ManageSieve: authenticate "EXTERNAL" not behaving correctly
Marc Weustink
m.weustink at cuperus.nl
Thu Oct 26 14:32:36 EEST 2017
Hi,
I've enabled client certificate authentication for imap and managesieve.
When I use Thunderbird with the sieve plugin it tries to login, but
times out.
Initially I reported this to the sieve plugin, but we came to the
conclusion that it managesieve is misbehaving.
https://github.com/thsmi/sieve/issues/94
Thunderbird (win10-64) 52.4.0 (32bit)
Sieve 0.2.3k
Dovecot (Ubuntu 16.04.3 LTS) 2.2.33.1-1 (sid)
What happens is the following (p=plugin sends m=managesieve sends)
p:authenticate "EXTERNAL" ""
m:""
The response is unexpected. According to RFC 5804 an empty
challenge/response is sent as an empty string. So I would expect:
p:authenticate "EXTERNAL" ""
m:OK "Logged in."
With the use of gnutls-cli I could reproduce (c=I send m=managesieve sends)
gnutls-cli --starttls --x509keyfile marc_mail.key --x509certfile
marc_mail.crt -p sieve 172.17.1.4
...
m:OK "TLS negotiation successful."
c:authenticate "EXTERNAL" ""
m:""
c:""
m:OK "Logged in."
However if I try the "imap" syntax (rfc4959) I get logged in at once
...
m:OK "TLS negotiation successful."
c:authenticate "EXTERNAL" "="
m:OK "Logged in."
Note that this is an imap only extention, "=" is an invalid base64 encoding.
Marc
More information about the dovecot
mailing list