through the code thoroughly - I read http://javiermunhoz.com/blog/2014/04/19/detecting-and-removing-computer-virus-with-ocaml.html http://javiermunhoz.com/blog/2014/04/19/detecting-and-removing-computer-virus-with-ocaml.html last year - I might try and find some time to see if I could add something to imaplet. Thanks for making this available.


Reply to this email directly or view it on GitHub #9 (comment).

@buzzheavyyear
Copy link
Author

Just doing an install - everything fine until I do a:

sudo imaplet_create_account -u [email protected]:mysecretpassword

I get an error of : failed: invalid domain

I have edited imaplet.cf and added the domain of example.com and created the directory /var/mail/accounts/example.com/john.doe, but not started anything - ie sudo imaplet

What's the best way forward here? :)

@gregtatcam
Copy link
Owner

It works for me. Can you email your imaplet.cf file?

You don’t need to create the directory for domain, imaplet_create_account creates necessary directory.

On Jun 22, 2015, at 3:46 PM, buzzheavyyear [email protected] wrote:

Just doing an install - everything fine until I do a:

sudo imaplet_create_account -u [email protected] mailto:[email protected]:mysecretpassword

I get an error of : failed: invalid domain

I have edited imaplet.cf and added the domain of example.com and created the directory /var/mail/accounts/example.com, but not started anything - ie sudo imaplet

What's the best way forward here? :)


Reply to this email directly or view it on GitHub #9 (comment).

@buzzheavyyear
Copy link
Author 

# configuration file

# authentication required
auth_required true

# log file location
log /var/log

# log level error/info1/info2/info3/debug
log_level error

# maximum email size in bytes
max_msg_size 10000000

# server name in capability response
imap_name imaplet

# irminsule location
irmin_path /var/mail/accounts/%user%/repo

# user certificate/key path
user_cert_path /var/mail/accounts/%user%/cert

# expand the contents of the database to the filesystem, default false
irmin_expand false

# smtp server address
smtp_addr 0.0.0.0

# smtp server port 25,587
smtp_port 587,25

# smtp ssl enabled
smtp_ssl false

# smtp starttls enabled
smtp_starttls true

# imap server address for outside connections
addr 0.0.0.0

# imap server port for outside connections, 143 no ssl/993 ssl
port 993

# is ssl enabled
ssl true

# is starttls enabled
starttls true

# inbox location for the storage (irmin, mbox(/var/mail), mailbox, etc)
# blank for irmin
inbox_path ""

# mailboxes location for the storage (irmin, mbox(/Users/@/mail/, mailbox, etc)
# blank for irmin 
mail_path ""

# rebuild irminsule on start up, not enabled yet
#rebuild_irmin false

# pem/key path default datadir/imaplet
#data_path ""

# pem name
pem_name server.pem

# key name
key_name server.key

# public key
pub_name server.pub

# users path default datadir/imaplet
#users_path ""

# type of data storage like mailbox,mbox,irmin,workdir
data_store irmin

# encrypt message
encrypt true

# compress message, but not attachment
compress true

# include mapped address in the Received email header
stun_header false

# ';' separated domains(no spaces), the main domain by default is the host name
# domain
example.com;anotherexample.com;yetanotherexample.com

# maildir parse, parse the message into MIME parts and save all of them along with the
# map of parsed parts in one blob. this is similar to irmin and workdir but they save each 
# part into separate blob
maildir_parse true

# irmin and workdir single store, store MIME parets as individual blobs, this will deduplicate attachments
single_store true

# irmin hybrid, if true and store is Irmin then messages are stored in files on FS, metadata is stored in Git 
hybrid false

@buzzheavyyear
Copy link
Author

One day I'll master markdown!

@gregtatcam
Copy link
Owner

Yeah, this is better :-)

On Jun 22, 2015, at 4:06 PM, buzzheavyyear [email protected] wrote:

One day I'll master markdown!


Reply to this email directly or view it on GitHub #9 (comment).

@gregtatcam
Copy link
Owner

I see the issue, the domain is commented out:

domain

example.com;anotherexample.com;yetanotherexample.com
it should be:

domain example.com;anotherexample.com;yetanotherexample.com

On Jun 22, 2015, at 4:06 PM, buzzheavyyear [email protected] wrote:

One day I'll master markdown!


Reply to this email directly or view it on GitHub #9 (comment).

@buzzheavyyear
Copy link
Author

aha! OK, thanks

@gregtatcam
Copy link
Owner

No pr.

On Jun 22, 2015, at 4:10 PM, buzzheavyyear [email protected] wrote:

aha! OK, thanks


Reply to this email directly or view it on GitHub #9 (comment).

@buzzheavyyear
Copy link
Author

just one more thing - I'm trying to set up my android/gmail client. When it gets to the imap set up, I'm getting a read error:

Can't safely connect to server.
(Read error: ssl=0x9a5......: Failure in SSL library, usually a protocol error
error:140943E8:SSL
routines:SSL3_READ_BYTES:reason(1000)
(external/openssl/ssl/s3_pkt.c:1304 0x06.....:0x00000003))

Have you come across this before?

@avsm
Copy link

avsm commented Jun 22, 2015

This looks like its trying to use SSLv3, which is unsupported. Any idea how to get your setup to use TLS 1.0 instead (most really should by default).

On 22 Jun 2015, at 17:08, buzzheavyyear [email protected] wrote:

just one more thing - I'm trying to set up my android/gmail client. When it gets to the imap set up, I'm getting a read error:

Can't safely connect to server.
(Read error: ssl=0x9a5......: Failure in SSL library, usually a protocol error
error:140943E8:SSL
routines:SSL3_READ_BYTES:reason(1000)
(external/openssl/ssl/s3_pkt.c:1304 0x06.....:0x00000003))

Have you come across this before?


Reply to this email directly or view it on GitHub #9 (comment).

@buzzheavyyear
Copy link
Author

Well, I had ssl/tls set to 'accept all certificates'. Changing it to default ssl/tls throws the error:

Can't safely connect to server.
(java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.)

I also am unable to get my desktop thunderbird client to connect to imap/smtp.

I am, however, able to telnet in on port 25

@buzzheavyyear
Copy link
Author

I might just try another android client to see what happens. Don't understand why thunderbird doesn't connect - all I've done is a default install on the cubieboard2

@gregtatcam
Copy link
Owner

I can connect with iPhone, iPad, Thunderbird on Ubuntu, and Android. I have not used Android for a while though. I’ll charge it up and test.

On Jun 22, 2015, at 5:17 PM, buzzheavyyear [email protected] wrote:

Well, I had ssl/tls set to 'accept all certificates'. Changing it default ssl/tls throws the error:

Can't safely connect to server.
(java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.)

I also am unable to get my desktop thunderbird client to connect to imap/smtp.

I am, however, able to telnet in on port 25


Reply to this email directly or view it on GitHub #9 (comment).

@gregtatcam
Copy link
Owner

first think to test is to see if you can connect via telnet for plain connection or via openssl for ssl.
let me know if you need help with this test.

On Jun 22, 2015, at 5:19 PM, buzzheavyyear [email protected] wrote:

I might just try another android client to see what happens. Don't understand why thunderbird doesn't connect - all I've done is a default install on the cubieboard2


Reply to this email directly or view it on GitHub #9 (comment).

@buzzheavyyear
Copy link
Author

thanks - not too sure how to test this with openssl - I've already telnet'd into port 25 and this works. What do I need to do for openssl

@buzzheavyyear
Copy link
Author

OK, I've just tried:

openssl s_client -connect 192.169.1.10:993 -crlf

and it just hangs - looks like I need to restart it and set it up for debug logging - here we go ...

@gregtatcam
Copy link
Owner

to test IMAP:

openssl s_client -connect ip:port -tls1 -crlf

you should get a prompt from the server. try go login with this command:

a login name password

then logout with:

a logout

If this works then you successfully tested IMAP server.

To test SMTP:

openssl s_client -connect ip:port -tls1 -starttls smtp -crlf

when you get the prompt just type: quit. This verifies you SMTP over ssl.

If you got both working then you should be in good shape.

Are you testing the server on the LAN? If it’s WAN then 25 and 587 ports might be blocked. Try a different SMTP port, like 2587.

On Jun 22, 2015, at 5:26 PM, buzzheavyyear [email protected] wrote:

thanks - not too sure how to test this with openssl - I've already telnet'd into port 25 and this works. What do I need to do for openssl


Reply to this email directly or view it on GitHub #9 (comment).

@gregtatcam
Copy link
Owner

Need to add ‘-tls1’

On Jun 22, 2015, at 5:35 PM, buzzheavyyear [email protected] wrote:

OK, I've just tried:

openssl s_client -connect 192.169.1.10:993 -crlf

and it just hangs - looks like I need to restart it and set it up for debug logging - here we go ...


Reply to this email directly or view it on GitHub #9 (comment).

@buzzheavyyear
Copy link
Author

Thanks for all of this - both smtp and imap hang with openssl. I'll set it up for debugging and start looking at the logs. Has to be something simple or something I've missed. Very best.

@gregtatcam
Copy link
Owner

No pr. Let me know if you need help.

You can also try to configure the server not use ssl and see if that works.

On Jun 22, 2015, at 5:42 PM, buzzheavyyear [email protected] wrote:

Thanks for all of this - both smtp and imap hang with openssl. I'll set it up for debugging and start looking at the logs. Has to be something simple or something I've missed. Very best.


Reply to this email directly or view it on GitHub #9 (comment).

@buzzheavyyear
Copy link
Author

Looking at the logs for imap, I'm getting a client request exception:

imaplet: accepting connections
l:tag a
l:SP
l:SP
l:SP
l:CRLF 1
p:command
p:request
----> 2: LOGIN ...
client_requests exception: Invalid_argument("No RSA keys")

The domain/user/cert directory exists with server.key and server.pem - could this be a problem with the server not picking up these files with the new virtual user setup?

@gregtatcam
Copy link
Owner

Do you run imaplet as ‘sudo imaplet’?

Does the server.key look like binary?

If you use the domain the user name to login should have the domain, i.r. user@domain. This could be the problem too.

On Jun 22, 2015, at 6:17 PM, buzzheavyyear [email protected] wrote:

Looking at the logs for imap, I'm getting a client request exception:

imaplet: accepting connections
l:tag a
l:SP
l:SP
l:SP
l:CRLF 1
p:command
p:request
----> 2: LOGIN ...
client_requests exception: Invalid_argument("No RSA keys")
The domain/user/cert directory exists with server.key and server.pem - could this be a problem with the server not picking up these files with the new virtual user setup?


Reply to this email directly or view it on GitHub #9 (comment).

@buzzheavyyear
Copy link
Author

Yes, I was using : ‘sudo imaplet’

Just ssh'd into the cubieboard, did a ‘sudo imaplet’ and I can access the imap daemon via openssl. Haven't the slightest idea why it works now as I haven't changed anything.

However, I've just tried to both receive an external email and send an email from my local thunderbird.

My entry in users is:
[email protected]:{SHA256}po057IvN5ns6hnRSOBBzXO0Bad9mQo057dg2Jvq8Qe8Nyb+00=::::/var/mail/accounts/example.com/nick.betteridge/repo

  1. Sending a local email from thunderbird gives the error:

An error occurred while sending mail. The mail server responded: 5.7.8 : From address rejected: User unknown in local. Please check the message recipient [email protected] and try again.

Also, the console output (sudo imaplet) throws out:

Fatal error: exception Invalid_argument("Lwt.wakeup_result")
Raised at file "pervasives.ml", line 21, characters 25-45
Called from file "src/core/lwt.ml", line 325, characters 17-47
Called from file "src/core/lwt.ml", line 697, characters 66-71

  1. Receiving an email - I sent an email from gmail and the error I got back on my gmail account was the following:

Delivery to the following recipient failed permanently:

 [email protected]

Technical details of permanent failure:
Google tried to deliver your message, but it was rejected by the server for the recipient domain example.com by mail.example.com. [80.229.27.245].

The error that the other server returned was:
550 5.7.8 : Recipient address rejected: User unknown in local recipient table

@gregtatcam
Copy link
Owner

My guess is that Thunderbird sends “nick.betteridge” as the user name and not “[email protected] mailto:[email protected]”. How did you configure your email account (SMTP) in Thunderbird?

I’m not sure about the error. It looks like OCaml core library crashes. I’ll have to try to reproduce it.

As far as sending email from gmail. Gmail can not resolve the example.com http://example.com/ domain via DNS, i.e. there is no email server bound to the example.com http://example.com/. You can only send email to globally accessible email servers and usually you need a DNS MX record configured for this domain because SMTP relay (i.e. when it has to relay message to another server) usually verifies MX record to filter out spam email. Or you can send email within your LAN and refer to your server directly by ip or host name.

Does your email work if you don’t have the domain setup? It’s better to start with something simpler and make sure it works, and then move towards more complex configuration.

On Jun 23, 2015, at 8:51 AM, buzzheavyyear [email protected] wrote:

Yes, I was using : ‘sudo imaplet’

Just ssh'd into the cubieboard, did a ‘sudo imaplet’ and I can access the imap daemon via openssl. Haven't the slightest idea why it works now as I haven't changed anything.

However, I've just tried to both receive an external email and send an email from my local thunderbird.

My entry in users is:
[email protected] mailto:[email protected]:{SHA256}po057IvN5ns6hnRSOBBzXO0Bad9mQo057dg2Jvq8Qe8Nyb+00=::::/var/mail/accounts/example.com/nick.betteridge/repo

Sending a local email from thunderbird gives the error:
An error occurred while sending mail. The mail server responded: 5.7.8 : From address rejected: User unknown in local. Please check the message recipient [email protected] mailto:[email protected] and try again.

Also, the console output (sudo imaplet) throws out:

Fatal error: exception Invalid_argument("Lwt.wakeup_result")
Raised at file "pervasives.ml", line 21, characters 25-45
Called from file "src/core/lwt.ml", line 325, characters 17-47
Called from file "src/core/lwt.ml", line 697, characters 66-71

Receiving an email - I sent an email from gmail and the error I got back on my gmail account was the following:
Delivery to the following recipient failed permanently:

[email protected]
Technical details of permanent failure:
Google tried to deliver your message, but it was rejected by the server for the recipient domain example.com by mail.example.com. [80.229.27.245].

The error that the other server returned was:
550 5.7.8 : Recipient address rejected: User unknown in local recipient table


Reply to this email directly or view it on GitHub #9 (comment).

@buzzheavyyear
Copy link
Author 

openssl s_client -connect 192.168.1.10:587 -tls1 -crlf -starttls smtp
CONNECTED(00000003)
depth=0 C = AU, ST = Some-State, O = Internet Widgits Pty Ltd
verify error:num=18:self signed certificate
verify return:1
depth=0 C = AU, ST = Some-State, O = Internet Widgits Pty Ltd
verify return:1
---
Certificate chain
 0 s:/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd
   i:/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd
---
Server certificate
-----BEGIN CERTIFICATE-----
MIICsDCCAhmgAwIBAgIJALA7UmbZrkBkMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNV
BAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBX
aWRnaXRzIFB0eSBMdGQwHhcNMTUwNDI1MDk0NTA4WhcNMTYwNDI0MDk0NTA4WjBF
MQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50
ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB
gQDDwnQJOk9GSJVKN2OgGDy+cOva6x+/8vRNNnpWOpdd2aDIHrrABveW4/fL2Z21
NasrsONlf0ypXPlX++rFjQwzDGYxgGpJntAflxSWQwEH7RtPrrLOGhmIMCWo9DP8
NOKpzl0w8BRGSVAjFITGTVydfVslklnJgfpGvZMnHno2twIDAQABo4GnMIGkMB0G
A1UdDgQWBBT76rTWI9SdvacaJQDF41++1touwzB1BgNVHSMEbjBsgBT76rTWI9Sd
vacaJQDF41++1touw6FJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUt
U3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJALA7UmbZ
rkBkMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAcPAygBGxBDscHLX/
JhAkZ3TprwfFFyWm5EICaod+pI/nNSxX2v2KKT1Q/Cf+wPdmC+DnJaF3oMChA7L4
Q+EkO7X+0BT9LrJJgr1NWOpOk9ZFxqZQaPBomyut4KihRgRjYAUGSuXk7VpRV1KY
jBwlRt6kGDLMdr3Adj9rCExLjJA=
-----END CERTIFICATE-----
subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd
issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd
---
No client certificate CA names sent
---
SSL handshake has read 1345 bytes and written 436 bytes
---
New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA
Server public key is 1024 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : TLSv1
    Cipher    : DHE-RSA-AES256-SHA
    Session-ID: 
    Session-ID-ctx: 
    Master-Key: 658D124CA78D694424BF574784DBCF04E089026E5D7B98E146DC6682D9D3F4F265FA58AA94521028C61F2C38FD49AEC0
    Key-Arg   : None
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    Start Time: 1435051175
    Timeout   : 7200 (sec)
    Verify return code: 18 (self signed certificate)
---
250 VRFY
ehlo server
250-c0
250-AUTH PLAIN LOGIN
250-ENHANCEDSTATUSCODES
250 VRFY
vrfy [email protected] <mailto:[email protected]>
502 5.5.1 Error: command not recognized

@gregtatcam
Copy link
Owner

You have repeated the user name twice, it should be

vrfy [email protected] mailto:[email protected]

On Jun 23, 2015, at 10:22 AM, buzzheavyyear [email protected] wrote:

vrfy [email protected] mailto:[email protected] [email protected] mailto:[email protected]

@buzzheavyyear
Copy link
Author

Strange, I'm sure I didn't (might have been copy/paste via email)- just did the same thing again and got the same error:

vrfy [email protected] mailto:[email protected]
502 5.5.1 Error: command not recognized

@gregtatcam
Copy link
Owner

Hm, you have again two user names in the command…

On Jun 23, 2015, at 10:37 AM, buzzheavyyear [email protected] wrote:

Strange, I'm sure I didn't (might have been copy/paste via email)- just did the same thing again and got the same error:

vrfy [email protected] mailto:[email protected] [email protected] mailto:[email protected]
502 5.5.1 Error: command not recognized


Reply to this email directly or view it on GitHub #9 (comment).

@buzzheavyyear
Copy link
Author

Good old markdown - believe me the angled brackets are there in the second field! :)

vrfy [email protected] <mailto:[email protected]>

By the way, just looked at the smtp log:

smtp: starting state
<-- 250-c0
<-- 250-STARTTLS
<-- 250-AUTH PLAIN LOGIN
<-- 250-ENHANCEDSTATUSCODES
<-- 250 VRFY
--> EHLO openssl.client.net
smtp: starting ehlo
<-- 220 ready to start TLS
--> STARTTLS
smtp starting auth
<-- 250-c0
<-- 250-AUTH PLAIN LOGIN
<-- 250-ENHANCEDSTATUSCODES
<-- 250 VRFY
--> ehlo server
smtp: starting ehlo
<-- 502 5.5.1 Error: command not recognized
--> vrfy [email protected] <mailto:[email protected]>
smtp: starting ehlo
<-- 421 4.4.2 c0 Error: timeout exceeded
smtp: client terminated
socket: closing channel

Maybe this makes more sense?

@gregtatcam
Copy link
Owner

Sorry, are you typing in two user names or one? You don’t need the brackets and you don’t need the ‘mailto:’, just one user name

vrfy user@domain

On Jun 23, 2015, at 10:45 AM, buzzheavyyear [email protected] wrote:

Good old markdown - believe me the angled brackets are there in the second field! :)

vrfy [email protected] mailto:[email protected]
By the way, just looked at the smtp log:

smtp: starting state
<-- 250-c0
<-- 250-STARTTLS
<-- 250-AUTH PLAIN LOGIN
<-- 250-ENHANCEDSTATUSCODES
<-- 250 VRFY
--> EHLO openssl.client.net
smtp: starting ehlo
<-- 220 ready to start TLS
--> STARTTLS
smtp starting auth
<-- 250-c0
<-- 250-AUTH PLAIN LOGIN
<-- 250-ENHANCEDSTATUSCODES
<-- 250 VRFY
--> ehlo server
smtp: starting ehlo
<-- 502 5.5.1 Error: command not recognized
--> vrfy [email protected] mailto:[email protected] [email protected] mailto:[email protected]
smtp: starting ehlo
<-- 421 4.4.2 c0 Error: timeout exceeded
smtp: client terminated
socket: closing channel

Maybe this makes more sense?


Reply to this email directly or view it on GitHub #9 (comment).

@buzzheavyyear
Copy link
Author

Oh, OK, I was just mimicking your original set of commands.

vrfy [email protected]
501 5.5.2 Bad recipient address syntax
  • from the smtp log

@gregtatcam
Copy link
Owner

Ok, by bad. When I added the domain I didn’t update the vrfy command. I checked in the fix. Can you pull from the repo, rebuild, and try to run it?

On Jun 23, 2015, at 10:56 AM, buzzheavyyear [email protected] wrote:

Oh, OK, I was just mimicking your original set of commands.

vrfy [email protected]
501 5.5.2 Bad recipient address syntax

Reply to this email directly or view it on GitHub #9 (comment).

@buzzheavyyear
Copy link
Author

Apologies - had to go to a sports day!

rebuilt and installed:

vrfy [email protected]
252 [email protected]

Also, when I fire up thunderbird, it notifies me it was logged out by the server - this is the log:

imaplet: accepting connections
l:tag 1
l:SP
l:SP
l:CRLF 1
p:plain authentication
p:authenticate command
p:command
p:request
----> 4: AUTHENTICATE ...
<-- 4: +
----> 4: AG5pY2suYmV0dGVyaWRnZUBzeW50YWN0aWNzLmNvbQBnbzJ0aGVtb29uNGNoZWVzZQ==
<-- 4: 1 OK CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE STARTTLS AUTH=PLAIN COMPRESS=DEFLATE CONDSTORE
l:tag 2
l:SP
l:SP
l:CRLF 1
p:command
p:request
----> 4: 2 COMPRESS DEFLATE^M

<-- 4: 2 OK DEFLATE active
### read error 4: Zlib.Error("Zlib.inflate", "")
### closed client connection 4

@gregtatcam
Copy link
Owner

No pr.
I checked in the other day support for IMAP compress extension, hoping that no client actually uses it, and was of course wrong.
I rolled-back the compression. Please fetch the latest repo, rebuild, and try again, sorry.

On Jun 24, 2015, at 8:12 AM, buzzheavyyear [email protected] wrote:

Apologies - had to go to a sports day!

rebuilt and installed:

vrfy [email protected]
252 [email protected]
Also, when I fire up thunderbird, it notifies me it was logged out by the server - this is the log:

imaplet: accepting connections
l:tag 1
l:SP
l:SP
l:CRLF 1
p:plain authentication
p:authenticate command
p:command
p:request
----> 4: AUTHENTICATE ...
<-- 4: +
----> 4: AG5pY2suYmV0dGVyaWRnZUBzeW50YWN0aWNzLmNvbQBnbzJ0aGVtb29uNGNoZWVzZQ==
<-- 4: 1 OK CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE STARTTLS AUTH=PLAIN COMPRESS=DEFLATE CONDSTORE
l:tag 2
l:SP
l:SP
l:CRLF 1
p:command
p:request
----> 4: 2 COMPRESS DEFLATE^M

<-- 4: 2 OK DEFLATE active

read error 4: Zlib.Error("Zlib.inflate", "")

closed client connection 4


Reply to this email directly or view it on GitHub #9 (comment).

@buzzheavyyear
Copy link
Author 

imaplet: accepting connections
l:tag 1
l:SP
l:SP
l:CRLF 1
p:plain authentication
p:authenticate command
p:command
p:request
----> 4: AUTHENTICATE ...
<-- 4: +
client_requests exception: Invalid_argument("No RSA keys")
### closed client connection 4

The server.key in /var/mail/accounts/example.com/nick.betteridge/cert is binary with permissions 644 and I'm running sudo imaplet

@buzzheavyyear
Copy link
Author

I can't seem to be able to track down the problem with:

client_requests exception: Invalid_argument("No RSA keys")

I've also noticed that the imap log starts with:

imaplet: creating imap server 2015-06-25 06:19:26: on addr/port 0.0.0.0:993 ssl/starttls true:true 
      encrypt/compress true:true:false
storage: irmin:/var/mail/accounts/%user%/repo
imaplet: accepting connections

Shouldn't the 'user' be 'domain/user' - this might also be true of locating the certificates ?

On the otherhand, SMTP (looking at the smtp log) seems to be rejecting false email addresses correctly :)

@gregtatcam
Copy link
Owner

Does the server key look like a binary or a text?

When the server starts, the user is not known yet, when the user logs in with user@domain then %user% is replaced with domain/user.

I can add some debugging to the code that retrieves the keys and we can figure out what is going on. I’ll send you a file to replace a bit later in the day.

On Jun 25, 2015, at 7:30 AM, buzzheavyyear [email protected] wrote:

I can't seem to be able to track down the problem with:

client_requests exception: Invalid_argument("No RSA keys")
I've also noticed that the imap log starts with:

imaplet: creating imap server 2015-06-25 06:19:26: on addr/port 0.0.0.0:993 ssl/starttls true:true
encrypt/compress true:true:false
storage: irmin:/var/mail/accounts/%user%/repo
imaplet: accepting connections
Shouldn't the 'user' be 'domain/user' - this might also be true of locating the certificates ?

On the otherhand, SMTP (looking at the smtp log) seems to be rejecting false email addresses correctly :)


Reply to this email directly or view it on GitHub #9 (comment).

@buzzheavyyear
Copy link
Author

Server key is binary OK, I'll sit tight for the debugging code. Thanks.

@gregtatcam
Copy link
Owner

Please replace _ssl.ml with attached in lib/commands. The log goes to imaplet.log, Also set the log level to info3

On Jun 25, 2015, at 7:45 AM, buzzheavyyear [email protected] wrote:

Server key is binary OK, I'll sit tight for the debugging code. Thanks.


Reply to this email directly or view it on GitHub #9 (comment).

@buzzheavyyear
Copy link
Author

  • nothing was attached, github may have filtered it out - you can mail it directly to me at [email protected]

@gregtatcam
Copy link
Owner

ok, just did.

On Jun 25, 2015, at 8:51 AM, buzzheavyyear [email protected] wrote:

nothing was attached, github may have filtered it out - you can mail it directly to me at [email protected] mailto:[email protected]

Reply to this email directly or view it on GitHub #9 (comment).

@buzzheavyyear
Copy link
Author

OK, this is what I got via the imap log:

imaplet: creating imap server 2015-06-25 08:11:04: on addr/port 0.0.0.0:993 ssl/starttls true:true 
      encrypt/compress true:true:false
storage: irmin:/var/mail/accounts/%user%/repo
----> 1: AUTHENTICATE ...
<-- 1: + 
cert path:/var/mail/accounts/syntactics.com/nick.betteridge/cert/server.key, user: nick.betteridge, pswd: xxxxx
<-- 1: 1 OK CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE STARTTLS AUTH=PLAIN CONDSTORE
----> 1: 2 ID ("name" "Thunderbird" "version" "31.7.0")

<-- 1: * ID ("name" "Imaplet")
<-- 1: 2 OK ID completed
----> 1: 3 lsub "" "*"

client_requests exception: Invalid_argument("No RSA keys")
### closed client connection 1
----> 2: AUTHENTICATE ...
<-- 2: + 
cert path:/var/mail/accounts/example.com/nick.betteridge/cert/server.key, user: nick.betteridge, pswd: xxxxx
client_requests exception: Invalid_argument("No RSA keys")
### closed client connection 2

On thunderbird, my username for the imap server is [email protected]

@buzzheavyyear
Copy link
Author

I also just tried to send an email from gmail and this is the failure I got from gmail:

Delivery to the following recipient failed permanently:

     [email protected]

Technical details of permanent failure: 
Google tried to deliver your message, but it was rejected by the server for the recipient domain example.com by mail.example.com. [80.229.27.245].

The error that the other server returned was:
550 5.7.8 : Recipient address rejected: User unknown in local recipient table


----- Original message -----

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=from:message-id:date:user-agent:mime-version:to:subject
         :content-type:content-transfer-encoding;
        bh=g3zLYH4xKxcPrHOD18z9YfpQcnk/GaJedfustWU5uGs=;
        b=A+yAXMPrF2PfjV/K3pRZxgWF8GHobTlCFREdTBRs79FKdlLyYaT6l86jEB4JE+kLnT
         f4pAMqWs5xNhTbtJez0M2fhqfBwi3Y+I0QvnXMFHstr86toefVg/O979sRYY0EP995VH
         wRVj4A/OqmAiWKHOLSerytxGeey01+LR6GVPCrMXIbi5cDoCoQqq80/iNm8Tl/gROlsw
         hDlqqLn1F1PwhPupPKAkRO93U14bISSbaQ0jAc1OIX8cWcTkLKV9mahhaeREIinJVZ16
         BX0C8VRzwPy6SXkG53aDFhATeMJK12tpbYuhTeM/o/krPg/ypF6LijnUquQNLk+XTZV3
         QSlw==
X-Received: by 10.180.9.7 with SMTP id v7mr3689413wia.60.1435222288725;
        Thu, 25 Jun 2015 01:51:28 -0700 (PDT)
Return-Path: <[email protected]>
Received: from [192.168.1.12] (buzzheavyyear.plus.com. [80.229.27.245])
        by mx.google.com with ESMTPSA id xa9sm40074855wjc.43.2015.06.25.01.51.27
        for <[email protected]>
        (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
        Thu, 25 Jun 2015 01:51:27 -0700 (PDT)
From: Nick Betteridge <[email protected]>
X-Google-Original-From: Nick Betteridge <[email protected]>
Message-ID: <[email protected]>
Date: Thu, 25 Jun 2015 09:51:26 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.7.0
MIME-Version: 1.0
To: [email protected]
Subject: test
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit

test

and from the smtp log:

<-- 220 server ESMTP smtplet
<-- 250-c0
<-- 250-STARTTLS
<-- 250-AUTH PLAIN LOGIN
<-- 250-ENHANCEDSTATUSCODES
<-- 250 VRFY
--> EHLO mail-wi0-f175.google.com
<-- 220 ready to start TLS
--> STARTTLS
<-- 250-c0
<-- 250-AUTH PLAIN LOGIN
<-- 250-ENHANCEDSTATUSCODES
<-- 250 VRFY
--> EHLO mail-wi0-f175.google.com
<-- 250 OK
--> MAIL FROM:<[email protected]>
### detecting send to domain example.com on interface 0.0.0.0, my domain example.com
### found overlaping ip 127.0.0.1
<-- 550 5.7.8 : Recipient address rejected: User unknown in local recipient table
--> RCPT TO:<[email protected]>
<-- 250 OK
--> QUIT
socket: closing channel
socket: closing channel
socket: closing socket

@gregtatcam
Copy link
Owner

I can’t find anything wrong so far. It looks as if it fails to decrypt the key which is encrypted with concat of user and password. So it would seem like either user or pswd is incorrect. Is it possible that what you put different password when
you created the account with imaplet_create_account and what you configured in the email client?
Could you try to set auth_required to false in imaplet.cf, i.e.:

auth_required false

On Jun 25, 2015, at 9:15 AM, buzzheavyyear [email protected] wrote:

OK, this is what I got via the imap log:

imaplet: creating imap server 2015-06-25 08:11:04: on addr/port 0.0.0.0:993 ssl/starttls true:true
encrypt/compress true:true:false
storage: irmin:/var/mail/accounts/%user%/repo
----> 1: AUTHENTICATE ...
<-- 1: +
cert path:/var/mail/accounts/syntactics.com/nick.betteridge/cert/server.key, user: nick.betteridge, pswd: xxxxx
<-- 1: 1 OK CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE STARTTLS AUTH=PLAIN CONDSTORE
----> 1: 2 ID ("name" "Thunderbird" "version" "31.7.0")

<-- 1: * ID ("name" "Imaplet")
<-- 1: 2 OK ID completed
----> 1: 3 lsub "" "*"

client_requests exception: Invalid_argument("No RSA keys")

closed client connection 1

----> 2: AUTHENTICATE ...
<-- 2: +
cert path:/var/mail/accounts/syntactics.com/nick.betteridge/cert/server.key, user: nick.betteridge, pswd: xxxxx
client_requests exception: Invalid_argument("No RSA keys")

closed client connection 2

On thunderbird, my username for the imap server is [email protected] mailto:[email protected]

Reply to this email directly or view it on GitHub #9 (comment).

@gregtatcam
Copy link
Owner

Does VRFY work?

On Jun 25, 2015, at 9:58 AM, buzzheavyyear [email protected] wrote:

I also just tried to send an email from gmail and this is the failure I got from gmail:

Delivery to the following recipient failed permanently:

 [email protected]

Technical details of permanent failure:
Google tried to deliver your message, but it was rejected by the server for the recipient domain example.com by mail.example.com. [80.229.27.245].

The error that the other server returned was:
550 5.7.8 : Recipient address rejected: User unknown in local recipient table

----- Original message -----

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=20120113;
h=from:message-id:date:user-agent:mime-version:to:subject
:content-type:content-transfer-encoding;
bh=g3zLYH4xKxcPrHOD18z9YfpQcnk/GaJedfustWU5uGs=;
b=A+yAXMPrF2PfjV/K3pRZxgWF8GHobTlCFREdTBRs79FKdlLyYaT6l86jEB4JE+kLnT
f4pAMqWs5xNhTbtJez0M2fhqfBwi3Y+I0QvnXMFHstr86toefVg/O979sRYY0EP995VH
wRVj4A/OqmAiWKHOLSerytxGeey01+LR6GVPCrMXIbi5cDoCoQqq80/iNm8Tl/gROlsw
hDlqqLn1F1PwhPupPKAkRO93U14bISSbaQ0jAc1OIX8cWcTkLKV9mahhaeREIinJVZ16
BX0C8VRzwPy6SXkG53aDFhATeMJK12tpbYuhTeM/o/krPg/ypF6LijnUquQNLk+XTZV3
QSlw==
X-Received: by 10.180.9.7 with SMTP id v7mr3689413wia.60.1435222288725;
Thu, 25 Jun 2015 01:51:28 -0700 (PDT)
Return-Path: [email protected]
Received: from [192.168.1.12](buzzheavyyear.plus.com. [80.229.27.245])
by mx.google.com with ESMTPSA id xa9sm40074855wjc.43.2015.06.25.01.51.27
for [email protected]
(version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
Thu, 25 Jun 2015 01:51:27 -0700 (PDT)
From: Nick Betteridge [email protected]
X-Google-Original-From: Nick Betteridge [email protected]
Message-ID: [email protected]
Date: Thu, 25 Jun 2015 09:51:26 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.7.0
MIME-Version: 1.0
To: [email protected]
Subject: test
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit

test

and from the smtp log:

<-- 220 server ESMTP smtplet
<-- 250-c0
<-- 250-STARTTLS
<-- 250-AUTH PLAIN LOGIN
<-- 250-ENHANCEDSTATUSCODES
<-- 250 VRFY
--> EHLO mail-wi0-f175.google.com
<-- 220 ready to start TLS
--> STARTTLS
<-- 250-c0
<-- 250-AUTH PLAIN LOGIN
<-- 250-ENHANCEDSTATUSCODES
<-- 250 VRFY
--> EHLO mail-wi0-f175.google.com
<-- 250 OK
--> MAIL FROM:[email protected]

detecting send to domain example.com on interface 0.0.0.0, my domain example.com

found overlaping ip 127.0.0.1

<-- 550 5.7.8 : Recipient address rejected: User unknown in local recipient table
--> RCPT TO:[email protected]
<-- 250 OK
--> QUIT
socket: closing channel
socket: closing channel
socket: closing socket


Reply to this email directly or view it on GitHub #9 (comment).

@buzzheavyyear
Copy link
Author

For imap, I set auth_required false, and then sudo imaplet, I still get : client_requests exception: Invalid_argument("No RSA keys")

For smtp, VRFY gives me :

vrfy [email protected]
252 [email protected]

Also, when I tried to send a mail from thunderbird via smtplet, I also get a 'User unknown in local'

<-- 220 server ESMTP smtplet
<-- 250-c0
<-- 250-STARTTLS
<-- 250-AUTH PLAIN LOGIN
<-- 250-ENHANCEDSTATUSCODES
<-- 250 VRFY
--> EHLO [192.168.1.12]
<-- 220 ready to start TLS
--> STARTTLS
<-- 250-c0
<-- 250-AUTH PLAIN LOGIN
<-- 250-ENHANCEDSTATUSCODES
<-- 250 VRFY
--> EHLO [192.168.1.12]
--> AUTH PLAIN ...
<-- 235 2.7.0 Authentication successful
<-- 250 OK
--> MAIL FROM:<[email protected]>
### detecting send to domain gmail.com on interface 0.0.0.0, my domain example.com
### didn't find overlaping ip
<-- 550 5.7.8 : From address rejected: User unknown in local
 recipient table or invalid domain
--> RCPT TO:<[email protected]>

I'm pretty sure the password is OK - is there any way I can redo the password?

@buzzheavyyear
Copy link
Author

  • one question - are there any conditions with the password - the one I'm using has 17 characters with numerals

@buzzheavyyear
Copy link
Author

Well, I just tried creating another account and the password was 'password'. the imap client seems to work - ie I can log in and see the folders.

Sending an email from gmail to the new account gives the following in the smtp log:

--> MAIL FROM:<[email protected]>
### detecting send to domain example.com on interface 0.0.0.0, my domain example.com
### found overlaping ip 127.0.0.1
<-- 550 5.7.8 : Recipient address rejected: User unknown in local recipient table
--> RCPT TO:<[email protected]>
<-- 250 OK
--> QUIT
socket: closing channel

Sending an email from the client to gmail results in an exception:

sudo imaplet
Fatal error: exception Invalid_argument("Lwt.wakeup_result")
Raised at file "pervasives.ml", line 21, characters 25-45
Called from file "src/core/lwt.ml", line 325, characters 17-47
Called from file "src/core/lwt.ml", line 697, characters 66-71

and an smtp log:

<-- 220 server ESMTP smtplet
<-- 250-c0
<-- 250-STARTTLS
<-- 250-AUTH PLAIN LOGIN
<-- 250-ENHANCEDSTATUSCODES
<-- 250 VRFY
--> EHLO [192.168.1.12]
<-- 220 ready to start TLS
--> STARTTLS
<-- 250-c0
<-- 250-AUTH PLAIN LOGIN
<-- 250-ENHANCEDSTATUSCODES
<-- 250 VRFY
--> EHLO [192.168.1.12]
--> AUTH PLAIN ...
<-- 235 2.7.0 Authentication successful
<-- 250 OK
--> MAIL FROM:<[email protected]>
### detecting send to domain gmail.com on interface 0.0.0.0, my domain example.com
### didn't find overlaping ip
<-- 550 5.7.8 : From address rejected: User unknown in local
 recipient table or invalid domain
--> RCPT TO:<[email protected]>
socket: closing channel

it looks as though the imap server is still running

@buzzheavyyear
Copy link
Author

  • I've just noticed that the Fatal error occurs just after I've tried to send an email from the local client and then I do a login to the imap server and then the Invalid_argument("Lwt.wakeup_result") occurs

@gregtatcam
Copy link
Owner

I don’t have password complexity checking.

On Jun 25, 2015, at 2:48 PM, buzzheavyyear [email protected] wrote:

one question - are there any conditions with the password - the one I'm using has 17 characters with numerals

Reply to this email directly or view it on GitHub #9 (comment).

@gregtatcam
Copy link
Owner

Does [email protected] have an account? Is syntactics.com configured in imaplet.cf?
Does [email protected] have an account? Is example.com configured in imaplet.cf?

On Jun 25, 2015, at 3:20 PM, buzzheavyyear [email protected] wrote:

Well, I just tried creating another account and the password was 'password'. the imap client seems to work - ie I can log in and see the folders.

Sending an email from gmail to the new account gives the following in the smtp log:

--> MAIL FROM:[email protected]

detecting send to domain example.com on interface 0.0.0.0, my domain example.com

found overlaping ip 127.0.0.1

<-- 550 5.7.8 : Recipient address rejected: User unknown in local recipient table
--> RCPT TO:[email protected]
<-- 250 OK
--> QUIT
socket: closing channel
Sending an email from the client to gmail results in an exception:

sudo imaplet
Fatal error: exception Invalid_argument("Lwt.wakeup_result")
Raised at file "pervasives.ml", line 21, characters 25-45
Called from file "src/core/lwt.ml", line 325, characters 17-47
Called from file "src/core/lwt.ml", line 697, characters 66-71
and an smtp log:

<-- 220 server ESMTP smtplet
<-- 250-c0
<-- 250-STARTTLS
<-- 250-AUTH PLAIN LOGIN
<-- 250-ENHANCEDSTATUSCODES
<-- 250 VRFY
--> EHLO [192.168.1.12]
<-- 220 ready to start TLS
--> STARTTLS
<-- 250-c0
<-- 250-AUTH PLAIN LOGIN
<-- 250-ENHANCEDSTATUSCODES
<-- 250 VRFY
--> EHLO [192.168.1.12]
--> AUTH PLAIN ...
<-- 235 2.7.0 Authentication successful
<-- 250 OK
--> MAIL FROM:[email protected]

detecting send to domain gmail.com on interface 0.0.0.0, my domain example.com

didn't find overlaping ip

<-- 550 5.7.8 : From address rejected: User unknown in local
recipient table or invalid domain
--> RCPT TO:[email protected]
socket: closing channel

it looks as though the imap server is still running


Reply to this email directly or view it on GitHub #9 (comment).

@buzzheavyyear
Copy link
Author

yes, I created another account with [email protected] - but forgot to change it to example.com! Yes, it's configured in imaplet.cf for the domain and exists in users

@gregtatcam
Copy link
Owner

Cool, so it works now?

On Jun 26, 2015, at 11:13 AM, buzzheavyyear [email protected] wrote:

yes, I created another account with [email protected] mailto:[email protected] - but forgot to change it to example.com! Yes, it's configured in imaplet.cf for the domain and exists in users


Reply to this email directly or view it on GitHub #9 (comment).

@buzzheavyyear
Copy link
Author

No - I meant that the account exists but I hadn't filtered this issue and replaced n.betteridge with example.com

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@avsm @gregtatcam @buzzheavyyear