iOS 13 Mail app not working with Global Proxy

In our organization, we have over 1,000 iOS devices that are supervised and have a global proxy set to run through our HTTP proxy server (which is doing content filtering).


In iOS 12.4.1 or lower, the Mail app works exactly as you'd expect a mail app to work. However, in iOS 13, the Mail app can no longer get mail. The status bar at the bottom simply says "Connecting..." when trying to fetch new messages. If an email account is removed from the device, attempts to set the account back up (Gmail or iCloud in my case) experience a time out error when trying to submit account credentials during setup.


Third-party mail applications (Spark, Outlook, and Airmail tested so far) work just fine with the same accounts that fail to work in the iOS Mail app.


Has anyone else experienced issues with this? I filed a bug report back in beta 2, and it's still an issue as of beta 9 ("iOS 13.1 beta" supposedly). Feedback Assistant states that Apple hasn't gotten any other reports on this issue, although I find that a bit hard to believe, even with Global Proxy implementation being a bit of an edge case it seems.


Getting a bit nervous with an iOS 13 public release coming up soon and not having a resolution to the problem. I don't relish the thought of having over 1,000 users needing to download 3rd-party mail clients to check their emails.

Accepted Reply

I got a response from Apple the other day in Feedback Assistant, with the following recommendation:


"You [sic] PAC file has an exception for ftp urls (shExpMatch(url, "ftp:*")). If you add a similar exception for imap/imaps that should get you up and running. It may be even more effective to ignore any URL that isn't http or https."


I added PAC file rules for (url, "imap:*") (url, "imaps:*") (url, "smtp:*") and now things are working again. Not excusing Apple from fixing what they broke (still a problem with Apple Watch not having an internet connection when paired to global-proxied iPhones), but this solution is working for us in the email department.

Replies

HI MeBeEby,


Have you heard back from Apple on this issue? I am having the same problem.


Regards,


Dankira.

Nope. It's been radio silence from Apple. I've given them updates as more betas were released, letting them know it was still an issue. I sent another sysdiagnostics file over when it still wasn't working in 13.1 beta 2, but haven't heard anything.


3rd-party mail apps work great, so it's definitely an iOS-Mail specific problem. My hunch is that Mail depends on some part of the now-being-deprecated FTP and File URL schemes for Proxy Automatic Configuration (PAC), but that's purely speculation.


I just got done installing 13.1 beta 3, and it's still an issue. Looks like I'll need to do a 90-day software upgrade defer in my MDM and hope Apple sorts it out by then.

Hello,


Thanks for the post. We are having the same issue as well at my organization.


Thanks,

Kris

Hello,


Thanks for the informations.

Since the IOS update =>13 on IPHONE and IPAD. 😟

We are having the same issue as well at my organization.


Thanks,

Luc

I see the exact same thing. Please file bug reports. After upgrading to iOS and iPadOS 13, all internet email accounts (Gmail, ISP, all port 993 IMAP accounts) are unable to sync when the Settings>Wi-Fi> HTTP PROXY > Automatic Proxy is set to any proxy.pac file that uses a proxy. All other traffic works and is routed correctly through the proxy, and all email and web traffic on all iOS 12 devices works correctly. Does anyone else know of a workaround? This knocks out email for anyone on an automatic proxy. I have created a minimum working example of the bug. Here is a sample proxy.pac file that shows the problem: function FindProxyForURL(url, host) { // return "DIRECT"; return "PROXY 10.0.1.3:3129"; } I have confirmed the issue with my own deployed proxy, and a standalone "mitmproxy" proxy to debug this issue. Here's a fast way to stand up a proxy: sudo port install python37 py37-pip sudo pip-3.7 install mitmproxy ruamel.yaml ruamel.yaml.clib mitmproxy-3.7 --listen-host 10.0.1.3 --listen-port 3129 --set flow_detail=2 --set termlog_verbosity=debug --verbose Another thread: https://discussions.apple.com/thread/250687994

Just so everyone here is clear on what essandess is saying: This global proxy mail issue only affects devices with a Automatic Proxy Configuration payload, ie. using a PAC file.


If the proxy is set to manual authentication where the server, port, username, password, etc. are specified manually, the native Mail app will work in iOS 13.


For our environment, using manual authentication isn't a feasible solution, but if you're in a pinch and need the native Mail app working, manual authentication in your global proxy payload could be a temporary "solution" until Apple gets the PAC bug fixed.

Thanks! That was the source of trouble (described here: https://developer.apple.com/documentation/ios_ipados_release_notes/ios_13_release_notes#3319760)


I managed to share my local PAC over http using `python -m SimpleHTTPServer`. Then just reconfigured PAC path as `http://localhost/local_proxy.pac`. (I need this to use mitmproxy)

After adding "imap.gmail.com" to my PAC file (bypass list), it's working. In iOS 12 it used mail.google.com I think.

There seems to be no resolution anytime soon. I went away from the proxy pac file and instead, set it to Manual and set the server and port. All is well.

Still no resolution.


I strongly encourage everyone affected by this issue to open bug reports at https://feedbackassistant.apple.com/ . I posted one last month, and have not yet received any response, and their ticket field of "Recent Similar Reports" says "Less than 10", which indicates that it's not on their radar yet.


My ticket title is "Email Traffic Blocked by Automatic Proxy Settings in iOS and iPadOS".


Though using manual proxy settings provides a workaround for basic functionality, it offers none of the fine-grain capabilities used in PAC files, which is why we're using these in the first place.

Our company opened a paid support ticket with Apple the beginning of November. It is on their radar and they have other people reporting the same issue.


We were informed that engineers are working on a fix, and that they hoped to have the fix implemented in iOS 13.3. As we tested the 13.3 betas, it was evident that the fix was not in place yet, so we reached out to our contacts at Apple. We were informed that they are having some difficulty getting the fix implemented, and they are now targeting a "mid-term release" for the software patch.


So I guess that means early 2020 sometime is when they hope to have it fixed.

I got a response from Apple the other day in Feedback Assistant, with the following recommendation:


"You [sic] PAC file has an exception for ftp urls (shExpMatch(url, "ftp:*")). If you add a similar exception for imap/imaps that should get you up and running. It may be even more effective to ignore any URL that isn't http or https."


I added PAC file rules for (url, "imap:*") (url, "imaps:*") (url, "smtp:*") and now things are working again. Not excusing Apple from fixing what they broke (still a problem with Apple Watch not having an internet connection when paired to global-proxied iPhones), but this solution is working for us in the email department.