Please help with Cyrus vs MS Outlook over TSL/SSL

[Ilya Basin]

Hi,
I've spent a week trying to configure cyrus-imapd-2.1.15
to work with MS Outlook 2000 over TLS/SSL.
I see no way to fix it... maybe I've missed something?


System:

Slackware 9.1
openssl-09.7c
cyrus-imapd-cyrus-sasl-2.1.15 
cyrus-imapd-2.1.15

compiled with no errors.

Mozilla Messanger, PINE - checked & work fine with it over port 993
MS Oultook -> (with the options [secure auth], work over SSL (port 993)) gives 
an error "CRAM-MD5 auth failed"
IMAPD.log:
####################################################
imapd[25702]: starttls: TLSv1 with cipher RC4-MD5(128/128 bits new) no 
authentication
imapd[25702]: badlogin: [213.152.132.32] NTLM [SASL(-13): user not found: no 
secret in database]
###################################################

my imapd.conf:
###################################################
configdirectory:                /usr/local/var/imap
partition-default:              /usr/local/var/spool/imap
sieveusehomedir:            false
admins:                         cyrus, ilya
allowanonymouslogin:      no
allowplaintext:                 no
sendmail:                       /usr/sbin/sendmail
sasl_pwcheck_method:     saslauthd
#sasl_mech_list:
srvtab:                         /etc/ssl
tls_ca_path:                  /etc/ssl
tls_ca_file:                    /etc/ssl/server.pem
tls_cert_file:                  /etc/ssl/server.pem
tls_key_file:                   /etc/ssl/server.pem

my cyrus.conf:
###################################################
# standard standalone server implementation

START {
  # do not delete this entry!
  recover       cmd="ctl_cyrusdb -r"

  # this is only necessary if using idled for IMAP IDLE
#  idled                cmd="idled"
}

# UNIX sockets start with a slash and are put into /var/imap/socket
SERVICES {
    # add or remove based on preferences
imap            cmd="imapd" listen="imap" prefork=0
imaps           cmd="imapd -s" listen="imaps" prefork=0
pop3            cmd="pop3d" listen="pop3" prefork=0
pop3s           cmd="pop3d -s" listen="pop3s" prefork=0
    #  sieve            cmd="timsieved" listen="sieve" prefork=0

  # at least one LMTP is required for delivery
    #  lmtp             cmd="lmtpd" listen="lmtp" prefork=0
  lmtpunix      cmd="lmtpd" listen="/var/imap/socket/lmtp" prefork=0

  # this is only necessary if using notifications
#  notify       cmd="notifyd" listen="/var/imap/socket/notify" proto="udp" 
prefork=1
}

EVENTS {
  # this is required
  checkpoint    cmd="ctl_cyrusdb -c" period=30

  # this is only necessary if using duplicate delivery suppression
  delprune      cmd="ctl_deliver -E 3" at=0400

  # this is only necessary if caching TLS sessions
  tlsprune      cmd="tls_prune" at=0400
}

my imtest -u ilya -s output:
###################################################
ilya at torer:~$ imtest -u ilya -s localhost
verify error:num=18:self signed certificate
TLS connection established: TLSv1 with cipher AES256-SHA (256/256 bits)
S: * OK torer Cyrus IMAP4 v2.1.15 server ready
C: C01 CAPABILITY
S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS NAMESPACE 
UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND SORT 
THREAD=ORDEREDSUBJECT THREAD=REFERENCES IDLE AUTH=SRP AUTH=NTLM AUTH=PLAIN 
AUTH=OTP AUTH=DIGEST-MD5 AUTH=CRAM-MD5
S: C01 OK Completed
C: A01 AUTHENTICATE SRP
S: +
Please enter your password:
C: AAAADAAEaWx5YQAEaWx5YQ==
S: + AAABIQEArGvbQTJKmpvxZt5eE4lYL69ytmUZh+4H/
DGSlD21YFCjcynLtKCZ7YGT4HV3Z6E91SMSq0sDMQ3Nf0ip2gT9UOgIOWntt2ewz2CVF5oWOrNmGgX71fqq6CkYqZYvC5O4Vfl5k
+yXXuqoDXQK2/T/dHNZ0EHVwz6nHSgeRGsUdzvKl7Q6I/
uAFna9IHpDbGSB8dK5B4cXRhpbnTLmiPh3SFRFI7UksNV9Xqd6J3XS7PoDLPvb9S
+zeGFgJ5AE5Xrmr4dOcwPOUymczAQce8MI2CpWmPOo0MOCca41+Onb
+7aUtcgD2J965DXeI21SX1R1m2XjcvzWjvIPpxEfnkr/cwABAhBJ7hWfe/7e2sJFsO
+sRX3PAAltZGE9U0hBLTE=
C: AAABDQEAq7MXJsdRD843HkUEX8cH/
wwTuk4WqoZl97ZQ4PBjHVsz6WO81idFeHBO0r4AzdRTfJmPo32HtgleOLphf1usROjnKH3amiih0Kc7p8b8IBH6ZuWJ7HjcaIir0WiSJV3MnYKC5tcrYfra6rhlhnNO7zOcpQfNrywq8qHG7AMdOaSZYR8n60uhD3fPEdcTqaF2bgbvPDAtcfXW8AiDsElbY401Ck9Xl8r1UVsx8T9Sv3QQrbaN9CxPX8T006
+HQfRHJy8S46wnTSwn7y6bYbuwBhrXwGYPNqU4ancS7mY9cTUMb/fPdROWUwGkEbKt/
c0vWiNu8aUqZ+2b0ijGt7q0mwAJbWRhPVNIQS0x
S: + AAABAgEAHfp4TXZTfSM+z0QC3NW4my/vcJOCoK0c/IJ5rjOSvP7XcBfbRFvIaKmR
+K8qjK8feFciImSB4w
+AuvtYArEuCXsTLAo31mFCWEfjQb8CkYQhqaWht3OIHpMHq2rcsS5hTWvszDQvx6eMhxoGSosJ82JSoXgDvQtP0WuhpvRdz8n88T4Y
+O3TEFmEz8hktFKK5nvEvsyisOWrADzrjJUfvx/F5tl1AFLpMFB2lWgQ+/2zCbGq9ID+bpS
+pfGoiY7WfntuLgVDiWbUZruTZyCAz2rKOICCASsVNtYVgAL0+WFeRfh/
sNQDtN1t6pJYKtXzn7zlgI67LaecWAVEGzSmsw==
C: AAAAFRQMsbnVGJCD5pP5opXUXUnLXefjnA==
S: + AAAAFRQKUgxKKRnoElg5H5Zj3wk1duK3jg==
C:
S: A01 OK Success (tls protection)
Authenticated.
Security strength factor: 256