[CentOS] Cyrus-Imapd Sieve Unable to connect to server
Alexander Dalloz
ad+lists at uni-x.org
Mon Jan 28 19:43:57 UTC 2008
Alain Reguera Delgado schrieb:
Hello Alain,
sorry for replying late.
>>> Not too much difference from previous one:
>>>
>>> S: "IMPLEMENTATION" "Cyrus timsieved v2.3.7-Invoca-RPM-2.3.7-1.1.el5"
>>> S: "SIEVE" "comparator-i;ascii-numeric fileinto reject vacation
>>> imapflags notify envelope relational regex subaddress copy"
>>> S: "STARTTLS"
>>> S: OK
>>> Authentication failed. generic failure
>>> Security strength factor: 0
>>> C: LOGOUT
>>> Connection closed.
>>>
>>>
>> Again no SASL offering. Please check your cyrus-sasl installs.
>>
>
> $ rpm -qa | grep cyrus
> cyrus-sasl-2.1.22-4 <------------- see here
> cyrus-imapd-2.3.7-1.1.el5
> cyrus-sasl-lib-2.1.22-4 <------------- and here
> cyrus-imapd-perl-2.3.7-1.1.el5
> cyrus-imapd-utils-2.3.7-1.1.el5
>
>
Hm. You shouldn't be able to SASL auth at all! You are missing the
cyrus-sasl-plain RPM to have both the liblogin.so* and libplain.so*
libraries. Very certainly installing this RPM will solve your problem.
>> And test
>> following: Run
>>
>> openssl s_client -connect localhost:2000 -starttls smtp
>>
>
> CONNECTED(00000003)
> 22760:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown
> protocol:s23_clnt.c:567:
>
Hm, that command works for me this way. Instead of "-starttls smtp" you
may try "-starttls pop3" or "-tls1".
>> Does that offer SASL then? You can too test with
>>
>> sivtest -u al at example.com -a al at example.com -t ""
>>
>
> S: "IMPLEMENTATION" "Cyrus timsieved v2.3.7-Invoca-RPM-2.3.7-1.1.el5"
> S: "SIEVE" "comparator-i;ascii-numeric fileinto reject vacation
> imapflags notify envelope relational regex subaddress copy"
> S: "STARTTLS"
> S: OK
> C: STARTTLS
> S: NO "Error initializing TLS"
> Authentication failed. generic failure
> Security strength factor: 0
> C: LOGOUT
> Connection closed.
>
Even your SSL/TLS setup seems to be broken. Are the certificate files in
place. What does the cyrus-imapd service start report in the maillog?
Any errors?
> So, to offer MD5 we could add it to sasl_mech_list ? Something like:
>
> sasl_mech_list: PLAIN MD5
>
No. To offer MD5 mechanisms use "DIGEST-MD5" or "CRAM-MD5" or even both.
Being able to offer MD5 mechs is one of the positive aspects of using
sasldb based auth.
sasl_mech_list: LOGIN PLAIN CRAM-MD5 DIGEST-MD5
or to avoid plaintext passwords over the wire
sasl_mech_list: CRAM-MD5 DIGEST-MD5
Pay attention to have the cyrus-sasl-md5 RPM installed. This will
provide the required libraries for MD5 mech auth,
Kind regards
Alexander
More information about the CentOS
mailing list