Red Hat Bugzilla – Bug 969247
cannot add imap "online account" due to proxy settings
Last modified: 2015-02-17 10:24:15 EST
Description of problem:
Behind our company firewall, I set up automatic proxy detection within the network settings and can successfully add Google and owncloud "online accounts". However, when I went to add an "IMAP and SMTP" account, I got an error that implies it's trying to also route that session through the HTTP proxy - which will never work, as it's a HTTP proxy, not an arbitrary protocol proxy ;-)
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. set up access via proxy
2. add "IMAP and SMTP" online account
error connecting to imap server
proxy protocol 'http' not supported
It should not use any HTTP proxy settings. I don't even think Gnome supports SOCKS (which could proxy such things), but as I said we're a HTTP proxy - not SOCKS anyway
really need proper PKI support. How are you meant to add extra CAs to Gnome? I'll put in an extra ticket about that
But what if the "HTTP proxy" supports CONNECT? Like squid3 does. I'd like that case to work.
But that doesn't even work on GNOME 3.12.x. Evolution 3.12.x reports:
Proxy protocol 'http' is not supported
for IMAP and NNTP accounts that are on the other side of the proxy server.
It is extremely rare for applications to route non-HTTP based protocols through CONNECT methods on proxies. You are correct - it could be done - it's just that almost no-one does it. Not only that, but it actually wouldn't work *by default* with squid: it limits CONNECT statements to port 443 (because it was a known spammer trick to discover local proxies and route port 25 spam out - back in the day - so proxies started blocking non port 443 by default)
The normal fix would be to simply limit HTTP proxy options to web-based aspects and assume anything else has to go direct
And when the network you are on does not allow "direct" and is configured to allow, and requires you to use CONNECT?
A squid proxy open to spamming through port 25 is a broken configuration and not an excuse to limit other legitimate uses of CONNECT.
you're missing the point. A corporate network administrator opening up outbound port 143 for imap is precisely the same amount of work as a squid adminstrator altering squid to allow outbound port 143 - and in fact may even require the network administrator to allow the proxy to make such outbound connections anyway
i.e. on networks where egress filtering is done, it is more likely to do this at the network level than at the proxy level. Now that I've put it that way, that is probably the root cause behind why most applications that support web proxies do not use them for non web traffic (because that's not a proxy server problem to solve)
No, I'm not missing the point at all. It's not a case of "how much work" it is to allow direct connections or not it's about whether the security policy for the network allows it or not. And I can attest that such a situation actually exists in the real world. In addition to my own home network, the corporate network at work does not allow any direct connections of any kind through the firewall to the Internet. Proxies must be used for _ALL_ connections.
As much as you and I might disagree with such policies (and I don't particularly, as I said, I do it at home) they are the policies that are in place and that software has to be able to cope with.
This message is a notice that Fedora 19 is now at end of life. Fedora
has stopped maintaining and issuing updates for Fedora 19. It is
Fedora's policy to close all bug reports from releases that are no
longer maintained. Approximately 4 (four) weeks from now this bug will
be closed as EOL if it remains open with a Fedora 'version' of '19'.
Package Maintainer: If you wish for this bug to remain open because you
plan to fix it in a currently maintained version, simply change the 'version'
to a later Fedora version.
Thank you for reporting this issue and we are sorry that we were not
able to fix it before Fedora 19 is end of life. If you would still like
to see this bug fixed and are able to reproduce it against a later version
of Fedora, you are encouraged change the 'version' to a later Fedora
version prior this bug is closed as described in the policy above.
Although we aim to fix as many bugs as possible during every release's
lifetime, sometimes those efforts are overtaken by events. Often a
more recent Fedora release includes newer upstream software that fixes
bugs or makes them obsolete.
This bug still exists in F21. Can we have the Version: updated please?
Fedora 19 changed to end-of-life (EOL) status on 2015-01-06. Fedora 19 is
no longer maintained, which means that it will not receive any further
security or bug fix updates. As a result we are closing this bug.
If you can reproduce this bug against a currently maintained version of
Fedora please feel free to reopen this bug against that version. If you
are unable to reopen this bug, please file a new report against the
current release. If you experience problems, please add a comment to this
Thank you for reporting this bug and we are sorry it could not be fixed.