<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<div class="moz-cite-prefix">Another strange this. The encrypted
passwords would not be a problem if I could get TLS working, I
could auth with <b>login_sasl_server</b> but even though exim
appears to be advertising STARTTLS none of the MUA clients I've
tested recognise the TLS. (Thunderbird and Outlos 2013)<br>
<br>
When I use swaks to test the connection I get:<br>
<blockquote><tt>root@vm-manager:~# swaks -a -tls -q HELO -s
chemainus.mjbrownloos.com -au hire -ap '<>'</tt><br>
<tt>=== Trying chemainus.mjbrownloos.com:25...</tt><br>
<tt>=== Connected to chemainus.mjbrownloos.com.</tt><br>
<tt><- 220 blmail.chemainus.mjbrownloos.com ESMTP Exim 4.80
Wed, 19 Feb 2014 20:57:30 -0800</tt><br>
<tt> -> EHLO vm-manager.chemaimus.tracker-software.com</tt><br>
<tt><- 250-blmail.chemainus.mjbrownloos.com Hello
vm-manager.chemaimus.tracker-software.com [192.168.4.254]</tt><br>
<tt><- 250-SIZE 52428800</tt><br>
<tt><- 250-8BITMIME</tt><br>
<tt><- 250-PIPELINING</tt><br>
<tt><- 250-STARTTLS</tt><br>
<tt><- 250 HELP</tt><br>
<tt> -> STARTTLS</tt><br>
<tt><- 220 TLS go ahead</tt><br>
<tt>=== TLS started w/ cipher DHE-RSA-AES256-SHA</tt><br>
<tt>=== TLS peer subject DN="/C=CA/ST=British
Columbia/L=Chemainus/O=MJ Brown Ltd/OU=Brown
Loos/CN=blmail.chemainus.mjbrownloos.com"</tt><br>
<tt> ~> EHLO vm-manager.chemaimus.tracker-software.com</tt><br>
<tt><~ 250-blmail.chemainus.mjbrownloos.com Hello
vm-manager.chemaimus.tracker-software.com [192.168.4.254]</tt><br>
<tt><~ 250-SIZE 52428800</tt><br>
<tt><~ 250-8BITMIME</tt><br>
<tt><~ 250-PIPELINING</tt><br>
<tt><~ 250-AUTH DIGEST-MD5</tt><br>
<tt><~ 250 HELP</tt><br>
<tt> ~> QUIT</tt><br>
<tt><~ 221 blmail.chemainus.mjbrownloos.com closing
connection</tt><br>
<tt>=== Connection closed with remote host.</tt><br>
</blockquote>
so why would clients not be able to use TLS? Auto-config in both
clients returns with no TLS options. <br>
<br>
confused but determined to get there...<br>
<div class="moz-signature">
<div style="font-family:Arial;font-size:12px">
<p><strong>Paul O’Rorke</strong>
Tracker Software Products
<a href="mailto:paul.ororke@tracker-software.com">paul@tracker-software.com</a>
<br>
</p>
</div>
</div>
On 2/19/2014 8:50 PM, Paul O'Rorke wrote:<br>
</div>
<blockquote cite="mid:5305898D.20308@tracker-software.com"
type="cite">
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
<div class="moz-cite-prefix">Hi again guys,<br>
<br>
thanks for the help thus far. I have managed to get cyrus
talking with exim to deliver mail (the -a inside the quotes did
this) and I have the cyrus_sasl driver authenticating using
DIGEST-MD5:<br>
<blockquote><tt>digest_md5_sasl_server:</tt><br>
<tt> driver = cyrus_sasl</tt><br>
<tt> public_name = DIGEST-MD5</tt><br>
<tt> server_realm = chemainus.mjbrownloos.com</tt><br>
<tt> server_set_id = $auth1</tt><br>
<tt> .ifndef AUTH_SERVER_ALLOW_NOTLS_PASSWORDS</tt><br>
<tt> server_advertise_condition = ${if
eq{$tls_cipher}{}{}{*}}</tt><br>
<tt> .endif</tt><br>
</blockquote>
I can receive mail OK, exim passes it to cyrus and I can work
with mailboxes in Thunderbird however I don't seem to be able to
authenticate to the SMTP server when sending. Do I need to
specify a separate auth for sending through SMTP?<br>
<br>
If I turn on <b>AUTH_SERVER_ALLOW_NOTLS_PASSWORDS = yes</b> I
can send if I enable <b>login_sasl_server</b> but I'm sending
plaintext passwords. :-(<br>
<br>
If I turn off <b>AUTH_SERVER_ALLOW_NOTLS_PASSWORDS = yes</b>
then I cannot send using <b>login_sasl_server</b> because it
obviously needs an encrypted password but I keep getting the
message relay not permitted.<br>
<br>
If I disable login_sasl_server leaving only the <b>digest_md5_sasl_server</b>
I still get relay not permitted so it seems it's not
authenticating on send.<br>
<br>
If it can authenticate for IMAP using <b>digest_md5_sasl_server</b>
why would it fail when sending? <br>
<br>
regards<br>
<div class="moz-signature">
<div style="font-family:Arial;font-size:12px">
<p><strong>Paul O’Rorke</strong><br>
Tracker Software Products <a moz-do-not-send="true"
href="mailto:paul.ororke@tracker-software.com">paul@tracker-software.com</a><br>
<br>
</p>
</div>
</div>
On 2/17/2014 12:42 AM, Vladislav Kurz wrote:<br>
</div>
<blockquote
cite="mid:201402170942.36271.vladislav.kurz@webstep.net"
type="cite">
<meta name="qrichtext" content="1">
<style type="text/css">
p, li { white-space: pre-wrap; }
</style>
<p style=" margin-top:0px; margin-bottom:0px; margin-left:0px;
margin-right:0px; -qt-block-indent:0; text-indent:0px;
-qt-user-state:0;">On Saturday 15 of February 2014 00:05:59
Paul O'Rorke wrote:</p>
<p style=" margin-top:0px; margin-bottom:0px; margin-left:0px;
margin-right:0px; -qt-block-indent:0; text-indent:0px;
-qt-user-state:0;">> If I don't use any encrypted passwords
I can log in, work with</p>
<p style=" margin-top:0px; margin-bottom:0px; margin-left:0px;
margin-right:0px; -qt-block-indent:0; text-indent:0px;
-qt-user-state:0;">> mailboxes, receive mail but not send
(relay not permitted which I</p>
<p style=" margin-top:0px; margin-bottom:0px; margin-left:0px;
margin-right:0px; -qt-block-indent:0; text-indent:0px;
-qt-user-state:0;">> suspect is so as to not be an open
relay..?)</p>
<p style="-qt-paragraph-type:empty; margin-top:0px;
margin-bottom:0px; margin-left:0px; margin-right:0px;
-qt-block-indent:0; text-indent:0px; "> </p>
<p style=" margin-top:0px; margin-bottom:0px; margin-left:0px;
margin-right:0px; -qt-block-indent:0; text-indent:0px;
-qt-user-state:0;">You can always set relay_nets (using
"dpkg-reconfigure exim4-config") to your local subnet.</p>
<p style="-qt-paragraph-type:empty; margin-top:0px;
margin-bottom:0px; margin-left:0px; margin-right:0px;
-qt-block-indent:0; text-indent:0px; "> </p>
<p style=" margin-top:0px; margin-bottom:0px; margin-left:0px;
margin-right:0px; -qt-block-indent:0; text-indent:0px;
-qt-user-state:0;">> What do I need to do to authenticate
with the cyrus_sasl db? Why would</p>
<p style=" margin-top:0px; margin-bottom:0px; margin-left:0px;
margin-right:0px; -qt-block-indent:0; text-indent:0px;
-qt-user-state:0;">> the authenticator driver "cyrus_sasl"
not be available? Do I need to</p>
<p style=" margin-top:0px; margin-bottom:0px; margin-left:0px;
margin-right:0px; -qt-block-indent:0; text-indent:0px;
-qt-user-state:0;">> enable that somewhere?</p>
<p style="-qt-paragraph-type:empty; margin-top:0px;
margin-bottom:0px; margin-left:0px; margin-right:0px;
-qt-block-indent:0; text-indent:0px; "> </p>
<p style=" margin-top:0px; margin-bottom:0px; margin-left:0px;
margin-right:0px; -qt-block-indent:0; text-indent:0px;
-qt-user-state:0;">I'm not sure but check if you have
installed these packages:</p>
<p style="-qt-paragraph-type:empty; margin-top:0px;
margin-bottom:0px; margin-left:0px; margin-right:0px;
-qt-block-indent:0; text-indent:0px; "> </p>
<p style=" margin-top:0px; margin-bottom:0px; margin-left:0px;
margin-right:0px; -qt-block-indent:0; text-indent:0px;
-qt-user-state:0;">sasl2-bin, libsasl2-modules and
exim4-daemon-heavy (instead of -light).</p>
<p style="-qt-paragraph-type:empty; margin-top:0px;
margin-bottom:0px; margin-left:0px; margin-right:0px;
-qt-block-indent:0; text-indent:0px; "> </p>
<p style=" margin-top:0px; margin-bottom:0px; margin-left:0px;
margin-right:0px; -qt-block-indent:0; text-indent:0px;
-qt-user-state:0;">> I've read so many conflicting pages
I've completely confused myself.</p>
<p style=" margin-top:0px; margin-bottom:0px; margin-left:0px;
margin-right:0px; -qt-block-indent:0; text-indent:0px;
-qt-user-state:0;">> Maybe I should be looking at TLS/SSL
now...</p>
<p style="-qt-paragraph-type:empty; margin-top:0px;
margin-bottom:0px; margin-left:0px; margin-right:0px;
-qt-block-indent:0; text-indent:0px; "> </p>
<p style=" margin-top:0px; margin-bottom:0px; margin-left:0px;
margin-right:0px; -qt-block-indent:0; text-indent:0px;
-qt-user-state:0;">If you are on secure net, try setting
AUTH_SERVER_ALLOW_NOTLS_PASSWORDS = yes (in
conf.d/main/00_whatever), to allow plaintext auth.</p>
<p style="-qt-paragraph-type:empty; margin-top:0px;
margin-bottom:0px; margin-left:0px; margin-right:0px;
-qt-block-indent:0; text-indent:0px; "> </p>
<p style=" margin-top:0px; margin-bottom:0px; margin-left:0px;
margin-right:0px; -qt-block-indent:0; text-indent:0px;
-qt-user-state:0;">-- </p>
<p style=" margin-top:0px; margin-bottom:0px; margin-left:0px;
margin-right:0px; -qt-block-indent:0; text-indent:0px;
-qt-user-state:0;">S pozdravem</p>
<p style=" margin-top:0px; margin-bottom:0px; margin-left:0px;
margin-right:0px; -qt-block-indent:0; text-indent:0px;
-qt-user-state:0;"> Vladislav Kurz</p>
<p style="-qt-paragraph-type:empty; margin-top:0px;
margin-bottom:0px; margin-left:0px; margin-right:0px;
-qt-block-indent:0; text-indent:0px; "> </p>
<p style=" margin-top:0px; margin-bottom:0px; margin-left:0px;
margin-right:0px; -qt-block-indent:0; text-indent:0px;
-qt-user-state:0;">=== WebStep, s.r.o. (Ltd.) ========= a step
to the Web ===</p>
<p style=" margin-top:0px; margin-bottom:0px; margin-left:0px;
margin-right:0px; -qt-block-indent:0; text-indent:0px;
-qt-user-state:0;">address: Mezirka 1, 602 00 Brno, CZ, tel:
+420 548 214 711</p>
<p style=" margin-top:0px; margin-bottom:0px; margin-left:0px;
margin-right:0px; -qt-block-indent:0; text-indent:0px;
-qt-user-state:0;">=== <a moz-do-not-send="true"
class="moz-txt-link-abbreviated"
href="http://www.webstep.net">www.webstep.net</a> ======= <a
moz-do-not-send="true" class="moz-txt-link-abbreviated"
href="mailto:vladislav.kurz@webstep.net">vladislav.kurz@webstep.net</a>
===</p>
<p style="-qt-paragraph-type:empty; margin-top:0px;
margin-bottom:0px; margin-left:0px; margin-right:0px;
-qt-block-indent:0; text-indent:0px; "> </p>
<p style="-qt-paragraph-type:empty; margin-top:0px;
margin-bottom:0px; margin-left:0px; margin-right:0px;
-qt-block-indent:0; text-indent:0px; "> </p>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">----
Cyrus Home Page: <a moz-do-not-send="true" class="moz-txt-link-freetext" href="http://www.cyrusimap.org/">http://www.cyrusimap.org/</a>
List Archives/Info: <a moz-do-not-send="true" class="moz-txt-link-freetext" href="http://lists.andrew.cmu.edu/pipermail/info-cyrus/">http://lists.andrew.cmu.edu/pipermail/info-cyrus/</a>
To Unsubscribe:
<a moz-do-not-send="true" class="moz-txt-link-freetext" href="https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus">https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus</a></pre>
</blockquote>
<br>
</blockquote>
<br>
</body>
</html>