Re: Cyrus-Imapd Sieve Unable to connect to server

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On 1/28/08, Alexander Dalloz <ad+lists@xxxxxxxxx> wrote:
> Alain Reguera Delgado schrieb:
>
> Hello Alain,
>
> sorry for replying late.
>
> >>> Not too much difference from previous one:
> >>>
> >>> S: "IMPLEMENTATION" "Cyrus timsieved v2.3.7-Invoca-RPM-2.3.7-1.1.el5"
> >>> S: "SIEVE" "comparator-i;ascii-numeric fileinto reject vacation
> >>> imapflags notify envelope relational regex subaddress copy"
> >>> S: "STARTTLS"
> >>> S: OK
> >>> Authentication failed. generic failure
> >>> Security strength factor: 0
> >>> C: LOGOUT
> >>> Connection closed.
> >>>
> >>>
> >> Again no SASL offering. Please check your cyrus-sasl installs.
> >>
> >
> > $ rpm -qa | grep cyrus
> > cyrus-sasl-2.1.22-4     <------------- see here
> > cyrus-imapd-2.3.7-1.1.el5
> > cyrus-sasl-lib-2.1.22-4    <------------- and here
> > cyrus-imapd-perl-2.3.7-1.1.el5
> > cyrus-imapd-utils-2.3.7-1.1.el5
> >
> >
> Hm. You shouldn't be able to SASL auth at all! You are missing the
> cyrus-sasl-plain RPM to have both the liblogin.so* and libplain.so*
> libraries. Very certainly installing this RPM will solve your problem.

Yes. I installed those RPMs and things start working!!! ... I am very happy :D

> >> And test
> >> following: Run
> >>
> >> openssl s_client -connect localhost:2000 -starttls smtp
> >>
> >
> > CONNECTED(00000003)
> > 22760:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown
> > protocol:s23_clnt.c:567:
> >
> Hm, that command works for me this way. Instead of "-starttls smtp" you
> may try "-starttls pop3" or "-tls1".

Well, that return the same error with "-starttls pop3" but a different
one with -tls1

CONNECTED(00000003)
30901:error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version
number:s3_pkt.c:284

> >> Does that offer SASL then? You can too test with
> >>
> >> sivtest -u al@xxxxxxxxxxx -a al@xxxxxxxxxxx -t ""
> >>
> >
> > S: "IMPLEMENTATION" "Cyrus timsieved v2.3.7-Invoca-RPM-2.3.7-1.1.el5"
> > S: "SIEVE" "comparator-i;ascii-numeric fileinto reject vacation
> > imapflags notify envelope relational regex subaddress copy"
> > S: "STARTTLS"
> > S: OK
> > C: STARTTLS
> > S: NO "Error initializing TLS"
> > Authentication failed. generic failure
> > Security strength factor: 0
> > C: LOGOUT
> > Connection closed.
> >
> Even your SSL/TLS setup seems to be broken. Are the certificate files in
> place.

I looked at /etc/pki/cyrus-imapd/ and that directory is empty.

Took a look at /etc/pki/tls/certs/ and there is a cyrus-imapd.pem file
like that mentioned in imapd.conf file. I tried to copy/linking it
into /etc/pki/cyrus-imapd/ and restart cyrus-imapd but that error is
still there when the openssl command is run.

I have created a .crt and .key file to apache, related to my domain
... with the command:

/usr/bin/openssl req -newkey rsa:1024 -keyout
/etc/pki/tls/private/example.com.key -nodes -x509 -days 365 -out
/etc/pki/tls/certs/example.com.crt
(that taken from /etc/pki/tls/certs/make-dummy-cert bash script)

Tried to use them but still no success. Don't know, how this error
could affect cyrus-imapd-sieve?

> What does the cyrus-imapd service start report in the maillog?

When run the command (the openssl s_client one), none ... just:
...
sieve[30807]: executed
sieve[30807]: accepted connection
master[28736]: process 30807 exited, status 0

> Any errors?

Not this time .. I think :)

S: "IMPLEMENTATION" "Cyrus timsieved v2.3.7-Invoca-RPM-2.3.7-1.1.el5"
S: "SASL" "CRAM-MD5 DIGEST-MD5 LOGIN PLAIN"
S: "SIEVE" "comparator-i;ascii-numeric fileinto reject vacation
imapflags notify envelope relational regex subaddress copy"
S: "STARTTLS"
S: OK
C: AUTHENTICATE "DIGEST-MD5"
S: {264}
S: bm9uY2U9IkNpRTF5c0x2NllwcHNwQjhXVUo4TlRiakxFM3FBbDJPUzZVK1paNi9EbGM9IixyZWFsbT0ib3Jpb24uY2lnZXQuY2llbmZ1ZWdvcy5jdSIscW9wPSJhdXRoLGF1dGgtaW50LGF1dGgtY29uZiIsY2lwaGVyPSJyYzQtNDAscmM0LTU2LHJjNCxkZXMsM2RlcyIsbWF4YnVmPTQwOTYsY2hhcnNldD11dGYtOCxhbGdvcml0aG09bWQ1LXNlc3M=
Please enter your password:
{416+}
C: dXNlcm5hbWU9ImFsQGNpZ2V0LmNpZW5mdWVnb3MuY3UiLHJlYWxtPSJvcmlvbi5jaWdldC5jaWVuZnVlZ29zLmN1Iixub25jZT0iQ2lFMXlzTHY2WXBwc3BCOFdVSjhOVGJqTEUzcUFsMk9TNlUrWlo2L0RsYz0iLGNub25jZT0id0Y2TktJQ0VRRitnZ2N4N21Xb3MvL0ptclVlK2pCNWloZDJBd3d2ZXhNND0iLG5jPTAwMDAwMDAxLHFvcD1hdXRoLWNvbmYsY2lwaGVyPXJjNCxtYXhidWY9MTAyNCxkaWdlc3QtdXJpPSJzaWV2ZS9vcmlvbi5jaWdldC5jaWVuZnVlZ29zLmN1IixyZXNwb25zZT1jNTg2OWJkYTEzNDlhYTNhNTQ4YTA3NWZlYjU2OTZjMw==
S: OK (SASL "cnNwYXV0aD1mMTg5YzEzYjFmMzk5Y2NhYjcyZmI0NDJkMmQzNTZmNw==")
Authenticated.
Security strength factor: 128
C: LOGOUT
Connection closed.

>
> > So, to offer MD5 we could add it to sasl_mech_list ? Something like:
> >
> > sasl_mech_list: PLAIN MD5
> >
> No. To offer MD5 mechanisms use "DIGEST-MD5" or "CRAM-MD5" or even both.
> Being able to offer MD5 mechs is one of the positive aspects of using
> sasldb based auth.
>
> sasl_mech_list: LOGIN PLAIN CRAM-MD5 DIGEST-MD5

I'm currently using this one on the imapd.conf file.

>
> or to avoid plaintext passwords over the wire
>
> sasl_mech_list: CRAM-MD5 DIGEST-MD5

In this configuration, we have a webmail (squirrelmail) with ssl
available in the same machine. Do you think it would work without
PLAIN mech available ?

>
> Pay attention to have the cyrus-sasl-md5 RPM installed. This will
> provide the required libraries for MD5 mech auth,

Yep. That was installed too. :)

>
> Kind regards
>
> Alexander
>

Thank you very much for this Tremendous Help. I uploaded some sieve
scripts using sieveshell, took a look at maillog and enjoyed to see
what happened .. that worked pretty nice!!!

Cheers,
al.
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos

[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux