-
-
Notifications
You must be signed in to change notification settings - Fork 80
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
"Refused connection" when using versions 2023-03-09 or 2023-05-18 in Windows #179
Comments
You've imported Also, you're building an essentially identical version to the official release – it might be worth just using that? |
I had seen the pre-compiled releases for Windows, but I assumed it wasn't using the Unfortunately, using the official release results in the same behavior ("connection refused"), as does my own build after switching the imported file to I also tried re-building this without the |
I've tested version 2022-12-14 (which works), version 2023-02-08 (which works), version 2023-03-09 (which does not work), and version 2023-05-18 (which does not work). Thus I've modified the topic title accordingly. The March 9 and May 18 versions both result in a "Connection Refused" error. This occurs whether I have built the executable myself using PyInstaller or not (i.e., using the pre-built Windows binary). Even running Furthermore, I should clarify that the error message thrown by the email client (" Another issue (which is probably unrelated, but I mention it for completeness) was found in version 2023-03-09 only: When selecting "Quit Email OAuth 2.0 Proxy" from the systray icon menu, the app is not closed (nothing happens). This problems seems to occur only with the pre-compiled release for Windows, not when building my own executable from the .py file. |
Since this is some sort of connection issue, tried replacing
Using Additional testing:In a CMD shell, I typed
I was then able to connect to the proxy (triggering a prompt to authenticate), as follows:
So, at this point, I don't understand why my email client is unable to even establish a connection (especially since it works fine in versions of emailproxy prior to 2023-03-09). |
Thanks for following up with this extra detail. The changes since this version have been minor, and there is nothing to do with connection setup, so I have to assume this is something to do with PyInstaller or another dependency. So, please can you just clarify this bit:
To be extra clear, is it the case that the versions in question (2023-03-09 onwards) do not work even when PyInstaller is not involved at all and you are just downloading and running the script normally? That is very odd, given that Please could you provide details about the client you are using, and also the output of |
I believe I have the same problem. Up to I have boiled it down to --- email-oauth2-proxy-2023-05-18/emailproxy.py 2023-05-18 21:59:31.000000000 +0200
+++ emailproxy.py 2023-06-28 12:55:56.167192118 +0200
@@ -1513,7 +1513,7 @@
self.create_socket()
self.connect(self.server_address)
- def create_socket(self, socket_family=socket.AF_UNSPEC, socket_type=socket.SOCK_STREAM):
+ def create_socket(self, socket_family=socket.AF_INET, socket_type=socket.SOCK_STREAM):
# connect to whichever resolved IPv4 or IPv6 address is returned first by the system
for a in socket.getaddrinfo(self.server_address[0], self.server_address[1], socket_family, socket.SOCK_STREAM):
super().create_socket(a[0], socket.SOCK_STREAM)
@@ -1922,7 +1922,7 @@
self.bind(self.local_address)
self.listen(5)
- def create_socket(self, socket_family=socket.AF_UNSPEC, socket_type=socket.SOCK_STREAM):
+ def create_socket(self, socket_family=socket.AF_INET, socket_type=socket.SOCK_STREAM):
# listen using both IPv4 and IPv6 where possible (python 3.8 and later)
socket_family = socket.AF_INET6 if socket_family == socket.AF_UNSPEC else socket_family
if socket_family != socket.AF_INET: I use the proxy for:
Regardless, I still do not see why setting |
Thanks for this – I misunderstood the previous update, so yes, the changes since 2022-02-08 do indeed include modifications to the connection setup. The new default behaviour after this is to try IPv6 first. But (at least in my own testing), the intent is that a failure to set up the IPv6 socket would fall back to IPv4. Clearly on Windows this isn't always happening. I don't have access to a Windows environment to check myself right now, but please could you confirm:
One potential resolution here is to change the proxy's default It would be useful to hear from both of you @bwbug and @mtlg about whether adding |
Yes, I've tested this with both version 2023-03-09 and 2023-05-18 — executing
The client I'm using is Qualcomm Eudora 7.1.0.9 (released in 2006, thus pre-dating the adoption of IPv6). Output of
|
I am please to report that after adding One unexpected behavior was that after making the change to the .config file, Windows Defender Firewall requested that I approve permissions for By the way, I did test whether the changes to the Firewall settings were responsible for fixing the original connection problem, but this does not appear to be the case. I left the new Firewall rules in place, but reverted the |
Looks coherent, but I'm not sure it was intentional to require users to add a Regarding which of the two diffs has effect, it's the second, on line 1925:
In the tests above I left BTW, I do all the testing on |
Thank you both for following up – this is really helpful. It does seem like switching the proxy's default I will test this in various scenarios, and assuming all goes well, plan to integrate this change in the next release. |
I would appreciate if you could address my query above about the requirement to open the firewall:
|
I'm not familiar with the Windows firewall, but assuming it is running on the same host as your client, there is no reason to open any remote ports. If the firewall blocks local connections, then you'd only need to allow the ports it is actively using (i.e., those listed in the configuration file). |
@simonrob Does it use UDP or TCP or both? |
IMAP, POP and SMTP all use TCP. |
Thank you for the guidance. So I customized the inbound rule (on the Windows Defender Firewall running on the same computer as my email client & emailproxy,exe) so that it only allowed TCP connections to local port 1587 from remote ports 1587, with the scope restricted to local IP address of However, then I disabled this firewall rule for testing purposes, and found (to my surprise) that I could still send email using the proxy!? Any insights? Also, I don't recall previously being prompted by the firewall to allow access for the proxy (when I was testing versions earlier than 2023-03-09) — this only happened after I was able to get 2023-03-09/2023-05-18 working by adding the |
I can't really offer any firewall advice, but remember that the proxy's own ports are all for local connections, and its only external connections are to the actual IMAP/POP/SMTP servers you are using. You may not need any special rules here. |
I understand, I was just confused why the emailproxy seems to be inconsistent as to when it triggers involvement of the firewall. |
Hello, I'm back, and I'm still unable to run the emailproxy without a console window. As explained in #134, I would like to run the proxy in a way that does make available the systray icon, but does not require a console window. Since #134 was closed, I updated my installation of eamil-oauth2-proxy, and recompiled using the
--noconsole
option, as follows:Running the executable no longer causes a crash, and I do see the systray icon but no console window (as desired).
However, when attempting to send email via SMTP, my email client logs the following error:
Running the proxy in debug mode, the log file only shows the following:
I have checked that an previously compiled executable (which does have a console window) still runs properly and allows the email client to connect to port 1587 for sending by SMTP.
Please advise.
The text was updated successfully, but these errors were encountered: