PLAIN authentication timsieved

[Raphael Jaffey]

Sorry, we use this setting in our environment as we're using stunnel  
for sieved connections rather than its built in TLS support.

The relevant parts of our current config read:

sasl_pwcheck_method: saslauthd
sasl_mech_list: PLAIN


allowplaintext: no
sasl_minimum_layer: 128
sieve_allowplaintext: yes
sieve_sasl_minimum_layer: 0

tls_cert_file: <some-path>
tls_key_file: <some-path>
tls_ca_file: <some-path>
tls_cipher_list: !ADH:MEDIUM:HIGH

sieve_tls_cert_file: disabled



In your case, assuming you don't want PLAIN in the clear, I should  
think the following would suffice:

sasl_pwcheck_method: saslauthd
sasl_mech_list: PLAIN


allowplaintext: no
sasl_minimum_layer: 128

tls_cert_file: <some-path>
tls_key_file: <some-path>
tls_ca_file: <some-path>
tls_cipher_list: !ADH:MEDIUM:HIGH

This assumes that your sieve client supports TLS.

Quoting Raphael Jaffey <rjaffey at artic.edu>:

> sieve_allowplaintext: yes
>
> Quoting Mathieu Kretchner <mathieu.kretchner at sophia.inria.fr>:
>
>> Hello,
>>
>> I would like to allow connection to sieved server with PLAIN mechanism.
>> But my configuration seems to already have this. What do I miss ?
>>
>> Cyrus is 2.2.12
>> here is my imapd.conf :
>>
>> configdirectory: /data/imap
>> partition-default: /data/imap/spool
>> servername: imap-sop.inria.fr
>> admins: cyrus
>> hashimapspool: yes
>> duplicatesuppression: no
>> sasl_pwcheck_method: saslauthd
>> allowanonymouslogin: no
>> tls_session_timeout: 0
>> allowapop: 0
>> sasl_mech_list: PLAIN
>> sieveuserhomedir: no
>> sievedir: /data/imap/sieve
>> sieve_maxscripts: 8
>> sieve_maxscriptsize: 640
>> sendmail: /usr/sbin/sendmail
>> tls_ca_file: /data/imap/ssl/ca.crt
>> tls_cert_file: /data/imap/ssl/server.crt
>> tls_key_file:  /data/imap/ssl/server.key
>> tls_ca_path: /data/imap/ssl
>>
>> Thank you
>>
>>
>
>
>
> ----
> Cyrus Home Page: http://cyrusimap.web.cmu.edu/
> Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
> List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
>