AUTH response for POP3 Over SSL

Joshua Tew joshua at sbc.edu.sg
Tue Apr 1 01:55:04 EDT 2008


For those interested,


this is the list that I used and had Thunderbird, Outlook and  
AppleMail working with it.


sasl_mech_list: APOP USER CRAM-MD5 DIGEST-MD5


Joshua


On Mar 31, 2008, at 11:56 PM, Ken Murchison wrote:

> You can either remove the CRAM-MD5 SASL plugin, or restrict the list  
> of advertised mechanisms by using the 'sasl_mech_list' option in  
> imapd.conf
>
>
> Joshua Tew wrote:
>> I have not been able to authenticate POP3 over SSL from thunderbird  
>> 2.0.0.12 to Cyrus POm.3.8 on a OS X Server 10.5.
>> I have narrowed down the cause to be a wrong set of supported  
>> authentication mechanism being advertised when thunderbird queried  
>> the POP3 server in AUTH.
>> For example, the server responded with CRAM-MD5 as a support  
>> mechanism in AUTH when it really has not been configured as such,  
>> not in POP3 anyway.
>> I would like to know if it is a configuration issue, is there  
>> something missing in the OS X configuration of the Cyrus server  
>> that is supposed to stop CRAM-MD5 and a list of other auth  
>> mechanism from being advertised as supported in the AUTH process?  
>> i.e. Apple messed up the configuration/build.
>> Or is this a "feature" of this version of the Cyrus server and  
>> resolved in a later version?
>> Or Thunderbird should have used the mechanism listed in CAPA  
>> response only as CRAM-MD5 only appeared in AUTH.
>> Thanks for your help.
>> Joshua
>> my system generated imapd.conf is as follows:
>> admins: cyrusimap
>> configdirectory: /var/imap
>> partition-default: /var/spool/imap
>> unixhierarchysep: yes
>> altnamespace: yes
>> servername: mailserver.abc.edu
>> sievedir: /usr/sieve
>> sendmail: /usr/sbin/sendmail
>> lmtp_downcase_rcpt: 1
>> unix_group_enable: 0
>> berkeley_txns_max: 400
>> berkeley_locks_max: 20000
>> berkeley_cachesize: 8192
>> berkeley_max_log_region: 2048
>> berkeley_max_log_file: 10240
>> berkeley_max_log_buffer: 2048
>> tls_key_file: /Volumes/system/etc/certificates/mail.abc.edu.key
>> quota_warn_frequency_days: 2
>> tls_cert_file: /Volumes/system/etc/certificates/mail.abc.edu.crt
>> enable_quota_warnings: yes
>> log_rolling_days_enabled: 0
>> log_rolling_days: 1
>> lmtp_over_quota_perm_failure: yes
>> imap_auth_plain: yes
>> imap_auth_md5: yes
>> lmtp_luser_relay: joshua
>> pop_auth_apop: yes
>> tls_server_options: use
>> tls_ca_file: /Volumes/system/etc/certificates/mail.abc.edu.ca-bundle
>> OS X POP3 Log
>> Mar 20 10:42:47 webserver pop3[12181]: starttls: TLSv1 with cipher  
>> AES256-SHA (256/256 bits new) no authentication
>> Mar 20 10:43:31 webserver pop3[12261]: executed
>> Mar 20 10:43:31 webserver pop3[12261]: accepted connection
>> Mar 20 10:43:36 webserver pop3[12261]: badlogin: jt.abc.edu  
>> [10.10.1.123] CRAM-MD5 user not found
>> This is a log of the Thunderbird POP3 process
>> -1604083808[1109db0]: RECV: +OK mailserver.abc.edu Cyrus POP3  
>> v2.3.8-OS X Server 10.5: 9A562 server ready <1261331586.1205925688 at mailserver.abc.edu 
>>  <mailto:1261331586.1205925688 at mailserver.abc.edu>>
>> -1604083808[1109db0]: POP3: Entering state: 29
>> -1604083808[1109db0]: SEND: AUTH
>> -1604083808[1109db0]: Entering NET_ProcessPop3 159
>> -1604083808[1109db0]: POP3: Entering state: 3
>> -1604083808[1109db0]: RECV: +OK List of supported mechanisms follows
>> -1604083808[1109db0]: POP3: Entering state: 30
>> -1604083808[1109db0]: RECV: SMB-NTLMv2
>> -1604083808[1109db0]: POP3: Entering state: 30
>> -1604083808[1109db0]: RECV: SMB-NT
>> -1604083808[1109db0]: POP3: Entering state: 30
>> -1604083808[1109db0]: RECV: SMB-LAN-MANAGER
>> -1604083808[1109db0]: POP3: Entering state: 30
>> -1604083808[1109db0]: RECV: MS-CHAPv2
>> -1604083808[1109db0]: POP3: Entering state: 30
>> -1604083808[1109db0]: RECV: PPS
>> -1604083808[1109db0]: POP3: Entering state: 30
>> -1604083808[1109db0]: RECV: OTP
>> -1604083808[1109db0]: POP3: Entering state: 30
>> -1604083808[1109db0]: RECV: GSSAPI
>> -1604083808[1109db0]: POP3: Entering state: 30
>> -1604083808[1109db0]: RECV: DIGEST-MD5
>> -1604083808[1109db0]: POP3: Entering state: 30
>> -1604083808[1109db0]: RECV: CRAM-MD5
>> -1604083808[1109db0]: POP3: Entering state: 30
>> -1604083808[1109db0]: RECV: WEBDAV-DIGEST
>> -1604083808[1109db0]: POP3: Entering state: 30
>> -1604083808[1109db0]: RECV: DHX
>> -1604083808[1109db0]: POP3: Entering state: 30
>> -1604083808[1109db0]: RECV: APOP
>> -1604083808[1109db0]: POP3: Entering state: 30
>> -1604083808[1109db0]: RECV: .
>> -1604083808[1109db0]: POP3: Entering state: 31
>> -1604083808[1109db0]: SEND: CAPA
>> -1604083808[1109db0]: Entering NET_ProcessPop3 206
>> -1604083808[1109db0]: POP3: Entering state: 3
>> -1604083808[1109db0]: RECV: +OK List of capabilities follows
>> -1604083808[1109db0]: POP3: Entering state: 32
>> -1604083808[1109db0]: RECV: SASL APOP
>> -1604083808[1109db0]: POP3: Entering state: 32
>> -1604083808[1109db0]: RECV: STLS
>> -1604083808[1109db0]: POP3: Entering state: 32
>> -1604083808[1109db0]: RECV: EXPIRE NEVER
>> -1604083808[1109db0]: POP3: Entering state: 32
>> -1604083808[1109db0]: RECV: LOGIN-DELAY 0
>> -1604083808[1109db0]: POP3: Entering state: 32
>> -1604083808[1109db0]: RECV: TOP
>> -1604083808[1109db0]: POP3: Entering state: 32
>> -1604083808[1109db0]: RECV: UIDL
>> -1604083808[1109db0]: POP3: Entering state: 32
>> -1604083808[1109db0]: RECV: PIPELINING
>> -1604083808[1109db0]: POP3: Entering state: 32
>> -1604083808[1109db0]: RECV: RESP-CODES
>> -1604083808[1109db0]: POP3: Entering state: 32
>> -1604083808[1109db0]: RECV: AUTH-RESP-CODE
>> -1604083808[1109db0]: POP3: Entering state: 32
>> -1604083808[1109db0]: RECV: USER
>> -1604083808[1109db0]: POP3: Entering state: 32
>> -1604083808[1109db0]: RECV: IMPLEMENTATION Cyrus POP3 server v2.3.8- 
>> OS X Server 10.5: 9A562
>> -1604083808[1109db0]: POP3: Entering state: 32
>> -1604083808[1109db0]: RECV: .
>> -1604083808[1109db0]: POP3: Entering state: 33
>> -1604083808[1109db0]: SEND: STLS
>> -1604083808[1109db0]: Entering NET_ProcessPop3 31
>> -1604083808[1109db0]: POP3: Entering state: 3
>> -1604083808[1109db0]: RECV: +OK Begin TLS negotiation now
>> -1604083808[1109db0]: POP3: Entering state: 45
>> -1604083808[1109db0]: POP3: Entering state: 29
>> -1604083808[1109db0]: SEND: AUTH
>> -1604083808[1109db0]: Entering NET_ProcessPop3 173
>> -1604083808[1109db0]: POP3: Entering state: 3
>> -1604083808[1109db0]: RECV: +OK List of supported mechanisms follows
>> -1604083808[1109db0]: POP3: Entering state: 30
>> -1604083808[1109db0]: RECV: SMB-NTLMv2
>> -1604083808[1109db0]: POP3: Entering state: 30
>> -1604083808[1109db0]: RECV: SMB-NT
>> -1604083808[1109db0]: POP3: Entering state: 30
>> -1604083808[1109db0]: RECV: SMB-LAN-MANAGER
>> -1604083808[1109db0]: POP3: Entering state: 30
>> -1604083808[1109db0]: RECV: MS-CHAPv2
>> -1604083808[1109db0]: POP3: Entering state: 30
>> -1604083808[1109db0]: RECV: PPS
>> -1604083808[1109db0]: POP3: Entering state: 30
>> -1604083808[1109db0]: RECV: PLAIN
>> -1604083808[1109db0]: POP3: Entering state: 30
>> -1604083808[1109db0]: RECV: OTP
>> -1604083808[1109db0]: POP3: Entering state: 30
>> -1604083808[1109db0]: RECV: LOGIN
>> -1604083808[1109db0]: POP3: Entering state: 30
>> -1604083808[1109db0]: RECV: GSSAPI
>> -1604083808[1109db0]: POP3: Entering state: 30
>> -1604083808[1109db0]: RECV: DIGEST-MD5
>> -1604083808[1109db0]: POP3: Entering state: 30
>> -1604083808[1109db0]: RECV: CRAM-MD5
>> -1604083808[1109db0]: POP3: Entering state: 30
>> -1604083808[1109db0]: RECV: WEBDAV-DIGEST
>> -1604083808[1109db0]: POP3: Entering state: 30
>> -1604083808[1109db0]: RECV: DHX
>> -1604083808[1109db0]: POP3: Entering state: 30
>> -1604083808[1109db0]: RECV: APOP
>> -1604083808[1109db0]: POP3: Entering state: 30
>> -1604083808[1109db0]: RECV: .
>> -1604083808[1109db0]: POP3: Entering state: 31
>> -1604083808[1109db0]: SEND: CAPA
>> -1604083808[1109db0]: Entering NET_ProcessPop3 200
>> -1604083808[1109db0]: POP3: Entering state: 3
>> -1604083808[1109db0]: RECV: +OK List of capabilities follows
>> -1604083808[1109db0]: POP3: Entering state: 32
>> -1604083808[1109db0]: RECV: SASL APOP
>> -1604083808[1109db0]: POP3: Entering state: 32
>> -1604083808[1109db0]: RECV: EXPIRE NEVER
>> -1604083808[1109db0]: POP3: Entering state: 32
>> -1604083808[1109db0]: RECV: LOGIN-DELAY 0
>> -1604083808[1109db0]: POP3: Entering state: 32
>> -1604083808[1109db0]: RECV: TOP
>> -1604083808[1109db0]: POP3: Entering state: 32
>> -1604083808[1109db0]: RECV: UIDL
>> -1604083808[1109db0]: POP3: Entering state: 32
>> -1604083808[1109db0]: RECV: PIPELINING
>> -1604083808[1109db0]: POP3: Entering state: 32
>> -1604083808[1109db0]: RECV: RESP-CODES
>> -1604083808[1109db0]: POP3: Entering state: 32
>> -1604083808[1109db0]: RECV: AUTH-RESP-CODE
>> -1604083808[1109db0]: POP3: Entering state: 32
>> -1604083808[1109db0]: RECV: USER
>> -1604083808[1109db0]: POP3: Entering state: 32
>> -1604083808[1109db0]: RECV: IMPLEMENTATION Cyrus POP3 server v2.3.8- 
>> OS X Server 10.5: 9A562
>> -1604083808[1109db0]: POP3: Entering state: 32
>> -1604083808[1109db0]: RECV: .
>> -1604083808[1109db0]: POP3: Entering state: 33
>> -1604083808[1109db0]: POP3: Entering state: 46
>> -1604083808[1109db0]: POP3: Entering state: 33
>> -1604083808[1109db0]: POP3: Entering state: 5
>> -1604083808[1109db0]: SEND: AUTH CRAM-MD5
>> -1604083808[1109db0]: Entering NET_ProcessPop3 64
>> -1604083808[1109db0]: POP3: Entering state: 3
>> -1604083808[1109db0]: RECV: + PDExMzk5somerandomcharsforpublickey? 
>> MuZWR1LnNnPg==
>> -1604083808[1109db0]: POP3: Entering state: 34
>> -1604083808[1109db0]: POP3: Entering state: 6
>> -1604083808[1109db0]: Logging suppressed for this command (it  
>> probably contained authentication information)
>> -1604083808[1109db0]: Entering NET_ProcessPop3 52
>> -1604083808[1109db0]: POP3: Entering state: 3
>> -1604083808[1109db0]: RECV: -ERR [AUTH] authenticating:  
>> authentication failure
>> ------------------------------------------------------------------------
>> ----
>> Cyrus Home Page: http://cyrusimap.web.cmu.edu/
>> Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
>> List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
>
>
> -- 
> Kenneth Murchison
> Systems Programmer
> Project Cyrus Developer/Maintainer
> Carnegie Mellon University



More information about the Info-cyrus mailing list