Re: sieve with tls sasl mech list empty

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Andreas Winkelmann wrote:

sasl_minimum_layer: 1

in imapd.conf.

having put:
allowplaintext: 0
sasl_minimum_layer: 1
sasl_mech_list: PLAIN

still gives me that error.

allowplaintext: 1
sasl_minimum_layer: 1
sasl_mech_list: PLAIN

gives it to me too :(


I did some test with sivtest and managesieve (output is shown below). Summary:

sivtest:
no tls tls
plaintext:1, no sasl_minimum_layer     login ok     login ok
plaintext:1, sasl_minimum_layer :1 login nok login ok plaintext:0, no sasl_minimum_layer login nok login ok
plaintext:0, sasl_minimum_layer :1      login nok  login ok

I did my test with a script (see below) that calls managesieve too:
plaintext:1, no sasl_minimum_layer no errors *
plaintext:1, sasl_minimum_layer :1       sasl mech list empty
plaintext:0, no sasl_minimum_layer      sasl mech list empty
plaintext:0, sasl_minimum_layer :1       sasl mech list empty

(*) How do I know it actually uses tls? I used tcpdump -A port 2000 and can see this passing by: AUTHENTICATE "PLAIN" {88+}. So this is using tls, otherwise I should see the password?

Thanks in advance!

------------

allowplaintext: 1
#sasl_minimum_layer: 1

mailadm@chestnut:/tmp$ sivtest -a rudy.gevaert2@xxxxxxxxxxxxx -u rudy.gevaert2@xxxxxxxxxxxxx mail2.ugent.be
S: "IMPLEMENTATION" "Cyrus timsieved v2.3.7"
S: "SASL" "PLAIN"
S: "SIEVE" "comparator-i;ascii-numeric fileinto reject vacation imapflags notify envelope relational regex subaddress copy"
S: "STARTTLS"
S: OK
Please enter your password:
C: AUTHENTICATE "PLAIN" {88+}
cnVkeS5nZXZhZXJ0MkBtYWlsLnVnZW50LmJlAHJ1ZHkuZ2V2YWVydDJAbWFpbC51Z2VudC5iZQB0ZXN0dXNlcjE=
S: OK
Authenticated.
Security strength factor: 0

mailadm@chestnut:/tmp$ sivtest -t "" -a rudy.gevaert2@xxxxxxxxxxxxx -u rudy.gevaert2@xxxxxxxxxxxxx mail2.ugent.be
S: "IMPLEMENTATION" "Cyrus timsieved v2.3.7"
S: "SASL" "PLAIN"
S: "SIEVE" "comparator-i;ascii-numeric fileinto reject vacation imapflags notify envelope relational regex subaddress copy"
S: "STARTTLS"
S: OK
C: STARTTLS
S: OK "Begin TLS negotiation now"
verify error:num=20:unable to get local issuer certificate
verify error:num=27:certificate not trusted
verify error:num=21:unable to verify the first certificate
TLS connection established: TLSv1 with cipher AES256-SHA (256/256 bits)
C: CAPABILITY
S: "IMPLEMENTATION" "Cyrus timsieved v2.3.7"
S: "SASL" "PLAIN"
S: "SIEVE" "comparator-i;ascii-numeric fileinto reject vacation imapflags notify envelope relational regex subaddress copy"
S: OK
Please enter your password:
C: AUTHENTICATE "PLAIN" {88+}
cnVkeS5nZXZhZXJ0MkBtYWlsLnVnZW50LmJlAHJ1ZHkuZ2V2YWVydDJAbWFpbC51Z2VudC5iZQB0ZXN0dXNlcjE=
S: OK
Authenticated.
Security strength factor: 256


managesieve: ok!
----------------------------------
allowplaintext: 1
sasl_minimum_layer: 1

mailadm@chestnut:/tmp$ sivtest -a rudy.gevaert2@xxxxxxxxxxxxx -u rudy.gevaert2@xxxxxxxxxxxxx mail2.ugent.be
S: "IMPLEMENTATION" "Cyrus timsieved v2.3.7"
S: "SIEVE" "comparator-i;ascii-numeric fileinto reject vacation imapflags notify envelope relational regex subaddress copy"
S: "STARTTLS"
S: OK
Authentication failed. generic failure
Security strength factor: 0

mailadm@chestnut:/tmp$ sivtest -t "" -a rudy.gevaert2@xxxxxxxxxxxxx -u rudy.gevaert2@xxxxxxxxxxxxx mail2.ugent.be
S: "IMPLEMENTATION" "Cyrus timsieved v2.3.7"
S: "SIEVE" "comparator-i;ascii-numeric fileinto reject vacation imapflags notify envelope relational regex subaddress copy"
S: "STARTTLS"
S: OK
C: STARTTLS
S: OK "Begin TLS negotiation now"
verify error:num=20:unable to get local issuer certificate
verify error:num=27:certificate not trusted
verify error:num=21:unable to verify the first certificate
TLS connection established: TLSv1 with cipher AES256-SHA (256/256 bits)
C: CAPABILITY
S: "IMPLEMENTATION" "Cyrus timsieved v2.3.7"
S: "SASL" "PLAIN"
S: "SIEVE" "comparator-i;ascii-numeric fileinto reject vacation imapflags notify envelope relational regex subaddress copy"
S: OK
Please enter your password:
C: AUTHENTICATE "PLAIN" {88+}
cnVkeS5nZXZhZXJ0MkBtYWlsLnVnZW50LmJlAHJ1ZHkuZ2V2YWVydDJAbWFpbC51Z2VudC5iZQB0ZXN0dXNlcjE=
S: OK
Authenticated.
Security strength factor: 256

managesieve: not ok!
---------------

allowplaintext: 0
#sasl_minimum_layer: 1


mailadm@chestnut:/tmp$ sivtest -a rudy.gevaert2@xxxxxxxxxxxxx -u rudy.gevaert2@xxxxxxxxxxxxx mail2.ugent.be
S: "IMPLEMENTATION" "Cyrus timsieved v2.3.7"
S: "SIEVE" "comparator-i;ascii-numeric fileinto reject vacation imapflags notify envelope relational regex subaddress copy"
S: "STARTTLS"
S: OK
Authentication failed. generic failure
Security strength factor: 0


mailadm@chestnut:/tmp$ sivtest -t "" -a rudy.gevaert2@xxxxxxxxxxxxx -u rudy.gevaert2@xxxxxxxxxxxxx mail2.ugent.be
S: "IMPLEMENTATION" "Cyrus timsieved v2.3.7"
S: "SIEVE" "comparator-i;ascii-numeric fileinto reject vacation imapflags notify envelope relational regex subaddress copy"
S: "STARTTLS"
S: OK
C: STARTTLS
S: OK "Begin TLS negotiation now"
verify error:num=20:unable to get local issuer certificate
verify error:num=27:certificate not trusted
verify error:num=21:unable to verify the first certificate
TLS connection established: TLSv1 with cipher AES256-SHA (256/256 bits)
C: CAPABILITY
S: "IMPLEMENTATION" "Cyrus timsieved v2.3.7"
S: "SASL" "PLAIN"
S: "SIEVE" "comparator-i;ascii-numeric fileinto reject vacation imapflags notify envelope relational regex subaddress copy"
S: OK
Please enter your password:
C: AUTHENTICATE "PLAIN" {88+}
cnVkeS5nZXZhZXJ0MkBtYWlsLnVnZW50LmJlAHJ1ZHkuZ2V2YWVydDJAbWFpbC51Z2VudC5iZQB0ZXN0dXNlcjE=
S: OK
Authenticated.
Security strength factor: 256

---------------

allowplaintext: 0
sasl_minimum_layer: 1


mailadm@chestnut:/tmp$ sivtest -a rudy.gevaert2@xxxxxxxxxxxxx -u rudy.gevaert2@xxxxxxxxxxxxx mail2.ugent.be
S: "IMPLEMENTATION" "Cyrus timsieved v2.3.7"
S: "SIEVE" "comparator-i;ascii-numeric fileinto reject vacation imapflags notify envelope relational regex subaddress copy"
S: "STARTTLS"
S: OK
Authentication failed. generic failure
Security strength factor: 0

mailadm@chestnut:/tmp$ sivtest -t "" -a rudy.gevaert2@xxxxxxxxxxxxx -u rudy.gevaert2@xxxxxxxxxxxxx mail2.ugent.be
S: "IMPLEMENTATION" "Cyrus timsieved v2.3.7"
S: "SIEVE" "comparator-i;ascii-numeric fileinto reject vacation imapflags notify envelope relational regex subaddress copy"
S: "STARTTLS"
S: OK
C: STARTTLS
S: OK "Begin TLS negotiation now"
verify error:num=20:unable to get local issuer certificate
verify error:num=27:certificate not trusted
verify error:num=21:unable to verify the first certificate
TLS connection established: TLSv1 with cipher AES256-SHA (256/256 bits)
C: CAPABILITY
S: "IMPLEMENTATION" "Cyrus timsieved v2.3.7"
S: "SASL" "PLAIN"
S: "SIEVE" "comparator-i;ascii-numeric fileinto reject vacation imapflags notify envelope relational regex subaddress copy"
S: OK
Please enter your password:
C: AUTHENTICATE "PLAIN" {88+}
cnVkeS5nZXZhZXJ0MkBtYWlsLnVnZW50LmJlAHJ1ZHkuZ2V2YWVydDJAbWFpbC51Z2VudC5iZQB0ZXN0dXNlcjE=
S: OK
Authenticated.
Security strength factor: 256


my perl script:

#!/usr/bin/perl -w

use strict;
use Cyrus::SIEVE::managesieve;
use Data::Dumper;

my ($server, $username, $password) = ("mail2.ugent.be", 'rudy.gevaert2@xxxxxxxxxxxxx', "xxxx");

my $handle = sieve_get_handle($server,
                                 sub {$username},
                                 sub {$username},
                                 sub {$password},
                                 sub {""});

unless (defined $handle) {
   die "$server: ", sieve_get_global_error();
}

my %list = ();
my $res = sieve_list($handle, sub {$list{$_[0]} = $_[1]});
   die("script_list: ", sieve_get_error($handle))
   unless $res == 0;
print Dumper  \%list;



--------------------------------------

--
-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
Rudy Gevaert          Rudy.Gevaert@xxxxxxxx          tel:+32 9 264 4734
Directie ICT, afd. Infrastructuur  Direction ICT, Infrastructure dept.
Groep Systemen Systems group Universiteit Gent Ghent University Krijgslaan 281, gebouw S9, 9000 Gent, Belgie www.UGent.be
-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --

----
Cyrus Home Page: http://cyrusimap.web.cmu.edu/
Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html

[Index of Archives]     [Cyrus SASL]     [Squirrel Mail]     [Asterisk PBX]     [Video For Linux]     [Photo]     [Yosemite News]     [gtk]     [KDE]     [Gimp on Windows]     [Steve's Art]

  Powered by Linux