AUTH response for POP3 Over SSL

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

I have not been able to authenticate POP3 over SSL from thunderbird 2.0.0.12 to Cyrus POP3 v2.3.8 on a OS X Server 10.5.


I have narrowed down the cause to be a wrong set of supported authentication mechanism being advertised when thunderbird queried the POP3 server in AUTH.
For example, the server responded with CRAM-MD5 as a support mechanism in AUTH when it really has not been configured as such, not in POP3 anyway.


I would like to know if it is a configuration issue, is there something missing in the OS X configuration of the Cyrus server that is supposed to stop CRAM-MD5 and a list of other auth mechanism from being advertised as supported in the AUTH process? i.e. Apple messed up the configuration/build.

Or is this a "feature" of this version of the Cyrus server and resolved in a later version?

Or Thunderbird should have used the mechanism listed in CAPA response only as CRAM-MD5 only appeared in AUTH.



Thanks for your help.


Joshua

my system generated imapd.conf is as follows:

admins: cyrusimap
configdirectory: /var/imap
partition-default: /var/spool/imap
unixhierarchysep: yes
altnamespace: yes
servername: mailserver.abc.edu
sievedir: /usr/sieve
sendmail: /usr/sbin/sendmail
lmtp_downcase_rcpt: 1
unix_group_enable: 0
berkeley_txns_max: 400
berkeley_locks_max: 20000
berkeley_cachesize: 8192
berkeley_max_log_region: 2048
berkeley_max_log_file: 10240
berkeley_max_log_buffer: 2048
tls_key_file: /Volumes/system/etc/certificates/mail.abc.edu.key
quota_warn_frequency_days: 2
tls_cert_file: /Volumes/system/etc/certificates/mail.abc.edu.crt
enable_quota_warnings: yes
log_rolling_days_enabled: 0
log_rolling_days: 1
lmtp_over_quota_perm_failure: yes
imap_auth_plain: yes
imap_auth_md5: yes
lmtp_luser_relay: joshua
pop_auth_apop: yes
tls_server_options: use
tls_ca_file: /Volumes/system/etc/certificates/mail.abc.edu.ca-bundle


OS X POP3 Log

Mar 20 10:42:47 webserver pop3[12181]: starttls: TLSv1 with cipher AES256-SHA (256/256 bits new) no authentication
Mar 20 10:43:31 webserver pop3[12261]: executed
Mar 20 10:43:31 webserver pop3[12261]: accepted connection
Mar 20 10:43:36 webserver pop3[12261]: badlogin: jt.abc.edu [10.10.1.123] CRAM-MD5 user not found



This is a log of the Thunderbird POP3 process


-1604083808[1109db0]: RECV: +OK mailserver.abc.edu Cyrus POP3 v2.3.8-OS X Server 10.5: 9A562 server ready <1261331586.1205925688@xxxxxxxxxxxxxxxxxx>
-1604083808[1109db0]: POP3: Entering state: 29
-1604083808[1109db0]: SEND: AUTH
-1604083808[1109db0]: Entering NET_ProcessPop3 159
-1604083808[1109db0]: POP3: Entering state: 3
-1604083808[1109db0]: RECV: +OK List of supported mechanisms follows
-1604083808[1109db0]: POP3: Entering state: 30
-1604083808[1109db0]: RECV: SMB-NTLMv2
-1604083808[1109db0]: POP3: Entering state: 30
-1604083808[1109db0]: RECV: SMB-NT
-1604083808[1109db0]: POP3: Entering state: 30
-1604083808[1109db0]: RECV: SMB-LAN-MANAGER
-1604083808[1109db0]: POP3: Entering state: 30
-1604083808[1109db0]: RECV: MS-CHAPv2
-1604083808[1109db0]: POP3: Entering state: 30
-1604083808[1109db0]: RECV: PPS
-1604083808[1109db0]: POP3: Entering state: 30
-1604083808[1109db0]: RECV: OTP
-1604083808[1109db0]: POP3: Entering state: 30
-1604083808[1109db0]: RECV: GSSAPI
-1604083808[1109db0]: POP3: Entering state: 30
-1604083808[1109db0]: RECV: DIGEST-MD5
-1604083808[1109db0]: POP3: Entering state: 30
-1604083808[1109db0]: RECV: CRAM-MD5
-1604083808[1109db0]: POP3: Entering state: 30
-1604083808[1109db0]: RECV: WEBDAV-DIGEST
-1604083808[1109db0]: POP3: Entering state: 30
-1604083808[1109db0]: RECV: DHX
-1604083808[1109db0]: POP3: Entering state: 30
-1604083808[1109db0]: RECV: APOP
-1604083808[1109db0]: POP3: Entering state: 30
-1604083808[1109db0]: RECV: .
-1604083808[1109db0]: POP3: Entering state: 31
-1604083808[1109db0]: SEND: CAPA
-1604083808[1109db0]: Entering NET_ProcessPop3 206
-1604083808[1109db0]: POP3: Entering state: 3
-1604083808[1109db0]: RECV: +OK List of capabilities follows
-1604083808[1109db0]: POP3: Entering state: 32
-1604083808[1109db0]: RECV: SASL APOP
-1604083808[1109db0]: POP3: Entering state: 32
-1604083808[1109db0]: RECV: STLS
-1604083808[1109db0]: POP3: Entering state: 32
-1604083808[1109db0]: RECV: EXPIRE NEVER
-1604083808[1109db0]: POP3: Entering state: 32
-1604083808[1109db0]: RECV: LOGIN-DELAY 0
-1604083808[1109db0]: POP3: Entering state: 32
-1604083808[1109db0]: RECV: TOP
-1604083808[1109db0]: POP3: Entering state: 32
-1604083808[1109db0]: RECV: UIDL
-1604083808[1109db0]: POP3: Entering state: 32
-1604083808[1109db0]: RECV: PIPELINING
-1604083808[1109db0]: POP3: Entering state: 32
-1604083808[1109db0]: RECV: RESP-CODES
-1604083808[1109db0]: POP3: Entering state: 32
-1604083808[1109db0]: RECV: AUTH-RESP-CODE
-1604083808[1109db0]: POP3: Entering state: 32
-1604083808[1109db0]: RECV: USER
-1604083808[1109db0]: POP3: Entering state: 32
-1604083808[1109db0]: RECV: IMPLEMENTATION Cyrus POP3 server v2.3.8-OS X Server 10.5: 9A562
-1604083808[1109db0]: POP3: Entering state: 32
-1604083808[1109db0]: RECV: .
-1604083808[1109db0]: POP3: Entering state: 33
-1604083808[1109db0]: SEND: STLS
-1604083808[1109db0]: Entering NET_ProcessPop3 31
-1604083808[1109db0]: POP3: Entering state: 3
-1604083808[1109db0]: RECV: +OK Begin TLS negotiation now
-1604083808[1109db0]: POP3: Entering state: 45
-1604083808[1109db0]: POP3: Entering state: 29
-1604083808[1109db0]: SEND: AUTH
-1604083808[1109db0]: Entering NET_ProcessPop3 173
-1604083808[1109db0]: POP3: Entering state: 3
-1604083808[1109db0]: RECV: +OK List of supported mechanisms follows
-1604083808[1109db0]: POP3: Entering state: 30
-1604083808[1109db0]: RECV: SMB-NTLMv2
-1604083808[1109db0]: POP3: Entering state: 30
-1604083808[1109db0]: RECV: SMB-NT
-1604083808[1109db0]: POP3: Entering state: 30
-1604083808[1109db0]: RECV: SMB-LAN-MANAGER
-1604083808[1109db0]: POP3: Entering state: 30
-1604083808[1109db0]: RECV: MS-CHAPv2
-1604083808[1109db0]: POP3: Entering state: 30
-1604083808[1109db0]: RECV: PPS
-1604083808[1109db0]: POP3: Entering state: 30
-1604083808[1109db0]: RECV: PLAIN
-1604083808[1109db0]: POP3: Entering state: 30
-1604083808[1109db0]: RECV: OTP
-1604083808[1109db0]: POP3: Entering state: 30
-1604083808[1109db0]: RECV: LOGIN
-1604083808[1109db0]: POP3: Entering state: 30
-1604083808[1109db0]: RECV: GSSAPI
-1604083808[1109db0]: POP3: Entering state: 30
-1604083808[1109db0]: RECV: DIGEST-MD5
-1604083808[1109db0]: POP3: Entering state: 30
-1604083808[1109db0]: RECV: CRAM-MD5
-1604083808[1109db0]: POP3: Entering state: 30
-1604083808[1109db0]: RECV: WEBDAV-DIGEST
-1604083808[1109db0]: POP3: Entering state: 30
-1604083808[1109db0]: RECV: DHX
-1604083808[1109db0]: POP3: Entering state: 30
-1604083808[1109db0]: RECV: APOP
-1604083808[1109db0]: POP3: Entering state: 30
-1604083808[1109db0]: RECV: .
-1604083808[1109db0]: POP3: Entering state: 31
-1604083808[1109db0]: SEND: CAPA
-1604083808[1109db0]: Entering NET_ProcessPop3 200
-1604083808[1109db0]: POP3: Entering state: 3
-1604083808[1109db0]: RECV: +OK List of capabilities follows
-1604083808[1109db0]: POP3: Entering state: 32
-1604083808[1109db0]: RECV: SASL APOP
-1604083808[1109db0]: POP3: Entering state: 32
-1604083808[1109db0]: RECV: EXPIRE NEVER
-1604083808[1109db0]: POP3: Entering state: 32
-1604083808[1109db0]: RECV: LOGIN-DELAY 0
-1604083808[1109db0]: POP3: Entering state: 32
-1604083808[1109db0]: RECV: TOP
-1604083808[1109db0]: POP3: Entering state: 32
-1604083808[1109db0]: RECV: UIDL
-1604083808[1109db0]: POP3: Entering state: 32
-1604083808[1109db0]: RECV: PIPELINING
-1604083808[1109db0]: POP3: Entering state: 32
-1604083808[1109db0]: RECV: RESP-CODES
-1604083808[1109db0]: POP3: Entering state: 32
-1604083808[1109db0]: RECV: AUTH-RESP-CODE
-1604083808[1109db0]: POP3: Entering state: 32
-1604083808[1109db0]: RECV: USER
-1604083808[1109db0]: POP3: Entering state: 32
-1604083808[1109db0]: RECV: IMPLEMENTATION Cyrus POP3 server v2.3.8-OS X Server 10.5: 9A562
-1604083808[1109db0]: POP3: Entering state: 32
-1604083808[1109db0]: RECV: .
-1604083808[1109db0]: POP3: Entering state: 33
-1604083808[1109db0]: POP3: Entering state: 46
-1604083808[1109db0]: POP3: Entering state: 33
-1604083808[1109db0]: POP3: Entering state: 5
-1604083808[1109db0]: SEND: AUTH CRAM-MD5
-1604083808[1109db0]: Entering NET_ProcessPop3 64
-1604083808[1109db0]: POP3: Entering state: 3
-1604083808[1109db0]: RECV: + PDExMzk5somerandomcharsforpublickey?MuZWR1LnNnPg==
-1604083808[1109db0]: POP3: Entering state: 34
-1604083808[1109db0]: POP3: Entering state: 6
-1604083808[1109db0]: Logging suppressed for this command (it probably contained authentication information)
-1604083808[1109db0]: Entering NET_ProcessPop3 52
-1604083808[1109db0]: POP3: Entering state: 3
-1604083808[1109db0]: RECV: -ERR [AUTH] authenticating: authentication failure
----
Cyrus Home Page: http://cyrusimap.web.cmu.edu/
Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
[Index of Archives]     [Cyrus SASL]     [Squirrel Mail]     [Asterisk PBX]     [Video For Linux]     [Photo]     [Yosemite News]     [gtk]     [KDE]     [Gimp on Windows]     [Steve's Art]

  Powered by Linux