'Re: [SOGo] SOGoTrustProxyAuthentication = YES results in IMAP4 login failed'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       sogo-users
Subject:    Re: [SOGo] SOGoTrustProxyAuthentication = YES results in IMAP4 login failed
From:       "James MCCOY" (james () mcy ! email) <users () sogo ! nu>
Date:       2017-10-16 10:07:29
Message-ID: 2937444f-c2c1-e524-9ee4-b430162b0ece () mcy ! email
[Download RAW message or body]

Hi Christian,

Thanks for clarifying. I had come to this conclusion and also found a 
way to get Dovecot to accept the connection without a password, but 
thought there may be a better option, unfortunately not.

It would also appear that this leaves ActiveSync wide open to accept any 
password, so I presume this means that it is relying on the backend for 
authentication and there is no login process within SOGo itself?

Assuming this is the case, the only solution would then be to run two 
instances, one for webmail and a second for ActiveSync.

Regards,

James


On 16/10/2017 08:44, Christian Mack (christian.mack@uni-konstanz.de) wrote:
> Am 15.10.2017 um 13:34 schrieb James MCCOY (james@mcy.email):
>> Hello all,
>>
>> I'm implementing 2FA to strengthen my SOGo security using this great
>> project - https://github.com/clems4ever/authelia
>>
>> Following
>> https://sogo.nu/nc/support/faq/article/how-to-use-webauth-with-sogo-2.html
>> login is working and the user gets passed into SOGo webmail with access
>> to contacts and calendar, however no emails show as the IMAP login fails
>> as no password is passed, however no password is available as the
>> authentication has been handled before reaching SOGo.
>>
>> The SOGo logs shows;
>>
>> Oct 15 12:03:36 sogod [7]: [ERROR]
>> <0x0x56494a8b8b30[NGImap4ConnectionManager]> IMAP4 login failed:
>>    host=10.10.1.101, user=user@domain.email, pwd=no
>>    url=imaps://user%40domain.email@10.10.1.101/?tls=YES
>>    base=(null)
>>    base-class=(null))
>>    = <0x0x56494a9ffba0[NGImap4Client]: login=user@domain.email(pwd)
>> socket=<NGActiveSSLSocket[0x0x56494acc7130]: mode=rw address=(null)>>
>> Oct 15 12:03:36 sogod [7]: <0x56494aba22f0[SOGoMailAccount]:0> renewing
>> imap4 password
>> Oct 15 12:03:36 sogod [7]: [ERROR] <0x56494aba22f0[SOGoMailAccount]:0>
>> no IMAP4 password available
>> Oct 15 12:03:36 sogod [7]: [ERROR] <0x56494aba22f0[SOGoMailAccount]:0>
>> Could not connect IMAP4
>>
>> And in the mail.log
>>
>> Oct 15 12:07:29 mailserver dovecot: imap-login: Disconnected (auth
>> failed, 1 attempts in 2 secs): user=<user@domail.email
>> <mailto:user@domail.email>>, method=PLAIN, rip=10.10.1.105,
>> lip=10.10.1.101, TLS: Disconnected, session=<qFww5ZNbUgAKCgFp>
>> Oct 15 12:07:32 mailserver dovecot: imap(user@domain.email
>> <mailto:user@domain.email>): Disconnected: Logged out in=24114 out=752986
>>
>> Any suggestions to resolve this please? I've discovered one option which
>> was dismissed by SOGo of implementing the master password, but
>> presumably someone must be making use of the webauth feature!!
>>
> You have to tell your IMAP server and SMTP server to accept connections
> from your SOGo server without authentication then.
> That is the known draw back of SOGoTrustProxyAuthentication = YES;.
>
>
> Kind regards,
> Christian Mack
>

-- 
users@sogo.nu
https://inverse.ca/sogo/lists
[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic