I've found this in the cyrus log file :
Jan 28 13:19:18 cyrus_server sieve[10793]: login: proxy_dovecot[138.138.138.138] imap2 PLAIN User logged in
When I test with sivtest -a myuser I can connect with PLAIN mechanism.
If I replay with a telnet cyrus_server 2000 exactly what avelsieve send to a dovecot server I got this :
telnet cyrus_server sieve Trying 138.138.138.138... Connected to cyrus_server.inria.fr (138.138.138.138). Escape character is '^]'. "IMPLEMENTATION" "Cyrus timsieved v2.2.12" "SASL" "PLAIN" "SIEVE" "fileinto reject envelope vacation imapflags notify subaddress relational comparator-i;ascii-numeric regex" "STARTTLS" OK AUTHENTICATE "PLAIN" "AGltYXAyAGltYXAy" OK CAPABILITY "IMPLEMENTATION" "Cyrus timsieved v2.2.12" "SIEVE" "fileinto reject envelope vacation imapflags notify subaddress relational comparator-i;ascii-numeric regex" OK
It's like avelsieve just stop the connection by itself because once the user is logged, there is no other command send ! I don't understand why avelsieve tell me : unable to connect to server IMAP. localhost.
I've done some others tests :
- sivtest to a dovecot sieve server it's working.
- telnet cyrus_server 2000 : it's working too
- directly telnet dovecot 2000 : it's working too
- telnet dovecot_proxy 2000 : it's not working ! (complain with NO "Authentication failed.")
It seems like the problem comes from dovecot in proxy mode ?? (only to connect to a cyrus sieve server, because it's working well with a dovecot sieve server)
Mathieu Kretchner wrote:
Does Squirrelmail try to use STARTTLS? Having full session traffic logs I don't think Squirrelmail is trying to use STARTTLS. But anyway I've tried to trace the sieve connection protocol, you could find it in the attachement. It's approximatively the same data, I've posted yesterday with extra protocol tcp/ip :)
of when Squirrelmail is logging into Dovecot proxy and when logging into Cyrus proxy would be helpful (ngrep, wireshark, etc). If Squirrelmail uses STARTTLS, this doesn't really work though (but at least the logs will reveal that it is doing STARTTLS). Also if it is doing that, perhaps the issue is SASL PLAIN after all, since Dovecot proxy won't do STARTTLS to the Cyrus.
Also if you set auth_debug=yes, what do you see in Dovecot logs when attempting to log in?
Here is my dovecot log with auth_debug=yes :
Jan 28 09:31:24 myservername dovecot: auth(default): client in: AUTH 3 PLAIN service=managesieve secured lip=127.0.0.1 rip=127.0.0.1 lport=2000 rport=42791 resp=<hidden> Jan 28 09:31:24 myservername dovecot: auth-worker(default): sql(imap2,127.0.0.1): query: SELECT NULL AS password, host, destuser, 'Y' as nopassword, 'Y' AS proxy FROM proxy WHERE user = 'imap2' Jan 28 09:31:24 myservername dovecot: auth(default): client out: OK 3 user=imap2 host=138.138.138.138 destuser=imap2 proxy pass=<hidden> Jan 28 09:31:24 myservername dovecot: managesieve-login: Disconnected: user=<imap2>, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured Jan 28 09:31:24 myservername dovecot: auth(default): new auth connection: pid=4760