Migrating mailbox data from Cyrus to MicroSoft Office 365 using their import tool.
Eric Luyten
Eric.Luyten at vub.ac.be
Thu Jun 23 10:49:51 EDT 2016
On Wed, June 22, 2016 6:02 pm, Dan White wrote:
> On 06/22/16 17:28 +0200, Eric Luyten via Info-cyrus wrote:
>
>> All,
>>
>>
>>
>> After trying for a couple of days I have come to the conclusion
>> that the Office 365 IMAP import tool uses the LOGIN authentication mech while
>> Cyrus requires PLAIN or stronger for proxying to work.
>>
>>
>> Even when only announcing AUTH=PLAIN in our server capabilities,
>> Microsoft executes LOGIN ... ...
>>
>>
>> (violation of RFC3501 section 6.1.1 ?
>> dunno whether I am reading that correctly)
>>
>>
>> Is my conclusion correct ?
>> Any hacks or workarounds ?
>>
>
> To enable SASL LOGIN support, add 'LOGIN' to your sasl_mech_list. Don't
> confuse login with pre-sasl user/pass authentication.
>
> If Office 365 isn't performing TLS, you'll need to configure
> sasl_minimum_layer and allowplaintext appropriately.
>
Dan,
Thank you for your reply.
By restricting the sasl_mech_list in imapd.conf I can make our server
announce only AUTH=PLAIN in its capabilities string but the client
insists on (and succeeds in) authenticating using AUTH=LOGIN, thus
rendering proxying impossible.
There is a mech_list setting in saslauthd.conf which currently reads
'mech_list: login plain ldap' but this applies server wide and so
I am a bit reluctant playing with it.
The Office365 IMAP import client uses TLS, I have requested to deselect
that option to see whether it then switches to using the stronger mech
AUTH=PLAIN
>From the docs I understand it's SASL deciding whether or not to allow
proxying through the Mechanism Properties/Features, not Cyrus.
All help appreciated,
Eric Luyten, Computing Centre VUB/ULB.
More information about the Info-cyrus
mailing list