Andreas Winkelmann wrote:
sasl_minimum_layer: 1
in imapd.conf.
having put:
allowplaintext: 0
sasl_minimum_layer: 1
sasl_mech_list: PLAIN
still gives me that error.
allowplaintext: 1
sasl_minimum_layer: 1
sasl_mech_list: PLAIN
gives it to me too :(
I did some test with sivtest and managesieve (output is shown below).
Summary:
sivtest:
no
tls tls
plaintext:1, no sasl_minimum_layer login ok login ok
plaintext:1, sasl_minimum_layer :1 login nok login ok
plaintext:0, no sasl_minimum_layer login nok login ok
plaintext:0, sasl_minimum_layer :1 login nok login ok
I did my test with a script (see below) that calls managesieve too:
plaintext:1, no sasl_minimum_layer no errors *
plaintext:1, sasl_minimum_layer :1 sasl mech list empty
plaintext:0, no sasl_minimum_layer sasl mech list empty
plaintext:0, sasl_minimum_layer :1 sasl mech list empty
(*) How do I know it actually uses tls? I used tcpdump -A port 2000
and can see this passing by:
AUTHENTICATE "PLAIN" {88+}. So this is using tls, otherwise I should
see the password?
Thanks in advance!
------------
allowplaintext: 1
#sasl_minimum_layer: 1
mailadm@chestnut:/tmp$ sivtest -a rudy.gevaert2@xxxxxxxxxxxxx -u
rudy.gevaert2@xxxxxxxxxxxxx mail2.ugent.be
S: "IMPLEMENTATION" "Cyrus timsieved v2.3.7"
S: "SASL" "PLAIN"
S: "SIEVE" "comparator-i;ascii-numeric fileinto reject vacation
imapflags notify envelope relational regex subaddress copy"
S: "STARTTLS"
S: OK
Please enter your password:
C: AUTHENTICATE "PLAIN" {88+}
cnVkeS5nZXZhZXJ0MkBtYWlsLnVnZW50LmJlAHJ1ZHkuZ2V2YWVydDJAbWFpbC51Z2VudC5iZQB0ZXN0dXNlcjE=
S: OK
Authenticated.
Security strength factor: 0
mailadm@chestnut:/tmp$ sivtest -t "" -a rudy.gevaert2@xxxxxxxxxxxxx -u
rudy.gevaert2@xxxxxxxxxxxxx mail2.ugent.be
S: "IMPLEMENTATION" "Cyrus timsieved v2.3.7"
S: "SASL" "PLAIN"
S: "SIEVE" "comparator-i;ascii-numeric fileinto reject vacation
imapflags notify envelope relational regex subaddress copy"
S: "STARTTLS"
S: OK
C: STARTTLS
S: OK "Begin TLS negotiation now"
verify error:num=20:unable to get local issuer certificate
verify error:num=27:certificate not trusted
verify error:num=21:unable to verify the first certificate
TLS connection established: TLSv1 with cipher AES256-SHA (256/256 bits)
C: CAPABILITY
S: "IMPLEMENTATION" "Cyrus timsieved v2.3.7"
S: "SASL" "PLAIN"
S: "SIEVE" "comparator-i;ascii-numeric fileinto reject vacation
imapflags notify envelope relational regex subaddress copy"
S: OK
Please enter your password:
C: AUTHENTICATE "PLAIN" {88+}
cnVkeS5nZXZhZXJ0MkBtYWlsLnVnZW50LmJlAHJ1ZHkuZ2V2YWVydDJAbWFpbC51Z2VudC5iZQB0ZXN0dXNlcjE=
S: OK
Authenticated.
Security strength factor: 256
managesieve: ok!
----------------------------------
allowplaintext: 1
sasl_minimum_layer: 1
mailadm@chestnut:/tmp$ sivtest -a rudy.gevaert2@xxxxxxxxxxxxx -u
rudy.gevaert2@xxxxxxxxxxxxx mail2.ugent.be
S: "IMPLEMENTATION" "Cyrus timsieved v2.3.7"
S: "SIEVE" "comparator-i;ascii-numeric fileinto reject vacation
imapflags notify envelope relational regex subaddress copy"
S: "STARTTLS"
S: OK
Authentication failed. generic failure
Security strength factor: 0
mailadm@chestnut:/tmp$ sivtest -t "" -a rudy.gevaert2@xxxxxxxxxxxxx -u
rudy.gevaert2@xxxxxxxxxxxxx mail2.ugent.be
S: "IMPLEMENTATION" "Cyrus timsieved v2.3.7"
S: "SIEVE" "comparator-i;ascii-numeric fileinto reject vacation
imapflags notify envelope relational regex subaddress copy"
S: "STARTTLS"
S: OK
C: STARTTLS
S: OK "Begin TLS negotiation now"
verify error:num=20:unable to get local issuer certificate
verify error:num=27:certificate not trusted
verify error:num=21:unable to verify the first certificate
TLS connection established: TLSv1 with cipher AES256-SHA (256/256 bits)
C: CAPABILITY
S: "IMPLEMENTATION" "Cyrus timsieved v2.3.7"
S: "SASL" "PLAIN"
S: "SIEVE" "comparator-i;ascii-numeric fileinto reject vacation
imapflags notify envelope relational regex subaddress copy"
S: OK
Please enter your password:
C: AUTHENTICATE "PLAIN" {88+}
cnVkeS5nZXZhZXJ0MkBtYWlsLnVnZW50LmJlAHJ1ZHkuZ2V2YWVydDJAbWFpbC51Z2VudC5iZQB0ZXN0dXNlcjE=
S: OK
Authenticated.
Security strength factor: 256
managesieve: not ok!
---------------
allowplaintext: 0
#sasl_minimum_layer: 1
mailadm@chestnut:/tmp$ sivtest -a rudy.gevaert2@xxxxxxxxxxxxx -u
rudy.gevaert2@xxxxxxxxxxxxx mail2.ugent.be
S: "IMPLEMENTATION" "Cyrus timsieved v2.3.7"
S: "SIEVE" "comparator-i;ascii-numeric fileinto reject vacation
imapflags notify envelope relational regex subaddress copy"
S: "STARTTLS"
S: OK
Authentication failed. generic failure
Security strength factor: 0
mailadm@chestnut:/tmp$ sivtest -t "" -a rudy.gevaert2@xxxxxxxxxxxxx
-u rudy.gevaert2@xxxxxxxxxxxxx mail2.ugent.be
S: "IMPLEMENTATION" "Cyrus timsieved v2.3.7"
S: "SIEVE" "comparator-i;ascii-numeric fileinto reject vacation
imapflags notify envelope relational regex subaddress copy"
S: "STARTTLS"
S: OK
C: STARTTLS
S: OK "Begin TLS negotiation now"
verify error:num=20:unable to get local issuer certificate
verify error:num=27:certificate not trusted
verify error:num=21:unable to verify the first certificate
TLS connection established: TLSv1 with cipher AES256-SHA (256/256 bits)
C: CAPABILITY
S: "IMPLEMENTATION" "Cyrus timsieved v2.3.7"
S: "SASL" "PLAIN"
S: "SIEVE" "comparator-i;ascii-numeric fileinto reject vacation
imapflags notify envelope relational regex subaddress copy"
S: OK
Please enter your password:
C: AUTHENTICATE "PLAIN" {88+}
cnVkeS5nZXZhZXJ0MkBtYWlsLnVnZW50LmJlAHJ1ZHkuZ2V2YWVydDJAbWFpbC51Z2VudC5iZQB0ZXN0dXNlcjE=
S: OK
Authenticated.
Security strength factor: 256
---------------
allowplaintext: 0
sasl_minimum_layer: 1
mailadm@chestnut:/tmp$ sivtest -a rudy.gevaert2@xxxxxxxxxxxxx -u
rudy.gevaert2@xxxxxxxxxxxxx mail2.ugent.be
S: "IMPLEMENTATION" "Cyrus timsieved v2.3.7"
S: "SIEVE" "comparator-i;ascii-numeric fileinto reject vacation
imapflags notify envelope relational regex subaddress copy"
S: "STARTTLS"
S: OK
Authentication failed. generic failure
Security strength factor: 0
mailadm@chestnut:/tmp$ sivtest -t "" -a rudy.gevaert2@xxxxxxxxxxxxx
-u rudy.gevaert2@xxxxxxxxxxxxx mail2.ugent.be
S: "IMPLEMENTATION" "Cyrus timsieved v2.3.7"
S: "SIEVE" "comparator-i;ascii-numeric fileinto reject vacation
imapflags notify envelope relational regex subaddress copy"
S: "STARTTLS"
S: OK
C: STARTTLS
S: OK "Begin TLS negotiation now"
verify error:num=20:unable to get local issuer certificate
verify error:num=27:certificate not trusted
verify error:num=21:unable to verify the first certificate
TLS connection established: TLSv1 with cipher AES256-SHA (256/256 bits)
C: CAPABILITY
S: "IMPLEMENTATION" "Cyrus timsieved v2.3.7"
S: "SASL" "PLAIN"
S: "SIEVE" "comparator-i;ascii-numeric fileinto reject vacation
imapflags notify envelope relational regex subaddress copy"
S: OK
Please enter your password:
C: AUTHENTICATE "PLAIN" {88+}
cnVkeS5nZXZhZXJ0MkBtYWlsLnVnZW50LmJlAHJ1ZHkuZ2V2YWVydDJAbWFpbC51Z2VudC5iZQB0ZXN0dXNlcjE=
S: OK
Authenticated.
Security strength factor: 256
my perl script:
#!/usr/bin/perl -w
use strict;
use Cyrus::SIEVE::managesieve;
use Data::Dumper;
my ($server, $username, $password) = ("mail2.ugent.be",
'rudy.gevaert2@xxxxxxxxxxxxx', "xxxx");
my $handle = sieve_get_handle($server,
sub {$username},
sub {$username},
sub {$password},
sub {""});
unless (defined $handle) {
die "$server: ", sieve_get_global_error();
}
my %list = ();
my $res = sieve_list($handle, sub {$list{$_[0]} = $_[1]});
die("script_list: ", sieve_get_error($handle))
unless $res == 0;
print Dumper \%list;
--------------------------------------
--
-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
Rudy Gevaert Rudy.Gevaert@xxxxxxxx tel:+32 9 264 4734
Directie ICT, afd. Infrastructuur Direction ICT, Infrastructure dept.
Groep Systemen Systems group
Universiteit Gent Ghent University
Krijgslaan 281, gebouw S9, 9000 Gent, Belgie www.UGent.be
-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
----
Cyrus Home Page: http://cyrusimap.web.cmu.edu/
Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html