For those interested, this is the list that I used and had Thunderbird, Outlook and AppleMail working with it. sasl_mech_list: APOP USER CRAM-MD5 DIGEST-MD5 Joshua On Mar 31, 2008, at 11:56 PM, Ken Murchison wrote: > You can either remove the CRAM-MD5 SASL plugin, or restrict the list > of advertised mechanisms by using the 'sasl_mech_list' option in > imapd.conf > > > Joshua Tew wrote: >> I have not been able to authenticate POP3 over SSL from thunderbird >> 2.0.0.12 to Cyrus POm.3.8 on a OS X Server 10.5. >> I have narrowed down the cause to be a wrong set of supported >> authentication mechanism being advertised when thunderbird queried >> the POP3 server in AUTH. >> For example, the server responded with CRAM-MD5 as a support >> mechanism in AUTH when it really has not been configured as such, >> not in POP3 anyway. >> I would like to know if it is a configuration issue, is there >> something missing in the OS X configuration of the Cyrus server >> that is supposed to stop CRAM-MD5 and a list of other auth >> mechanism from being advertised as supported in the AUTH process? >> i.e. Apple messed up the configuration/build. >> Or is this a "feature" of this version of the Cyrus server and >> resolved in a later version? >> Or Thunderbird should have used the mechanism listed in CAPA >> response only as CRAM-MD5 only appeared in AUTH. >> Thanks for your help. >> Joshua >> my system generated imapd.conf is as follows: >> admins: cyrusimap >> configdirectory: /var/imap >> partition-default: /var/spool/imap >> unixhierarchysep: yes >> altnamespace: yes >> servername: mailserver.abc.edu >> sievedir: /usr/sieve >> sendmail: /usr/sbin/sendmail >> lmtp_downcase_rcpt: 1 >> unix_group_enable: 0 >> berkeley_txns_max: 400 >> berkeley_locks_max: 20000 >> berkeley_cachesize: 8192 >> berkeley_max_log_region: 2048 >> berkeley_max_log_file: 10240 >> berkeley_max_log_buffer: 2048 >> tls_key_file: /Volumes/system/etc/certificates/mail.abc.edu.key >> quota_warn_frequency_days: 2 >> tls_cert_file: /Volumes/system/etc/certificates/mail.abc.edu.crt >> enable_quota_warnings: yes >> log_rolling_days_enabled: 0 >> log_rolling_days: 1 >> lmtp_over_quota_perm_failure: yes >> imap_auth_plain: yes >> imap_auth_md5: yes >> lmtp_luser_relay: joshua >> pop_auth_apop: yes >> tls_server_options: use >> tls_ca_file: /Volumes/system/etc/certificates/mail.abc.edu.ca-bundle >> OS X POP3 Log >> Mar 20 10:42:47 webserver pop3[12181]: starttls: TLSv1 with cipher >> AES256-SHA (256/256 bits new) no authentication >> Mar 20 10:43:31 webserver pop3[12261]: executed >> Mar 20 10:43:31 webserver pop3[12261]: accepted connection >> Mar 20 10:43:36 webserver pop3[12261]: badlogin: jt.abc.edu >> [10.10.1.123] CRAM-MD5 user not found >> This is a log of the Thunderbird POP3 process >> -1604083808[1109db0]: RECV: +OK mailserver.abc.edu Cyrus POP3 >> v2.3.8-OS X Server 10.5: 9A562 server ready <1261331586.1205925688@xxxxxxxxxxxxxxxxxx >> <mailto:1261331586.1205925688@xxxxxxxxxxxxxxxxxx>> >> -1604083808[1109db0]: POP3: Entering state: 29 >> -1604083808[1109db0]: SEND: AUTH >> -1604083808[1109db0]: Entering NET_ProcessPop3 159 >> -1604083808[1109db0]: POP3: Entering state: 3 >> -1604083808[1109db0]: RECV: +OK List of supported mechanisms follows >> -1604083808[1109db0]: POP3: Entering state: 30 >> -1604083808[1109db0]: RECV: SMB-NTLMv2 >> -1604083808[1109db0]: POP3: Entering state: 30 >> -1604083808[1109db0]: RECV: SMB-NT >> -1604083808[1109db0]: POP3: Entering state: 30 >> -1604083808[1109db0]: RECV: SMB-LAN-MANAGER >> -1604083808[1109db0]: POP3: Entering state: 30 >> -1604083808[1109db0]: RECV: MS-CHAPv2 >> -1604083808[1109db0]: POP3: Entering state: 30 >> -1604083808[1109db0]: RECV: PPS >> -1604083808[1109db0]: POP3: Entering state: 30 >> -1604083808[1109db0]: RECV: OTP >> -1604083808[1109db0]: POP3: Entering state: 30 >> -1604083808[1109db0]: RECV: GSSAPI >> -1604083808[1109db0]: POP3: Entering state: 30 >> -1604083808[1109db0]: RECV: DIGEST-MD5 >> -1604083808[1109db0]: POP3: Entering state: 30 >> -1604083808[1109db0]: RECV: CRAM-MD5 >> -1604083808[1109db0]: POP3: Entering state: 30 >> -1604083808[1109db0]: RECV: WEBDAV-DIGEST >> -1604083808[1109db0]: POP3: Entering state: 30 >> -1604083808[1109db0]: RECV: DHX >> -1604083808[1109db0]: POP3: Entering state: 30 >> -1604083808[1109db0]: RECV: APOP >> -1604083808[1109db0]: POP3: Entering state: 30 >> -1604083808[1109db0]: RECV: . >> -1604083808[1109db0]: POP3: Entering state: 31 >> -1604083808[1109db0]: SEND: CAPA >> -1604083808[1109db0]: Entering NET_ProcessPop3 206 >> -1604083808[1109db0]: POP3: Entering state: 3 >> -1604083808[1109db0]: RECV: +OK List of capabilities follows >> -1604083808[1109db0]: POP3: Entering state: 32 >> -1604083808[1109db0]: RECV: SASL APOP >> -1604083808[1109db0]: POP3: Entering state: 32 >> -1604083808[1109db0]: RECV: STLS >> -1604083808[1109db0]: POP3: Entering state: 32 >> -1604083808[1109db0]: RECV: EXPIRE NEVER >> -1604083808[1109db0]: POP3: Entering state: 32 >> -1604083808[1109db0]: RECV: LOGIN-DELAY 0 >> -1604083808[1109db0]: POP3: Entering state: 32 >> -1604083808[1109db0]: RECV: TOP >> -1604083808[1109db0]: POP3: Entering state: 32 >> -1604083808[1109db0]: RECV: UIDL >> -1604083808[1109db0]: POP3: Entering state: 32 >> -1604083808[1109db0]: RECV: PIPELINING >> -1604083808[1109db0]: POP3: Entering state: 32 >> -1604083808[1109db0]: RECV: RESP-CODES >> -1604083808[1109db0]: POP3: Entering state: 32 >> -1604083808[1109db0]: RECV: AUTH-RESP-CODE >> -1604083808[1109db0]: POP3: Entering state: 32 >> -1604083808[1109db0]: RECV: USER >> -1604083808[1109db0]: POP3: Entering state: 32 >> -1604083808[1109db0]: RECV: IMPLEMENTATION Cyrus POP3 server v2.3.8- >> OS X Server 10.5: 9A562 >> -1604083808[1109db0]: POP3: Entering state: 32 >> -1604083808[1109db0]: RECV: . >> -1604083808[1109db0]: POP3: Entering state: 33 >> -1604083808[1109db0]: SEND: STLS >> -1604083808[1109db0]: Entering NET_ProcessPop3 31 >> -1604083808[1109db0]: POP3: Entering state: 3 >> -1604083808[1109db0]: RECV: +OK Begin TLS negotiation now >> -1604083808[1109db0]: POP3: Entering state: 45 >> -1604083808[1109db0]: POP3: Entering state: 29 >> -1604083808[1109db0]: SEND: AUTH >> -1604083808[1109db0]: Entering NET_ProcessPop3 173 >> -1604083808[1109db0]: POP3: Entering state: 3 >> -1604083808[1109db0]: RECV: +OK List of supported mechanisms follows >> -1604083808[1109db0]: POP3: Entering state: 30 >> -1604083808[1109db0]: RECV: SMB-NTLMv2 >> -1604083808[1109db0]: POP3: Entering state: 30 >> -1604083808[1109db0]: RECV: SMB-NT >> -1604083808[1109db0]: POP3: Entering state: 30 >> -1604083808[1109db0]: RECV: SMB-LAN-MANAGER >> -1604083808[1109db0]: POP3: Entering state: 30 >> -1604083808[1109db0]: RECV: MS-CHAPv2 >> -1604083808[1109db0]: POP3: Entering state: 30 >> -1604083808[1109db0]: RECV: PPS >> -1604083808[1109db0]: POP3: Entering state: 30 >> -1604083808[1109db0]: RECV: PLAIN >> -1604083808[1109db0]: POP3: Entering state: 30 >> -1604083808[1109db0]: RECV: OTP >> -1604083808[1109db0]: POP3: Entering state: 30 >> -1604083808[1109db0]: RECV: LOGIN >> -1604083808[1109db0]: POP3: Entering state: 30 >> -1604083808[1109db0]: RECV: GSSAPI >> -1604083808[1109db0]: POP3: Entering state: 30 >> -1604083808[1109db0]: RECV: DIGEST-MD5 >> -1604083808[1109db0]: POP3: Entering state: 30 >> -1604083808[1109db0]: RECV: CRAM-MD5 >> -1604083808[1109db0]: POP3: Entering state: 30 >> -1604083808[1109db0]: RECV: WEBDAV-DIGEST >> -1604083808[1109db0]: POP3: Entering state: 30 >> -1604083808[1109db0]: RECV: DHX >> -1604083808[1109db0]: POP3: Entering state: 30 >> -1604083808[1109db0]: RECV: APOP >> -1604083808[1109db0]: POP3: Entering state: 30 >> -1604083808[1109db0]: RECV: . >> -1604083808[1109db0]: POP3: Entering state: 31 >> -1604083808[1109db0]: SEND: CAPA >> -1604083808[1109db0]: Entering NET_ProcessPop3 200 >> -1604083808[1109db0]: POP3: Entering state: 3 >> -1604083808[1109db0]: RECV: +OK List of capabilities follows >> -1604083808[1109db0]: POP3: Entering state: 32 >> -1604083808[1109db0]: RECV: SASL APOP >> -1604083808[1109db0]: POP3: Entering state: 32 >> -1604083808[1109db0]: RECV: EXPIRE NEVER >> -1604083808[1109db0]: POP3: Entering state: 32 >> -1604083808[1109db0]: RECV: LOGIN-DELAY 0 >> -1604083808[1109db0]: POP3: Entering state: 32 >> -1604083808[1109db0]: RECV: TOP >> -1604083808[1109db0]: POP3: Entering state: 32 >> -1604083808[1109db0]: RECV: UIDL >> -1604083808[1109db0]: POP3: Entering state: 32 >> -1604083808[1109db0]: RECV: PIPELINING >> -1604083808[1109db0]: POP3: Entering state: 32 >> -1604083808[1109db0]: RECV: RESP-CODES >> -1604083808[1109db0]: POP3: Entering state: 32 >> -1604083808[1109db0]: RECV: AUTH-RESP-CODE >> -1604083808[1109db0]: POP3: Entering state: 32 >> -1604083808[1109db0]: RECV: USER >> -1604083808[1109db0]: POP3: Entering state: 32 >> -1604083808[1109db0]: RECV: IMPLEMENTATION Cyrus POP3 server v2.3.8- >> OS X Server 10.5: 9A562 >> -1604083808[1109db0]: POP3: Entering state: 32 >> -1604083808[1109db0]: RECV: . >> -1604083808[1109db0]: POP3: Entering state: 33 >> -1604083808[1109db0]: POP3: Entering state: 46 >> -1604083808[1109db0]: POP3: Entering state: 33 >> -1604083808[1109db0]: POP3: Entering state: 5 >> -1604083808[1109db0]: SEND: AUTH CRAM-MD5 >> -1604083808[1109db0]: Entering NET_ProcessPop3 64 >> -1604083808[1109db0]: POP3: Entering state: 3 >> -1604083808[1109db0]: RECV: + PDExMzk5somerandomcharsforpublickey? >> MuZWR1LnNnPg== >> -1604083808[1109db0]: POP3: Entering state: 34 >> -1604083808[1109db0]: POP3: Entering state: 6 >> -1604083808[1109db0]: Logging suppressed for this command (it >> probably contained authentication information) >> -1604083808[1109db0]: Entering NET_ProcessPop3 52 >> -1604083808[1109db0]: POP3: Entering state: 3 >> -1604083808[1109db0]: RECV: -ERR [AUTH] authenticating: >> authentication failure >> ------------------------------------------------------------------------ >> ---- >> Cyrus Home Page: http://cyrusimap.web.cmu.edu/ >> Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki >> List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html > > > -- > Kenneth Murchison > Systems Programmer > Project Cyrus Developer/Maintainer > Carnegie Mellon University ---- Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
