email-oauth2-proxy: "Refused connection" when using versions 2023-03-09 or 2023-05-18 in Windows

Hello, I’m back, and I’m still unable to run the emailproxy without a console window. As explained in #134, I would like to run the proxy in a way that does make available the systray icon, but does not require a console window. Since #134 was closed, I updated my installation of eamil-oauth2-proxy, and recompiled using the --noconsole option, as follows:

.\pyinstaller --noconsole --onefile emailproxy.py --hidden-import timeago.locales.en

Running the executable no longer causes a crash, and I do see the systray icon but no console window (as desired).

However, when attempting to send email via SMTP, my email client logs the following error:

25908    16: 9.48 Open 127.0.0.1:1587
25908     8: 9.50 Dialog: "Could not connect to "localhost"\r\n"
25908     8: 9.50 Dialog: "\r\n"
25908     8: 9.50 Dialog: "Cause: connection refused (10061)"

Running the proxy in debug mode, the log file only shows the following:

2023-06-26 22:40:46,268: Initialising Email OAuth 2.0 Proxy (version 2023-05-18) from config file C:\Program Installation Files\Email-OAuth2-Proxy_portable\dist\emailproxy.config
2023-06-26 22:40:46,276: Starting POP server at localhost:1995 (unsecured) proxying outlook.office365.com:995 (SSL/TLS)
2023-06-26 22:40:46,291: Starting SMTP server at localhost:1587 (unsecured) proxying smtp.office365.com:587 (STARTTLS)
2023-06-26 22:40:46,291: Initialised Email OAuth 2.0 Proxy - listening for authentication requests. Connect your email client to begin
2023-06-26 22:41:34,735: Stopping Email OAuth 2.0 Proxy

I have checked that an previously compiled executable (which does have a console window) still runs properly and allows the email client to connect to port 1587 for sending by SMTP.

Please advise.

About this issue

Original URL
State: closed
Created a year ago
Comments: 18 (7 by maintainers)

Most upvoted comments

I understand, I was just confused why the emailproxy seems to be inconsistent as to when it triggers involvement of the firewall.

bwbug on Jul 2, 2023

IMAP, POP and SMTP all use TCP.

simonrob on Jul 1, 2023

Thank you both for following up – this is really helpful.

It does seem like switching the proxy’s default local_address value to :: would resolve this, and also in most cases avoid the need to investigate other issues that have been reported for related reasons (e.g., #152, #162, #178).

I will test this in various scenarios, and assuming all goes well, plan to integrate this change in the next release.

simonrob on Jun 30, 2023

IPv4: local_address = 127.0.0.1

Works if clients point to localhost (i.e., 127.0.0.1)
Does not work if clients point to localhost6 (i.e., ::1)

IPv6: local_address = ::1

Does not work if clients point to localhost (i.e., 127.0.0.1)
Works if clients point to localhost6 (i.e., ::1)

Dual-stack: local_address = ::

Works if clients point to localhost (i.e., 127.0.0.1)
Works if clients point to localhost6 (i.e., ::1)

Looks coherent, but I’m not sure it was intentional to require users to add a local_address = :: setting for all servers (probably should be the new default) 😃

Regarding which of the two diffs has effect, it’s the second, on line 1925:

Removed local_address from all servers
Set AF_INET on line 1925
- Clients pointed to localhost work
- Clients pointed to localhost6 do not work
Set AF_UNSPEC on line 1925
- Clients pointed to localhost do not work
- Clients pointed to localhost6 work

In the tests above I left AF_UNSPEC on line 1516 (it has no effect anyway).

BTW, I do all the testing on Fedora 38 installed on the real HW (not VM, containers, …).

mtlg on Jun 29, 2023

I believe I have the same problem. Up to 2023-02-08 everything is fine, starting with 2023-03-09 I get connection errors.

I have boiled it down to socket_family=socket.AF_UNSPEC vs. socket_family=socket.AF_INET:

--- email-oauth2-proxy-2023-05-18/emailproxy.py      2023-05-18 21:59:31.000000000 +0200
+++ emailproxy.py       2023-06-28 12:55:56.167192118 +0200
@@ -1513,7 +1513,7 @@
         self.create_socket()
         self.connect(self.server_address)
 
-    def create_socket(self, socket_family=socket.AF_UNSPEC, socket_type=socket.SOCK_STREAM):
+    def create_socket(self, socket_family=socket.AF_INET, socket_type=socket.SOCK_STREAM):
         # connect to whichever resolved IPv4 or IPv6 address is returned first by the system
         for a in socket.getaddrinfo(self.server_address[0], self.server_address[1], socket_family, socket.SOCK_STREAM):
             super().create_socket(a[0], socket.SOCK_STREAM)
@@ -1922,7 +1922,7 @@
         self.bind(self.local_address)
         self.listen(5)
 
-    def create_socket(self, socket_family=socket.AF_UNSPEC, socket_type=socket.SOCK_STREAM):
+    def create_socket(self, socket_family=socket.AF_INET, socket_type=socket.SOCK_STREAM):
         # listen using both IPv4 and IPv6 where possible (python 3.8 and later)
         socket_family = socket.AF_INET6 if socket_family == socket.AF_UNSPEC else socket_family
         if socket_family != socket.AF_INET:

I use the proxy for:

Sending (Gmail or O365) with mutt, which works fine with socket_family=socket.AF_UNSPEC only if I replace localhost (mapped to 127.0.0.1) with localhost6 (mapped to ::1).
Receiving (IMAP) with fetchmail, same behavior as mutt (error when configured with localhost, fine when configured with localhost6).

Regardless, I still do not see why setting socket_family=socket.AF_UNSPEC would require the use of IPv6 addressing.

mtlg on Jun 28, 2023