Alain Reguera Delgado schrieb: > Here is the /etc/imapd.conf file. > configdirectory: /var/lib/imap > partition-default: /var/spool/imap > admins: cyrus cyrusadm > sievedir: /var/lib/imap/sieve > sendmail: /usr/sbin/sendmail > hashimapspool: true > sasl_pwcheck_method: auxprop > sasl_mech_list: PLAIN > tls_cert_file: /etc/pki/cyrus-imapd/cyrus-imapd.pem > tls_key_file: /etc/pki/cyrus-imapd/cyrus-imapd.pem > tls_ca_file: /etc/pki/tls/certs/ca-bundle.crt > virtdomains: yes > defaultdomain: example.com > unixhierarchysep: yes > For testing please specify additionally allowplaintext: yes > >> I wonder that `imtest' succeeds and `sivtest' fails. I think it would >> help if you provide an `imtest' run in verbose mode (parameter "-v"). >> > > Yep. See: > > S: * OK [CAPABILITY IMAP4 IMAP4rev1 LITERAL+ ID STARTTLS] > orion.example.com Cyrus IMAP4 v2.3.7-Invoca-RPM-2.3.7-1.1.el5 server > ready > C: C01 CAPABILITY > S: * CAPABILITY IMAP4 IMAP4rev1 LITERAL+ ID STARTTLS ACL RIGHTS=kxte > QUOTA MAILBOX-REFERRALS NAMESPACE UIDPLUS NO_ATOMIC_RENAME UNSELECT > CHILDREN MULTIAPPEND BINARY SORT SORT=MODSEQ THREAD=ORDEREDSUBJECT > THREAD=REFERENCES ANNOTATEMORE CATENATE CONDSTORE IDLE LISTEXT > LIST-SUBSCRIBED X-NETSCAPE URLAUTH > S: C01 OK Completed > Please enter your password: > C: L01 LOGIN al {15} > S: + go ahead > C: <omitted> > S: L01 OK [CAPABILITY IMAP4 IMAP4rev1 LITERAL+ ID LOGINDISABLED ACL > RIGHTS=kxte QUOTA MAILBOX-REFERRALS NAMESPACE UIDPLUS NO_ATOMIC_RENAME > UNSELECT CHILDREN MULTIAPPEND BINARY SORT SORT=MODSEQ > THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE CATENATE > CONDSTORE IDLE LISTEXT LIST-SUBSCRIBED X-NETSCAPE URLAUTH] User logged > in > Authenticated. > Security strength factor: 0 > C: Q01 LOGOUT > Connection closed. > STARTTLS is offered but not used. I wonder that you can LOGIN with PLAIN though the default is to not permit plaintext logins without encryption. Thus I beg you to set the additional parameter inside imapd.conf. > >>> ... >>> >>> >>>> What does `sivtest' tell you? >>>> >>>> >>> S: "IMPLEMENTATION" "Cyrus timsieved v2.3.7-Invoca-RPM-2.3.7-1.1.el5" >>> S: "SIEVE" "comparator-i;ascii-numeric fileinto reject vacation >>> imapflags notify envelope relational regex subaddress copy" >>> S: "STARTTLS" >>> S: OK >>> Authentication failed. generic failure >>> Security strength factor: 0 >>> C: LOGOUT >>> Connection closed. >>> >>> >> Ok. The server even fails to offer authentication properly. Please run >> it again in verbose mode with parameter "-v". >> > > Not too much difference from previous one: > > S: "IMPLEMENTATION" "Cyrus timsieved v2.3.7-Invoca-RPM-2.3.7-1.1.el5" > S: "SIEVE" "comparator-i;ascii-numeric fileinto reject vacation > imapflags notify envelope relational regex subaddress copy" > S: "STARTTLS" > S: OK > Authentication failed. generic failure > Security strength factor: 0 > C: LOGOUT > Connection closed. > Again no SASL offering. Please check your cyrus-sasl installs. And test following: Run openssl s_client -connect localhost:2000 -starttls smtp Does that offer SASL then? You can too test with sivtest -u al@xxxxxxxxxxx -a al@xxxxxxxxxxx -t "" > >>>> Try with non LOGIN nor PLAIN mech. >>>> >>>> >>> How could we do that ? >>> >>> >> man sivtest -> -m mech >> > > Yep, but which method should we use after -m ... auxprop ? > No. In imapd.conf you specified your own sasl_mech_list: PLAIN so it should be obvious which mechanism you can choose. As you previously said running sasldb I thought you would offer MD5 mechs, and thus my suggestion. Please report back. Alexander _______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx http://lists.centos.org/mailman/listinfo/centos