Hello,
we are working on connecting an external mail archiving software to grommunio.
The archiving software uses MAPI over HTTP and fails to connect.
Using a normal Outlook Client the connection works as expected.
We used the tool "fiddler" and the debug options in the http log
echo "http_debug=1" >>/etc/gromox/http.cfg
to get some debug information.
The fiddler log shows an anomaly where the returned session cookie is all zeroes which in turn results in an error message in the subsequent request to grommunio.
Fiddler Log:
[Request Headers]
POST /mapi/emsmdb/?MailboxId=75303140-7379-6d70-6c61-737301000000@URL HTTP/1.1
User-Agent: dgMapiHttp/11.0.1.0
Content-Type: application/mapi-http
X-RequestType: Connect
X-RequestId: {2953ec8c-51a3-4338-b92e-65e90fd35749}:1
X-ClientInfo: {9a98b4a0-41b8-4104-86f9-25226c8c6ae5}:1
X-ClientApplication: Outlook/17.00.0000.000
Authorization: Basic BASIC_AUTH_KEY
Host: HOST
Cache-Control: no-store,no-cache
Pragma: no-cache
Content-Length: 260
[Response Headers]
HTTP/1.1 200 OK
Content-Type: application/mapi-http
Connection: keep-alive
Cache-Control: private
X-RequestType: Connect
X-RequestId: {2953ec8c-51a3-4338-b92e-65e90fd35749}:1
X-ClientInfo: {9a98b4a0-41b8-4104-86f9-25226c8c6ae5}:1
X-ResponseCode: 0
X-PendingPeriod: 30000
X-ExpirationInfo: 900000
X-ServerApplication: Exchange/15.00.0847.4040
Set-Cookie: sid=
Date: Fri, 22 Jul 2022 09:35:24 GMT
Set-Cookie: sequence=00000000-0000-0000-0000-000000000000
Content-Security-Policy: default-src 'self' data:; connect-src *; font-src *; img-src * data: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; object-src 'self'; base-uri 'self';
Permissions-Policy: geolocation=(self),midi=(),sync-xhr=(),microphone=(self),camera=(self),magnetometer=(),gyroscope=(),fullscreen=(self),payment=(),autoplay=()
Strict-Transport-Security: max-age=15552000; includeSubDomains; preload
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Permitted-Cross-Domain-Policies: none
X-Robots-Tag: none
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer
Content-Length: 145
I think that the delivered cookies "sequence" and "sid" are not supposed to be all zeroes.
The next request sent to grommunio shows this:
[Request Headers]
POST /mapi/emsmdb/?MailboxId=75303140-7379-6d70-6c61-737301000000@URL HTTP/1.1
User-Agent: dgMapiHttp/11.0.1.0
Content-Type: application/mapi-http
Accept: /
X-RequestType: Execute
X-RequestId: {2953ec8c-51a3-4338-b92e-65e90fd35749}:2
X-ClientInfo: {9a98b4a0-41b8-4104-86f9-25226c8c6ae5}:1
X-ClientApplication: Outlook/17.00.0000.000
Authorization: Basic BASIC_AUTH_KEY
Host: HOST
Cookie: sid=; sequence=00000000-0000-0000-0000-000000000000
Cache-Control: no-store,no-cache
Pragma: no-cache
Content-Length: 154
[Response content]
MAPI OVER HTTP ERROR
Diagnostic Information
The request has an invalid session context cookie.
Do you have an idea what the cause of the issue could be?
Any help would be appreciated.
-Merlin
