Failed IMAP connection prior to successful IMAP connection

Question

Failed IMAP connection prior to successful IMAP connection

Opened this issue 2 months ago · 1 comments

fail2ban flagged that this script is creating a failed IMAP login attempt prior to each successful login attempt. Here is the redacted dovecot log - the first line is the problematic one:

Oct 16 08:35:01 HOSTNAME dovecot[1203]: imap-login: Disconnected: Connection closed (no auth attempts in 0 secs): user=<>, rip=xx, lip=xx, TLS: Connection closed, session=<4/0v0Jkk4qzAqCoE>
Oct 16 08:35:01 HOSTNAME dovecot[1203]: imap-login: Login: user=<redacted@redacted.com>, method=PLAIN, rip=xx, lip=xx, mpid=635418, TLS, session=<SAQw0Jkk6KzAqCoE>
Oct 16 08:35:01 HOSTNAME dovecot[1203]: imap(redacted@redacted.com)<635418><SAQw0Jkk6KzAqCoE>: Disconnected: Logged out in=62 out=669 deleted=0 expunged=0 trashed=0 hdr_count=0 hdr_bytes=0 body_count=0 body_bytes=0

Here is the debug output of running the script:

# dmarcts-report-parser -i -d
use tls with verify servercert.
connection to REDACTED with Ssl => 1, User => redacted@redacted.com, Ignoresizeerrors => 0
Started at Wed Oct 16 08:35:01 2024
Using Mail::IMAPClient version 3.43 on perl 5.036000
Connecting with IO::Socket::SSL PeerAddr REDACTED PeerPort 993 Proto tcp Timeout 600 Debug 1 SSL_verify_mode 1
Connected to REDACTED
Read: 	* OK [CAPABILITY IMAP4rev1 SASL-IR LOGIN-REFERRALS ID ENABLE IDLE LITERAL+ AUTH=PLAIN] Dovecot (Debian) ready.
Connecting with IO::Socket::SSL PeerAddr REDACTED PeerPort 993 Proto tcp Timeout 600 Debug 1 SSL_verify_mode 1
Connected to REDACTED
Read: 	* OK [CAPABILITY IMAP4rev1 SASL-IR LOGIN-REFERRALS ID ENABLE IDLE LITERAL+ AUTH=PLAIN] Dovecot (Debian) ready.
Sending: 1 LOGIN redacted@redacted.com [Redact: Count=1 Showcredentials=OFF]
Sent 52 bytes
Read: 	1 OK [CAPABILITY IMAP4rev1 SASL-IR LOGIN-REFERRALS ID ENABLE IDLE SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS THREAD=ORDEREDSUBJECT MULTIAPPEND URL-PARTIAL CATENATE UNSELECT CHILDREN NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH ESORT SEARCHRES WITHIN CONTEXT=SEARCH LIST-STATUS BINARY MOVE SNIPPET=FUZZY PREVIEW=FUZZY PREVIEW STATUS=SIZE SAVEDATE LITERAL+ NOTIFY SPECIAL-USE COMPRESS=DEFLATE XAPPLEPUSHSERVICE QUOTA] Logged in
Sending: 2 STATUS Inbox (MESSAGES)
Sent 27 bytes
Read: 	* STATUS Inbox (MESSAGES 0)
  	2 OK Status completed (0.001 + 0.000 secs).
Processing 0 messages in folder <Inbox>.
Sending: 3 STATUS Inbox (MESSAGES)
Sent 27 bytes
Read: 	* STATUS Inbox (MESSAGES 0)
  	3 OK Status completed (0.001 + 0.000 secs).
Sending: 4 LOGOUT
Sent 10 bytes
Read: 	* BYE Logging out
  	4 OK Logout completed (0.001 + 0.000 secs).
dmarcts-report-parser.pl: Processed 0 emails.

Answer 1 · 2024-11-24T10:01:59.000Z

Acording to Mail::IMAPClient->new doc:

If the "Server" parameter is passed as an argument to new, then new will implicitly call the "connect" method, placing the new object in the Connected state.

See implementation: IMAPClient.pm#L315

And #63 introduced 2nd connect after class instantiation. I think author (@userjack6880) of mentioned PR should propose how to correct this and do not break Exchange servers. Perhaps workaround for Exchange server should be enabled/disabled by config option.

Currently I'm using fast fix: remove_double_connect