OK,
I used telnet to port 143 of cyrus.
The reply :
* OK [CAPABILITY IMAP4 IMAP4rev1 LITERAL+ ID STARTTLS]
moncayo2.ibcg.biotoul.fr Cyrus IMAP4 v2.3.7-Invoca-RPM-2.3.7-12.el5_7.2
server ready
I have changed these settings in /etc/perdition/perdition.imap4s.conf :
imap_capability IMAP4 IMAP4REV1 LITERAL+ ID STARTTLS
And now it's OK with MAIL frome apple 10.9.2 and 10.9.1
Thank you for your help.
Regards,
Christophe
Le 13/03/2014 17:43, Marc Michele a écrit :
> Am 13.03.2014 17:21, schrieb Christophe Carles:
>> OK, where can I found more explication about it ? Especially for AUTH ?
> I use telnet to port 143 of cyrus to get imap capability string for my
> installation. To get more information i think you should read the rfcs
> for imap a good starting point is: http://tools.ietf.org/html/rfc3501
>
>>>> Which version of cyrus you use and on which distribution?
>> Cyrus 0.91 on Centos 5.10
> Serious, i think it should be at last 2.x
>
> Marc
>
--
Christophe Carles
CNRS - LMGM
Service Informatique
Bât. IBCG
118, route de Narbonne
31062 Toulouse Cedex9
sinfo(a)ibcg.biotoul.fr
Tél : 05.61.33.59.60
Fax : 05.61.33.58.86
Hello,
I use perdition to make a mail-proxy for outside mails customers.
This work very well with most of software mails customers.
I set up this in order to make acces for smartphone and over tablets.
Recently, users reported me difficulties connecting with the e-mail
software of Apple "MAIL".
J have made some test and i don't understand what it could be ?
The Os server : Centos 6.5
The version of perdition is perdition-1.19rc5-3.7.x86_64
Installation from repos :
http://download.opensuse.org/repositories/home:/horms:/perdition/CentOS_Cen…
The perdition configuration :
_*/etc/sysconfig/perdition : *_
RUN_PERDITION=yes
POP3=no
POP3S=no
IMAP4=no
IMAP4S=yes
_*
*__*/etc/perdition/perdition.imap4s.conf*_
bind_address 193.48.191.9 # adresse d'écoute du service
connection_logging # On logue toutes les communications
imap_capability IMAP4 IMAP4REV1 LITERAL+ ID AUTH=PLAIN SASL-IR # On annonce la capacité imap aux clients
protocol IMAP4S # protocole utilisé
outgoing_port 993 ## Numero du port utilisé
outgoing_server 0.0.0.0 # serveur de renvoie par défaut. On attribue un serveur par utilisateur.
ssl_cert_file /etc/pki/tls/certs/ares.biotoul.fr.pem # chemin vers le certificat
ssl_key_file /etc/pki/tls/private/ares.biotoul.fr.key # chemin vers la clé du certificat
ssl_no_cert_verify # On ne vérifie pas la cryptographie inclus dans le certificat du backend
ssl_no_cn_verify # On ne vérifie pas le nom inclus dans le CN du certificat du backend
I use popmap for users in order to permit access :
_*/etc/perdition/popmap : *_
carles(a)biotoul.fr
_*Here are logs from client apple 10.9.2 (the last) with MAIL : *_
INITIATING CONNECTION Mar 13 11:39:11.381 host:tourmalet.ibcg.biotoul.fr
-- port:993 -- socket:0x0 -- thread:0x61000047a240
CONNECTED Mar 13 11:39:11.442 [kCFStreamSocketSecurityLevelTLSv1_0] --
host:tourmalet.ibcg.biotoul.fr -- port:993 -- socket:0x6000002d9ec0 --
thread:0x61000047a240
READ Mar 13 11:39:11.443 [kCFStreamSocketSecurityLevelTLSv1_0] --
host:tourmalet.ibcg.biotoul.fr -- port:993 -- socket:0x6000002d9ec0 --
thread:0x61000047a240
* OK [CAPABILITY IMAP4 IMAP4REV1 LITERAL+ ID AUTH=PLAIN SASL-IR]
perdition ready on tourmalet.ibcg.biotoul.fr 0002abbf
WROTE Mar 13 11:39:11.445 [kCFStreamSocketSecurityLevelTLSv1_0] --
host:tourmalet.ibcg.biotoul.fr -- port:993 -- socket:0x6000002d9ec0 --
thread:0x60000067c700
1.54 ID ("name" "Mac OS X Mail" "version" "7.2 (1874)" "os" "Mac OS X"
"os-version" "10.9.2 (13C64)" "vendor" "Apple Inc.")
READ Mar 13 11:39:14.447 [kCFStreamSocketSecurityLevelTLSv1_0] --
host:tourmalet.ibcg.biotoul.fr -- port:993 -- socket:0x6000002d9ec0 --
thread:0x60800066f8c0
1.54 BAD Unrecognised command, mate
WROTE Mar 13 11:39:14.452 [kCFStreamSocketSecurityLevelTLSv1_0] --
host:tourmalet.ibcg.biotoul.fr -- port:993 -- socket:0x6000002d9ec0 --
thread:0x60800066f8c0
2.54 AUTHENTICATE PLAIN (*** 32 bytes hidden ***)
READ Mar 13 11:39:17.455 [kCFStreamSocketSecurityLevelTLSv1_0] --
host:tourmalet.ibcg.biotoul.fr -- port:993 -- socket:0x6000002d9ec0 --
thread:0x60800066f8c0
2.54 BAD Mate, try AUTHENTICATE <mechanism>
WROTE Mar 13 11:39:17.459 [kCFStreamSocketSecurityLevelTLSv1_0] --
host:tourmalet.ibcg.biotoul.fr -- port:993 -- socket:0x6000002d9ec0 --
thread:0x60800066f8c0
3.54 AUTHENTICATE PLAIN ************************
READ Mar 13 11:39:20.462 [kCFStreamSocketSecurityLevelTLSv1_0] --
host:tourmalet.ibcg.biotoul.fr -- port:993 -- socket:0x6000002d9ec0 --
thread:0x60800066f8c0
3.54 BAD Mate, try AUTHENTICATE <mechanism>
_*
*__*And here are logs from server perdition*__*: *_
Starting perdition version=1.19-rc5 protocol=IMAP4S
Mar 13 11:47:08 tourmalet perdition.imaps[2622]: add_domain="",
authenticate_in=off, authenticate_timeout=1800,
bind_address="192.168.12.2", client_server_sp
ecification=off, config_file="/etc/perdition/perdition.imap4s.conf",
connection_limit=0, connection_logging=on, connect_relog=300, debug=on,
domain_delimiter
="@", explicit_domain="", group="nobody", imap_capability="IMAP4
IMAP4REV1 LITERAL+ ID AUTH=PLAIN SASL-IR", inetd_mode=off,
listen_port="imaps", log_facility
="mail", log_passwd="never", login_disabled=off, lower_case="",
managesieve_capability=""IMPLEMENTATION" "perdition" "SIEVE"
"comparator-i;octet comparator-
i;ascii-casemap fileinto reject envelope encoded-character vacation
subaddress comparator-i;ascii-numeric relational regex imap4flags copy
include variables
body enotify environment mailbox date" "SASL" "PLAIN" "NOTIFY"
"mailto" "VERSION" "1.19-rc5"",
map_library="/usr/lib64/libperditiondb_gdbm.so.0", map_libr
ary_opt="", no_bind_banner=off, no_daemon=off, no_lookup=off,
tcp_keepalive=off, nodename="tourmalet.ibcg.biotoul.fr", ok_line="You
are so in", outgoing_port
="993", outgoing_server="0.0.0.0",
pid_file="/var/run/perdition.imaps/perdition.imaps.pid",
pop_capability="UIDL.USER", protocol="IMAP4S", server_resp_line=o
ff, strip_domain="", timeout=1800, username="nobody",
username_from_database=off, query_key="", quiet=off (mask=0x00000028
00000000)
Mar 13 11:47:08 tourmalet perdition.imaps[2622]: ssl_mode="",
ssl_ca_file="", ssl_ca_path="/etc/perdition/perdition.ca/",
ssl_ca_accept_self_signed="off", ss
l_cert_file="/etc/pki/tls/certs/tourmalet.ibcg.biotoul.fr.pem",
ssl_cert_accept_expired="off", ssl_cert_not_yet_valid="off",
ssl_cert_self_signed="off", ssl_
cert_verify_depth=9,
ssl_key_file="/etc/pki/tls/private/tourmalet.ibcg.biotoul.fr.key",
ssl_listen_ciphers="", ssl_outgoing_ciphers="", ssl_no_cert_verify="o
n", ssl_no_client_cert_verify="off", ssl_no_cn_verify="on"
ssl_passphrase_fd=0, ssl_passphrase_file="", (ssl_mask=0x00000000)
Mar 13 11:47:08 tourmalet perdition.imaps[2625]:
vanessa_socket_daemon_setid: uid=99 euid=99 gid=99 egid=99
Mar 13 11:47:24 tourmalet perdition.imaps[2627]: Connect:
192.168.8.10:49753->192.168.12.2:993
Mar 13 11:47:24 tourmalet perdition.imaps[2627]: SSL connection using
AES128-SHA
Mar 13 11:47:24 tourmalet perdition.imaps[2627]: SELF: "* OK
[CAPABILITY IMAP4 IMAP4REV1 LITERAL+ ID AUTH=PLAIN SASL-IR] perdition
ready on tourmalet.ibcg.
biotoul.fr 0002ab61\r\n"
Mar 13 11:47:24 tourmalet perdition.imaps[2627]: CLIENT: "1.20 ID
(\"name\" \"Mac OS X Mail\" \"version\" \"7.2 (1874)\" \"os\" \"Mac OS
X\" \"os-version\" \
"10.9.2 (13C64)\" \"vendor\" \"Apple Inc.\")\r\n"
Mar 13 11:47:27 tourmalet perdition.imaps[2627]: SELF: "1.20 BAD
Unrecognised command, mate\r\n"
Mar 13 11:47:27 tourmalet perdition.imaps[2627]: CLIENT: "2"
Mar 13 11:47:27 tourmalet perdition.imaps[2627]: CLIENT: ".20
AUTHENTICATE PLAIN YmlndWV0AGJpZ3VldABCYXkzMyFFczEw\r\n"
Mar 13 11:47:30 tourmalet perdition.imaps[2627]: SELF: "2.20 BAD Mate,
try AUTHENTICATE <mechanism>\r\n"
Mar 13 11:47:30 tourmalet perdition.imaps[2627]: CLIENT: "3"
Mar 13 11:47:30 tourmalet perdition.imaps[2627]: CLIENT: ".20
AUTHENTICATE PLAIN AGJpZ3VldABCYXkzMyFFczEw\r\n"
Mar 13 11:47:33 tourmalet perdition.imaps[2627]: SELF: "3.20 BAD Mate,
try AUTHENTICATE <mechanism>\r\n"
Mar 13 11:47:33 tourmalet perdition.imaps[2627]: CLIENT: ""
Mar 13 11:47:33 tourmalet perdition.imaps[2627]: token_read:
token_fill_buffer
Mar 13 11:47:33 tourmalet perdition.imaps[2627]: read_line: token_read
Mar 13 11:47:33 tourmalet perdition.imaps[2627]: imap4_in_get_auth:
read_imap4_line 1
Mar 13 11:47:33 tourmalet perdition.imaps[2627]: main: protocol->in_get_auth
Mar 13 11:47:33 tourmalet perdition.imaps[2627]: Fatal Error reading
authentication information from client
192.168.8.10:49753->192.168.12.2:993: Exiting chi
ld
Mar 13 11:47:36 tourmalet perdition.imaps[2628]: Connect:
192.168.8.10:49754->192.168.12.2:993
Mar 13 11:47:36 tourmalet perdition.imaps[2628]: SSL connection using
AES128-SHA
Mar 13 11:47:36 tourmalet perdition.imaps[2628]: SELF: "* OK
[CAPABILITY IMAP4 IMAP4REV1 LITERAL+ ID AUTH=PLAIN SASL-IR] perdition
ready on tourmalet.ibcg.
biotoul.fr 0002ab61\r\n"
Mar 13 11:47:36 tourmalet perdition.imaps[2628]: CLIENT: "1.21 ID
(\"name\" \"Mac OS X Mail\" \"version\" \"7.2 (1874)\" \"os\" \"Mac OS
X\" \"os-version\" \
"10.9.2 (13C64)\" \"vendor\" \"Apple Inc.\")\r\n"
Mar 13 11:47:39 tourmalet perdition.imaps[2628]: SELF: "1.21 BAD
Unrecognised command, mate\r\n"
Mar 13 11:47:39 tourmalet perdition.imaps[2628]: CLIENT: "2"
Mar 13 11:47:39 tourmalet perdition.imaps[2628]: CLIENT: ".21
AUTHENTICATE PLAIN YmlndWV0AGJpZ3VldABCYXkzMyFFczEw\r\n"
Mar 13 11:47:42 tourmalet perdition.imaps[2628]: SELF: "2.21 BAD Mate,
try AUTHENTICATE <mechanism>\r\n"
Mar 13 11:47:45 tourmalet perdition.imaps[2628]: CLIENT: ""
Mar 13 11:47:45 tourmalet perdition.imaps[2628]: token_read:
token_fill_buffer
Mar 13 11:47:45 tourmalet perdition.imaps[2628]: read_line: token_read
Mar 13 11:47:45 tourmalet perdition.imaps[2628]: imap4_in_get_auth:
read_imap4_line 1
Mar 13 11:47:45 tourmalet perdition.imaps[2628]: main: protocol->in_get_auth
Mar 13 11:47:45 tourmalet perdition.imaps[2628]: Fatal Error reading
authentication information from client
192.168.8.10:49754->192.168.12.2:993: Exiting chi
ld
I have made some tests with ssl_mode but no more access.
Is any one can have an idea ?
Thank you
--
Christophe Carles
CNRS - LMGM
Service Informatique
Bât. IBCG
118, route de Narbonne
31062 Toulouse Cedex9
sinfo(a)ibcg.biotoul.fr
Tél : 05.61.33.59.60
Fax : 05.61.33.58.86
Hi all,
I was searching the web and the mailing list, but couldn’t find an answer on this question:
Does Perdition support TLS Version 1.1. and 1.2 for imaps?
I tested perdition 1.19-rc5, which is included in Debian 7.4.
It also includes "OpenSSL 1.0.1e 11 Feb 2013“ which does support it.
When scanning with „sslscan localhost:993“, I don’t get any matching cipher, even if I’ve added them to the „ssl_listen_ciphers“ like this:
ssl_listen_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS“
Thanks for your help!
Cheers
Andreas