proton-bridge
proton-bridge copied to clipboard
ProtonMail
Unable to connect to bridge with imapfilter
I'm trying to use imapfilter with the proton bridge but:
imapfilter: initiating SSL connection to 127.0.0.1; error:1408F10B:SSL routines:ssl3_get_record:wrong version number
imapfilter: login request to <BRIDGE_USERNAME>@127.0.0.1 failed
stack traceback:
[C]: in ?
[C]: in function 'error'
/usr/share/imapfilter/account.lua:81: in function '_check_result'
/usr/share/imapfilter/account.lua:97: in function '_login_user'
/usr/share/imapfilter/account.lua:59: in function 'IMAP'
/tmp/tmp.ov4r7wKccw:172: in main chunk
Script failed
The imapfilter config is:
options.starttls = true
account = IMAP {
server = '127.0.0.1',
port = 1143,
username = '<BRIDGE_USERNAME>',
password = '<BRIDGE_PASSWORD>',
ssl = 'auto',
}
Using openssl directly gives me the same result:
$ openssl s_client -host 127.0.0.1 -port 1143 -crlf
CONNECTED(00000003)
140025210013504:error:1408F10B:SSL routines:ssl3_get_record:wrong version number:../ssl/record/ssl3_record.c:331:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 5 bytes and written 283 bytes
Verification: OK
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---
I use mbsync instead. In my config I had to specify various options for SSL (SSLType, SSLVersion and CertificateFile)
IMAPAccount proton
Host 127.0.0.1
Port 1143
User [email protected]
PassCmd "gpg -q --for-your-eyes-only --no-tty --exit-on-status-write-error --batch -d $HOME/Mail/.accounts/proton.gpg"
SSLType STARTTLS
SSLVersions TLSv1.2
CertificateFile $HOME/.config/protonmail/bridge/cert.pem
PipelineDepth 5
Maybe you could check if imapfilter allow to specify more SSL options ?
I also use a slightly different openssl command to "check" the bridge: echo 0 | openssl s_client -starttls imap -connect 127.0.0.1:1143 -showcerts. It provides more information.
By default IMAP connection is set to STARTTLS, you need to change it to SSL mode first before attempting to connect via SSL.
The Bridge is also using self generated certificates, you may need to add an exception for this to your software.
Closed due to lack of activity. You're kidding right? It took Proton 10 months to reply with a half-baked suggestion and then close the ticket one hour later as completed?? Seriously? As a paying customer I expect better than that.
Disabling starttls doesn't make a difference, so this issue is not closed at all.
Hi,
Do you have
options.certificates = false
options.starttls = true
It works for me.
Best regards, LL
@fidelio33b Thanks but doesn't work for me. Can you share more of your config?
Hi, Here is more
$ cat config.lua
options.timeout = 120
options.create = false
options.subscribe = true
options.expunge = true
options.certificates = false
options.starttls = true
proton_account = IMAP {
server = "127.0.0.1",
username = "<BRIDGE_USERNAME>",
password = "<BRIDGE_PASSWORD>",
port = 1143,
}
-- Example flag
messages = proton_account["INBOX"]:contain_from('@gmail.com')
messages:add_flags({ 'GMAIL' })
Note: imapfilter version
IMAPFilter 2.6.15 Copyright (c) 2001-2019 Eleftherios Chatzimparmpas
I run protonbridge with impafilter using this config: ... set folder = "imap://127.0.0.1:1143" set ssl_starttls = yes set ssl_force_tls = no set smtp_authenticators = "login" set ssl_verify_dates = no set ssl_verify_host = no
The trick is to use "imap" in folder. Using imapfilter with "imaps" or omitting it, alwasy tries to use SSL. I did not check in detail If the other settings are necessary.
