Bug 969247 - cannot add imap "online account" due to proxy settings
cannot add imap "online account" due to proxy settings
Status: CLOSED EOL
Product: Fedora
Classification: Fedora
Component: control-center (Show other bugs)
19
Unspecified Unspecified
unspecified Severity unspecified
: ---
: ---
Assigned To: Control Center Maintainer
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2013-05-30 22:52 EDT by Jason Haar
Modified: 2015-02-17 10:24 EST (History)
5 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
: 1294825 (view as bug list)
Environment:
Last Closed: 2015-02-17 10:24:15 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Jason Haar 2013-05-30 22:52:29 EDT
Description of problem:

Behind our company firewall, I set up automatic proxy detection within the network settings and can successfully add Google and owncloud "online accounts". However, when I went to add an "IMAP and SMTP" account, I got an error that implies it's trying to also route that session through the HTTP proxy - which will never work, as it's a HTTP proxy, not an arbitrary protocol proxy ;-)

Version-Release number of selected component (if applicable):

F19-beta

How reproducible:

always

Steps to Reproduce:
1. set up access via proxy
2. add "IMAP and SMTP" online account
3. fails

Actual results:

I get

error connecting to imap server 
proxy protocol 'http' not supported


Expected results:

It should not use any HTTP proxy settings. I don't even think Gnome supports SOCKS (which could proxy such things), but as I said we're a HTTP proxy - not SOCKS anyway

Additional info:

really need proper PKI support. How are you meant to add extra CAs to Gnome? I'll put in an extra ticket about that
Comment 1 Brian J. Murrell 2014-08-09 17:00:36 EDT
But what if the "HTTP proxy" supports CONNECT?  Like squid3 does.  I'd like that case to work.

But that doesn't even work on GNOME 3.12.x.  Evolution 3.12.x reports:

Proxy protocol 'http' is not supported

for IMAP and NNTP accounts that are on the other side of the proxy server.
Comment 2 Jason Haar 2014-08-10 16:47:18 EDT
It is extremely rare for applications to route non-HTTP based protocols through CONNECT methods on proxies. You are correct - it could be done - it's just that almost no-one does it. Not only that, but it actually wouldn't work *by default* with squid: it limits CONNECT statements to port 443 (because it was a known spammer trick to discover local proxies and route port 25 spam out - back in the day - so proxies started blocking non port 443 by default)

The normal fix would be to simply limit HTTP proxy options to web-based aspects and assume anything else has to go direct
Comment 3 Brian J. Murrell 2014-08-10 16:52:06 EDT
And when the network you are on does not allow "direct" and is configured to allow, and requires you to use CONNECT?

A squid proxy open to spamming through port 25 is a broken configuration and not an excuse to limit other legitimate uses of CONNECT.
Comment 4 Jason Haar 2014-08-10 17:00:33 EDT
you're missing the point. A corporate network administrator opening up outbound port 143 for imap is precisely the same amount of work as a squid adminstrator altering squid to allow outbound port 143 - and in fact may even require the network administrator to allow the proxy to make such outbound connections anyway

i.e. on networks where egress filtering is done, it is more likely to do this at the network level than at the proxy level. Now that I've put it that way, that is probably the root cause behind why most applications that support web proxies do not use them for non web traffic (because that's not a proxy server problem to solve)
Comment 5 Brian J. Murrell 2014-08-10 18:46:14 EDT
No, I'm not missing the point at all.  It's not a case of "how much work" it is to allow direct connections or not it's about whether the security policy for the network allows it or not.  And I can attest that such a situation actually exists in the real world.  In addition to my own home network, the corporate network at work does not allow any direct connections of any kind through the firewall to the Internet.  Proxies must be used for _ALL_ connections.

As much as you and I might disagree with such policies (and I don't particularly, as I said, I do it at home) they are the policies that are in place and that software has to be able to cope with.
Comment 6 Fedora End Of Life 2015-01-09 13:16:25 EST
This message is a notice that Fedora 19 is now at end of life. Fedora 
has stopped maintaining and issuing updates for Fedora 19. It is 
Fedora's policy to close all bug reports from releases that are no 
longer maintained. Approximately 4 (four) weeks from now this bug will
be closed as EOL if it remains open with a Fedora 'version' of '19'.

Package Maintainer: If you wish for this bug to remain open because you
plan to fix it in a currently maintained version, simply change the 'version' 
to a later Fedora version.

Thank you for reporting this issue and we are sorry that we were not 
able to fix it before Fedora 19 is end of life. If you would still like 
to see this bug fixed and are able to reproduce it against a later version 
of Fedora, you are encouraged  change the 'version' to a later Fedora 
version prior this bug is closed as described in the policy above.

Although we aim to fix as many bugs as possible during every release's 
lifetime, sometimes those efforts are overtaken by events. Often a 
more recent Fedora release includes newer upstream software that fixes 
bugs or makes them obsolete.
Comment 7 Brian J. Murrell 2015-01-09 13:22:09 EST
This bug still exists in F21.  Can we have the Version: updated please?
Comment 8 Fedora End Of Life 2015-02-17 10:24:15 EST
Fedora 19 changed to end-of-life (EOL) status on 2015-01-06. Fedora 19 is
no longer maintained, which means that it will not receive any further
security or bug fix updates. As a result we are closing this bug.

If you can reproduce this bug against a currently maintained version of
Fedora please feel free to reopen this bug against that version. If you
are unable to reopen this bug, please file a new report against the
current release. If you experience problems, please add a comment to this
bug.

Thank you for reporting this bug and we are sorry it could not be fixed.

Note You need to log in before you can comment on or make changes to this bug.