Perdition-users March 2014

perdition-users@vergenet.net

5 participants
3 discussions

Fwd: Re: Failed to log client mail on Apple since 10.9.1

by Christophe Carles

OK, I used telnet to port 143 of cyrus. The reply : * OK [CAPABILITY IMAP4 IMAP4rev1 LITERAL+ ID STARTTLS] moncayo2.ibcg.biotoul.fr Cyrus IMAP4 v2.3.7-Invoca-RPM-2.3.7-12.el5_7.2 server ready I have changed these settings in /etc/perdition/perdition.imap4s.conf : imap_capability IMAP4 IMAP4REV1 LITERAL+ ID STARTTLS And now it's OK with MAIL frome apple 10.9.2 and 10.9.1 Thank you for your help. Regards, Christophe Le 13/03/2014 17:43, Marc Michele a écrit : > Am 13.03.2014 17:21, schrieb Christophe Carles: >> OK, where can I found more explication about it ? Especially for AUTH ? > I use telnet to port 143 of cyrus to get imap capability string for my > installation. To get more information i think you should read the rfcs > for imap a good starting point is: http://tools.ietf.org/html/rfc3501 > >>>> Which version of cyrus you use and on which distribution? >> Cyrus 0.91 on Centos 5.10 > Serious, i think it should be at last 2.x > > Marc > -- Christophe Carles CNRS - LMGM Service Informatique Bât. IBCG 118, route de Narbonne 31062 Toulouse Cedex9 sinfo(a)ibcg.biotoul.fr Tél : 05.61.33.59.60 Fax : 05.61.33.58.86

9 years, 9 months

Failed to log client mail on Apple since 10.9.1

by Christophe Carles

Hello, I use perdition to make a mail-proxy for outside mails customers. This work very well with most of software mails customers. I set up this in order to make acces for smartphone and over tablets. Recently, users reported me difficulties connecting with the e-mail software of Apple "MAIL". J have made some test and i don't understand what it could be ? The Os server : Centos 6.5 The version of perdition is perdition-1.19rc5-3.7.x86_64 Installation from repos : http://download.opensuse.org/repositories/home:/horms:/perdition/CentOS_Cen… The perdition configuration : _*/etc/sysconfig/perdition : *_ RUN_PERDITION=yes POP3=no POP3S=no IMAP4=no IMAP4S=yes _* *__*/etc/perdition/perdition.imap4s.conf*_ bind_address 193.48.191.9 # adresse d'écoute du service connection_logging # On logue toutes les communications imap_capability IMAP4 IMAP4REV1 LITERAL+ ID AUTH=PLAIN SASL-IR # On annonce la capacité imap aux clients protocol IMAP4S # protocole utilisé outgoing_port 993 ## Numero du port utilisé outgoing_server 0.0.0.0 # serveur de renvoie par défaut. On attribue un serveur par utilisateur. ssl_cert_file /etc/pki/tls/certs/ares.biotoul.fr.pem # chemin vers le certificat ssl_key_file /etc/pki/tls/private/ares.biotoul.fr.key # chemin vers la clé du certificat ssl_no_cert_verify # On ne vérifie pas la cryptographie inclus dans le certificat du backend ssl_no_cn_verify # On ne vérifie pas le nom inclus dans le CN du certificat du backend I use popmap for users in order to permit access : _*/etc/perdition/popmap : *_ carles(a)biotoul.fr _*Here are logs from client apple 10.9.2 (the last) with MAIL : *_ INITIATING CONNECTION Mar 13 11:39:11.381 host:tourmalet.ibcg.biotoul.fr -- port:993 -- socket:0x0 -- thread:0x61000047a240 CONNECTED Mar 13 11:39:11.442 [kCFStreamSocketSecurityLevelTLSv1_0] -- host:tourmalet.ibcg.biotoul.fr -- port:993 -- socket:0x6000002d9ec0 -- thread:0x61000047a240 READ Mar 13 11:39:11.443 [kCFStreamSocketSecurityLevelTLSv1_0] -- host:tourmalet.ibcg.biotoul.fr -- port:993 -- socket:0x6000002d9ec0 -- thread:0x61000047a240 * OK [CAPABILITY IMAP4 IMAP4REV1 LITERAL+ ID AUTH=PLAIN SASL-IR] perdition ready on tourmalet.ibcg.biotoul.fr 0002abbf WROTE Mar 13 11:39:11.445 [kCFStreamSocketSecurityLevelTLSv1_0] -- host:tourmalet.ibcg.biotoul.fr -- port:993 -- socket:0x6000002d9ec0 -- thread:0x60000067c700 1.54 ID ("name" "Mac OS X Mail" "version" "7.2 (1874)" "os" "Mac OS X" "os-version" "10.9.2 (13C64)" "vendor" "Apple Inc.") READ Mar 13 11:39:14.447 [kCFStreamSocketSecurityLevelTLSv1_0] -- host:tourmalet.ibcg.biotoul.fr -- port:993 -- socket:0x6000002d9ec0 -- thread:0x60800066f8c0 1.54 BAD Unrecognised command, mate WROTE Mar 13 11:39:14.452 [kCFStreamSocketSecurityLevelTLSv1_0] -- host:tourmalet.ibcg.biotoul.fr -- port:993 -- socket:0x6000002d9ec0 -- thread:0x60800066f8c0 2.54 AUTHENTICATE PLAIN (*** 32 bytes hidden ***) READ Mar 13 11:39:17.455 [kCFStreamSocketSecurityLevelTLSv1_0] -- host:tourmalet.ibcg.biotoul.fr -- port:993 -- socket:0x6000002d9ec0 -- thread:0x60800066f8c0 2.54 BAD Mate, try AUTHENTICATE <mechanism> WROTE Mar 13 11:39:17.459 [kCFStreamSocketSecurityLevelTLSv1_0] -- host:tourmalet.ibcg.biotoul.fr -- port:993 -- socket:0x6000002d9ec0 -- thread:0x60800066f8c0 3.54 AUTHENTICATE PLAIN ************************ READ Mar 13 11:39:20.462 [kCFStreamSocketSecurityLevelTLSv1_0] -- host:tourmalet.ibcg.biotoul.fr -- port:993 -- socket:0x6000002d9ec0 -- thread:0x60800066f8c0 3.54 BAD Mate, try AUTHENTICATE <mechanism> _* *__*And here are logs from server perdition*__*: *_ Starting perdition version=1.19-rc5 protocol=IMAP4S Mar 13 11:47:08 tourmalet perdition.imaps[2622]: add_domain="", authenticate_in=off, authenticate_timeout=1800, bind_address="192.168.12.2", client_server_sp ecification=off, config_file="/etc/perdition/perdition.imap4s.conf", connection_limit=0, connection_logging=on, connect_relog=300, debug=on, domain_delimiter ="@", explicit_domain="", group="nobody", imap_capability="IMAP4 IMAP4REV1 LITERAL+ ID AUTH=PLAIN SASL-IR", inetd_mode=off, listen_port="imaps", log_facility ="mail", log_passwd="never", login_disabled=off, lower_case="", managesieve_capability=""IMPLEMENTATION" "perdition" "SIEVE" "comparator-i;octet comparator- i;ascii-casemap fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date" "SASL" "PLAIN" "NOTIFY" "mailto" "VERSION" "1.19-rc5"", map_library="/usr/lib64/libperditiondb_gdbm.so.0", map_libr ary_opt="", no_bind_banner=off, no_daemon=off, no_lookup=off, tcp_keepalive=off, nodename="tourmalet.ibcg.biotoul.fr", ok_line="You are so in", outgoing_port ="993", outgoing_server="0.0.0.0", pid_file="/var/run/perdition.imaps/perdition.imaps.pid", pop_capability="UIDL.USER", protocol="IMAP4S", server_resp_line=o ff, strip_domain="", timeout=1800, username="nobody", username_from_database=off, query_key="", quiet=off (mask=0x00000028 00000000) Mar 13 11:47:08 tourmalet perdition.imaps[2622]: ssl_mode="", ssl_ca_file="", ssl_ca_path="/etc/perdition/perdition.ca/", ssl_ca_accept_self_signed="off", ss l_cert_file="/etc/pki/tls/certs/tourmalet.ibcg.biotoul.fr.pem", ssl_cert_accept_expired="off", ssl_cert_not_yet_valid="off", ssl_cert_self_signed="off", ssl_ cert_verify_depth=9, ssl_key_file="/etc/pki/tls/private/tourmalet.ibcg.biotoul.fr.key", ssl_listen_ciphers="", ssl_outgoing_ciphers="", ssl_no_cert_verify="o n", ssl_no_client_cert_verify="off", ssl_no_cn_verify="on" ssl_passphrase_fd=0, ssl_passphrase_file="", (ssl_mask=0x00000000) Mar 13 11:47:08 tourmalet perdition.imaps[2625]: vanessa_socket_daemon_setid: uid=99 euid=99 gid=99 egid=99 Mar 13 11:47:24 tourmalet perdition.imaps[2627]: Connect: 192.168.8.10:49753->192.168.12.2:993 Mar 13 11:47:24 tourmalet perdition.imaps[2627]: SSL connection using AES128-SHA Mar 13 11:47:24 tourmalet perdition.imaps[2627]: SELF: "* OK [CAPABILITY IMAP4 IMAP4REV1 LITERAL+ ID AUTH=PLAIN SASL-IR] perdition ready on tourmalet.ibcg. biotoul.fr 0002ab61\r\n" Mar 13 11:47:24 tourmalet perdition.imaps[2627]: CLIENT: "1.20 ID (\"name\" \"Mac OS X Mail\" \"version\" \"7.2 (1874)\" \"os\" \"Mac OS X\" \"os-version\" \ "10.9.2 (13C64)\" \"vendor\" \"Apple Inc.\")\r\n" Mar 13 11:47:27 tourmalet perdition.imaps[2627]: SELF: "1.20 BAD Unrecognised command, mate\r\n" Mar 13 11:47:27 tourmalet perdition.imaps[2627]: CLIENT: "2" Mar 13 11:47:27 tourmalet perdition.imaps[2627]: CLIENT: ".20 AUTHENTICATE PLAIN YmlndWV0AGJpZ3VldABCYXkzMyFFczEw\r\n" Mar 13 11:47:30 tourmalet perdition.imaps[2627]: SELF: "2.20 BAD Mate, try AUTHENTICATE <mechanism>\r\n" Mar 13 11:47:30 tourmalet perdition.imaps[2627]: CLIENT: "3" Mar 13 11:47:30 tourmalet perdition.imaps[2627]: CLIENT: ".20 AUTHENTICATE PLAIN AGJpZ3VldABCYXkzMyFFczEw\r\n" Mar 13 11:47:33 tourmalet perdition.imaps[2627]: SELF: "3.20 BAD Mate, try AUTHENTICATE <mechanism>\r\n" Mar 13 11:47:33 tourmalet perdition.imaps[2627]: CLIENT: "" Mar 13 11:47:33 tourmalet perdition.imaps[2627]: token_read: token_fill_buffer Mar 13 11:47:33 tourmalet perdition.imaps[2627]: read_line: token_read Mar 13 11:47:33 tourmalet perdition.imaps[2627]: imap4_in_get_auth: read_imap4_line 1 Mar 13 11:47:33 tourmalet perdition.imaps[2627]: main: protocol->in_get_auth Mar 13 11:47:33 tourmalet perdition.imaps[2627]: Fatal Error reading authentication information from client 192.168.8.10:49753->192.168.12.2:993: Exiting chi ld Mar 13 11:47:36 tourmalet perdition.imaps[2628]: Connect: 192.168.8.10:49754->192.168.12.2:993 Mar 13 11:47:36 tourmalet perdition.imaps[2628]: SSL connection using AES128-SHA Mar 13 11:47:36 tourmalet perdition.imaps[2628]: SELF: "* OK [CAPABILITY IMAP4 IMAP4REV1 LITERAL+ ID AUTH=PLAIN SASL-IR] perdition ready on tourmalet.ibcg. biotoul.fr 0002ab61\r\n" Mar 13 11:47:36 tourmalet perdition.imaps[2628]: CLIENT: "1.21 ID (\"name\" \"Mac OS X Mail\" \"version\" \"7.2 (1874)\" \"os\" \"Mac OS X\" \"os-version\" \ "10.9.2 (13C64)\" \"vendor\" \"Apple Inc.\")\r\n" Mar 13 11:47:39 tourmalet perdition.imaps[2628]: SELF: "1.21 BAD Unrecognised command, mate\r\n" Mar 13 11:47:39 tourmalet perdition.imaps[2628]: CLIENT: "2" Mar 13 11:47:39 tourmalet perdition.imaps[2628]: CLIENT: ".21 AUTHENTICATE PLAIN YmlndWV0AGJpZ3VldABCYXkzMyFFczEw\r\n" Mar 13 11:47:42 tourmalet perdition.imaps[2628]: SELF: "2.21 BAD Mate, try AUTHENTICATE <mechanism>\r\n" Mar 13 11:47:45 tourmalet perdition.imaps[2628]: CLIENT: "" Mar 13 11:47:45 tourmalet perdition.imaps[2628]: token_read: token_fill_buffer Mar 13 11:47:45 tourmalet perdition.imaps[2628]: read_line: token_read Mar 13 11:47:45 tourmalet perdition.imaps[2628]: imap4_in_get_auth: read_imap4_line 1 Mar 13 11:47:45 tourmalet perdition.imaps[2628]: main: protocol->in_get_auth Mar 13 11:47:45 tourmalet perdition.imaps[2628]: Fatal Error reading authentication information from client 192.168.8.10:49754->192.168.12.2:993: Exiting chi ld I have made some tests with ssl_mode but no more access. Is any one can have an idea ? Thank you -- Christophe Carles CNRS - LMGM Service Informatique Bât. IBCG 118, route de Narbonne 31062 Toulouse Cedex9 sinfo(a)ibcg.biotoul.fr Tél : 05.61.33.59.60 Fax : 05.61.33.58.86

9 years, 9 months

Does Perdition Support TLSv1.1 and TLSv1.2

by Andreas Bauer

Hi all, I was searching the web and the mailing list, but couldn’t find an answer on this question: Does Perdition support TLS Version 1.1. and 1.2 for imaps? I tested perdition 1.19-rc5, which is included in Debian 7.4. It also includes "OpenSSL 1.0.1e 11 Feb 2013“ which does support it. When scanning with „sslscan localhost:993“, I don’t get any matching cipher, even if I’ve added them to the „ssl_listen_ciphers“ like this: ssl_listen_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS“ Thanks for your help! Cheers Andreas

9 years, 9 months

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

Perdition-users March 2014