Blake,
What sasl lines do you have in /etc/imapd.conf. Do you have any proxies
installed?
"pop3PRTC" in your syslog looks suspicious...:
Usually, pop3 and imap will offer the same mechanisms based on this
config item:
sasl_mech_list: x x x
if this line is commented out, then sasl should attempt to initialize
all available mechs.
Be on the lookout for customization like this (which overrides the
sasl_mech_list config item):
pop3_mech_list: x x x
imap_mech_list: x x x
- Dan
Blake Hudson wrote:
Thanks for the reply Scott. I can auth as you described using the
User/Pass method (allowplaintext: is already set to 1 and I've also
tried sasl_minimum_layer: 0 at the same time).
My concern is that over port 110 the server is only advertising CRAM-MD5
and DIGEST-MD5. POP3s appears to be advertising PLAIN. Why isn't PLAIN
advertised over both?
--Blake
-------- Original Message --------
Subject: Re: 'PLAIN encryption needed to use mechanism' error
From: Scott M. Likens <damm@xxxxxxxxx>
To: Blake Hudson <blake@xxxxxxxx>
Cc: info-cyrus@xxxxxxxxxxxxxxxxxxxx
Date: Wednesday, July 29, 2009 1:30:46 AM
Hi Blake,
Actually pop3 by default should be using plain, like
damm@desolation> telnet localhost
pop3
~
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
+OK desolation Cyrus POP3 v2.3.14 server ready
<8505169291665378509.1248848742@desolation>
user root
+OK Name is a valid mailbox
pass toor
+OK Mailbox locked and ready
However, if you man imapd.conf you will notice there is such an option
as,
allowplaintext: 0
You may need to change that to 1, in order for plaintext ala pop3 to
work.
Scott
On Jul 28, 2009, at 10:44 PM, Blake Hudson wrote:
-------- Original Message --------
Subject: 'PLAIN encryption needed to use mechanism' error
From: Blake Hudson <blake@xxxxxxxx>
To: info-cyrus@xxxxxxxxxxxxxxxxxxxx
Date: Wednesday, July 29, 2009 12:13:52 AM
I recently setup a new server and everything tested well. However, once
in production I am seeing errors like the following:
pop3PRTC[20896]: badlogin: [204.x.x.x] PLAIN encryption needed to use
mechanism
I wasn't aware that POP utilized other mechanisms? I can login just
fine
with telnet and tbird, and cannot replicate this error myself. Any
ideas?
--Blake
Looks like the POP side is not advertising LOGIN/PLAIN auth types while
the imap side is. Is this the intended behavior?
In my imapd.conf i have the following mech list defined:
sasl_mech_list: PLAIN LOGIN CRAM-MD5 DIGEST-MD5
---------------------- POP3----------------------
+OK twinP Cyrus POP3 v2.3.7-Invoca-RPM-2.3.7-2.el5 server ready
<173180331313918
17429.1248845988@twinP>
auth
+OK List of supported mechanisms follows
DIGEST-MD5
CRAM-MD5
..
--------------------------------------------
----------------------IMAP----------------------
* OK [CAPABILITY IMAP4 IMAP4rev1 LITERAL+ ID STARTTLS AUTH=DIGEST-MD5
AUTH=LOGIN
AUTH=PLAIN AUTH=CRAM-MD5 SASL-IR] twinP Cyrus IMAP4
v2.3.7-Invoca-RPM-2.3.7-2.el5 server ready
--------------------------------------------
I suppose this is likely a bad client that is not refreshing its mech
list after the server switch, but I'd still like to know how to resolve
the issue server side (if possible).
-Blake
----
Cyrus Home Page: http://cyrusimap.web.cmu.edu/
Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
!DSPAM:4a6fe485262521931426455!
|
----
Cyrus Home Page: http://cyrusimap.web.cmu.edu/
Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
