Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Disconnected (no auth attempts in 0 secs): user=<> #1406

Closed
clayrisser opened this issue Feb 21, 2020 · 4 comments
Closed

Disconnected (no auth attempts in 0 secs): user=<> #1406

clayrisser opened this issue Feb 21, 2020 · 4 comments

Comments

@clayrisser
Copy link

clayrisser commented Feb 21, 2020
edited

When trying to connect a mail client to IMAP I get an error.

Disconnected (no auth attempts in 0 secs): user=<>,

Context

mailserver: mail.siliconhills.co
email: jam1@siliconhills.co

I am using a kubernetes setup. My mail server config looks like the following.

apiVersion: v1
data:
  KeyTable: mail._domainkey.siliconhills.co siliconhills.co:mail:/etc/opendkim/keys/siliconhills.co-mail.key
  SigningTable: '*@siliconhills.co mail._domainkey.siliconhills.co'
  TrustedHosts: |-
    127.0.0.1
    localhost
  dovecot.cf: |-
    service stats {
      unix_listener stats-reader {
        group = docker
        mode = 0666
      }
      unix_listener stats-writer {
        group = docker
        mode = 0666
      }
    }
    service imap-login {
      inet_listener imaps {
        haproxy = yes
      }
    }
  fetchmail.cf: ""
  postfix-accounts.cf: |-
    user1@siliconhills.co|{SHA512-CRYPT}blablabla
    jam1@siliconhills.co|{SHA512-CRYPT}blablabla
  postfix-main.cf: smtpd_upstream_proxy_protocol = haproxy
  postfix-virtual.cf: |-
    alias1@siliconhills.co user1@siliconhills.co
    jam@siliconhills.co jamrizzi@gmail.com
  user-patches.sh: '#!/bin/bash'
kind: ConfigMap
metadata:
  creationTimestamp: "2020-02-21T08:56:22Z"
  labels:
    app: mailserver-mailserver
    chart: mailserver-0.0.1
    heritage: Tiller
    io.cattle.field/appId: mailserver2
    release: mailserver2
  name: mailserver2-mailserver-mailserver
  namespace: mailserver2
  resourceVersion: "54350548"
  selfLink: /api/v1/namespaces/mailserver2/configmaps/mailserver2-mailserver-mailserver
  uid: c9b93bca-a388-4b92-88b2-79c34ceb596d

These are the environment variables I have set.

DEFAULT_RELAY_HOST=
SA_SHORTCIRCUIT_BAYES_HAM=
SASLAUTHD_LDAP_FILTER=
MAILSERVER2_MAILSERVER_MAILSERVER_SERVICE_PORT_SMTP=25
FETCHMAIL_POLL=300
POSTGREY_DELAY=300
PFLOGSUMM_RECIPIENT=postmaster@co
SA_SHORTCIRCUIT_BAYES_SPAM=
MAILSERVER2_MAILSERVER_MAILSERVER_PORT_143_TCP_PROTO=tcp
SASLAUTHD_LDAP_SEARCH_BASE=
SASLAUTHD_MECHANISMS=
SA_SPAM_SUBJECT=
SPOOF_PROTECTION=0
LDAP_BIND_PW=
HOSTNAME=mailserver2-mailserver-mailserver-68b87bd97d-qdfdt
ENABLE_LDAP=0
MAILSERVER2_MAILSERVER_MAILSERVER_SERVICE_PORT=25
MAILSERVER2_MAILSERVER_MAILSERVER_SERVICE_HOST=10.43.34.13
OVERRIDE_HOSTNAME=siliconhills.co
SASLAUTHD_LDAP_PASSWORD=
REPORT_RECIPIENT=postmaster@co
LDAP_SERVER_HOST=
POSTMASTER_ADDRESS=postmaster@co
REPORT_SENDER=mailserver-report@siliconhills.co
LDAP_SEARCH_BASE=
MAILSERVER2_MAILSERVER_MAILSERVER_PORT_587_TCP_PROTO=tcp
MAILSERVER2_MAILSERVER_MAILSERVER_PORT_465_TCP_PORT=465
LDAP_BIND_DN=
MAILSERVER2_MAILSERVER_MAILSERVER_PORT_587_TCP=tcp://10.43.34.13:587
SRS_DOMAINNAME=
TLS_LEVEL=modern
MAILSERVER2_MAILSERVER_MAILSERVER_SERVICE_PORT_IMAP=143
KUBERNETES_PORT_443_TCP_PROTO=tcp
KUBERNETES_PORT_443_TCP_ADDR=10.43.0.1
MAILSERVER2_MAILSERVER_MAILSERVER_PORT_993_TCP_PORT=993
SA_TAG=
ENABLE_MANAGESIEVE=0
SMTP_ONLY=0
SA_TAG2=
POSTFIX_MESSAGE_SIZE_LIMIT=10240000
KUBERNETES_PORT=tcp://10.43.0.1:443
PFLOGSUMM_TRIGGER=none
LOGWATCH_RECIPIENT=postmaster@co
POSTFIX_MAILBOX_SIZE_LIMIT=0
LOGWATCH_INTERVAL=none
PWD=/
LDAP_QUERY_FILTER_USER=
DOVECOT_TLS=no
HOME=/root
MAILSERVER2_MAILSERVER_MAILSERVER_PORT_587_TCP_ADDR=10.43.34.13
MAILSERVER2_MAILSERVER_MAILSERVER_PORT_25_TCP=tcp://10.43.34.13:25
SA_KILL=
MAILSERVER2_MAILSERVER_MAILSERVER_PORT_993_TCP=tcp://10.43.34.13:993
MAILSERVER2_MAILSERVER_MAILSERVER_PORT_465_TCP_PROTO=tcp
MAILSERVER2_MAILSERVER_MAILSERVER_PORT_25_TCP_PORT=25
MAILSERVER2_MAILSERVER_MAILSERVER_PORT_143_TCP=tcp://10.43.34.13:143
MAILSERVER2_MAILSERVER_MAILSERVER_SERVICE_PORT_SMTP_AUTH=587
KUBERNETES_SERVICE_PORT_HTTPS=443
KUBERNETES_PORT_443_TCP_PORT=443
DMS_DEBUG=0
ENABLE_FAIL2BAN=0
SSL_TYPE=manual
MAILSERVER2_MAILSERVER_MAILSERVER_SERVICE_PORT_SMTP_SECURE=465
SSL_KEY_PATH=/certs/tls.key
POSTSCREEN_ACTION=enforce
PFLOGSUMM_SENDER=mailserver-report@siliconhills.co
LDAP_QUERY_FILTER_ALIAS=
SASLAUTHD_LDAP_SERVER=
KUBERNETES_PORT_443_TCP=tcp://10.43.0.1:443
MAILSERVER2_MAILSERVER_MAILSERVER_SERVICE_PORT_IMAP_SECURE=993
DOVECOT_PASS_ATTRS=
SASL_PASSWD=
MAILSERVER2_MAILSERVER_MAILSERVER_PORT_25_TCP_PROTO=tcp
SASLAUTHD_LDAP_BIND_DN=
ENABLE_SPAMASSASSIN=0
ENABLE_POSTGREY=0
ENABLE_FETCHMAIL=0
TERM=xterm-256color
SRS_SECRET=
VIRUSMAILS_DELETE_DELAY=7
MAILSERVER2_MAILSERVER_MAILSERVER_PORT_143_TCP_PORT=143
LOGROTATE_INTERVAL=daily
SSL_CERT_PATH=/certs/tls.crt
SASLAUTHD_MECH_OPTIONS=
MAILSERVER2_MAILSERVER_MAILSERVER_PORT_993_TCP_ADDR=10.43.34.13
DOVECOT_USER_ATTRS=
SHLVL=1
MAILSERVER2_MAILSERVER_MAILSERVER_PORT_993_TCP_PROTO=tcp
SRS_SENDER_CLASSES=envelope_sender,header_sender
MAILSERVER2_MAILSERVER_MAILSERVER_PORT_25_TCP_ADDR=10.43.34.13
KUBERNETES_SERVICE_PORT=443
MAILSERVER2_MAILSERVER_MAILSERVER_PORT_587_TCP_PORT=587
ENABLE_SRS=1
ENABLE_SASLAUTHD=0
LDAP_QUERY_FILTER_DOMAIN=
MAILSERVER2_MAILSERVER_MAILSERVER_PORT=tcp://10.43.34.13:25
DOVECOT_USER_FILTER=
MAILSERVER2_MAILSERVER_MAILSERVER_PORT_465_TCP_ADDR=10.43.34.13
ENABLE_CLAMAV=0
POSTGREY_AUTO_WHITELIST_CLIENTS=5
SASLAUTHD_LDAP_SSL=0
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
DOVECOT_PASS_FILTER=
POSTGREY_TEXT=Delayed by postgrey
ONE_DIR=1
DOVECOT_MAILBOX_FORMAT=maildir
POSTGREY_MAX_AGE=35
KUBERNETES_SERVICE_HOST=10.43.0.1
MAILSERVER2_MAILSERVER_MAILSERVER_PORT_143_TCP_ADDR=10.43.34.13
ENABLE_POP3=0
LDAP_QUERY_FILTER_GROUP=
LDAP_START_TLS=no
MAILSERVER2_MAILSERVER_MAILSERVER_PORT_465_TCP=tcp://10.43.34.13:465
SRS_EXCLUDE_DOMAINS=
_=/usr/bin/env

Expected Behavior

The mail client should connect to the mail server.

Actual Behavior

I get the following client error

There was a problem connecting to mail.siliconhills.co
--
  | Server returned error: "Missing +OK response upon connecting to the server: * OK [CAPABILITY IMAP4rev1 SASL-IR LOGIN-REFERRALS ID ENABLE IDLE LITERAL+ STARTTLS LOGINDISABLED] Dovecot ready."

I get the following server error.

mailserver2-mailserver-mailserver-68b87bd97d-qdfdt dovecot: imap-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=10.42.1.0, lip=10.42.6.18, session=<RQ3mshOfQsEKKgEA>

I think it has something to do with user=<>. However, I am definitley sending the user jam1@siliconhills.co. I tried this with the ThunderBird mail client and tried connecting from gmail. Both give the same error.

I have verified that the information is being correctly proxied through the nginx ingress. I tested it by forwarding an email using an alias, and it worked fine.
@clayrisser
Copy link
Author

You can see my helm chart for this setup at the following link.

https://github.com/codejamninja/charts/tree/master/charts/mailserver/v0.0.1

@erik-wramner
Copy link
Contributor

Please try to connect with openssl from an external host (see for example https://stackoverflow.com/questions/14959461/how-to-talk-to-imap-server-in-shell-via-openssl) and post all the commands, responses and logs. That is easier to debug than Thunderbird.

@georglauterbach
Copy link
Member

This issue was closed due to one or more of the following reasons:

  1. Age
  2. Contributor inactivity
  3. The issue seems to be resolved

If you think this happened by accident, or feel like this issue was not actually resolved, please feel free to re-open it. If there is an issue you could resolve in the meantime, please open a PR based on the current master branch so we can review it.

@thechubbypanda
Copy link
Contributor

I had a very similar issue to this, hopefully this minor wisdom helps someone;

I had no SSL setup and was trying to connect using either of STARTTLS or SSL/TLS and obviously, that's not going to work without any certificates. I personally added my traefik generated certs as described in the docs

So check your certificates and don't think too hard about the disconnect logs

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@clayrisser @erik-wramner @thechubbypanda @georglauterbach