Ok thank you for your help, I've tried the allowplaintext: yes but the proxy sieve server I use is still complaining ! I don't know why? I've done a tcp/ip trace of data transmission between proxy and sieve cyrus server and the only thing I see is that : Data (41 bytes) 0000 41 55 54 48 45 4e 54 49 43 41 54 45 20 22 50 4c AUTHENTICATE "PL 0010 41 49 4e 22 20 22 41 47 6c 74 59 58 41 79 41 47 AIN" "AGltYXAyAG 0020 6c 74 59 58 41 79 22 0d 0a ltYXAy".. Data (22 bytes) 0000 4f 4b 20 22 4c 6f 67 6f 75 74 20 43 6f 6d 70 6c OK "Logout Compl 0010 65 74 65 22 0d 0a ete".. How could I debug this ? Raphael Jaffey wrote: > Sorry, we use this setting in our environment as we're using stunnel > for sieved connections rather than its built in TLS support. > > The relevant parts of our current config read: > > sasl_pwcheck_method: saslauthd > sasl_mech_list: PLAIN > > > allowplaintext: no > sasl_minimum_layer: 128 > sieve_allowplaintext: yes > sieve_sasl_minimum_layer: 0 > > tls_cert_file: <some-path> > tls_key_file: <some-path> > tls_ca_file: <some-path> > tls_cipher_list: !ADH:MEDIUM:HIGH > > sieve_tls_cert_file: disabled > > > > In your case, assuming you don't want PLAIN in the clear, I should > think the following would suffice: > > sasl_pwcheck_method: saslauthd > sasl_mech_list: PLAIN > > > allowplaintext: no > sasl_minimum_layer: 128 > > tls_cert_file: <some-path> > tls_key_file: <some-path> > tls_ca_file: <some-path> > tls_cipher_list: !ADH:MEDIUM:HIGH > > This assumes that your sieve client supports TLS. > > Quoting Raphael Jaffey <rjaffey@xxxxxxxxx>: > >> sieve_allowplaintext: yes >> >> Quoting Mathieu Kretchner <mathieu.kretchner@xxxxxxxxxxxxxxx>: >> >>> Hello, >>> >>> I would like to allow connection to sieved server with PLAIN mechanism. >>> But my configuration seems to already have this. What do I miss ? >>> >>> Cyrus is 2.2.12 >>> here is my imapd.conf : >>> >>> configdirectory: /data/imap >>> partition-default: /data/imap/spool >>> servername: imap-sop.inria.fr >>> admins: cyrus >>> hashimapspool: yes >>> duplicatesuppression: no >>> sasl_pwcheck_method: saslauthd >>> allowanonymouslogin: no >>> tls_session_timeout: 0 >>> allowapop: 0 >>> sasl_mech_list: PLAIN >>> sieveuserhomedir: no >>> sievedir: /data/imap/sieve >>> sieve_maxscripts: 8 >>> sieve_maxscriptsize: 640 >>> sendmail: /usr/sbin/sendmail >>> tls_ca_file: /data/imap/ssl/ca.crt >>> tls_cert_file: /data/imap/ssl/server.crt >>> tls_key_file: /data/imap/ssl/server.key >>> tls_ca_path: /data/imap/ssl >>> >>> Thank you >>> >>> >> >> >> ---- >> Cyrus Home Page: http://cyrusimap.web.cmu.edu/ >> Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki >> List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html >> > > > > ---- > Cyrus Home Page: http://cyrusimap.web.cmu.edu/ > Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki > List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
begin:vcard fn:Mathieu Kretchner n:Kretchner;Mathieu org:INRIA;Syslog adr;dom:;;2004 route des lucioles - BP93;Sophia Antipolis;;06902 CEDEX email;internet:mathieu.kretchner@xxxxxxxxxxxxxxx tel;work:04 92 38 76 67 x-mozilla-html:FALSE version:2.1 end:vcard
---- Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
