Dovecot 2.3-rc1 SMTP submission proxy always gives TLS required error even when already using TLS

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

Dovecot 2.3-rc1 SMTP submission proxy always gives TLS required error even when already using TLS

Michael Marley
First of all, I apologize for my accidental empty message earlier.

I just set up the SMTP submission proxy in Dovecot 2.3, but whenever I
try to connect to it, it always returns "530 5.7.0 TLS required." for
any sort of AUTH or MAIL command.  This occurs even if TLS is being
used.  It also occurs regardless of whether I connect with a real client
(Thunderbird) or manually with openssl s_client and regardless of
whether a loopback connection or a remote connection is used.  Here is
the output of "dovecot -n".  Please let me know if I can provide any
other data.  Thanks!

# 2.3.0.rc1 (12aba5948): /etc/dovecot/dovecot.conf
# Pigeonhole version 0.5.0.alpha1 (f60f2785)
# OS: Linux 4.14.7-041407-generic x86_64 Ubuntu Bionic Beaver
(development branch)
auth_mechanisms = plain login
auth_username_format = %Ln
mail_location = mdbox:~/mdbox
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope
encoded-character vacation subaddress comparator-i;ascii-numeric
relational regex imap4flags copy include variables body enotify
environment mailbox date index ihave duplicate mime foreverypart
extracttext
namespace inbox {
   inbox = yes
   location =
   mailbox Drafts {
     special_use = \Drafts
   }
   mailbox Junk {
     special_use = \Junk
   }
   mailbox Sent {
     special_use = \Sent
   }
   mailbox "Sent Messages" {
     special_use = \Sent
   }
   mailbox Trash {
     special_use = \Trash
   }
   prefix =
}
passdb {
   driver = pam
}
plugin {
   sieve = file:~/sieve;active=~/.dovecot.sieve
}
postmaster_address = [hidden email]
protocols = imap sieve lmtp submission
service auth {
   unix_listener /var/spool/postfix/private/dovecot-auth {
     group = postfix
     mode = 0660
     user = postfix
   }
}
service imap-login {
   inet_listener imaps {
     port = 0
   }
}
service lmtp {
   process_min_avail = 5
   unix_listener /var/spool/postfix/private/dovecot-lmtp {
     group = postfix
     mode = 0600
     user = postfix
   }
}
ssl = required
ssl_cert = </etc/ssl/private/michaelmarley.com.pem
ssl_cipher_list = HIGH !RC4 !aNULL !eNULL !3DES @STRENGTH
ssl_dh =  # hidden, use -P to show it
ssl_key =  # hidden, use -P to show it
ssl_min_protocol = TLSv1.2
ssl_prefer_server_ciphers = yes
submission_relay_host = localhost
submission_relay_port = 24
submission_relay_trusted = yes
userdb {
   driver = passwd
}
protocol lmtp {
   mail_plugins = " sieve"
}
protocol lda {
   mail_plugins = " sieve"
}
local_name matthewtmarley.com {
   ssl_cert = </etc/ssl/private/matthewtmarley.com.pem
   ssl_key =  # hidden, use -P to show it
}
Reply | Threaded
Open this post in threaded view
|

Re: Dovecot 2.3-rc1 SMTP submission proxy always gives TLS required error even when already using TLS

Stephan Bosch-2
Op 12/18/2017 om 9:44 PM schreef Michael Marley:

> First of all, I apologize for my accidental empty message earlier.
>
> I just set up the SMTP submission proxy in Dovecot 2.3, but whenever I
> try to connect to it, it always returns "530 5.7.0 TLS required." for
> any sort of AUTH or MAIL command.  This occurs even if TLS is being
> used.  It also occurs regardless of whether I connect with a real
> client (Thunderbird) or manually with openssl s_client and regardless
> of whether a loopback connection or a remote connection is used.  Here
> is the output of "dovecot -n".  Please let me know if I can provide
> any other data.  Thanks!

Confirmed. Working on a fix.

Regards,

Stephan.
Reply | Threaded
Open this post in threaded view
|

Re: Dovecot 2.3-rc1 SMTP submission proxy always gives TLS required error even when already using TLS

Michael Marley
On 2017-12-21 16:48, Stephan Bosch wrote:

> Op 12/18/2017 om 9:44 PM schreef Michael Marley:
>
>> First of all, I apologize for my accidental empty message earlier.
>>
>> I just set up the SMTP submission proxy in Dovecot 2.3, but whenever I
>> try to connect to it, it always returns "530 5.7.0 TLS required." for
>> any sort of AUTH or MAIL command.  This occurs even if TLS is being
>> used.  It also occurs regardless of whether I connect with a real
>> client (Thunderbird) or manually with openssl s_client and regardless
>> of whether a loopback connection or a remote connection is used.  Here
>> is the output of "dovecot -n".  Please let me know if I can provide
>> any other data.  Thanks!
>
> Confirmed. Working on a fix.
>
> Regards,
>
> Stephan.

I can confirm that it works correctly in 2.3.0, thanks!

Michael
Reply | Threaded
Open this post in threaded view
|

Re: Dovecot 2.3-rc1 SMTP submission proxy always gives TLS required error even when already using TLS

Michael Marley
On 2017-12-22 11:22, Michael Marley wrote:

> On 2017-12-21 16:48, Stephan Bosch wrote:
>
> Op 12/18/2017 om 9:44 PM schreef Michael Marley:
>
> First of all, I apologize for my accidental empty message earlier.
>
> I just set up the SMTP submission proxy in Dovecot 2.3, but whenever I
> try to connect to it, it always returns "530 5.7.0 TLS required." for
> any sort of AUTH or MAIL command.  This occurs even if TLS is being
> used.  It also occurs regardless of whether I connect with a real
> client (Thunderbird) or manually with openssl s_client and regardless
> of whether a loopback connection or a remote connection is used.  Here
> is the output of "dovecot -n".  Please let me know if I can provide
> any other data.  Thanks!
> Confirmed. Working on a fix.
>
> Regards,
>
> Stephan.

I can confirm that it works correctly in 2.3.0, thanks!

Michael

I think I spoke too soon.  It works correctly (requiring TLS but working
once STARTTLS has been done) for remote connections, but it also is
requiring TLS for loopback connections, even though the rest of Dovecot
doesn't work this way.

Michael
Reply | Threaded
Open this post in threaded view
|

Re: Dovecot 2.3-rc1 SMTP submission proxy always gives TLS required error even when already using TLS

Stephan Bosch-2
Op 12/22/2017 om 7:04 PM schreef Michael Marley:

> On 2017-12-22 11:22, Michael Marley wrote:
>
>> On 2017-12-21 16:48, Stephan Bosch wrote:
>>
>> Op 12/18/2017 om 9:44 PM schreef Michael Marley:
>>
>> First of all, I apologize for my accidental empty message earlier.
>>
>> I just set up the SMTP submission proxy in Dovecot 2.3, but whenever I
>> try to connect to it, it always returns "530 5.7.0 TLS required." for
>> any sort of AUTH or MAIL command.  This occurs even if TLS is being
>> used.  It also occurs regardless of whether I connect with a real
>> client (Thunderbird) or manually with openssl s_client and regardless
>> of whether a loopback connection or a remote connection is used.  Here
>> is the output of "dovecot -n".  Please let me know if I can provide
>> any other data.  Thanks!
>> Confirmed. Working on a fix.
>>
>> Regards,
>>
>> Stephan.
> I can confirm that it works correctly in 2.3.0, thanks!
>
> Michael
>
> I think I spoke too soon.  It works correctly (requiring TLS but working
> once STARTTLS has been done) for remote connections, but it also is
> requiring TLS for loopback connections, even though the rest of Dovecot
> doesn't work this way.

Ok, confirmed.

Fix is pending.

Regards,

Stephan.