Passwordless IMAP gateway via socket not working !?



  • Hello, I am trying to migrate IMAP users from a dovecot system (where you can set a master user) to kopano 8.7.0 with kopano-migration-imap (i.e. imapsync). As I do not have all the passwords I want to do it without as described in

    https://documentation.kopano.io/kopano_migration_manual/imap_migration.html

    I set the imap gateway to use the socket instead of the TCP connection:

    file:///var/run/kopano/server.sock
    and set “bypass_auth=yes”
    in the gateway.cfg.

    The socket exists and belongs to the user kopano. But I get the following error when I try to access the destination mailbox with imapsync:

    Host2 failure: Error login on [localhost] with user [XXXX] auth [LOGIN]: 2 BAD Internal error: OpenECSession failed

    and in the gateway logs I see:

    Thu Apr 4 11:39:40 2019: [ZGateway IMAP|T21731] [error ] HrLogon server “file:///var/run/kopano/server.sock.” user “XXXX”: network error
    Thu Apr 4 11:39:40 2019: [ZGateway IMAP|T21731] [warning] Failed to login from [[::ffff:127.0.0.1]:38014] with invalid username “XXXX” or wrong password: network error (80040115)
    Thu Apr 4 11:39:40 2019: [ZGateway IMAP|T21731] [error ] Connection error.

    Am I missing something? Or has the behavior changed somehow? When I use the port and a password it works, so the username must be correct.



  • Hi,

    we have done a migration with imapsync a year ago. The have created a migration account on kopano and switched the user store (user-store -> migration-store) during migration and back afterwards (migration-store -> user-store). This was working very well.

    Best regards,
    BerndG



  • Just change the socket to TCP conn and try it with this format.

    kopano-migration-imap --addheader --host1 FQ.DN.TLD --port1 993 --user1 “email@some.tld” --password1 “passwd_WITHOUT ! that fails”
    –host2 localhost --port2 143 --user2 “email@some.tld” --password2 “SomePasswd”

    That worked fine for me.
    i also had the OpenESSession failed, that was a missing package for me, but i cant find which it was. (sorry)



  • Hmm, but this is probably in the other direction? I need the passwordless access on the destination server, i.e. I do not know passwd2. I have tried:

    • socket=file://…
    • socket=http://localhost:236/
    • socket=http://127.0.0.1:236/
      together with “bypas_auth=yes”, but in neither case it worked. All cases work for users where I have the password, though, so I suppose “bypass_auth” is not working although it is advertised in the log “username and password will not be checked”. And for a user with wrong password, I do not see anything in gateway.log or server.log, even with log level 6. So clearly something is not working as intended here !?


  • Aargh, I had two errors:

    • copy&paste error : file:///var/run/kopano/server.sock. instead of file:///var/run/kopano/server.sock (note the trailing dot…). Interestingly, the gateway does not complain that the socket does not exist…
    • typo in username for passwordless server - then it cannot find a user and acts as if it had a bad password.

    I also found this interesting post:
    https://www.invenios.de/blog/121-zarafa-gateway-imap-ohne-passwort/
    It must be adapted slightly to work with a systemd-based distro, in fact you copy the kopano-gateway service in /lib/systemd/system with another name, add a parameter for a seconf configuration fil and in this config you put the passwordless auth, e.g. limited to 127.0.0.1 for the client. Then you can even run the normal gateway unchanged and an additional service without passwords.


Log in to reply