[CentOS] Cyrus-Imapd Sieve Unable to connect to server

Thu Jan 24 22:11:24 UTC 2008
Alexander Dalloz <ad+lists at uni-x.org>

Alain Reguera Delgado schrieb:
> Here is the /etc/imapd.conf file.
> configdirectory: /var/lib/imap
> partition-default: /var/spool/imap
> admins: cyrus cyrusadm
> sievedir: /var/lib/imap/sieve
> sendmail: /usr/sbin/sendmail
> hashimapspool: true
> sasl_pwcheck_method: auxprop
> sasl_mech_list: PLAIN
> tls_cert_file: /etc/pki/cyrus-imapd/cyrus-imapd.pem
> tls_key_file: /etc/pki/cyrus-imapd/cyrus-imapd.pem
> tls_ca_file: /etc/pki/tls/certs/ca-bundle.crt
> virtdomains: yes
> defaultdomain: example.com
> unixhierarchysep: yes
>   
For testing please specify additionally

allowplaintext: yes
>
>> I wonder that `imtest' succeeds and `sivtest' fails. I think it would
>> help if you provide an `imtest' run in verbose mode (parameter "-v").
>>     
>
> Yep. See:
>
> S: * OK [CAPABILITY IMAP4 IMAP4rev1 LITERAL+ ID STARTTLS]
> orion.example.com Cyrus IMAP4 v2.3.7-Invoca-RPM-2.3.7-1.1.el5 server
> ready
> C: C01 CAPABILITY
> S: * CAPABILITY IMAP4 IMAP4rev1 LITERAL+ ID STARTTLS ACL RIGHTS=kxte
> QUOTA MAILBOX-REFERRALS NAMESPACE UIDPLUS NO_ATOMIC_RENAME UNSELECT
> CHILDREN MULTIAPPEND BINARY SORT SORT=MODSEQ THREAD=ORDEREDSUBJECT
> THREAD=REFERENCES ANNOTATEMORE CATENATE CONDSTORE IDLE LISTEXT
> LIST-SUBSCRIBED X-NETSCAPE URLAUTH
> S: C01 OK Completed
> Please enter your password:
> C: L01 LOGIN al {15}
> S: + go ahead
> C: <omitted>
> S: L01 OK [CAPABILITY IMAP4 IMAP4rev1 LITERAL+ ID LOGINDISABLED ACL
> RIGHTS=kxte QUOTA MAILBOX-REFERRALS NAMESPACE UIDPLUS NO_ATOMIC_RENAME
> UNSELECT CHILDREN MULTIAPPEND BINARY SORT SORT=MODSEQ
> THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE CATENATE
> CONDSTORE IDLE LISTEXT LIST-SUBSCRIBED X-NETSCAPE URLAUTH] User logged
> in
> Authenticated.
> Security strength factor: 0
> C: Q01 LOGOUT
> Connection closed.
>   
STARTTLS is offered but not used. I wonder that you can LOGIN with PLAIN
though the default is to not permit plaintext logins without encryption.
Thus I beg you to set the additional parameter inside imapd.conf.
>   
>>> ...
>>>
>>>       
>>>> What does `sivtest' tell you?
>>>>
>>>>         
>>> S: "IMPLEMENTATION" "Cyrus timsieved v2.3.7-Invoca-RPM-2.3.7-1.1.el5"
>>> S: "SIEVE" "comparator-i;ascii-numeric fileinto reject vacation
>>> imapflags notify envelope relational regex subaddress copy"
>>> S: "STARTTLS"
>>> S: OK
>>> Authentication failed. generic failure
>>> Security strength factor: 0
>>> C: LOGOUT
>>> Connection closed.
>>>
>>>       
>> Ok. The server even fails to offer authentication properly. Please run
>> it again in verbose mode with parameter "-v".
>>     
>
> Not too much difference from previous one:
>
> S: "IMPLEMENTATION" "Cyrus timsieved v2.3.7-Invoca-RPM-2.3.7-1.1.el5"
> S: "SIEVE" "comparator-i;ascii-numeric fileinto reject vacation
> imapflags notify envelope relational regex subaddress copy"
> S: "STARTTLS"
> S: OK
> Authentication failed. generic failure
> Security strength factor: 0
> C: LOGOUT
> Connection closed.
>   
Again no SASL offering. Please check your cyrus-sasl installs. And test
following: Run

openssl s_client -connect localhost:2000 -starttls smtp

Does that offer SASL then? You can too test with

sivtest -u al at example.com -a al at example.com -t ""
>   
>>>> Try with non LOGIN nor PLAIN mech.
>>>>
>>>>         
>>> How could we do that ?
>>>
>>>       
>> man sivtest -> -m mech
>>     
>
> Yep, but which method should we use after -m ... auxprop ?
>   
No. In imapd.conf you specified your own

sasl_mech_list: PLAIN


so it should be obvious which mechanism you can choose. As you
previously said running sasldb I thought you would offer MD5 mechs, and
thus my suggestion.

Please report back.

Alexander