search

simonrob / email-oauth2-proxy

An IMAP/POP/SMTP proxy that transparently adds OAuth 2.0 authentication for email clients that don't support this method.
Apache License 2.0
797 stars 86 forks source link

BAD Command received in Invalid state. #192

Closed gomez77 closed 1 year ago

gomez77 commented 1 year ago

Dear,

first of all Thanks for this script!

I set it up as descripted and get also a connection between the fetchmail client, the impa proxy and MS 365 exchange.

But I got the error from the script:

BAD Command received in Invalid state.

Here is the log from "python3 emailproxy.py --no-gui --debug"

2023-09-12 13:43:06: IMAP (127.0.0.1:1993; 127.0.0.1:40156->outlook.office365.com:993) --> [ Client connected ] 2023-09-12 13:43:06: IMAP (127.0.0.1:1993; 127.0.0.1:40156->outlook.office365.com:993) <-> [ Starting TLS handshake ] 2023-09-12 13:43:06: IMAP (127.0.0.1:1993; 127.0.0.1:40156->outlook.office365.com:993) <-> [ TLSv1.2 handshake complete ] 2023-09-12 13:43:06: IMAP (127.0.0.1:1993; 127.0.0.1:40156->outlook.office365.com:993) <-- b' OK The Microsoft Exchange IMAP4 service is ready. [...]\r\n' 2023-09-12 13:43:06: IMAP (127.0.0.1:1993; 127.0.0.1:40156->outlook.office365.com:993) <-- b' OK The Microsoft Exchange IMAP4 service is ready. [...]\r\n' 2023-09-12 13:43:06: IMAP (127.0.0.1:1993; 127.0.0.1:40156->outlook.office365.com:993) --> b'A0001 CAPABILITY\r\n' 2023-09-12 13:43:06: IMAP (127.0.0.1:1993; 127.0.0.1:40156->outlook.office365.com:993) --> b'A0001 CAPABILITY\r\n' 2023-09-12 13:43:06: IMAP (127.0.0.1:1993; 127.0.0.1:40156->outlook.office365.com:993) <-- b' CAPABILITY IMAP4 IMAP4rev1 AUTH=PLAIN AUTH=XOAUTH2 SASL-IR UIDPLUS ID UNSELECT CHILDREN IDLE NAMESPACE LITERAL+\r\n' 2023-09-12 13:43:06: IMAP (127.0.0.1:1993; 127.0.0.1:40156->outlook.office365.com:993) <-- b' CAPABILITY IMAP4 IMAP4rev1 AUTH=PLAIN SASL-IR UIDPLUS ID UNSELECT CHILDREN IDLE NAMESPACE LITERAL+\r\n' 2023-09-12 13:43:06: IMAP (127.0.0.1:1993; 127.0.0.1:40156->outlook.office365.com:993) <-- b'A0001 OK CAPABILITY completed.\r\n' 2023-09-12 13:43:06: IMAP (127.0.0.1:1993; 127.0.0.1:40156->outlook.office365.com:993) <-- b'A0001 OK CAPABILITY completed.\r\n' 2023-09-12 13:43:06: IMAP (127.0.0.1:1993; 127.0.0.1:40156->outlook.office365.com:993) --> b'A0002 STARTTLS\r\n' 2023-09-12 13:43:06: IMAP (127.0.0.1:1993; 127.0.0.1:40156->outlook.office365.com:993) --> b'A0002 STARTTLS\r\n' 2023-09-12 13:43:06: IMAP (127.0.0.1:1993; 127.0.0.1:40156->outlook.office365.com:993) <-- b'A0002 BAD Command received in Invalid state.\r\n' 2023-09-12 13:43:06: IMAP (127.0.0.1:1993; 127.0.0.1:40156->outlook.office365.com:993) <-- b'A0002 BAD Command received in Invalid state.\r\n' 2023-09-12 13:43:06: IMAP (127.0.0.1:1993; 127.0.0.1:40156->outlook.office365.com:993) --> [ Client disconnected ] 2023-09-12 13:43:06: IMAP (127.0.0.1:1993; 127.0.0.1:40156->outlook.office365.com:993) <-- [ Server disconnected ]

My config is

[IMAP-1993] local_address = 127.0.0.1 server_address = outlook.office365.com server_port = 993

[email@domain.com] permission_url = https://login.microsoftonline.com/< tenant id>/oauth2/v2.0/authorize token_url = https://login.microsoftonline.com/< tenant id>/oauth2/v2.0/token oauth2_scope = https://outlook.office365.com/IMAP.AccessAsUser.All offline_access redirect_uri = http://localhost client_id = < client id > client_secret = < client secret >

[emailproxy] delete_account_token_on_password_error = True encrypt_client_secret_on_first_use = False allow_catch_all_accounts = False

What is wrong?

Thanks a lot

simonrob commented 1 year ago

You need to disable STARTTLS in your client – see the documentation.

If your client insists on a secure local connection, you can insert your own certificates.