search

simonrob / email-oauth2-proxy

An IMAP/POP/SMTP proxy that transparently adds OAuth 2.0 authentication for email clients that don't support this method.
Apache License 2.0
850 stars 95 forks source link

Connection problem after authentication on another computer #156

Closed claonic closed 1 year ago

claonic commented 1 year ago

Hi,

I configured email-oauth2-proxy on a vm, successfully obtained the token and transferred everything on another vm. On the new machine I get this error:

2023-04-10 14:22:45: New incoming connection to POP server at 127.0.0.1:1995 (unsecured) proxying outlook.office365.com:995 (SSL/TLS)
2023-04-10 14:22:45: Accepting new connection to POP server at 127.0.0.1:1995 (unsecured) proxying outlook.office365.com:995 (SSL/TLS) via ('127.0.0.1', 53634)
2023-04-10 14:22:46: POP (127.0.0.1:1995; 127.0.0.1:53634->outlook.office365.com:995) --> [ Client connected ]
2023-04-10 14:22:46: POP (127.0.0.1:1995; 127.0.0.1:53634->outlook.office365.com:995) <-> [ Starting TLS handshake ]
2023-04-10 14:22:46: POP (127.0.0.1:1995; 127.0.0.1:53634->outlook.office365.com:995) Caught network error (server) - is there a network connection? Error type <class 'ConnectionResetError'> with message: [Errno 104] Connection reset by peer
2023-04-10 14:22:46: POP (127.0.0.1:1995; 127.0.0.1:53634->outlook.office365.com:995) <-- [ Server disconnected ]

Do you have any ideea why? I can't figure it out.

Thank you.

simonrob commented 1 year ago

The error occurs after the proxy tries to initiate the secure connection to the O365 server (and well before it actually proxies the OAuth 2.0 part). I'd check that you're able to connect to the server directly without issue. Perhaps your Python certificates or SSL configuration are not up-to-date?

claonic commented 1 year ago

Does this help? Seems like a SSL problem, maybe? Could also be a firewall one?

openssl s_client -showcerts -connect 127.0.0.1:1995 CONNECTED(00000003) write:errno=0

no peer certificate available

No client certificate CA names sent

SSL handshake has read 0 bytes and written 289 bytes Verification: OK

New, (NONE), Cipher is (NONE) Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE No ALPN negotiated Early data was not sent Verify return code: 0 (ok)

openssl s_client -showcerts -connect outlook.office365.com:995 CONNECTED(00000003) write:errno=104

no peer certificate available

No client certificate CA names sent

SSL handshake has read 0 bytes and written 319 bytes Verification: OK

New, (NONE), Cipher is (NONE) Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE No ALPN negotiated Early data was not sent Verify return code: 0 (ok)

I also did: python3 -m pip install git+https://github.com/certifi/python-certifi

I am not sure what to look for.

simonrob commented 1 year ago

What do you see if you run the following script?

import poplib
pop3 = poplib.POP3_SSL('outlook.office365.com', 995)
print(pop3.capa())
pop3.close()
claonic commented 1 year ago

python3 test.py --debug

Traceback (most recent call last): File "test.py", line 2, in pop3 = poplib.POP3_SSL('outlook.office365.com', 995) File "/usr/lib64/python3.6/poplib.py", line 447, in init POP3.init(self, host, port, timeout) File "/usr/lib64/python3.6/poplib.py", line 102, in init self.sock = self._create_socket(timeout) File "/usr/lib64/python3.6/poplib.py", line 452, in _create_socket server_hostname=self.host) File "/usr/lib64/python3.6/ssl.py", line 365, in wrap_socket _context=self, _session=session) File "/usr/lib64/python3.6/ssl.py", line 776, in init self.do_handshake() File "/usr/lib64/python3.6/ssl.py", line 1036, in do_handshake self._sslobj.do_handshake() File "/usr/lib64/python3.6/ssl.py", line 648, in do_handshake self._sslobj.do_handshake()

simonrob commented 1 year ago

Ok - this is definitely an issue with your Python setup, and not really something I can help with I'm afraid. If you can get that test script working without error the proxy should work too.