Please help with Cyrus vs MS Outlook over TSL/SSL

Ilya Basin lanmot at cwrussia.ru
Wed Nov 19 11:42:21 EST 2003


On Wednesday 19 November 2003 19:14, Ilya Basin wrote:

I have some additional info.
Sorry to provide you with so big bunch of info...
ALL imtest passed with OK, like:

ilya at torer:~$ imtest -u ilya -p 993 -s localhost -m digest-md5
verify error:num=18:self signed certificate
TLS connection established: TLSv1 with cipher AES256-SHA (256/256 bits)
S: * OK torer Cyrus IMAP4 v2.1.15 server ready
C: C01 CAPABILITY
S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS NAMESPACE 
UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND SORT 
THREAD=ORDEREDSUBJECT THREAD=REFERENCES IDLE AUTH=SRP AUTH=NTLM AUTH=PLAIN 
AUTH=OTP AUTH=DIGEST-MD5 AUTH=CRAM-MD5
S: C01 OK Completed
C: A01 AUTHENTICATE DIGEST-MD5
S: + 
bm9uY2U9InNRVythSmQxaExpa3hJRzY1elZjanloYjdEZ3Jqdmg5VFhhUk5EcEcweGs9IixyZWFsbT0idG9yZXIiLHFvcD0iYXV0aCIsbWF4YnVmPTQwOTYsY2hhcnNldD11dGYtOCxhbGdvcml0aG09bWQ1LXNlc3M=
Please enter your password:
C: 
dXNlcm5hbWU9ImlseWEiLHJlYWxtPSJ0b3JlciIsbm9uY2U9InNRVythSmQxaExpa3hJRzY1elZjanloYjdEZ3Jqdmg5VFhhUk5EcEcweGs9Iixjbm9uY2U9InNuT2NqNWc3MklHenRmdjhEY2dhOXBZL3l1U1ByNnZBRUhtd1VCVk5uYms9IixuYz0wMDAwMDAwMSxxb3A9YXV0aCxtYXhidWY9MTAyNCxkaWdlc3QtdXJpPSJpbWFwL2xvY2FsaG9zdCIscmVzcG9uc2U9ZWYzMGMyZjg0NTFmYzhlNGY4ZDNmZmFlODFlOTBiMWU=
S: + cnNwYXV0aD0xNzcxNTM4MDlkOTdkNWFhYTNkYjNlM2VjOWMzMTZjMg==
C:
S: A01 OK Success (tls protection)
Authenticated.
Security strength factor: 256

ilya at torer:~$ imtest -u ilya -p 993 -s localhost -m ntlm
verify error:num=18:self signed certificate
TLS connection established: TLSv1 with cipher AES256-SHA (256/256 bits)
S: * OK torer Cyrus IMAP4 v2.1.15 server ready
C: C01 CAPABILITY
S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS NAMESPACE 
UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND SORT 
THREAD=ORDEREDSUBJECT THREAD=REFERENCES IDLE AUTH=SRP AUTH=NTLM AUTH=PLAIN 
AUTH=OTP AUTH=DIGEST-MD5 AUTH=CRAM-MD5
S: C01 OK Completed
C: A01 AUTHENTICATE NTLM
S: +
C: TlRMTVNTUAABAAAAB4IAAAAAAAAgAAAAAAAAACAAAAA=
S: + 
TlRMTVNTUAACAAAACgAKADAAAAAFggIAbbWlQikzSmE6IE5UTE0gc2VydmVyIHN0VABPAFIARQBSAA==
Please enter your password:
C: 
TlRMTVNTUAADAAAAGAAYAEAAAAAYABgAWAAAAAoACgBwAAAACAAIAHoAAAAAAAAAggAAAAAAAACCAAAABYIAAHEToITshuMXoNRGSZo1bdBAQShmOVTT3SkZ3vXxYZv/
qzD2aNXrN8FSAcpN8VASAVQATwBSAEUAUgBpAGwAeQBhAA==
S: A01 OK Success (tls protection)
Authenticated.
Security strength factor: 256

ilya at torer:~$ imtest -u ilya -p 993 -s localhost -m cram-md5
verify error:num=18:self signed certificate
TLS connection established: TLSv1 with cipher AES256-SHA (256/256 bits)
S: * OK torer Cyrus IMAP4 v2.1.15 server ready
C: C01 CAPABILITY
S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS NAMESPACE 
UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND SORT 
THREAD=ORDEREDSUBJECT THREAD=REFERENCES IDLE AUTH=SRP AUTH=NTLM AUTH=PLAIN 
AUTH=OTP AUTH=DIGEST-MD5 AUTH=CRAM-MD5
S: C01 OK Completed
C: A01 AUTHENTICATE CRAM-MD5
S: + PDM3NjY0NTMxMjQuMTIyOTU0NDVAdG9yZXI+
Please enter your password:
C: aWx5YSAyNTdkNzgyODA1ZDBkZWFmOTU5YjdhNWQxZGM1YTY4ZA==
S: A01 OK Success (tls protection)
Authenticated.
Security strength factor: 256

ilya at torer:~$ imtest -u ilya -p 993 -s localhost -m OTP
verify error:num=18:self signed certificate
TLS connection established: TLSv1 with cipher AES256-SHA (256/256 bits)
S: * OK torer Cyrus IMAP4 v2.1.15 server ready
C: C01 CAPABILITY
S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS NAMESPACE 
UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND SORT 
THREAD=ORDEREDSUBJECT THREAD=REFERENCES IDLE AUTH=SRP AUTH=NTLM AUTH=PLAIN 
AUTH=OTP AUTH=DIGEST-MD5 AUTH=CRAM-MD5
S: C01 OK Completed
C: A01 AUTHENTICATE OTP
S: +
Please enter your secret pass-phrase:
C: aWx5YQBpbHlh
S: + b3RwLW1kNSA0OTggdG81NTU5IGV4dA==
C: aGV4OjZjZTI4MmFiZTk4ZDIyY2U=
S: A01 OK Success (tls protection)
Authenticated.
Security strength factor: 256

ilya at torer:~$ imtest -u ilya -p 993 -s localhost -m SRP
verify error:num=18:self signed certificate
TLS connection established: TLSv1 with cipher AES256-SHA (256/256 bits)
S: * OK torer Cyrus IMAP4 v2.1.15 server ready
C: C01 CAPABILITY
S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS NAMESPACE 
UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND SORT 
THREAD=ORDEREDSUBJECT THREAD=REFERENCES IDLE AUTH=SRP AUTH=NTLM AUTH=PLAIN 
AUTH=OTP AUTH=DIGEST-MD5 AUTH=CRAM-MD5
S: C01 OK Completed
C: A01 AUTHENTICATE SRP
S: +
Please enter your password:
C: AAAADAAEaWx5YQAEaWx5YQ==
S: + AAABIQEArGvbQTJKmpvxZt5eE4lYL69ytmUZh+4H/
DGSlD21YFCjcynLtKCZ7YGT4HV3Z6E91SMSq0sDMQ3Nf0ip2gT9UOgIOWntt2ewz2CVF5oWOrNmGgX71fqq6CkYqZYvC5O4Vfl5k
+yXXuqoDXQK2/T/dHNZ0EHVwz6nHSgeRGsUdzvKl7Q6I/
uAFna9IHpDbGSB8dK5B4cXRhpbnTLmiPh3SFRFI7UksNV9Xqd6J3XS7PoDLPvb9S
+zeGFgJ5AE5Xrmr4dOcwPOUymczAQce8MI2CpWmPOo0MOCca41+Onb
+7aUtcgD2J965DXeI21SX1R1m2XjcvzWjvIPpxEfnkr/cwABAhBJ7hWfe/7e2sJFsO
+sRX3PAAltZGE9U0hBLTE=
C: AAABDQEAKWbjLQMWWmYoKrbk0FWHDsuvDjALFkKs9c2DYrAt/
TEouoqRBH1R74Bsrf6elkhou3QhhHT7D84y2dVdeSwvGOlFRgtuQcmx
+L7U0f6qPtmTB2sRNiEFcseOiO63bzG0RTU2LFALgFN7/lCBg7N0ihJIrm
+MXTcyMR5Qe2lBI6RTfPS3JkFQ5LVEcmiuO5dkavS0yGaxC53Rf6NeRarMykKpYGF36VvwArO9bceOpuu6jqTCr5s6CXC4X
+WQrWgF8hGG/lHHMYh7Hgwd4tqqQi0EcBKlh/P5SpJvQPqpfg4LiXMXqDVpIHhNcXVC
+pOh3RqMvNcdy1IOb895oIxxZAAJbWRhPVNIQS0x
S: + AAABAgEAJGl12uhl8sCyXie3KMqel79w7EYwVeMEdGxh3f1GpeZ+Yx0YOCg3OMumIaYRbNc/V
+LdCxvkpuBIatZqXf8NNIa19Umb/kn/fqQDWm+ZBt4kl28n+qgD2g2ThmyOg8
+KqmQLSqper4S8ddJ/
U0pLLC7AVpE2EPDHEhzN91ezwOPg1Ju3Db97ZR29VWvwkaNgm9EVAmHcdBZXVY33m8GgvfEHTJwhgDcfk/
QhNX26OoV9p8rYU02Zxsa3ukEWpMkFWYHeOaaZKt+0/kr4/dSyUcOQb+mkXZIc7L4Dg40Y/
Jm2GZyNQA7IuYpojpk32U9t95gkvqThy3nmrwa/pfnEDQ==
C: AAAAFRThh91zewWhKhCTZdqgSd/K02cm8Q==
S: + AAAAFRSyfA/US5ofm5y8MpzYtelWCoxDiw==
C:
S: A01 OK Success (tls protection)
Authenticated.
Security strength factor: 256


> Hi,
> I've spent a week trying to configure cyrus-imapd-2.1.15
> to work with MS Outlook 2000 over TLS/SSL.
> I see no way to fix it... maybe I've missed something?
>
>
> System:
>
> Slackware 9.1
> openssl-09.7c
> cyrus-imapd-cyrus-sasl-2.1.15
> cyrus-imapd-2.1.15
>
> compiled with no errors.
>
> Mozilla Messanger, PINE - checked & work fine with it over port 993
> MS Oultook -> (with the options [secure auth], work over SSL (port 993))
> gives an error "CRAM-MD5 auth failed"
> IMAPD.log:
> ####################################################
> imapd[25702]: starttls: TLSv1 with cipher RC4-MD5(128/128 bits new) no
> authentication
> imapd[25702]: badlogin: [213.152.132.32] NTLM [SASL(-13): user not found:
> no secret in database]
> ###################################################
>
> my imapd.conf:
> ###################################################
> configdirectory:                /usr/local/var/imap
> partition-default:              /usr/local/var/spool/imap
> sieveusehomedir:            false
> admins:                         cyrus, ilya
> allowanonymouslogin:      no
> allowplaintext:                 no
> sendmail:                       /usr/sbin/sendmail
> sasl_pwcheck_method:     saslauthd
> #sasl_mech_list:
> srvtab:                         /etc/ssl
> tls_ca_path:                  /etc/ssl
> tls_ca_file:                    /etc/ssl/server.pem
> tls_cert_file:                  /etc/ssl/server.pem
> tls_key_file:                   /etc/ssl/server.pem
>
> my cyrus.conf:
> ###################################################
> # standard standalone server implementation
>
> START {
>   # do not delete this entry!
>   recover       cmd="ctl_cyrusdb -r"
>
>   # this is only necessary if using idled for IMAP IDLE
> #  idled                cmd="idled"
> }
>
> # UNIX sockets start with a slash and are put into /var/imap/socket
> SERVICES {
>     # add or remove based on preferences
> imap            cmd="imapd" listen="imap" prefork=0
> imaps           cmd="imapd -s" listen="imaps" prefork=0
> pop3            cmd="pop3d" listen="pop3" prefork=0
> pop3s           cmd="pop3d -s" listen="pop3s" prefork=0
>     #  sieve            cmd="timsieved" listen="sieve" prefork=0
>
>   # at least one LMTP is required for delivery
>     #  lmtp             cmd="lmtpd" listen="lmtp" prefork=0
>   lmtpunix      cmd="lmtpd" listen="/var/imap/socket/lmtp" prefork=0
>
>   # this is only necessary if using notifications
> #  notify       cmd="notifyd" listen="/var/imap/socket/notify" proto="udp"
> prefork=1
> }
>
> EVENTS {
>   # this is required
>   checkpoint    cmd="ctl_cyrusdb -c" period=30
>
>   # this is only necessary if using duplicate delivery suppression
>   delprune      cmd="ctl_deliver -E 3" at=0400
>
>   # this is only necessary if caching TLS sessions
>   tlsprune      cmd="tls_prune" at=0400
> }
>
> my imtest -u ilya -s output:
> ###################################################
> ilya at torer:~$ imtest -u ilya -s localhost
> verify error:num=18:self signed certificate
> TLS connection established: TLSv1 with cipher AES256-SHA (256/256 bits)
> S: * OK torer Cyrus IMAP4 v2.1.15 server ready
> C: C01 CAPABILITY
> S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS
> NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND SORT
> THREAD=ORDEREDSUBJECT THREAD=REFERENCES IDLE AUTH=SRP AUTH=NTLM AUTH=PLAIN
> AUTH=OTP AUTH=DIGEST-MD5 AUTH=CRAM-MD5
> S: C01 OK Completed
> C: A01 AUTHENTICATE SRP
> S: +
> Please enter your password:
> C: AAAADAAEaWx5YQAEaWx5YQ==
> S: + AAABIQEArGvbQTJKmpvxZt5eE4lYL69ytmUZh+4H/
> DGSlD21YFCjcynLtKCZ7YGT4HV3Z6E91SMSq0sDMQ3Nf0ip2gT9UOgIOWntt2ewz2CVF5oWOrNm
>GgX71fqq6CkYqZYvC5O4Vfl5k +yXXuqoDXQK2/T/dHNZ0EHVwz6nHSgeRGsUdzvKl7Q6I/
> uAFna9IHpDbGSB8dK5B4cXRhpbnTLmiPh3SFRFI7UksNV9Xqd6J3XS7PoDLPvb9S
> +zeGFgJ5AE5Xrmr4dOcwPOUymczAQce8MI2CpWmPOo0MOCca41+Onb
> +7aUtcgD2J965DXeI21SX1R1m2XjcvzWjvIPpxEfnkr/cwABAhBJ7hWfe/7e2sJFsO
> +sRX3PAAltZGE9U0hBLTE=
> C: AAABDQEAq7MXJsdRD843HkUEX8cH/
> wwTuk4WqoZl97ZQ4PBjHVsz6WO81idFeHBO0r4AzdRTfJmPo32HtgleOLphf1usROjnKH3amiih
>0Kc7p8b8IBH6ZuWJ7HjcaIir0WiSJV3MnYKC5tcrYfra6rhlhnNO7zOcpQfNrywq8qHG7AMdOaSZ
>YR8n60uhD3fPEdcTqaF2bgbvPDAtcfXW8AiDsElbY401Ck9Xl8r1UVsx8T9Sv3QQrbaN9CxPX8T0
>06 +HQfRHJy8S46wnTSwn7y6bYbuwBhrXwGYPNqU4ancS7mY9cTUMb/fPdROWUwGkEbKt/
> c0vWiNu8aUqZ+2b0ijGt7q0mwAJbWRhPVNIQS0x
> S: + AAABAgEAHfp4TXZTfSM+z0QC3NW4my/vcJOCoK0c/IJ5rjOSvP7XcBfbRFvIaKmR
> +K8qjK8feFciImSB4w
> +AuvtYArEuCXsTLAo31mFCWEfjQb8CkYQhqaWht3OIHpMHq2rcsS5hTWvszDQvx6eMhxoGSosJ8
>2JSoXgDvQtP0WuhpvRdz8n88T4Y
> +O3TEFmEz8hktFKK5nvEvsyisOWrADzrjJUfvx/F5tl1AFLpMFB2lWgQ+/2zCbGq9ID+bpS
> +pfGoiY7WfntuLgVDiWbUZruTZyCAz2rKOICCASsVNtYVgAL0+WFeRfh/
> sNQDtN1t6pJYKtXzn7zlgI67LaecWAVEGzSmsw==
> C: AAAAFRQMsbnVGJCD5pP5opXUXUnLXefjnA==
> S: + AAAAFRQKUgxKKRnoElg5H5Zj3wk1duK3jg==
> C:
> S: A01 OK Success (tls protection)
> Authenticated.
> Security strength factor: 256





More information about the Info-cyrus mailing list