On 11 feb 2013 - w7, at 00:04, Ragnar Sundblad <ragge@xxxxxxxxxx> wrote: > We get "encoded packet size too big (8252 > 8192)" paired with > "decoding error: generic failure; SASL(-1): generic failure: security > flags do not match required, closing connection" when the imap proxy > is talking to the imapd. > > I have tracked down the "too big" message to _plug_decode() in > plugins/plugin_common.c. We have looked into this a little further. First a clarification: Above we had upped the buffer both in imapd (PROT_BUFSIZE in <imapd>/lib/prot.h) and in sasl (SASL_ENCODEV_EXTRA in <sasl>/lib/common.c to 8192. Before that change, the numbers typically were "(4156 > 4096)". We are now using sasl with SASL_ENCODEV_EXTRA=8192 (double the original value, and imapd with PROT_BUFSIZE=4096 (as it were originally), and everything finally seems to work now. The sasl GSSAPI plugin sets oparams->maxoutbuf to 8132 (8192 - 60), but it seems the imapd stuff still sends packets which in clear text are PROT_BUFSIZE, which get 60 bytes larger when encrypted, and which then would be to large if we hadn't upped sasl's SASL_ENCODEV_EXTRA. So something doesn't really work correctly here. Thanks for any hints! /ragge
