Migrating mailbox data from Cyrus to MicroSoft Office 365 using their import tool.

Eric Luyten Eric.Luyten at vub.ac.be
Thu Jun 23 10:49:51 EDT 2016

On Wed, June 22, 2016 6:02 pm, Dan White wrote:
> On 06/22/16 17:28 +0200, Eric Luyten via Info-cyrus wrote:
>> All,
>> After trying for a couple of days I have come to the conclusion
>> that the Office 365 IMAP import tool uses the LOGIN authentication mech while
>> Cyrus requires PLAIN or stronger for proxying to work.
>> Even when only announcing AUTH=PLAIN in our server capabilities,
>> Microsoft executes LOGIN ... ...
>> (violation of RFC3501 section 6.1.1 ?
>> dunno whether I am reading that correctly)
>> Is my conclusion correct ?
>> Any hacks or workarounds ?
> To enable SASL LOGIN support, add 'LOGIN' to your sasl_mech_list. Don't
> confuse login with pre-sasl user/pass authentication.
> If Office 365 isn't performing TLS, you'll need to configure
> sasl_minimum_layer and allowplaintext appropriately.


Thank you for your reply.

By restricting the sasl_mech_list in imapd.conf I can make our server
announce only AUTH=PLAIN in its capabilities string but the client
insists on (and succeeds in) authenticating using AUTH=LOGIN, thus
rendering proxying impossible.

There is a mech_list setting in saslauthd.conf which currently reads
'mech_list: login plain ldap' but this applies server wide and so
I am a bit reluctant playing with it.

The Office365 IMAP import client uses TLS, I have requested to deselect
that option to see whether it then switches to using the stronger mech

>From the docs I understand it's SASL deciding whether or not to allow
proxying through the Mechanism Properties/Features, not Cyrus.

All help appreciated,
Eric Luyten, Computing Centre VUB/ULB.

More information about the Info-cyrus mailing list