You can either remove the CRAM-MD5 SASL plugin, or restrict the list of advertised mechanisms by using the 'sasl_mech_list' option in imapd.conf Joshua Tew wrote: > I have not been able to authenticate POP3 over SSL from thunderbird > 2.0.0.12 to Cyrus POm.3.8 on a OS X Server 10.5. > > > I have narrowed down the cause to be a wrong set of supported > authentication mechanism being advertised when thunderbird queried the > POP3 server in AUTH. > For example, the server responded with CRAM-MD5 as a support mechanism > in AUTH when it really has not been configured as such, not in POP3 anyway. > > > I would like to know if it is a configuration issue, is there something > missing in the OS X configuration of the Cyrus server that is supposed > to stop CRAM-MD5 and a list of other auth mechanism from being > advertised as supported in the AUTH process? i.e. Apple messed up the > configuration/build. > > Or is this a "feature" of this version of the Cyrus server and resolved > in a later version? > > Or Thunderbird should have used the mechanism listed in CAPA response > only as CRAM-MD5 only appeared in AUTH. > > > > Thanks for your help. > > > Joshua > > my system generated imapd.conf is as follows: > > admins: cyrusimap > configdirectory: /var/imap > partition-default: /var/spool/imap > unixhierarchysep: yes > altnamespace: yes > servername: mailserver.abc.edu > sievedir: /usr/sieve > sendmail: /usr/sbin/sendmail > lmtp_downcase_rcpt: 1 > unix_group_enable: 0 > berkeley_txns_max: 400 > berkeley_locks_max: 20000 > berkeley_cachesize: 8192 > berkeley_max_log_region: 2048 > berkeley_max_log_file: 10240 > berkeley_max_log_buffer: 2048 > tls_key_file: /Volumes/system/etc/certificates/mail.abc.edu.key > quota_warn_frequency_days: 2 > tls_cert_file: /Volumes/system/etc/certificates/mail.abc.edu.crt > enable_quota_warnings: yes > log_rolling_days_enabled: 0 > log_rolling_days: 1 > lmtp_over_quota_perm_failure: yes > imap_auth_plain: yes > imap_auth_md5: yes > lmtp_luser_relay: joshua > pop_auth_apop: yes > tls_server_options: use > tls_ca_file: /Volumes/system/etc/certificates/mail.abc.edu.ca-bundle > > > OS X POP3 Log > > Mar 20 10:42:47 webserver pop3[12181]: starttls: TLSv1 with cipher > AES256-SHA (256/256 bits new) no authentication > Mar 20 10:43:31 webserver pop3[12261]: executed > Mar 20 10:43:31 webserver pop3[12261]: accepted connection > Mar 20 10:43:36 webserver pop3[12261]: badlogin: jt.abc.edu > [10.10.1.123] CRAM-MD5 user not found > > > > This is a log of the Thunderbird POP3 process > > > -1604083808[1109db0]: RECV: +OK mailserver.abc.edu Cyrus POP3 v2.3.8-OS > X Server 10.5: 9A562 server ready > <1261331586.1205925688@xxxxxxxxxxxxxxxxxx > <mailto:1261331586.1205925688@xxxxxxxxxxxxxxxxxx>> > -1604083808[1109db0]: POP3: Entering state: 29 > -1604083808[1109db0]: SEND: AUTH > -1604083808[1109db0]: Entering NET_ProcessPop3 159 > -1604083808[1109db0]: POP3: Entering state: 3 > -1604083808[1109db0]: RECV: +OK List of supported mechanisms follows > -1604083808[1109db0]: POP3: Entering state: 30 > -1604083808[1109db0]: RECV: SMB-NTLMv2 > -1604083808[1109db0]: POP3: Entering state: 30 > -1604083808[1109db0]: RECV: SMB-NT > -1604083808[1109db0]: POP3: Entering state: 30 > -1604083808[1109db0]: RECV: SMB-LAN-MANAGER > -1604083808[1109db0]: POP3: Entering state: 30 > -1604083808[1109db0]: RECV: MS-CHAPv2 > -1604083808[1109db0]: POP3: Entering state: 30 > -1604083808[1109db0]: RECV: PPS > -1604083808[1109db0]: POP3: Entering state: 30 > -1604083808[1109db0]: RECV: OTP > -1604083808[1109db0]: POP3: Entering state: 30 > -1604083808[1109db0]: RECV: GSSAPI > -1604083808[1109db0]: POP3: Entering state: 30 > -1604083808[1109db0]: RECV: DIGEST-MD5 > -1604083808[1109db0]: POP3: Entering state: 30 > -1604083808[1109db0]: RECV: CRAM-MD5 > -1604083808[1109db0]: POP3: Entering state: 30 > -1604083808[1109db0]: RECV: WEBDAV-DIGEST > -1604083808[1109db0]: POP3: Entering state: 30 > -1604083808[1109db0]: RECV: DHX > -1604083808[1109db0]: POP3: Entering state: 30 > -1604083808[1109db0]: RECV: APOP > -1604083808[1109db0]: POP3: Entering state: 30 > -1604083808[1109db0]: RECV: . > -1604083808[1109db0]: POP3: Entering state: 31 > -1604083808[1109db0]: SEND: CAPA > -1604083808[1109db0]: Entering NET_ProcessPop3 206 > -1604083808[1109db0]: POP3: Entering state: 3 > -1604083808[1109db0]: RECV: +OK List of capabilities follows > -1604083808[1109db0]: POP3: Entering state: 32 > -1604083808[1109db0]: RECV: SASL APOP > -1604083808[1109db0]: POP3: Entering state: 32 > -1604083808[1109db0]: RECV: STLS > -1604083808[1109db0]: POP3: Entering state: 32 > -1604083808[1109db0]: RECV: EXPIRE NEVER > -1604083808[1109db0]: POP3: Entering state: 32 > -1604083808[1109db0]: RECV: LOGIN-DELAY 0 > -1604083808[1109db0]: POP3: Entering state: 32 > -1604083808[1109db0]: RECV: TOP > -1604083808[1109db0]: POP3: Entering state: 32 > -1604083808[1109db0]: RECV: UIDL > -1604083808[1109db0]: POP3: Entering state: 32 > -1604083808[1109db0]: RECV: PIPELINING > -1604083808[1109db0]: POP3: Entering state: 32 > -1604083808[1109db0]: RECV: RESP-CODES > -1604083808[1109db0]: POP3: Entering state: 32 > -1604083808[1109db0]: RECV: AUTH-RESP-CODE > -1604083808[1109db0]: POP3: Entering state: 32 > -1604083808[1109db0]: RECV: USER > -1604083808[1109db0]: POP3: Entering state: 32 > -1604083808[1109db0]: RECV: IMPLEMENTATION Cyrus POP3 server v2.3.8-OS X > Server 10.5: 9A562 > -1604083808[1109db0]: POP3: Entering state: 32 > -1604083808[1109db0]: RECV: . > -1604083808[1109db0]: POP3: Entering state: 33 > -1604083808[1109db0]: SEND: STLS > -1604083808[1109db0]: Entering NET_ProcessPop3 31 > -1604083808[1109db0]: POP3: Entering state: 3 > -1604083808[1109db0]: RECV: +OK Begin TLS negotiation now > -1604083808[1109db0]: POP3: Entering state: 45 > -1604083808[1109db0]: POP3: Entering state: 29 > -1604083808[1109db0]: SEND: AUTH > -1604083808[1109db0]: Entering NET_ProcessPop3 173 > -1604083808[1109db0]: POP3: Entering state: 3 > -1604083808[1109db0]: RECV: +OK List of supported mechanisms follows > -1604083808[1109db0]: POP3: Entering state: 30 > -1604083808[1109db0]: RECV: SMB-NTLMv2 > -1604083808[1109db0]: POP3: Entering state: 30 > -1604083808[1109db0]: RECV: SMB-NT > -1604083808[1109db0]: POP3: Entering state: 30 > -1604083808[1109db0]: RECV: SMB-LAN-MANAGER > -1604083808[1109db0]: POP3: Entering state: 30 > -1604083808[1109db0]: RECV: MS-CHAPv2 > -1604083808[1109db0]: POP3: Entering state: 30 > -1604083808[1109db0]: RECV: PPS > -1604083808[1109db0]: POP3: Entering state: 30 > -1604083808[1109db0]: RECV: PLAIN > -1604083808[1109db0]: POP3: Entering state: 30 > -1604083808[1109db0]: RECV: OTP > -1604083808[1109db0]: POP3: Entering state: 30 > -1604083808[1109db0]: RECV: LOGIN > -1604083808[1109db0]: POP3: Entering state: 30 > -1604083808[1109db0]: RECV: GSSAPI > -1604083808[1109db0]: POP3: Entering state: 30 > -1604083808[1109db0]: RECV: DIGEST-MD5 > -1604083808[1109db0]: POP3: Entering state: 30 > -1604083808[1109db0]: RECV: CRAM-MD5 > -1604083808[1109db0]: POP3: Entering state: 30 > -1604083808[1109db0]: RECV: WEBDAV-DIGEST > -1604083808[1109db0]: POP3: Entering state: 30 > -1604083808[1109db0]: RECV: DHX > -1604083808[1109db0]: POP3: Entering state: 30 > -1604083808[1109db0]: RECV: APOP > -1604083808[1109db0]: POP3: Entering state: 30 > -1604083808[1109db0]: RECV: . > -1604083808[1109db0]: POP3: Entering state: 31 > -1604083808[1109db0]: SEND: CAPA > -1604083808[1109db0]: Entering NET_ProcessPop3 200 > -1604083808[1109db0]: POP3: Entering state: 3 > -1604083808[1109db0]: RECV: +OK List of capabilities follows > -1604083808[1109db0]: POP3: Entering state: 32 > -1604083808[1109db0]: RECV: SASL APOP > -1604083808[1109db0]: POP3: Entering state: 32 > -1604083808[1109db0]: RECV: EXPIRE NEVER > -1604083808[1109db0]: POP3: Entering state: 32 > -1604083808[1109db0]: RECV: LOGIN-DELAY 0 > -1604083808[1109db0]: POP3: Entering state: 32 > -1604083808[1109db0]: RECV: TOP > -1604083808[1109db0]: POP3: Entering state: 32 > -1604083808[1109db0]: RECV: UIDL > -1604083808[1109db0]: POP3: Entering state: 32 > -1604083808[1109db0]: RECV: PIPELINING > -1604083808[1109db0]: POP3: Entering state: 32 > -1604083808[1109db0]: RECV: RESP-CODES > -1604083808[1109db0]: POP3: Entering state: 32 > -1604083808[1109db0]: RECV: AUTH-RESP-CODE > -1604083808[1109db0]: POP3: Entering state: 32 > -1604083808[1109db0]: RECV: USER > -1604083808[1109db0]: POP3: Entering state: 32 > -1604083808[1109db0]: RECV: IMPLEMENTATION Cyrus POP3 server v2.3.8-OS X > Server 10.5: 9A562 > -1604083808[1109db0]: POP3: Entering state: 32 > -1604083808[1109db0]: RECV: . > -1604083808[1109db0]: POP3: Entering state: 33 > -1604083808[1109db0]: POP3: Entering state: 46 > -1604083808[1109db0]: POP3: Entering state: 33 > -1604083808[1109db0]: POP3: Entering state: 5 > -1604083808[1109db0]: SEND: AUTH CRAM-MD5 > -1604083808[1109db0]: Entering NET_ProcessPop3 64 > -1604083808[1109db0]: POP3: Entering state: 3 > -1604083808[1109db0]: RECV: + > PDExMzk5somerandomcharsforpublickey?MuZWR1LnNnPg== > -1604083808[1109db0]: POP3: Entering state: 34 > -1604083808[1109db0]: POP3: Entering state: 6 > -1604083808[1109db0]: Logging suppressed for this command (it probably > contained authentication information) > -1604083808[1109db0]: Entering NET_ProcessPop3 52 > -1604083808[1109db0]: POP3: Entering state: 3 > -1604083808[1109db0]: RECV: -ERR [AUTH] authenticating: authentication > failure > > > ------------------------------------------------------------------------ > > ---- > Cyrus Home Page: http://cyrusimap.web.cmu.edu/ > Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki > List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html -- Kenneth Murchison Systems Programmer Project Cyrus Developer/Maintainer Carnegie Mellon University ---- Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
