virtual domains

[buzzheavyyear]

Would be excellent if there was more than one domain, with virtual users - is this much work to fix?

[gregtatcam]

It seems straightforward if I just add multiple domain support to SMTP. Virtual user directory then will be “user@domain”. So all domain users will have the account in the same folder. To make the user folder like “user/domain” will require more work, and more work to make each domain home folder configurable, for instance /var/mail/accounts/domain1/user and /etc/domain2/user. Could do the change incrementally though. I have checked in the multiple domain support for SMTP. I’ll try to add the proper user account folder handling this week.

On Jun 17, 2015, at 5:22 PM, buzzheavyyear notifications@github.com wrote:

Would be excellent if there was more than one domain, with virtual users - is this much work to fix?

— Reply to this email directly or view it on GitHub https://github.com/gregtatcam/imaplet-lwt/issues/9.

[buzzheavyyear]

That's very generous of you - let me know if I can help out with anything. Cheers

[gregtatcam]

No problem. I’m happy to get the feedback and good suggestions for enhancement.

On Jun 17, 2015, at 6:51 PM, buzzheavyyear notifications@github.com wrote:

That's very generous of you - let me know if I can help out with anything. Cheers

— Reply to this email directly or view it on GitHub https://github.com/gregtatcam/imaplet-lwt/issues/9#issuecomment-112890336.

[gregtatcam]

I checked in the second change, i.e. the user account folder for user@domain is domain/user. Making each domain’s folder configurable requires some rework so I’m going to put it on hold for now. I think current implementation covers most of the cases, even if you want to have a separate partition for each domain.

On Jun 17, 2015, at 6:51 PM, buzzheavyyear notifications@github.com wrote:

That's very generous of you - let me know if I can help out with anything. Cheers

— Reply to this email directly or view it on GitHub https://github.com/gregtatcam/imaplet-lwt/issues/9#issuecomment-112890336.

[buzzheavyyear]

Excellent - thanks for adding this in - I'll try it out this afternoon. I also need to read through the code thoroughly - I read http://javiermunhoz.com/blog/2014/04/19/detecting-and-removing-computer-virus-with-ocaml.html last year - I might try and find some time to see if I could add something to imaplet. Thanks for making this available.

[gregtatcam]

Cool. It’ll be great if this system is improved/grown by the community.

On Jun 18, 2015, at 11:14 AM, buzzheavyyear notifications@github.com wrote:

Excellent - thanks for adding this in - I'll try it out this afternoon. I also need to read through the code thoroughly - I read http://javiermunhoz.com/blog/2014/04/19/detecting-and-removing-computer-virus-with-ocaml.html http://javiermunhoz.com/blog/2014/04/19/detecting-and-removing-computer-virus-with-ocaml.html last year - I might try and find some time to see if I could add something to imaplet. Thanks for making this available.

— Reply to this email directly or view it on GitHub https://github.com/gregtatcam/imaplet-lwt/issues/9#issuecomment-113099512.

[buzzheavyyear]

Just doing an install - everything fine until I do a:

sudo imaplet_create_account -u john.doe@example.com:mysecretpassword

I get an error of : failed: invalid domain

I have edited imaplet.cf and added the domain of example.com and created the directory /var/mail/accounts/example.com/john.doe, but not started anything - ie sudo imaplet

What's the best way forward here? :)

[gregtatcam]

It works for me. Can you email your imaplet.cf file?

You don’t need to create the directory for domain, imaplet_create_account creates necessary directory.

On Jun 22, 2015, at 3:46 PM, buzzheavyyear notifications@github.com wrote:

Just doing an install - everything fine until I do a:

sudo imaplet_create_account -u john.doe@example.com mailto:john.doe@example.com:mysecretpassword

I get an error of : failed: invalid domain

I have edited imaplet.cf and added the domain of example.com and created the directory /var/mail/accounts/example.com, but not started anything - ie sudo imaplet

What's the best way forward here? :)

— Reply to this email directly or view it on GitHub https://github.com/gregtatcam/imaplet-lwt/issues/9#issuecomment-114137782.

[buzzheavyyear]

# configuration file

# authentication required
auth_required true

# log file location
log /var/log

# log level error/info1/info2/info3/debug
log_level error

# maximum email size in bytes
max_msg_size 10000000

# server name in capability response
imap_name imaplet

# irminsule location
irmin_path /var/mail/accounts/%user%/repo

# user certificate/key path
user_cert_path /var/mail/accounts/%user%/cert

# expand the contents of the database to the filesystem, default false
irmin_expand false

# smtp server address
smtp_addr 0.0.0.0

# smtp server port 25,587
smtp_port 587,25

# smtp ssl enabled
smtp_ssl false

# smtp starttls enabled
smtp_starttls true

# imap server address for outside connections
addr 0.0.0.0

# imap server port for outside connections, 143 no ssl/993 ssl
port 993

# is ssl enabled
ssl true

# is starttls enabled
starttls true

# inbox location for the storage (irmin, mbox(/var/mail), mailbox, etc)
# blank for irmin
inbox_path ""

# mailboxes location for the storage (irmin, mbox(/Users/@/mail/, mailbox, etc)
# blank for irmin 
mail_path ""

# rebuild irminsule on start up, not enabled yet
#rebuild_irmin false

# pem/key path default datadir/imaplet
#data_path ""

# pem name
pem_name server.pem

# key name
key_name server.key

# public key
pub_name server.pub

# users path default datadir/imaplet
#users_path ""

# type of data storage like mailbox,mbox,irmin,workdir
data_store irmin

# encrypt message
encrypt true

# compress message, but not attachment
compress true

# include mapped address in the Received email header
stun_header false

# ';' separated domains(no spaces), the main domain by default is the host name
# domain
example.com;anotherexample.com;yetanotherexample.com

# maildir parse, parse the message into MIME parts and save all of them along with the
# map of parsed parts in one blob. this is similar to irmin and workdir but they save each 
# part into separate blob
maildir_parse true

# irmin and workdir single store, store MIME parets as individual blobs, this will deduplicate attachments
single_store true

# irmin hybrid, if true and store is Irmin then messages are stored in files on FS, metadata is stored in Git 
hybrid false

[buzzheavyyear]

One day I'll master markdown!

[gregtatcam]

Yeah, this is better :-)

On Jun 22, 2015, at 4:06 PM, buzzheavyyear notifications@github.com wrote:

One day I'll master markdown!

— Reply to this email directly or view it on GitHub https://github.com/gregtatcam/imaplet-lwt/issues/9#issuecomment-114143852.

[gregtatcam]

I see the issue, the domain is commented out:

domain

example.com;anotherexample.com;yetanotherexample.com it should be:

domain example.com;anotherexample.com;yetanotherexample.com

On Jun 22, 2015, at 4:06 PM, buzzheavyyear notifications@github.com wrote:

One day I'll master markdown!

— Reply to this email directly or view it on GitHub https://github.com/gregtatcam/imaplet-lwt/issues/9#issuecomment-114143852.

[buzzheavyyear]

aha! OK, thanks

[gregtatcam]

No pr.

On Jun 22, 2015, at 4:10 PM, buzzheavyyear notifications@github.com wrote:

aha! OK, thanks

— Reply to this email directly or view it on GitHub https://github.com/gregtatcam/imaplet-lwt/issues/9#issuecomment-114146400.

[buzzheavyyear]

just one more thing - I'm trying to set up my android/gmail client. When it gets to the imap set up, I'm getting a read error:

Can't safely connect to server. (Read error: ssl=0x9a5......: Failure in SSL library, usually a protocol error error:140943E8:SSL routines:SSL3_READ_BYTES:reason(1000) (external/openssl/ssl/s3_pkt.c:1304 0x06.....:0x00000003))

Have you come across this before?

[avsm]

This looks like its trying to use SSLv3, which is unsupported. Any idea how to get your setup to use TLS 1.0 instead (most really should by default).

On 22 Jun 2015, at 17:08, buzzheavyyear notifications@github.com wrote:

just one more thing - I'm trying to set up my android/gmail client. When it gets to the imap set up, I'm getting a read error:

Can't safely connect to server. (Read error: ssl=0x9a5......: Failure in SSL library, usually a protocol error error:140943E8:SSL routines:SSL3_READ_BYTES:reason(1000) (external/openssl/ssl/s3_pkt.c:1304 0x06.....:0x00000003))

Have you come across this before?

— Reply to this email directly or view it on GitHub https://github.com/gregtatcam/imaplet-lwt/issues/9#issuecomment-114166085.

[buzzheavyyear]

Well, I had ssl/tls set to 'accept all certificates'. Changing it to default ssl/tls throws the error:

Can't safely connect to server. (java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.)

I also am unable to get my desktop thunderbird client to connect to imap/smtp.

I am, however, able to telnet in on port 25

[buzzheavyyear]

I might just try another android client to see what happens. Don't understand why thunderbird doesn't connect - all I've done is a default install on the cubieboard2

[gregtatcam]

I can connect with iPhone, iPad, Thunderbird on Ubuntu, and Android. I have not used Android for a while though. I’ll charge it up and test.

On Jun 22, 2015, at 5:17 PM, buzzheavyyear notifications@github.com wrote:

Well, I had ssl/tls set to 'accept all certificates'. Changing it default ssl/tls throws the error:

Can't safely connect to server. (java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.)

I also am unable to get my desktop thunderbird client to connect to imap/smtp.

I am, however, able to telnet in on port 25

— Reply to this email directly or view it on GitHub https://github.com/gregtatcam/imaplet-lwt/issues/9#issuecomment-114168894.

[gregtatcam]

first think to test is to see if you can connect via telnet for plain connection or via openssl for ssl. let me know if you need help with this test.

On Jun 22, 2015, at 5:19 PM, buzzheavyyear notifications@github.com wrote:

I might just try another android client to see what happens. Don't understand why thunderbird doesn't connect - all I've done is a default install on the cubieboard2

— Reply to this email directly or view it on GitHub https://github.com/gregtatcam/imaplet-lwt/issues/9#issuecomment-114169348.

[buzzheavyyear]

thanks - not too sure how to test this with openssl - I've already telnet'd into port 25 and this works. What do I need to do for openssl

[buzzheavyyear]

OK, I've just tried:

openssl s_client -connect 192.169.1.10:993 -crlf

and it just hangs - looks like I need to restart it and set it up for debug logging - here we go ...

[gregtatcam]

to test IMAP:

openssl s_client -connect ip:port -tls1 -crlf

you should get a prompt from the server. try go login with this command:

a login name password

then logout with:

a logout

If this works then you successfully tested IMAP server.

To test SMTP:

openssl s_client -connect ip:port -tls1 -starttls smtp -crlf

when you get the prompt just type: quit. This verifies you SMTP over ssl.

If you got both working then you should be in good shape.

Are you testing the server on the LAN? If it’s WAN then 25 and 587 ports might be blocked. Try a different SMTP port, like 2587.

On Jun 22, 2015, at 5:26 PM, buzzheavyyear notifications@github.com wrote:

thanks - not too sure how to test this with openssl - I've already telnet'd into port 25 and this works. What do I need to do for openssl

— Reply to this email directly or view it on GitHub https://github.com/gregtatcam/imaplet-lwt/issues/9#issuecomment-114171135.

[gregtatcam]

Need to add ‘-tls1’

On Jun 22, 2015, at 5:35 PM, buzzheavyyear notifications@github.com wrote:

OK, I've just tried:

openssl s_client -connect 192.169.1.10:993 -crlf

and it just hangs - looks like I need to restart it and set it up for debug logging - here we go ...

— Reply to this email directly or view it on GitHub https://github.com/gregtatcam/imaplet-lwt/issues/9#issuecomment-114173155.

[buzzheavyyear]

Thanks for all of this - both smtp and imap hang with openssl. I'll set it up for debugging and start looking at the logs. Has to be something simple or something I've missed. Very best.

[gregtatcam]

No pr. Let me know if you need help.

You can also try to configure the server not use ssl and see if that works.

On Jun 22, 2015, at 5:42 PM, buzzheavyyear notifications@github.com wrote:

Thanks for all of this - both smtp and imap hang with openssl. I'll set it up for debugging and start looking at the logs. Has to be something simple or something I've missed. Very best.

— Reply to this email directly or view it on GitHub https://github.com/gregtatcam/imaplet-lwt/issues/9#issuecomment-114174506.

[buzzheavyyear]

Looking at the logs for imap, I'm getting a client request exception:

imaplet: accepting connections
l:tag a
l:SP
l:SP
l:SP
l:CRLF 1
p:command
p:request
----> 2: LOGIN ...
client_requests exception: Invalid_argument("No RSA keys")

The domain/user/cert directory exists with server.key and server.pem - could this be a problem with the server not picking up these files with the new virtual user setup?

[gregtatcam]

Do you run imaplet as ‘sudo imaplet’?

Does the server.key look like binary?

If you use the domain the user name to login should have the domain, i.r. user@domain. This could be the problem too.

On Jun 22, 2015, at 6:17 PM, buzzheavyyear notifications@github.com wrote:

Looking at the logs for imap, I'm getting a client request exception:

imaplet: accepting connections l:tag a l:SP l:SP l:SP l:CRLF 1 p:command p:request ----> 2: LOGIN ... client_requests exception: Invalid_argument("No RSA keys") The domain/user/cert directory exists with server.key and server.pem - could this be a problem with the server not picking up these files with the new virtual user setup?

— Reply to this email directly or view it on GitHub https://github.com/gregtatcam/imaplet-lwt/issues/9#issuecomment-114186959.

[buzzheavyyear]

Yes, I was using : ‘sudo imaplet’

Just ssh'd into the cubieboard, did a ‘sudo imaplet’ and I can access the imap daemon via openssl. Haven't the slightest idea why it works now as I haven't changed anything.

However, I've just tried to both receive an external email and send an email from my local thunderbird.

My entry in users is: nick.betteridge@example.com:{SHA256}po057IvN5ns6hnRSOBBzXO0Bad9mQo057dg2Jvq8Qe8Nyb+00=::::/var/mail/accounts/example.com/nick.betteridge/repo

1. Sending a local email from thunderbird gives the error:

An error occurred while sending mail. The mail server responded: 5.7.8 : From address rejected: User unknown in local. Please check the message recipient nick.betteridge@gmail.com and try again.

Also, the console output (sudo imaplet) throws out:

Fatal error: exception Invalid_argument("Lwt.wakeup_result") Raised at file "pervasives.ml", line 21, characters 25-45 Called from file "src/core/lwt.ml", line 325, characters 17-47 Called from file "src/core/lwt.ml", line 697, characters 66-71

1. Receiving an email - I sent an email from gmail and the error I got back on my gmail account was the following:

Delivery to the following recipient failed permanently:

 nick.betteridge@example.com

Technical details of permanent failure: Google tried to deliver your message, but it was rejected by the server for the recipient domain example.com by mail.example.com. [80.229.27.245].

The error that the other server returned was: 550 5.7.8 : Recipient address rejected: User unknown in local recipient table

[gregtatcam]

My guess is that Thunderbird sends “nick.betteridge” as the user name and not “nick.betteridge@example.com mailto:nick.betteridge@example.com”. How did you configure your email account (SMTP) in Thunderbird?

I’m not sure about the error. It looks like OCaml core library crashes. I’ll have to try to reproduce it.

As far as sending email from gmail. Gmail can not resolve the example.com http://example.com/ domain via DNS, i.e. there is no email server bound to the example.com http://example.com/. You can only send email to globally accessible email servers and usually you need a DNS MX record configured for this domain because SMTP relay (i.e. when it has to relay message to another server) usually verifies MX record to filter out spam email. Or you can send email within your LAN and refer to your server directly by ip or host name.

Does your email work if you don’t have the domain setup? It’s better to start with something simpler and make sure it works, and then move towards more complex configuration.

On Jun 23, 2015, at 8:51 AM, buzzheavyyear notifications@github.com wrote:

Yes, I was using : ‘sudo imaplet’

Just ssh'd into the cubieboard, did a ‘sudo imaplet’ and I can access the imap daemon via openssl. Haven't the slightest idea why it works now as I haven't changed anything.

However, I've just tried to both receive an external email and send an email from my local thunderbird.

My entry in users is: nick.betteridge@example.com mailto:nick.betteridge@example.com:{SHA256}po057IvN5ns6hnRSOBBzXO0Bad9mQo057dg2Jvq8Qe8Nyb+00=::::/var/mail/accounts/example.com/nick.betteridge/repo

Sending a local email from thunderbird gives the error: An error occurred while sending mail. The mail server responded: 5.7.8 : From address rejected: User unknown in local. Please check the message recipient nick.betteridge@gmail.com mailto:nick.betteridge@gmail.com and try again.

Also, the console output (sudo imaplet) throws out:

Fatal error: exception Invalid_argument("Lwt.wakeup_result") Raised at file "pervasives.ml", line 21, characters 25-45 Called from file "src/core/lwt.ml", line 325, characters 17-47 Called from file "src/core/lwt.ml", line 697, characters 66-71

Receiving an email - I sent an email from gmail and the error I got back on my gmail account was the following: Delivery to the following recipient failed permanently:

nick.betteridge@example.com Technical details of permanent failure: Google tried to deliver your message, but it was rejected by the server for the recipient domain example.com by mail.example.com. [80.229.27.245].

The error that the other server returned was: 550 5.7.8 : Recipient address rejected: User unknown in local recipient table

— Reply to this email directly or view it on GitHub https://github.com/gregtatcam/imaplet-lwt/issues/9#issuecomment-114395301.

[buzzheavyyear]

The username for thunderbird is set up correctly - no, it isn't example.com! (just trying to avoid spamming), and the dns server is set up correctly with the mx records.

For thundebird, the outgoing smtp address is just an ip address, and google finds the smtp server ok via dns - it gets the correct ip address (80.229.27.245).

[buzzheavyyear]

Oh, and my outgoing thunderbird settings are: Server name: 192.168.1.10 port: 587 username: nick.betteridge@example.com authentication method: normal password connection security: start tls

[gregtatcam]

Right, sorry about gmail - didn’t scroll to the end of the message. So the recipient was rejected by the imaplet SMTP server. I think it’s the same problem as receiving email - in both cases either the sender or the receiver can not be found in the local database. So it is as if the user name doesn’t include the domain name in it. Maybe you can disable the ssl and capture packets with tcpdump or wireshark on your local computer - this way we can see what is sent by the email client.

Another thing to do is to verify that the user is configure correctly in the imaplet. You can openssl into SMTP:

openssl s_client -connect ip:port -tls1 -crlf -starttls smtp

at the prompt type:

ehlo server

and then type:

vrfy nick.betteridge@example.com mailto:nick.betteridge@example.com

If this works then the user is configured correctly and the email client doesn’t have the right configuration.

On Jun 23, 2015, at 9:41 AM, buzzheavyyear notifications@github.com wrote:

The username for thunderbird is set up correctly - no, it isn't example.com! (just trying to avoid spamming), and the dns server is set up correctly with the mx records.

For thundebird, the outgoing smtp address is just an ip address, and google finds the smtp server ok via dns - it gets the correct ip address (80.229.27.245).

— Reply to this email directly or view it on GitHub https://github.com/gregtatcam/imaplet-lwt/issues/9#issuecomment-114408279.

[buzzheavyyear]

openssl s_client -connect 192.168.1.10:587 -tls1 -crlf -starttls smtp
CONNECTED(00000003)
depth=0 C = AU, ST = Some-State, O = Internet Widgits Pty Ltd
verify error:num=18:self signed certificate
verify return:1
depth=0 C = AU, ST = Some-State, O = Internet Widgits Pty Ltd
verify return:1
---
Certificate chain
 0 s:/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd
   i:/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd
---
Server certificate
-----BEGIN CERTIFICATE-----
MIICsDCCAhmgAwIBAgIJALA7UmbZrkBkMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNV
BAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBX
aWRnaXRzIFB0eSBMdGQwHhcNMTUwNDI1MDk0NTA4WhcNMTYwNDI0MDk0NTA4WjBF
MQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50
ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB
gQDDwnQJOk9GSJVKN2OgGDy+cOva6x+/8vRNNnpWOpdd2aDIHrrABveW4/fL2Z21
NasrsONlf0ypXPlX++rFjQwzDGYxgGpJntAflxSWQwEH7RtPrrLOGhmIMCWo9DP8
NOKpzl0w8BRGSVAjFITGTVydfVslklnJgfpGvZMnHno2twIDAQABo4GnMIGkMB0G
A1UdDgQWBBT76rTWI9SdvacaJQDF41++1touwzB1BgNVHSMEbjBsgBT76rTWI9Sd
vacaJQDF41++1touw6FJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUt
U3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJALA7UmbZ
rkBkMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAcPAygBGxBDscHLX/
JhAkZ3TprwfFFyWm5EICaod+pI/nNSxX2v2KKT1Q/Cf+wPdmC+DnJaF3oMChA7L4
Q+EkO7X+0BT9LrJJgr1NWOpOk9ZFxqZQaPBomyut4KihRgRjYAUGSuXk7VpRV1KY
jBwlRt6kGDLMdr3Adj9rCExLjJA=
-----END CERTIFICATE-----
subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd
issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd
---
No client certificate CA names sent
---
SSL handshake has read 1345 bytes and written 436 bytes
---
New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA
Server public key is 1024 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : TLSv1
    Cipher    : DHE-RSA-AES256-SHA
    Session-ID: 
    Session-ID-ctx: 
    Master-Key: 658D124CA78D694424BF574784DBCF04E089026E5D7B98E146DC6682D9D3F4F265FA58AA94521028C61F2C38FD49AEC0
    Key-Arg   : None
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    Start Time: 1435051175
    Timeout   : 7200 (sec)
    Verify return code: 18 (self signed certificate)
---
250 VRFY
ehlo server
250-c0
250-AUTH PLAIN LOGIN
250-ENHANCEDSTATUSCODES
250 VRFY
vrfy nick.betteridge@example.com <mailto:nick.betteridge@example.com>
502 5.5.1 Error: command not recognized

[gregtatcam]

You have repeated the user name twice, it should be

vrfy nick.betteridge@example.com mailto:nick.betteridge@example.com

On Jun 23, 2015, at 10:22 AM, buzzheavyyear notifications@github.com wrote:

vrfy nick.betteridge@example.com mailto:nick.betteridge@example.com nick.betteridge@example.com mailto:nick.betteridge@example.com

[buzzheavyyear]

Strange, I'm sure I didn't (might have been copy/paste via email)- just did the same thing again and got the same error:

vrfy nick.betteridge@example.com mailto:nick.betteridge@example.com 502 5.5.1 Error: command not recognized

[gregtatcam]

Hm, you have again two user names in the command…

On Jun 23, 2015, at 10:37 AM, buzzheavyyear notifications@github.com wrote:

Strange, I'm sure I didn't (might have been copy/paste via email)- just did the same thing again and got the same error:

vrfy nick.betteridge@example.com mailto:nick.betteridge@example.com nick.betteridge@example.com mailto:nick.betteridge@example.com 502 5.5.1 Error: command not recognized

— Reply to this email directly or view it on GitHub https://github.com/gregtatcam/imaplet-lwt/issues/9#issuecomment-114420952.

[buzzheavyyear]

Good old markdown - believe me the angled brackets are there in the second field! :)

vrfy nick.betteridge@example.com <mailto:nick.betteridge@example.com>

By the way, just looked at the smtp log:

smtp: starting state
<-- 250-c0
<-- 250-STARTTLS
<-- 250-AUTH PLAIN LOGIN
<-- 250-ENHANCEDSTATUSCODES
<-- 250 VRFY
--> EHLO openssl.client.net
smtp: starting ehlo
<-- 220 ready to start TLS
--> STARTTLS
smtp starting auth
<-- 250-c0
<-- 250-AUTH PLAIN LOGIN
<-- 250-ENHANCEDSTATUSCODES
<-- 250 VRFY
--> ehlo server
smtp: starting ehlo
<-- 502 5.5.1 Error: command not recognized
--> vrfy nick.betteridge@exampple.com <mailto:nick.betteridge@example.com>
smtp: starting ehlo
<-- 421 4.4.2 c0 Error: timeout exceeded
smtp: client terminated
socket: closing channel

Maybe this makes more sense?

[gregtatcam]

Sorry, are you typing in two user names or one? You don’t need the brackets and you don’t need the ‘mailto:’, just one user name

vrfy user@domain

On Jun 23, 2015, at 10:45 AM, buzzheavyyear notifications@github.com wrote:

Good old markdown - believe me the angled brackets are there in the second field! :)

vrfy nick.betteridge@syntactics.com mailto:nick.betteridge@syntactics.com By the way, just looked at the smtp log:

smtp: starting state <-- 250-c0 <-- 250-STARTTLS <-- 250-AUTH PLAIN LOGIN <-- 250-ENHANCEDSTATUSCODES <-- 250 VRFY --> EHLO openssl.client.net smtp: starting ehlo <-- 220 ready to start TLS --> STARTTLS smtp starting auth <-- 250-c0 <-- 250-AUTH PLAIN LOGIN <-- 250-ENHANCEDSTATUSCODES <-- 250 VRFY --> ehlo server smtp: starting ehlo <-- 502 5.5.1 Error: command not recognized --> vrfy nick.betteridge@exampple.com mailto:nick.betteridge@exampple.com nick.betteridge@example.com mailto:nick.betteridge@example.com smtp: starting ehlo <-- 421 4.4.2 c0 Error: timeout exceeded smtp: client terminated socket: closing channel

Maybe this makes more sense?

— Reply to this email directly or view it on GitHub https://github.com/gregtatcam/imaplet-lwt/issues/9#issuecomment-114423124.

[buzzheavyyear]

Oh, OK, I was just mimicking your original set of commands.

vrfy nick.betteridge@example.com
501 5.5.2 Bad recipient address syntax

• from the smtp log

[gregtatcam]

Ok, by bad. When I added the domain I didn’t update the vrfy command. I checked in the fix. Can you pull from the repo, rebuild, and try to run it?

On Jun 23, 2015, at 10:56 AM, buzzheavyyear notifications@github.com wrote:

Oh, OK, I was just mimicking your original set of commands.

vrfy nick.betteridge@example.com 501 5.5.2 Bad recipient address syntax — Reply to this email directly or view it on GitHub https://github.com/gregtatcam/imaplet-lwt/issues/9#issuecomment-114426941.

[buzzheavyyear]

Apologies - had to go to a sports day!

rebuilt and installed:

vrfy nick.betteridge@example.com
252 nick.betteridge@example.com

Also, when I fire up thunderbird, it notifies me it was logged out by the server - this is the log:

imaplet: accepting connections
l:tag 1
l:SP
l:SP
l:CRLF 1
p:plain authentication
p:authenticate command
p:command
p:request
----> 4: AUTHENTICATE ...
<-- 4: +
----> 4: AG5pY2suYmV0dGVyaWRnZUBzeW50YWN0aWNzLmNvbQBnbzJ0aGVtb29uNGNoZWVzZQ==
<-- 4: 1 OK CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE STARTTLS AUTH=PLAIN COMPRESS=DEFLATE CONDSTORE
l:tag 2
l:SP
l:SP
l:CRLF 1
p:command
p:request
----> 4: 2 COMPRESS DEFLATE^M

<-- 4: 2 OK DEFLATE active
### read error 4: Zlib.Error("Zlib.inflate", "")
### closed client connection 4

[gregtatcam]

No pr. I checked in the other day support for IMAP compress extension, hoping that no client actually uses it, and was of course wrong. I rolled-back the compression. Please fetch the latest repo, rebuild, and try again, sorry.

On Jun 24, 2015, at 8:12 AM, buzzheavyyear notifications@github.com wrote:

Apologies - had to go to a sports day!

rebuilt and installed:

vrfy nick.betteridge@example.com 252 nick.betteridge@example.com Also, when I fire up thunderbird, it notifies me it was logged out by the server - this is the log:

imaplet: accepting connections l:tag 1 l:SP l:SP l:CRLF 1 p:plain authentication p:authenticate command p:command p:request ----> 4: AUTHENTICATE ... <-- 4: + ----> 4: AG5pY2suYmV0dGVyaWRnZUBzeW50YWN0aWNzLmNvbQBnbzJ0aGVtb29uNGNoZWVzZQ== <-- 4: 1 OK CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE STARTTLS AUTH=PLAIN COMPRESS=DEFLATE CONDSTORE l:tag 2 l:SP l:SP l:CRLF 1 p:command p:request ----> 4: 2 COMPRESS DEFLATE^M

<-- 4: 2 OK DEFLATE active

read error 4: Zlib.Error("Zlib.inflate", "")

closed client connection 4

— Reply to this email directly or view it on GitHub https://github.com/gregtatcam/imaplet-lwt/issues/9#issuecomment-114757000.

[buzzheavyyear]

imaplet: accepting connections
l:tag 1
l:SP
l:SP
l:CRLF 1
p:plain authentication
p:authenticate command
p:command
p:request
----> 4: AUTHENTICATE ...
<-- 4: +
client_requests exception: Invalid_argument("No RSA keys")
### closed client connection 4

The server.key in /var/mail/accounts/example.com/nick.betteridge/cert is binary with permissions 644 and I'm running sudo imaplet

[buzzheavyyear]

I can't seem to be able to track down the problem with:

client_requests exception: Invalid_argument("No RSA keys")

I've also noticed that the imap log starts with:

imaplet: creating imap server 2015-06-25 06:19:26: on addr/port 0.0.0.0:993 ssl/starttls true:true 
      encrypt/compress true:true:false
storage: irmin:/var/mail/accounts/%user%/repo
imaplet: accepting connections

Shouldn't the 'user' be 'domain/user' - this might also be true of locating the certificates ?

On the otherhand, SMTP (looking at the smtp log) seems to be rejecting false email addresses correctly :)

[gregtatcam]

Does the server key look like a binary or a text?

When the server starts, the user is not known yet, when the user logs in with user@domain then %user% is replaced with domain/user.

I can add some debugging to the code that retrieves the keys and we can figure out what is going on. I’ll send you a file to replace a bit later in the day.

On Jun 25, 2015, at 7:30 AM, buzzheavyyear notifications@github.com wrote:

I can't seem to be able to track down the problem with:

client_requests exception: Invalid_argument("No RSA keys") I've also noticed that the imap log starts with:

imaplet: creating imap server 2015-06-25 06:19:26: on addr/port 0.0.0.0:993 ssl/starttls true:true encrypt/compress true:true:false storage: irmin:/var/mail/accounts/%user%/repo imaplet: accepting connections Shouldn't the 'user' be 'domain/user' - this might also be true of locating the certificates ?

On the otherhand, SMTP (looking at the smtp log) seems to be rejecting false email addresses correctly :)

— Reply to this email directly or view it on GitHub https://github.com/gregtatcam/imaplet-lwt/issues/9#issuecomment-115123193.

[buzzheavyyear]

Server key is binary OK, I'll sit tight for the debugging code. Thanks.

[gregtatcam]

Please replace _ssl.ml with attached in lib/commands. The log goes to imaplet.log, Also set the log level to info3

On Jun 25, 2015, at 7:45 AM, buzzheavyyear notifications@github.com wrote:

Server key is binary OK, I'll sit tight for the debugging code. Thanks.

— Reply to this email directly or view it on GitHub https://github.com/gregtatcam/imaplet-lwt/issues/9#issuecomment-115126654.

[buzzheavyyear]

• nothing was attached, github may have filtered it out - you can mail it directly to me at buzzheavyyear@hotmail.com

[gregtatcam]

ok, just did.

On Jun 25, 2015, at 8:51 AM, buzzheavyyear notifications@github.com wrote:

nothing was attached, github may have filtered it out - you can mail it directly to me at buzzheavyyear@hotmail.com mailto:buzzheavyyear@hotmail.com — Reply to this email directly or view it on GitHub https://github.com/gregtatcam/imaplet-lwt/issues/9#issuecomment-115152725.