Problems with paragraph characters in SASL passwords?

Adam Tauno Williams awilliam at
Sat May 27 09:48:34 EDT 2017

On Sat, 2017-05-27 at 10:30 -0300, Patrick Boutilier wrote:
> > I am very happy with Cyrus imapd since many years. I am using it to
> > host all IMAP mail boxes of my company. I am using SASL and its
> > tools (mainly saslpasswd2) for password management. The primary
> > IMAP client in the company is Thunderbird.
> > As soon as the password contained a paragraph character ("§"),
> > Cyrus / SASL refused the connection due to a wrong password even
> Works for me from a telnet to port 143 then issuing:
> . login <user> <password>
> replacing user and password with correct values.
> But it does fail in Thunderbird.

Yep, I have experienced this type of issue numerous times.  A variety
of clients fail to correctly encode the authentication credentials -
particularly if you are using a chat-expect authorization like PLAIN or
LOGIN.   To have something that always works it is best to keep
usernames and passwords to ASCII/UTF-7.

This is not a SASL bug. 

This is an every-client-rolled-their-own issue. :(

Meetings Coordinator, Michigan Association of Railroad Passengers
537 Shirley St NE Grand Rapids, MI 49503-1754 Phone: 616.581.8010
E-mail: awilliam at GPG#D95ED383 Web:

More information about the Info-cyrus mailing list