Alain Reguera Delgado schrieb:
Hello Alain,
sorry for replying late.
Not too much difference from previous one:
S: "IMPLEMENTATION" "Cyrus timsieved v2.3.7-Invoca-RPM-2.3.7-1.1.el5" S: "SIEVE" "comparator-i;ascii-numeric fileinto reject vacation imapflags notify envelope relational regex subaddress copy" S: "STARTTLS" S: OK Authentication failed. generic failure Security strength factor: 0 C: LOGOUT Connection closed.
Again no SASL offering. Please check your cyrus-sasl installs.
$ rpm -qa | grep cyrus cyrus-sasl-2.1.22-4 <------------- see here cyrus-imapd-2.3.7-1.1.el5 cyrus-sasl-lib-2.1.22-4 <------------- and here cyrus-imapd-perl-2.3.7-1.1.el5 cyrus-imapd-utils-2.3.7-1.1.el5
Hm. You shouldn't be able to SASL auth at all! You are missing the cyrus-sasl-plain RPM to have both the liblogin.so* and libplain.so* libraries. Very certainly installing this RPM will solve your problem.
And test following: Run
openssl s_client -connect localhost:2000 -starttls smtp
CONNECTED(00000003) 22760:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:s23_clnt.c:567:
Hm, that command works for me this way. Instead of "-starttls smtp" you may try "-starttls pop3" or "-tls1".
Does that offer SASL then? You can too test with
sivtest -u al@example.com -a al@example.com -t ""
S: "IMPLEMENTATION" "Cyrus timsieved v2.3.7-Invoca-RPM-2.3.7-1.1.el5" S: "SIEVE" "comparator-i;ascii-numeric fileinto reject vacation imapflags notify envelope relational regex subaddress copy" S: "STARTTLS" S: OK C: STARTTLS S: NO "Error initializing TLS" Authentication failed. generic failure Security strength factor: 0 C: LOGOUT Connection closed.
Even your SSL/TLS setup seems to be broken. Are the certificate files in place. What does the cyrus-imapd service start report in the maillog? Any errors?
So, to offer MD5 we could add it to sasl_mech_list ? Something like:
sasl_mech_list: PLAIN MD5
No. To offer MD5 mechanisms use "DIGEST-MD5" or "CRAM-MD5" or even both. Being able to offer MD5 mechs is one of the positive aspects of using sasldb based auth.
sasl_mech_list: LOGIN PLAIN CRAM-MD5 DIGEST-MD5
or to avoid plaintext passwords over the wire
sasl_mech_list: CRAM-MD5 DIGEST-MD5
Pay attention to have the cyrus-sasl-md5 RPM installed. This will provide the required libraries for MD5 mech auth,
Kind regards
Alexander