imapsync authentication failure

brian cyruslist at subtropolix.org
Wed Apr 23 14:24:15 EDT 2008 

I'd like to use imapsync to migrate some mailboxes but haven't been able 
to authenticate to the source server with it.

First, here's the failed transaction (run from a 3rd machine):
-- snip --
$RCSfile: imapsync,v $ $Revision: 1.249 $ $Date: 2008/03/19 02:14:24 $
Here is a [linux] system (Linux apollo 2.6.23.12-52.fc7 #1 SMP Tue Dec 
18 21:18:02 EST 2007 i686)
with perl 5.8.8 and the module Mail::IMAPClient version used here is 2.2.9
Command line used :

/usr/bin/imapsync \
--buffersize 8192000 --subscribe --syncinternaldates \
--ssl1 --ssl2 --noauthmd5 \
--authmech1 PLAIN --authmech2 PLAIN \
--host1 mail.SRC_DOMAIN.org --port1 993 \
--user1 USER at VIRT_DOMAIN.ORG --password1 XXXXXXXX \
--host2 mail.DEST_DOMAIN.org --port2 993 \
--user2 USER at VIRT_DOMAIN.ORG --password2 XXXXXXXX \
--dry --debugimap

Turned ON syncinternaldates, will set the internal dates on host2 same 
as host1.
TimeZone :[EDT]
Will try to use PLAIN authentication on host1
Will try to use PLAIN authentication on host2
 From imap server [mail.SRC_DOMAIN.org] port [993] user 
[USER at VIRT_DOMAIN.ORG]
To   imap server [mail.DEST_DOMAIN.org] port [993] user 
[USER at VIRT_DOMAIN.ORG]
 From connection
Banner : No banner
Sending: 1 CAPABILITY

Sent 14 bytes
Read: * OK SRC_DOMAIN.org Cyrus IMAP4 v2.2.10-Invoca-RPM-2.2.10-3.fc2 
server ready

Read: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS
NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND
BINARY SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE IDLE
AUTH=PLAIN AUTH=LOGIN SASL-IR LISTEXT LIST-SUBSCRIBED X-NETSCAPE

Read: 1 OK Completed

Host mail.SRC_DOMAIN.org says it has CAPABILITY for AUTHENTICATE PLAIN
Sending: 2 AUTHENTICATE PLAIN

Sent 22 bytes
Read: +

Sending: YnJpYW5[ ... ]

Sent 74 bytes
Read: 2 NO authentication failure

Error login : [mail.SRC_DOMAIN.org] with user [USER at VIRT_DOMAIN.ORG] 
auth [PLAIN]: 2 NO authentication failure

Trying LOGIN Auth mechanism on [mail.SRC_DOMAIN.org] with user 
[USER at VIRT_DOMAIN.ORG]
Sending: 3 Login "XXXXXXX" XXXXXXX

Sent 42 bytes
Read: 3 NO Login failed: authentication failure

Error login : [mail.SRC_DOMAIN.org] with user [USER at VIRT_DOMAIN.ORG] 
auth [LOGIN] : 3 NO Login failed: authentication failure

-- snip --


The maillog shows the following:

imaps[11553]: accepted connection
master[27353]: about to exec /usr/lib/cyrus-imapd/imapd
imaps[27353]: executed
imaps[11553]: mystore: starting txn 2147503962
imaps[11553]: mystore: committing txn 2147503962
imaps[11553]: starttls: TLSv1 with cipher AES256-SHA (256/256 bits new) 
no authentication
imaps[11553]: badlogin: ... PLAIN [SASL(-13): authentication failure: 
Password verification failed]
imaps[11553]: badlogin: ... plaintext USER at VIRT_DOMAIN.ORG SASL(-13): 
authentication failure: checkpass failed


The server has the following configs:

# rpm -qa | grep -i postfix
postfix-2.3.3-1.pcre.sasl2.vda.fc2

# cat /usr/lib/sasl2/smtpd.conf
pwcheck_method: saslauthd

# ps x | grep sasl
20097 ?        S      0:00 /usr/sbin/saslauthd -m /var/run/saslauthd -a 
getpwent -n 1

# cat /etc/imapd.conf
configdirectory: /var/lib/imap
partition-default: /var/spool/imap
admins: cyrus
sievedir: /var/lib/imap/sieve
sendmail: /usr/sbin/sendmail
hashimapspool: true
unixhierarchysep: no
altnamespace: yes
sasl_pwcheck_method: auxprop
sasl_auxprop_plugin: sasldb
sasl_mech_list: PLAIN LOGIN
tls_cert_file: /etc/postfix/ssl/smtpd-cert.pem
tls_key_file: /etc/postfix/ssl/smtpd-req.pem
tls_ca_file: /etc/postfix/ssl/cacert.pem
defaultdomain: SRC_DOMAIN.org
virtdomains: userid
loginrealms: SRC_DOMAIN.org VIRT_DOMAIN.ORG ...


Also, if I try using the --authuser{1,2} flag to authenticate as cyrus user:

imapsync \
--buffersize 8192000 --subscribe --syncinternaldates \
--ssl1 --ssl2 --noauthmd5 \
--authuser1 cyrus --authuser2 cyrus \
--host1 mail.SRC_DOMAIN.org --port1 993 \
--user1 USER at VIRT_DOMAIN.ORG --password1 XXXXXXXX \
--host2 mail.DEST_DOMAIN.org --port2 993 \
--user2 USER at VIRT_DOMAIN.ORG --password2 XXXXXXXX \
--dry --debugimap

(I'm using the password directly here to be sure the password file 
wasn't the issue)

I get a prompt for the cyrus password for both src & dest servers. Both 
are seemingly accepted. But then I hit the same authentication failure 
because the USER password wasn't included. I'd assumed that it shouldn't 
be, especially because when I then include --password1 & --password2, I 
am NOT prompted for the cyrus password and proceed straight to an 
authentication failure on --user1/--password1.

USER at VIRT_DOMAIN.ORG is in /etc/saslpasswd2 and I've triple-checked the 
password (this is my account and i have no prblems authenticating with a 
client).

Can anyone see anything I'm doing wrong here? I'm fresh out of ideas and 
cannot find any more complete explanation online for using imapsync. I 
can't figure out if I've got a config problem with the server or if I'm 
using the migration tool incorrectly.

More information about the Info-cyrus mailing list