On Wednesday 01 August 2007 17:53:16 Stephan Bosch wrote:
Hi Andreas,
On Wed, 2007-08-01 at 16:45 +0200, Stephan Bosch wrote:
Most likely the problem relates to the fact that, unless configured otherwise, dovecot will refuse to use plain text SASL mechanisms if the connection is not encrypted. I haven't re-tested the STARTTLS command in the last versions... I will give it a go.
I gave it a go and STARTTLS still seems to work fine at my end. This test was performed using 'disable_plaintext_auth = yes' in the config file, forcing a _remote_ host to use TLS/SSL for all protocols.
Thanks for taking the time to investigate this further! I will try to provide you with everything I can.
I have my server configured the same way, allowing only TLS connections for plaintext login on the standard IMAP port 143. I shall attach the output of dovecot -n.
The gnutls-cli tool is very useful to test the STARTTLS command in various protocols. Using the --starttls switch the client starts in plaintext mode and starts the TLS negotiation when Ctrl-D is pressed.
With the information you provide I could test it with your setup, but of course you can test it yourself as well.
I got this working just fine, using the method you described below. Of course I had to base64-encode the "username\0username\0password" string first, which is probably not so obvious to someone who doesn't have much experience debugging authentication problems :)
I am using KMail 1.9.7 and KDE 3.5.7 to connect to the server (KDE has a kioslave for sieve).
But seeing that connecting and authenticating worked fine with gnutls-cli this seems to be a KMail- oder KDE-related problem?
Is there anything else I can provide? How do you want the connection log? As the output of a tcpdump session?
Thanks again!
Andreas
# 1.0.2: /usr/local/etc/dovecot.conf base_dir: /var/run/dovecot/ protocols: imap managesieve listen(default): * listen(imap): * listen(managesieve): *:2000 ssl_cert_file: /etc/ssl/certs/pseudoterminal.org_dovecot.crt ssl_key_file: /etc/ssl/private/pseudoterminal.org.key login_dir(default): /var/run/dovecot//login login_dir(imap): /var/run/dovecot//login login_dir(managesieve): login login_executable(default): /usr/local/libexec/dovecot/imap-login login_executable(imap): /usr/local/libexec/dovecot/imap-login login_executable(managesieve): /usr/local/libexec/dovecot/managesieve-login mail_extra_groups: mail mail_location: maildir:~/Maildir maildir_copy_with_hardlinks: yes mail_executable(default): /usr/local/libexec/dovecot/imap mail_executable(imap): /usr/local/libexec/dovecot/imap mail_executable(managesieve): /usr/local/libexec/dovecot/managesieve mail_plugin_dir(default): /usr/local/lib/dovecot/imap mail_plugin_dir(imap): /usr/local/lib/dovecot/imap mail_plugin_dir(managesieve): /usr/local/lib/dovecot/managesieve imap_client_workarounds(default): outlook-idle delay-newmail tb-extra-mailbox-sep imap_client_workarounds(imap): outlook-idle delay-newmail tb-extra-mailbox-sep imap_client_workarounds(managesieve): outlook-idle namespace: type: public separator: / prefix: Public/ location: maildir:/var/mail/public:CONTROL=~/Maildir/control/public:INDEX=~/Maildir/index/public namespace: type: private separator: / inbox: yes auth default: mechanisms: plain login passdb: driver: pam userdb: driver: passwd socket: type: listen client: path: /var/spool/postfix/private/auth mode: 432 user: postfix group: postfix
-- Andreas "daff" Ntaflos Vienna, Austria
GPG Fingerprint: 6234 2E8E 5C81 C6CB E5EC 7E65 397C E2A8 090C A9B4