0 votes

We are trying to get to the bottom of a refusal by Limilabs IMAP client to connect to a dovecot IMAP server running on RHEL6.

The error we're getting is as follows:

Limilabs.Client.ServerException: Tried to read a line. No data received. Please make sure that antivirus and firewall software are disabled or configured correctly. ---> System.Exception: Tried to read a line. No data received.

We are able to successfully connect to this dovecot server using openssl from the machine running the Limilabs client, and we get this as expected:

  • OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE AUTH=PLAIN AUTH=LOGIN] Dovecot ready.

If we run ssldump on the underlying connection to see the flow of the traffic, we see the following (handshake is successful, and has been removed):

The dovecot IMAP server gives the opening IMAP line to Limilabs:

1 11 0.1113 (0.0557) S>C application_data

Limilabs then responds with a response over two packets:

1 12 0.2587 (0.1474) C>S applicationdata
1 13 0.2587 (0.0000) C>S application
data

Dovecot IMAP server kicks in and responds to Limilabs:

1 14 0.2589 (0.0001) S>C application_data

Limilabs then responds with another response over two packets:

1 15 0.2608 (0.0019) C>S applicationdata
1 16 0.2608 (0.0000) C>S application
data

Dovecot IMAP server responds to the above by gracefully asking SSL to shut down the connection, which duly happens:

1 17 0.2610 (0.0002) S>C Alert
1 0.2610 (0.0000) S>C TCP FIN
1 0.2632 (0.0021) C>S TCP FIN

From the timestamps, this entire exchange is complete inside 263 milliseconds. This doesn’t match the claim in the error message that a timeout has occurred.

On the dovecot server, we see the following logged:

Apr 20 11:50:05 server dovecot: imap-login: Aborted login (no auth attempts): rip=x.x.x.x, lip=y.y.y.y, TLS
Apr 20 11:50:05 server dovecot: imap-login: Warning: SSL alert: where=0x4008, ret=256: warning close notify [x.x.x.x]

Has anyone seen a problem before where Limilabs won't try and log in to the IMAP server? Is there a solution to getting an accurate error message?

by (200 points)
edited by

1 Answer

0 votes

Try forcing TLS 1.2 only:

client.SSLConfiguration.EnabledSslProtocols = SslProtocols.Tls12;

client.ConnectSSL("imap.example.com");

[Edit]

Mail.dll connects to this server without any problems, SSL/TLS channel is also established properly.

Here are the logs:

Connecting to 'gatekeeper.horizonmarine.co.za:993', SSL: True.
S: * OK [CAPABILITY IMAP4rev1 LITERAL+ [...] Dovecot ready.
C: D68C0000 ID ("name" "Mail.dll" "version" [...]
S: * ID NIL
S: D68C0000 OK ID completed.
C: D68C0001 NOOP
S: D68C0001 OK NOOP completed.
C: D68C0002 LOGOUT

Note that the server doesn't send any response to LOGOUT command.

This is the reason why you get this exception.

by (258k points)
On "Mail.dll does not 'leak' connections".

When a network component (such as the Limilabs IMAP client) makes a connection to a server, but then never closes that connection to the server, this is termed a "connection leak".

This usually happens when a connection pool is being used. I am assuming from your response that the Limilabs IMAP client does not contain a connection pool, and it is up to the calling application to implement a connection pool itself.

When the Limilabs IMAP client encounters an error, is there a mechanism of some kind (a flag, an exception that is thrown) to indicate that the Limilabs IMAP object is in a broken state and should be destroyed and a new one created?

I am looking for clear instructions on what to do so I can tell the owners of the third party code where they have gone wrong and what they should do to fix it.
Again: Mail.dll does not 'leak' connections.

As with any other .NET component/class that uses unmanaged resources, it's the caller responsibility to call Dispose method when exception is cached/error occurs.

> When the Limilabs IMAP client encounters an error  [...]
Yes, exceptions are being thrown on error server response/connection/network problems.

> I am looking for clear instructions [...]
As you don't know how their code looks like, don't you think it's not possible to tell what they should fix?

Please contact the vendor of the application and describe your problem to them.
>> When the Limilabs IMAP client encounters an error  [...]
> Yes, exceptions are being thrown on error server response/connection/network problems.

Alas, this doesn't answer the question I asked, I'll rephrase it. If an error occurs, is there some flag of some kind that a connection pool could use to detect that the connection in this object is in a broken state, and therefore this connection should not be returned to the pool?

> As you don't know how their code looks like, don't you think it's not possible to tell what they should fix?

In my experience it is very possible to tell them what to fix. Once I get answers to the questions I've asked, I'll know exactly what they've done wrong, and exactly what to do to fix it. Given this is archived by Google, it will also help future developers who encounter the same problem.
No, there is no such property. In most cases, on exception (especially exception different than ImapResponseException), client instance should be disposed.

I don't think this 3rd party code uses a connection pool.
> on exception (especially exception different than
> ImapResponseException), client instance should be disposed.

Thanks for confirming this - I can now clarify with the vendor how to fix their code.
...