doveadm sending invalid AUTHENTICATE to uw-imap
Chris Candreva
chris at westnet.com
Wed Feb 8 21:56:09 UTC 2023
On Wed, 8 Feb 2023, Aki Tuomi wrote:
> Can you try setting imapc_sasl_mechanisms to login, maybe it works better?
And Stephan Bosch <stephan at rename-it.nl> wrote:
> Can you make a protocol log (tcp dump of commands sent by client and
> replies sent by server) for one of these sessions? e.g. using ngrep if
> connections aren't secured.
I was using imaps initially. Switching to imap over port 143 to do the
tcpdump had the side effect of switching to LOGIN authentication,
evidently uw-imap is sending different capability strings. It still
doesn't work though. Both from the error and the dump I can tell "doveadm"
is sending the user's id only without the "*masteruser" and the
master user password.
Plain connection banner:
* OK [CAPABILITY IMAP4REV1 I18NLEVEL=1 LITERAL+ SASL-IR LOGIN-REFERRALS
STARTTLS] foo.com IMAP4rev1 2007e.404 at Wed, 8 Feb 2023 16:45:22
-0500 (EST)
SSL Banner on 993:
* OK [CAPABILITY IMAP4REV1 I18NLEVEL=1 LITERAL+ SASL-IR LOGIN-REFERRALS
AUTH=PLAIN AUTH=LOGIN] foo.com IMAP4rev1 2007e.404 at Wed, 8 Feb 2023
16:53:36 -0500 (EST)
> > On 08/02/2023 06:24 EET Chris Candreva <chris at westnet.com> wrote:
> >
> >
> > I'm migrating a legacy uw-imap system to Dovecot, on a Rocky (RHEL) 8
> > server running Dovecot 2.3.16-3 from their repos. I am using a master user
> > to import all users for an imaps connection from the old server to the
> > new. On a trial run however, it worked for about half the users. Half are
> > giving an error of the form:
> >
> > dsync(user): Error: imapc(host:993):
> > Command '1 AUTHENTICATE PLAIN xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx' failed with BAD:
> > 1 Missing or invalid argument to AUTHENTICATE
> >
> > I can't seem to get the IMAP command for the users that did work. However,
> > on the face of it, that is an invalid AUTHENTICATE command. If I take that
> > string and brake it up into (what I've googled is) the proper form of
> > multi-command form of
> >
> > 1 AUTHENTICATE PLAIN
> > +
> > xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
> >
> > then the login succeeds. I have not been able to find anyone else with
> > this problem in my search. Is this a known issue, is there a way to force
> > the multi-line AUTHENTICATE, something else I'm missing ? Any help is
> > appreciate on this!
> >
> > -Chris
> >
> >
> >
> > --
> > ---
> > ========================================================================
> > Chris Candreva -- chris at westnet.com -- http://www.westnet.com/~chris
>
--
---
========================================================================
Chris Candreva -- chris at westnet.com -- http://www.westnet.com/~chris
More information about the dovecot
mailing list