doveadm sending invalid AUTHENTICATE to uw-imap

Chris Candreva chris at westnet.com
Wed Feb 8 21:56:09 UTC 2023 

On Wed, 8 Feb 2023, Aki Tuomi wrote:

> Can you try setting imapc_sasl_mechanisms to login, maybe it works better?

And Stephan Bosch <stephan at rename-it.nl> wrote:

> Can you make a protocol log (tcp dump of commands sent by client and 
> replies sent by server) for one of these sessions? e.g. using ngrep if 
> connections aren't secured.


I was using imaps initially. Switching to imap over port 143 to do the 
tcpdump had the side effect of switching to LOGIN authentication, 
evidently uw-imap is sending different capability strings. It still 
doesn't work though. Both from the error and the dump I can tell "doveadm" 
is sending the user's id only without the "*masteruser" and the 
master user password.

Plain connection banner:
* OK [CAPABILITY IMAP4REV1 I18NLEVEL=1 LITERAL+ SASL-IR LOGIN-REFERRALS 
STARTTLS] foo.com IMAP4rev1 2007e.404 at Wed, 8 Feb 2023 16:45:22 
-0500 (EST)

SSL Banner on 993:
* OK [CAPABILITY IMAP4REV1 I18NLEVEL=1 LITERAL+ SASL-IR LOGIN-REFERRALS 
AUTH=PLAIN AUTH=LOGIN] foo.com IMAP4rev1 2007e.404 at Wed, 8 Feb 2023 
16:53:36 -0500 (EST)



> > On 08/02/2023 06:24 EET Chris Candreva <chris at westnet.com> wrote:
> > 
> >  
> > I'm migrating a legacy uw-imap system to Dovecot, on a Rocky (RHEL) 8 
> > server running Dovecot 2.3.16-3 from their repos. I am using a master user 
> > to import all users for an imaps connection from the old server to the 
> > new. On a trial run however, it worked for about half the users. Half are 
> > giving an error of the form:
> > 
> > dsync(user): Error: imapc(host:993): 
> > Command '1 AUTHENTICATE PLAIN xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx' failed with BAD: 
> > 1 Missing or invalid argument to AUTHENTICATE
> > 
> > I can't seem to get the IMAP command for the users that did work. However, 
> > on the face of it, that is an invalid AUTHENTICATE command. If I take that 
> > string and brake it up into (what I've googled is) the proper form of 
> > multi-command form of
> > 
> > 1 AUTHENTICATE PLAIN
> > +
> > xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
> > 
> > then the login succeeds. I have not been able to find anyone else with 
> > this problem in my search. Is this a known issue, is there a way to force 
> > the multi-line AUTHENTICATE, something else I'm missing ? Any help is 
> > appreciate on this!
> > 
> > -Chris
> > 
> > 
> > 
> > -- 
> > ---
> > ========================================================================
> > Chris Candreva  --  chris at westnet.com  --  http://www.westnet.com/~chris
> 

-- 
---
========================================================================
Chris Candreva  --  chris at westnet.com  --  http://www.westnet.com/~chris

More information about the dovecot mailing list