<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<div class="moz-cite-prefix">Thanks Vlad,<br>
<br>
<blockquote type="cite">the last three lines (ifnedef - endif) can
be IMHO deleted, because DIGEST-MD5 (and CRAM-MD5 and NTLM) do
not send plaintext passwords, so should be allowed even on
otherwise unencrypted connection.</blockquote>
commented out.<br>
<br>
<blockquote type="cite">Check if user Debian-exim is member of
sasl group - to get access to /etc/sasldb2.</blockquote>
<blockquote><tt><a class="moz-txt-link-abbreviated" href="mailto:root@blmail:/etc/exim4/conf.d#">root@blmail:/etc/exim4/conf.d#</a> groups Debian-exim</tt><br>
<tt>Debian-exim : Debian-exim root mail sasl cyrus</tt><br>
<tt><a class="moz-txt-link-abbreviated" href="mailto:root@blmail:/etc/exim4/conf.d#">root@blmail:/etc/exim4/conf.d#</a> ls -l /etc/sasldb2</tt><br>
<tt>-rw-rw---- 1 cyrus Debian-exim 12288 Feb 19 20:19
/etc/sasldb2</tt><br>
</blockquote>
Looks right to me...<br>
<br>
<br>
<blockquote type="cite">Thunderbird has separate auth setting for
SMTP, hovewer you should specify the same user/pass as for IMAP.
Check also the option "auth method" and set encrypted password -
which is luser translation of DIGEST/CRAM-MD5.</blockquote>
<br>
<br>
It seems that exim is not using the same auth as cyrus. TB
doesn't recognise the encrypted passwords option. Nor does
Outlook so I don't think it's the MUA.<br>
<br>
When I let TB query the server for settings it correctly returns
with 'Encrypted password' for IMAP but 'Password, transmitted
insecurely' for SMTP. Leaving that setting results in the
expected 'relay not permitted' setting it in TB to use 'Encrypted
password' results in the following error message in TB:<br>
<blockquote><tt>Sending of message failed.</tt><br>
<tt>The SMTP server chemainus.mjbrownloos.com does not support
the selected authentication method. Please change the
'Authentication method' in the 'Account Settings | Outgoing
Server (SMTP)'.</tt><br>
</blockquote>
I'm watching (tail -f) the following 4 log files when I send
(/var/log/exim/ has only mainlog and rejectlog):<br>
<blockquote><tt>/var/log/exim4/mainlog</tt><br>
<tt>
/var/log/exim4/rejectlog</tt><br>
<tt>/var/log/syslog</tt><br>
<tt>/var/log/auth.log</tt><br>
</blockquote>
but I'm not seeing anything helpful. Indeed I need to trace the
process on send and find out where is is baulking, any thoughts on
how to find that?<br>
<br>
Since this seems to now be an Exim thing, perhaps at this point I
should be asking this on the exim list?<br>
<div class="moz-signature">
<div style="font-family:Arial;font-size:12px">
<p><strong>Paul O’Rorke</strong>
Tracker Software Products
<a href="mailto:paul.ororke@tracker-software.com">paul@tracker-software.com</a></p>
<br>
</div>
</div>
On 2/20/2014 2:23 AM, Vladislav Kurz wrote:<br>
</div>
<blockquote cite="mid:201402201123.58696.vladislav.kurz@webstep.net"
type="cite">
<meta name="qrichtext" content="1">
<style type="text/css">
p, li { white-space: pre-wrap; }
</style>
<p style=" margin-top:0px; margin-bottom:0px; margin-left:0px;
margin-right:0px; -qt-block-indent:0; text-indent:0px;
-qt-user-state:0;">On Thursday 20 of February 2014 05:50:21 Paul
O'Rorke wrote:</p>
<p style=" margin-top:0px; margin-bottom:0px; margin-left:0px;
margin-right:0px; -qt-block-indent:0; text-indent:0px;
-qt-user-state:0;">> Hi again guys,</p>
<p style=" margin-top:0px; margin-bottom:0px; margin-left:0px;
margin-right:0px; -qt-block-indent:0; text-indent:0px;
-qt-user-state:0;">> </p>
<p style=" margin-top:0px; margin-bottom:0px; margin-left:0px;
margin-right:0px; -qt-block-indent:0; text-indent:0px;
-qt-user-state:0;">> thanks for the help thus far. I have
managed to get cyrus talking with</p>
<p style=" margin-top:0px; margin-bottom:0px; margin-left:0px;
margin-right:0px; -qt-block-indent:0; text-indent:0px;
-qt-user-state:0;">> exim to deliver mail (the -a inside the
quotes did this) and I have the</p>
<p style=" margin-top:0px; margin-bottom:0px; margin-left:0px;
margin-right:0px; -qt-block-indent:0; text-indent:0px;
-qt-user-state:0;">> cyrus_sasl driver authenticating using
DIGEST-MD5:</p>
<p style=" margin-top:0px; margin-bottom:0px; margin-left:0px;
margin-right:0px; -qt-block-indent:0; text-indent:0px;
-qt-user-state:0;">> </p>
<p style=" margin-top:0px; margin-bottom:0px; margin-left:0px;
margin-right:0px; -qt-block-indent:0; text-indent:0px;
-qt-user-state:0;">> digest_md5_sasl_server:</p>
<p style=" margin-top:0px; margin-bottom:0px; margin-left:0px;
margin-right:0px; -qt-block-indent:0; text-indent:0px;
-qt-user-state:0;">> driver = cyrus_sasl</p>
<p style=" margin-top:0px; margin-bottom:0px; margin-left:0px;
margin-right:0px; -qt-block-indent:0; text-indent:0px;
-qt-user-state:0;">> public_name = DIGEST-MD5</p>
<p style=" margin-top:0px; margin-bottom:0px; margin-left:0px;
margin-right:0px; -qt-block-indent:0; text-indent:0px;
-qt-user-state:0;">> server_realm = chemainus.mjbrownloos.com</p>
<p style=" margin-top:0px; margin-bottom:0px; margin-left:0px;
margin-right:0px; -qt-block-indent:0; text-indent:0px;
-qt-user-state:0;">> server_set_id = $auth1</p>
<p style=" margin-top:0px; margin-bottom:0px; margin-left:0px;
margin-right:0px; -qt-block-indent:0; text-indent:0px;
-qt-user-state:0;">> .ifndef
AUTH_SERVER_ALLOW_NOTLS_PASSWORDS</p>
<p style=" margin-top:0px; margin-bottom:0px; margin-left:0px;
margin-right:0px; -qt-block-indent:0; text-indent:0px;
-qt-user-state:0;">> server_advertise_condition = ${if
eq{$tls_cipher}{}{}{*}}</p>
<p style=" margin-top:0px; margin-bottom:0px; margin-left:0px;
margin-right:0px; -qt-block-indent:0; text-indent:0px;
-qt-user-state:0;">> .endif</p>
<p style="-qt-paragraph-type:empty; margin-top:0px;
margin-bottom:0px; margin-left:0px; margin-right:0px;
-qt-block-indent:0; text-indent:0px; "> </p>
<p style=" margin-top:0px; margin-bottom:0px; margin-left:0px;
margin-right:0px; -qt-block-indent:0; text-indent:0px;
-qt-user-state:0;">Hi,</p>
<p style="-qt-paragraph-type:empty; margin-top:0px;
margin-bottom:0px; margin-left:0px; margin-right:0px;
-qt-block-indent:0; text-indent:0px; "> </p>
<p style=" margin-top:0px; margin-bottom:0px; margin-left:0px;
margin-right:0px; -qt-block-indent:0; text-indent:0px;
-qt-user-state:0;">the last three lines (ifnedef - endif) can be
IMHO deleted, because DIGEST-MD5 (and CRAM-MD5 and NTLM) do not
send plaintext passwords, so should be allowed even on otherwise
unencrypted connection.</p>
<p style="-qt-paragraph-type:empty; margin-top:0px;
margin-bottom:0px; margin-left:0px; margin-right:0px;
-qt-block-indent:0; text-indent:0px; "> </p>
<p style=" margin-top:0px; margin-bottom:0px; margin-left:0px;
margin-right:0px; -qt-block-indent:0; text-indent:0px;
-qt-user-state:0;">Check if user Debian-exim is member of sasl
group - to get access to /etc/sasldb2.</p>
<p style="-qt-paragraph-type:empty; margin-top:0px;
margin-bottom:0px; margin-left:0px; margin-right:0px;
-qt-block-indent:0; text-indent:0px; "> </p>
<p style=" margin-top:0px; margin-bottom:0px; margin-left:0px;
margin-right:0px; -qt-block-indent:0; text-indent:0px;
-qt-user-state:0;">> I can receive mail OK, exim passes it to
cyrus and I can work with</p>
<p style=" margin-top:0px; margin-bottom:0px; margin-left:0px;
margin-right:0px; -qt-block-indent:0; text-indent:0px;
-qt-user-state:0;">> mailboxes in Thunderbird however I don't
seem to be able to authenticate</p>
<p style=" margin-top:0px; margin-bottom:0px; margin-left:0px;
margin-right:0px; -qt-block-indent:0; text-indent:0px;
-qt-user-state:0;">> to the SMTP server when sending. Do I
need to specify a separate auth</p>
<p style=" margin-top:0px; margin-bottom:0px; margin-left:0px;
margin-right:0px; -qt-block-indent:0; text-indent:0px;
-qt-user-state:0;">> for sending through SMTP?</p>
<p style="-qt-paragraph-type:empty; margin-top:0px;
margin-bottom:0px; margin-left:0px; margin-right:0px;
-qt-block-indent:0; text-indent:0px; "> </p>
<p style=" margin-top:0px; margin-bottom:0px; margin-left:0px;
margin-right:0px; -qt-block-indent:0; text-indent:0px;
-qt-user-state:0;">Thunderbird has separate auth setting for
SMTP, hovewer you should specify the same user/pass as for IMAP.
Check also the option "auth method" and set encrypted password -
which is luser translation of DIGEST/CRAM-MD5.</p>
<p style="-qt-paragraph-type:empty; margin-top:0px;
margin-bottom:0px; margin-left:0px; margin-right:0px;
-qt-block-indent:0; text-indent:0px; "> </p>
<p style=" margin-top:0px; margin-bottom:0px; margin-left:0px;
margin-right:0px; -qt-block-indent:0; text-indent:0px;
-qt-user-state:0;">> If it can authenticate for IMAP using
*digest_md5_sasl_server* why would</p>
<p style=" margin-top:0px; margin-bottom:0px; margin-left:0px;
margin-right:0px; -qt-block-indent:0; text-indent:0px;
-qt-user-state:0;">> it fail when sending?</p>
<p style="-qt-paragraph-type:empty; margin-top:0px;
margin-bottom:0px; margin-left:0px; margin-right:0px;
-qt-block-indent:0; text-indent:0px; "> </p>
<p style=" margin-top:0px; margin-bottom:0px; margin-left:0px;
margin-right:0px; -qt-block-indent:0; text-indent:0px;
-qt-user-state:0;">Just because IMAP auth is done by cyrus and
SMTP auth by exim ;) Check /var/log/exim/*log, there might be
some hints...</p>
<p style="-qt-paragraph-type:empty; margin-top:0px;
margin-bottom:0px; margin-left:0px; margin-right:0px;
-qt-block-indent:0; text-indent:0px; "> </p>
<p style=" margin-top:0px; margin-bottom:0px; margin-left:0px;
margin-right:0px; -qt-block-indent:0; text-indent:0px;
-qt-user-state:0;">-- </p>
<p style=" margin-top:0px; margin-bottom:0px; margin-left:0px;
margin-right:0px; -qt-block-indent:0; text-indent:0px;
-qt-user-state:0;">S pozdravem</p>
<p style=" margin-top:0px; margin-bottom:0px; margin-left:0px;
margin-right:0px; -qt-block-indent:0; text-indent:0px;
-qt-user-state:0;"> Vladislav Kurz</p>
<p style="-qt-paragraph-type:empty; margin-top:0px;
margin-bottom:0px; margin-left:0px; margin-right:0px;
-qt-block-indent:0; text-indent:0px; "> </p>
<p style=" margin-top:0px; margin-bottom:0px; margin-left:0px;
margin-right:0px; -qt-block-indent:0; text-indent:0px;
-qt-user-state:0;">=== WebStep, s.r.o. (Ltd.) ========= a step
to the Web ===</p>
<p style=" margin-top:0px; margin-bottom:0px; margin-left:0px;
margin-right:0px; -qt-block-indent:0; text-indent:0px;
-qt-user-state:0;">address: Mezirka 1, 602 00 Brno, CZ, tel:
+420 548 214 711</p>
<p style=" margin-top:0px; margin-bottom:0px; margin-left:0px;
margin-right:0px; -qt-block-indent:0; text-indent:0px;
-qt-user-state:0;">=== <a class="moz-txt-link-abbreviated" href="http://www.webstep.net">www.webstep.net</a> =======
<a class="moz-txt-link-abbreviated" href="mailto:vladislav.kurz@webstep.net">vladislav.kurz@webstep.net</a> ===</p>
<p style="-qt-paragraph-type:empty; margin-top:0px;
margin-bottom:0px; margin-left:0px; margin-right:0px;
-qt-block-indent:0; text-indent:0px; "> </p>
<p style="-qt-paragraph-type:empty; margin-top:0px;
margin-bottom:0px; margin-left:0px; margin-right:0px;
-qt-block-indent:0; text-indent:0px; "> </p>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">----
Cyrus Home Page: <a class="moz-txt-link-freetext" href="http://www.cyrusimap.org/">http://www.cyrusimap.org/</a>
List Archives/Info: <a class="moz-txt-link-freetext" href="http://lists.andrew.cmu.edu/pipermail/info-cyrus/">http://lists.andrew.cmu.edu/pipermail/info-cyrus/</a>
To Unsubscribe:
<a class="moz-txt-link-freetext" href="https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus">https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus</a></pre>
</blockquote>
<br>
</body>
</html>