Alain Reguera Delgado schrieb: Hello Alain, sorry for replying late. >>> Not too much difference from previous one: >>> >>> S: "IMPLEMENTATION" "Cyrus timsieved v2.3.7-Invoca-RPM-2.3.7-1.1.el5" >>> S: "SIEVE" "comparator-i;ascii-numeric fileinto reject vacation >>> imapflags notify envelope relational regex subaddress copy" >>> S: "STARTTLS" >>> S: OK >>> Authentication failed. generic failure >>> Security strength factor: 0 >>> C: LOGOUT >>> Connection closed. >>> >>> >> Again no SASL offering. Please check your cyrus-sasl installs. >> > > $ rpm -qa | grep cyrus > cyrus-sasl-2.1.22-4 <------------- see here > cyrus-imapd-2.3.7-1.1.el5 > cyrus-sasl-lib-2.1.22-4 <------------- and here > cyrus-imapd-perl-2.3.7-1.1.el5 > cyrus-imapd-utils-2.3.7-1.1.el5 > > Hm. You shouldn't be able to SASL auth at all! You are missing the cyrus-sasl-plain RPM to have both the liblogin.so* and libplain.so* libraries. Very certainly installing this RPM will solve your problem. >> And test >> following: Run >> >> openssl s_client -connect localhost:2000 -starttls smtp >> > > CONNECTED(00000003) > 22760:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown > protocol:s23_clnt.c:567: > Hm, that command works for me this way. Instead of "-starttls smtp" you may try "-starttls pop3" or "-tls1". >> Does that offer SASL then? You can too test with >> >> sivtest -u al at example.com -a al at example.com -t "" >> > > S: "IMPLEMENTATION" "Cyrus timsieved v2.3.7-Invoca-RPM-2.3.7-1.1.el5" > S: "SIEVE" "comparator-i;ascii-numeric fileinto reject vacation > imapflags notify envelope relational regex subaddress copy" > S: "STARTTLS" > S: OK > C: STARTTLS > S: NO "Error initializing TLS" > Authentication failed. generic failure > Security strength factor: 0 > C: LOGOUT > Connection closed. > Even your SSL/TLS setup seems to be broken. Are the certificate files in place. What does the cyrus-imapd service start report in the maillog? Any errors? > So, to offer MD5 we could add it to sasl_mech_list ? Something like: > > sasl_mech_list: PLAIN MD5 > No. To offer MD5 mechanisms use "DIGEST-MD5" or "CRAM-MD5" or even both. Being able to offer MD5 mechs is one of the positive aspects of using sasldb based auth. sasl_mech_list: LOGIN PLAIN CRAM-MD5 DIGEST-MD5 or to avoid plaintext passwords over the wire sasl_mech_list: CRAM-MD5 DIGEST-MD5 Pay attention to have the cyrus-sasl-md5 RPM installed. This will provide the required libraries for MD5 mech auth, Kind regards Alexander