Hi all, hoping you might be able to help me out. I have a Perdition proxy
server (v1.17.1-1) setup to forward users to one of two Cyrus (v2.3.16)
backend mailstores based on an LDAP query. Everything works fine except for
securing the connection between Perdition and Cyrus; somehow Perdition is
seemingly ignoring the STARTTLS entry in the mail server's CAPABILITY
string. STARTTLS works perfectly fine connecting from the Perdition server
to the Cyrus server using both "imtest" and "openssl s_client".
The certs are all signed by a separate test CA I set up the other day and
work fine otherwise. I've posted the log and relevant Perdition configs
below, and I’ve tested the backend servers individually to ensure STARTTLS
is working fine on Cyrus’ end. Have I messed something up?
##/var/log/maillog##
Sep 3 10:23:34 perdition-host perdition[20007]: Connect:
client.example.com -> perdition.example.com
Sep 3 10:23:34 perdition-host perdition[20007]: SELF: "* OK IMAP4
Ready perdition.example.com 00021e71\r\n"
Sep 3 10:23:34 perdition-host perdition[20007]: CLIENT: "1
STARTTLS\r\n"
Sep 3 10:23:34 perdition-host perdition[20007]: SELF: "1 OK Begin
TLS negotiation now\r\n"
Sep 3 10:23:34 perdition-host perdition[20007]: SSL connection using
AES256-GCM-SHA384
Sep 3 10:23:34 perdition-host perdition[20007]: CLIENT: "2 login \"
user-test(a)email.example.com\" \"password\""
Sep 3 10:23:34 perdition-host perdition[20007]: CLIENT: "\r\n"
Sep 3 10:23:34 perdition-host perdition[20007]: username_add_domain:
username_add_domain 0 1 0x260e0b4
Sep 3 10:23:34 perdition-host perdition[20007]: username_add_domain:
username_add_domain 0 4 0x260e0b4
Sep 3 10:23:34 perdition-host perdition[20007]: REAL: "* OK
[CAPABILITY IMAP4 IMAP4rev1 LITERAL+ ID STARTTLS AUTH=PLAIN AUTH=LOGIN
SASL-IR COMPRESS=DEFLATE] server ready\r\n* OK [ALERT] Cyrus01\r\n"
Sep 3 10:23:34 perdition-host perdition[20007]: SELF: "flim07
CAPABILITY\r\n"
Sep 3 10:23:34 perdition-host perdition[20007]: tls_outgoing_force is
set, but the real-server does not have the STARTTLS capability, connection
will not be encrypted
Sep 3 10:23:34 perdition-host perdition[20007]: SELF: "flim07
CAPABILITY\r\n"
Sep 3 10:23:34 perdition-host perdition[20007]: REAL: "* CAPABILITY
IMAP4 IMAP4rev1 LITERAL+ ID STARTTLS AUTH=PLAIN AUTH=LOGIN SASL-IR
COMPRESS=DEFLATE ACL RIGHTS=kxte QUOTA MAILBOX-REFERRALS NAMESPACE UIDPLUS
NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND BINARY SORT SORT=MODSEQ
THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE CATENATE CONDSTORE
SCAN IDLE LISTEXT LIST-SUBSCRIBED X-NETSCAPE URLAUTH\r\nflim07 OK
Completed\r\n"
Sep 3 10:23:34 perdition-host perdition[20007]: SELF: "flim08 LOGIN
{37}\r\n"
Sep 3 10:23:34 perdition-host perdition[20007]: REAL: "* CAPABILITY
IMAP4 IMAP4rev1 LITERAL+ ID STARTTLS AUTH=PLAIN AUTH=LOGIN SASL-IR
COMPRESS=DEFLATE ACL RIGHTS=kxte QUOTA MAILBOX-REFERRALS NAMESPACE UIDPLUS
NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND BINARY SORT SORT=MODSEQ
THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE CATENATE CONDSTORE
SCAN IDLE LISTEXT LIST-SUBSCRIBED X-NETSCAPE URLAUTH\r\nflim07 OK
Completed\r\n"
Sep 3 10:23:34 perdition-host perdition[20007]: SELF: "* CAPABILITY
IMAP4 IMAP4rev1 LITERAL+ ID STARTTLS AUTH=PLAIN AUTH=LOGIN SASL-IR
COMPRESS=DEFLATE ACL RIGHTS=kxte QUOTA MAILBOX-REFERRALS NAMESPACE UIDPLUS
NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND BINARY SORT SORT=MODSEQ
THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE CATENATE CONDSTORE
SCAN IDLE LISTEXT LIST-SUBSCRIBED X-NETSCAPE URLAUTH\r\n"
Sep 3 10:23:34 perdition-host perdition[20007]: imap4_out_response:
invalid tag from server 1
Sep 3 10:23:34 perdition-host perdition[20007]:
imap4_out_authenticate: imap4_out_response login
Sep 3 10:23:34 perdition-host perdition[20007]: SELF: "
user-test(a)email.example.com {9}\r\n"
Sep 3 10:23:34 perdition-host perdition[20007]: REAL: "+ go
ahead\r\n"
Sep 3 10:23:34 perdition-host perdition[20007]: SELF: "password\r\n"
Sep 3 10:23:34 perdition-host perdition[20007]: REAL: "+ go
ahead\r\n"
Sep 3 10:23:34 perdition-host perdition[20007]: imap4_out_response:
invalid tag from server 1
Sep 3 10:23:34 perdition-host perdition[20007]:
imap4_out_authenticate: imap4_out_response passwd
Sep 3 10:23:34 perdition-host perdition[20007]: main:
protocol->out_authenticate -1
Sep 3 10:23:34 perdition-host perdition[20007]: Fatal error
authenticating user. Exiting child.
##/etc/sysconfig/perdition##
RUN_PERDITION=yes
POP3=no
POP3S=no
IMAP4=no
IMAP4S=yes
##/usr/etc/perdition/perdition_imap4s.conf##
(All left default except following options:)
connection_logging
debug
listen_port 143
map_library /usr/lib/libperditiondb_ldap.so.0
map_library_opt "ldap:<redacted>"
ok_line Connected to perdition IMAP proxy.
protocol IMAP4S
outgoing_port 143
pid_file /var/run/perdition/perdition.imap4s.pid
timeout 60
ssl_mode tls_all
ssl_ca_file /etc/pki/tls/certs/ca.crt
ssl_ca_accept_self_signed
ssl_cert_file /etc/pki/tls/private/host_perdition.crt
ssl_cert_accept_self_signed
ssl_key_file /etc/pki/tls/private/host_perdition.key
Thanks in advance for any help, I’ve spent a good amount of time stuck on
this issue.
Steven Kelbley
Hi all, hoping you might be able to help me out.
I have a Perdition proxy server (v1.17.1-1) setup to forward users to one
of two Cyrus (v2.3.16) backend mailstores based on an LDAP query.
Everything works fine except for securing the connection between Perdition
and Cyrus; somehow Perdition is seemingly ignoring the STARTTLS entry in
the mail server's CAPABILITY string. STARTTLS works perfectly fine
connecting from the Perdition server to the Cyrus server using both
"imtest" and "openssl s_client".
The certs are all signed by a separate test CA I set up the other day and
work fine otherwise. I've posted the log and relevant Perdition configs
below, and I’ve tested the backend servers individually to ensure STARTTLS
is working fine on Cyrus’ end. Have I messed something up?
##/var/log/maillog##
Sep 3 10:23:34 perdition-host perdition[20007]: Connect:
client.example.com -> perdition.example.com
Sep 3 10:23:34 perdition-host perdition[20007]: SELF: "* OK IMAP4
Ready perdition.example.com 00021e71\r\n"
Sep 3 10:23:34 perdition-host perdition[20007]: CLIENT: "1
STARTTLS\r\n"
Sep 3 10:23:34 perdition-host perdition[20007]: SELF: "1 OK Begin
TLS negotiation now\r\n"
Sep 3 10:23:34 perdition-host perdition[20007]: SSL connection using
AES256-GCM-SHA384
Sep 3 10:23:34 perdition-host perdition[20007]: CLIENT: "2 login \"
user-test(a)email.example.com\" \"password\""
Sep 3 10:23:34 perdition-host perdition[20007]: CLIENT: "\r\n"
Sep 3 10:23:34 perdition-host perdition[20007]: username_add_domain:
username_add_domain 0 1 0x260e0b4
Sep 3 10:23:34 perdition-host perdition[20007]: username_add_domain:
username_add_domain 0 4 0x260e0b4
Sep 3 10:23:34 perdition-host perdition[20007]: REAL: "* OK
[CAPABILITY IMAP4 IMAP4rev1 LITERAL+ ID STARTTLS AUTH=PLAIN AUTH=LOGIN
SASL-IR COMPRESS=DEFLATE] server ready\r\n* OK [ALERT] Cyrus01\r\n"
Sep 3 10:23:34 perdition-host perdition[20007]: SELF: "flim07
CAPABILITY\r\n"
Sep 3 10:23:34 perdition-host perdition[20007]: tls_outgoing_force is
set, but the real-server does not have the STARTTLS capability, connection
will not be encrypted
Sep 3 10:23:34 perdition-host perdition[20007]: SELF: "flim07
CAPABILITY\r\n"
Sep 3 10:23:34 perdition-host perdition[20007]: REAL: "* CAPABILITY
IMAP4 IMAP4rev1 LITERAL+ ID STARTTLS AUTH=PLAIN AUTH=LOGIN SASL-IR
COMPRESS=DEFLATE ACL RIGHTS=kxte QUOTA MAILBOX-REFERRALS NAMESPACE UIDPLUS
NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND BINARY SORT SORT=MODSEQ
THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE CATENATE CONDSTORE
SCAN IDLE LISTEXT LIST-SUBSCRIBED X-NETSCAPE URLAUTH\r\nflim07 OK
Completed\r\n"
Sep 3 10:23:34 perdition-host perdition[20007]: SELF: "flim08 LOGIN
{37}\r\n"
Sep 3 10:23:34 perdition-host perdition[20007]: REAL: "* CAPABILITY
IMAP4 IMAP4rev1 LITERAL+ ID STARTTLS AUTH=PLAIN AUTH=LOGIN SASL-IR
COMPRESS=DEFLATE ACL RIGHTS=kxte QUOTA MAILBOX-REFERRALS NAMESPACE UIDPLUS
NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND BINARY SORT SORT=MODSEQ
THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE CATENATE CONDSTORE
SCAN IDLE LISTEXT LIST-SUBSCRIBED X-NETSCAPE URLAUTH\r\nflim07 OK
Completed\r\n"
Sep 3 10:23:34 perdition-host perdition[20007]: SELF: "* CAPABILITY
IMAP4 IMAP4rev1 LITERAL+ ID STARTTLS AUTH=PLAIN AUTH=LOGIN SASL-IR
COMPRESS=DEFLATE ACL RIGHTS=kxte QUOTA MAILBOX-REFERRALS NAMESPACE UIDPLUS
NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND BINARY SORT SORT=MODSEQ
THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE CATENATE CONDSTORE
SCAN IDLE LISTEXT LIST-SUBSCRIBED X-NETSCAPE URLAUTH\r\n"
Sep 3 10:23:34 perdition-host perdition[20007]: imap4_out_response:
invalid tag from server 1
Sep 3 10:23:34 perdition-host perdition[20007]:
imap4_out_authenticate: imap4_out_response login
Sep 3 10:23:34 perdition-host perdition[20007]: SELF: "
user-test(a)email.example.com {9}\r\n"
Sep 3 10:23:34 perdition-host perdition[20007]: REAL: "+ go
ahead\r\n"
Sep 3 10:23:34 perdition-host perdition[20007]: SELF: "password\r\n"
Sep 3 10:23:34 perdition-host perdition[20007]: REAL: "+ go
ahead\r\n"
Sep 3 10:23:34 perdition-host perdition[20007]: imap4_out_response:
invalid tag from server 1
Sep 3 10:23:34 perdition-host perdition[20007]:
imap4_out_authenticate: imap4_out_response passwd
Sep 3 10:23:34 perdition-host perdition[20007]: main:
protocol->out_authenticate -1
Sep 3 10:23:34 perdition-host perdition[20007]: Fatal error
authenticating user. Exiting child.
##/etc/sysconfig/perdition##
RUN_PERDITION=yes
POP3=no
POP3S=no
IMAP4=no
IMAP4S=yes
##/usr/etc/perdition/perdition_imap4s.conf##
(All left default except following options:)
connection_logging
debug
listen_port 143
map_library /usr/lib/libperditiondb_ldap.so.0
map_library_opt "ldap:<ldap_url_here>"
ok_line Connected to perdition IMAP proxy.
protocol IMAP4S
outgoing_port 143
pid_file /var/run/perdition/perdition.imap4s.pid
timeout 60
ssl_mode tls_all
ssl_ca_file /etc/pki/tls/certs/ca.crt
ssl_ca_accept_self_signed
ssl_cert_file /etc/pki/tls/private/host_perdition.crt
ssl_cert_accept_self_signed
ssl_key_file /etc/pki/tls/private/host_perdition.key
Thanks in advance for any help, I’ve spent a good amount of time stuck on
this issue.
Steven Kelbley
Hi,
I have been using Perdition 1.19rc5 for a while, have had sporadic
complaints
about POP that I think could be Perdition.
I noticed 2.1 is out since February, is anyone using it, and can comment
on stability?
I don't see any RPM for it for RHEL6/OEL6, they all seem to be the
1.19rc5 I have now.
I previously built using the source RPM. Anyone happen to have one?
Thanks!
new installation of perdition. I use the same file and content on my
popmap as I do on a working production server.
I see in my maillogs the following error:
Fatal Error reading authentication information from client
127.0.0.1:43557->127.0.0.1:143: Exiting child
It seems that perdition can't read my popmap file to get the redirection
to the imap server.
Can someone explain what the message is really telling me, please?
Thanks
steve campbell
I'm trying to install perdition on a new Centos 6.5 server. I'm using
the rpms from opensuse repo mentioned on the downloads page.
Upon startup, I getting the following message:
Starting perdition services (IMAP4): dlopen of
"/usr/lib/libperditiondb_gdbm.so" failed
I'm not sure where this library comes from and there aren't any
libperdition rpms that seem to provide this library.
Can anyone set me straight, please? Thanks
steve campbell
Hello List(s), ...
When using saslauthd for authentication with a remote imap server, in this
case perdition IMAP4, there seems to be a compatibility issue.
After LOGIN, perdition is sending the CAPABILITY tag before the OK.
saslauthd expects an OK, but receives the CAPABILITY first and then closes
the connection.
saslauthd[8454] :do_auth : auth failure: [user=x(a)test.d250.hu]
[service=imap] [realm=]
[mech=rimap] [reason=[ALERT] Unexpected response from remote authentication
server]
I was able to alter the last lines of auth_rimap.c, and hack this out, but
this should be implemented properly.
I assume, perdition behaves standard compliant within the IMAP4 protocol,
however it could send the combined "a OK [CAPABILITY ... ]" as dovecot
does. Is there a technical reason for the two separate messages? I was not
able to manipulate this behavior with configuration arguments.
saslauthd on the other hand could read the CAPABILITY tag, skip it, and
process the next tag to read an OK, and then close the connection, with the
Unexpected response error eventually.
I'm not sure which is the more standard compliant approach, but if my
assumption is correct, auth_rimap.c should be modified for increased
compatibility.
Thank you, ...
Greetings,
--
Király István
+36 209 753 758
LaKing(a)D250.hu
<http://d250.hu>
Hi list,
While searching the web and perdition-users mailing list archive, I did not found the answer to this case.
I encounter a little problem with libperditiondb_posix_regex .
The context is simple :
Perdition listening to IMAPS connections (from public network), with 3 backend IMAP servers on LAN.
The configuration is quite simple too ;) :
(this is running on Debian Wheezy , with Debian provided perdition package : version 1.19~rc5-1+b1)
/etc/perdition/perdition.imap4s.conf
_____
log_facility local5
timeout 40
imap_capability "IMAP4rev1 UIDPLUS CHILDREN NAMESPACE THREAD=ORDEREDSUBJECT THREAD=REFERENCES IDLE SORT QUOTA ACL ACL2=UNION STARTTLS"
ssl_mode ssl_listen
ssl_cert_file /etc/perdition/mtprx.stux.fr.crt
ssl_key_file /etc/perdition/mtprx.stux.fr.key
# M|map_library FILENAME:
# Library to open that provides functions to look up the server for a
# user.
# M /usr/lib/libperditiondb_gdbm.so.0
#map_library /usr/lib/libperditiondb_gdbm.so.0
map_library /usr/lib/libperditiondb_posix_regex.so.0
# map_library ""
# m|map_library_opt STRING:
# String option for the map_library.
# (default "")
#m ""
map_library_opt "/etc/perdition/transport.re"
bind_address 0.0.0.0,[2a01:xxx:xxx:xxx:xx:xx:feef:6101]
_____
/etc/perdition/transport.re
_____
(.*)(a)stuxnet.org: mta.stux.fr:143
(.*)(a)contacts.stux.fr: zimbra.stux.fr:143
(.*)(a)stux.fr.eu.org: $1@publicmx.stux.fr:143
____
For the 2 first lines on transport.re, no problem : auth is forwarded without rewriting and works well.
For the last, I try to extract the first part of e-mail address to forward only this to the "publicmx" host.
Perdition has been restarted after update of "transport.re" (according to documentation : regex are processed only one, while starting the daemon)
But when auth is made on the backend server, the whole e-mail address is used ...
(It's useful to say that the dovecot IMAP service works well on this backend).
____
May 1 17:16:41 publicmx dovecot: auth-worker(19430): Error: bsdauth(myuser(a)stux.fr.eu.org,172.18.10.61): getpwnam() failed: Operation not permitted
May 1 17:16:43 publicmx dovecot: imap-login: Aborted login (auth failed, 1 attempts in 2 secs): user=<myuser(a)stux.fr.eu.org>, method=PLAIN, rip=172.18.10.61, lip=172.18.2.25, session=<AxT4Jlj4CwCsEgo9>
____
Did I made a mistake in configuration ?
My regex seems to match, but is it compliant for this use case ?
Thanks for all your replies ;) .
Regards,
Christophe.
Hi,
I see that I still have old imap connection process that I have to kill
it manually.
...
nobody 28199 0.0 0.2 57972 2712 ? S Mar20 0:00
perdition.imap4: connect (bilas)
nobody 29060 0.0 0.2 57872 2732 ? S Mar12 0:00
perdition.imaps: connect (hoogsvon)
nobody 29684 0.0 0.2 57872 2716 ? S Mar07 0:00
perdition.imaps: connect (dojo)
nobody 30241 0.0 0.2 57872 2716 ? S Mar05 0:00
perdition.imaps: connect (dojo)
nobody 30877 0.0 0.2 57872 2712 ? S Mar11 0:00
perdition.imaps: connect (tason)
...
Is it possible to automatically kill all imap processes "connect" older
than x days?
My perdition.imap4s.conf:
timeout 60
authenticate_timeout 60
Is it possible to add a parameter connect_timeout?
(I am currently in version 1.19-rc4)
Regards,
Dominique
OK,
I used telnet to port 143 of cyrus.
The reply :
* OK [CAPABILITY IMAP4 IMAP4rev1 LITERAL+ ID STARTTLS]
moncayo2.ibcg.biotoul.fr Cyrus IMAP4 v2.3.7-Invoca-RPM-2.3.7-12.el5_7.2
server ready
I have changed these settings in /etc/perdition/perdition.imap4s.conf :
imap_capability IMAP4 IMAP4REV1 LITERAL+ ID STARTTLS
And now it's OK with MAIL frome apple 10.9.2 and 10.9.1
Thank you for your help.
Regards,
Christophe
Le 13/03/2014 17:43, Marc Michele a écrit :
> Am 13.03.2014 17:21, schrieb Christophe Carles:
>> OK, where can I found more explication about it ? Especially for AUTH ?
> I use telnet to port 143 of cyrus to get imap capability string for my
> installation. To get more information i think you should read the rfcs
> for imap a good starting point is: http://tools.ietf.org/html/rfc3501
>
>>>> Which version of cyrus you use and on which distribution?
>> Cyrus 0.91 on Centos 5.10
> Serious, i think it should be at last 2.x
>
> Marc
>
--
Christophe Carles
CNRS - LMGM
Service Informatique
Bât. IBCG
118, route de Narbonne
31062 Toulouse Cedex9
sinfo(a)ibcg.biotoul.fr
Tél : 05.61.33.59.60
Fax : 05.61.33.58.86
Hello,
I use perdition to make a mail-proxy for outside mails customers.
This work very well with most of software mails customers.
I set up this in order to make acces for smartphone and over tablets.
Recently, users reported me difficulties connecting with the e-mail
software of Apple "MAIL".
J have made some test and i don't understand what it could be ?
The Os server : Centos 6.5
The version of perdition is perdition-1.19rc5-3.7.x86_64
Installation from repos :
http://download.opensuse.org/repositories/home:/horms:/perdition/CentOS_Cen…
The perdition configuration :
_*/etc/sysconfig/perdition : *_
RUN_PERDITION=yes
POP3=no
POP3S=no
IMAP4=no
IMAP4S=yes
_*
*__*/etc/perdition/perdition.imap4s.conf*_
bind_address 193.48.191.9 # adresse d'écoute du service
connection_logging # On logue toutes les communications
imap_capability IMAP4 IMAP4REV1 LITERAL+ ID AUTH=PLAIN SASL-IR # On annonce la capacité imap aux clients
protocol IMAP4S # protocole utilisé
outgoing_port 993 ## Numero du port utilisé
outgoing_server 0.0.0.0 # serveur de renvoie par défaut. On attribue un serveur par utilisateur.
ssl_cert_file /etc/pki/tls/certs/ares.biotoul.fr.pem # chemin vers le certificat
ssl_key_file /etc/pki/tls/private/ares.biotoul.fr.key # chemin vers la clé du certificat
ssl_no_cert_verify # On ne vérifie pas la cryptographie inclus dans le certificat du backend
ssl_no_cn_verify # On ne vérifie pas le nom inclus dans le CN du certificat du backend
I use popmap for users in order to permit access :
_*/etc/perdition/popmap : *_
carles(a)biotoul.fr
_*Here are logs from client apple 10.9.2 (the last) with MAIL : *_
INITIATING CONNECTION Mar 13 11:39:11.381 host:tourmalet.ibcg.biotoul.fr
-- port:993 -- socket:0x0 -- thread:0x61000047a240
CONNECTED Mar 13 11:39:11.442 [kCFStreamSocketSecurityLevelTLSv1_0] --
host:tourmalet.ibcg.biotoul.fr -- port:993 -- socket:0x6000002d9ec0 --
thread:0x61000047a240
READ Mar 13 11:39:11.443 [kCFStreamSocketSecurityLevelTLSv1_0] --
host:tourmalet.ibcg.biotoul.fr -- port:993 -- socket:0x6000002d9ec0 --
thread:0x61000047a240
* OK [CAPABILITY IMAP4 IMAP4REV1 LITERAL+ ID AUTH=PLAIN SASL-IR]
perdition ready on tourmalet.ibcg.biotoul.fr 0002abbf
WROTE Mar 13 11:39:11.445 [kCFStreamSocketSecurityLevelTLSv1_0] --
host:tourmalet.ibcg.biotoul.fr -- port:993 -- socket:0x6000002d9ec0 --
thread:0x60000067c700
1.54 ID ("name" "Mac OS X Mail" "version" "7.2 (1874)" "os" "Mac OS X"
"os-version" "10.9.2 (13C64)" "vendor" "Apple Inc.")
READ Mar 13 11:39:14.447 [kCFStreamSocketSecurityLevelTLSv1_0] --
host:tourmalet.ibcg.biotoul.fr -- port:993 -- socket:0x6000002d9ec0 --
thread:0x60800066f8c0
1.54 BAD Unrecognised command, mate
WROTE Mar 13 11:39:14.452 [kCFStreamSocketSecurityLevelTLSv1_0] --
host:tourmalet.ibcg.biotoul.fr -- port:993 -- socket:0x6000002d9ec0 --
thread:0x60800066f8c0
2.54 AUTHENTICATE PLAIN (*** 32 bytes hidden ***)
READ Mar 13 11:39:17.455 [kCFStreamSocketSecurityLevelTLSv1_0] --
host:tourmalet.ibcg.biotoul.fr -- port:993 -- socket:0x6000002d9ec0 --
thread:0x60800066f8c0
2.54 BAD Mate, try AUTHENTICATE <mechanism>
WROTE Mar 13 11:39:17.459 [kCFStreamSocketSecurityLevelTLSv1_0] --
host:tourmalet.ibcg.biotoul.fr -- port:993 -- socket:0x6000002d9ec0 --
thread:0x60800066f8c0
3.54 AUTHENTICATE PLAIN ************************
READ Mar 13 11:39:20.462 [kCFStreamSocketSecurityLevelTLSv1_0] --
host:tourmalet.ibcg.biotoul.fr -- port:993 -- socket:0x6000002d9ec0 --
thread:0x60800066f8c0
3.54 BAD Mate, try AUTHENTICATE <mechanism>
_*
*__*And here are logs from server perdition*__*: *_
Starting perdition version=1.19-rc5 protocol=IMAP4S
Mar 13 11:47:08 tourmalet perdition.imaps[2622]: add_domain="",
authenticate_in=off, authenticate_timeout=1800,
bind_address="192.168.12.2", client_server_sp
ecification=off, config_file="/etc/perdition/perdition.imap4s.conf",
connection_limit=0, connection_logging=on, connect_relog=300, debug=on,
domain_delimiter
="@", explicit_domain="", group="nobody", imap_capability="IMAP4
IMAP4REV1 LITERAL+ ID AUTH=PLAIN SASL-IR", inetd_mode=off,
listen_port="imaps", log_facility
="mail", log_passwd="never", login_disabled=off, lower_case="",
managesieve_capability=""IMPLEMENTATION" "perdition" "SIEVE"
"comparator-i;octet comparator-
i;ascii-casemap fileinto reject envelope encoded-character vacation
subaddress comparator-i;ascii-numeric relational regex imap4flags copy
include variables
body enotify environment mailbox date" "SASL" "PLAIN" "NOTIFY"
"mailto" "VERSION" "1.19-rc5"",
map_library="/usr/lib64/libperditiondb_gdbm.so.0", map_libr
ary_opt="", no_bind_banner=off, no_daemon=off, no_lookup=off,
tcp_keepalive=off, nodename="tourmalet.ibcg.biotoul.fr", ok_line="You
are so in", outgoing_port
="993", outgoing_server="0.0.0.0",
pid_file="/var/run/perdition.imaps/perdition.imaps.pid",
pop_capability="UIDL.USER", protocol="IMAP4S", server_resp_line=o
ff, strip_domain="", timeout=1800, username="nobody",
username_from_database=off, query_key="", quiet=off (mask=0x00000028
00000000)
Mar 13 11:47:08 tourmalet perdition.imaps[2622]: ssl_mode="",
ssl_ca_file="", ssl_ca_path="/etc/perdition/perdition.ca/",
ssl_ca_accept_self_signed="off", ss
l_cert_file="/etc/pki/tls/certs/tourmalet.ibcg.biotoul.fr.pem",
ssl_cert_accept_expired="off", ssl_cert_not_yet_valid="off",
ssl_cert_self_signed="off", ssl_
cert_verify_depth=9,
ssl_key_file="/etc/pki/tls/private/tourmalet.ibcg.biotoul.fr.key",
ssl_listen_ciphers="", ssl_outgoing_ciphers="", ssl_no_cert_verify="o
n", ssl_no_client_cert_verify="off", ssl_no_cn_verify="on"
ssl_passphrase_fd=0, ssl_passphrase_file="", (ssl_mask=0x00000000)
Mar 13 11:47:08 tourmalet perdition.imaps[2625]:
vanessa_socket_daemon_setid: uid=99 euid=99 gid=99 egid=99
Mar 13 11:47:24 tourmalet perdition.imaps[2627]: Connect:
192.168.8.10:49753->192.168.12.2:993
Mar 13 11:47:24 tourmalet perdition.imaps[2627]: SSL connection using
AES128-SHA
Mar 13 11:47:24 tourmalet perdition.imaps[2627]: SELF: "* OK
[CAPABILITY IMAP4 IMAP4REV1 LITERAL+ ID AUTH=PLAIN SASL-IR] perdition
ready on tourmalet.ibcg.
biotoul.fr 0002ab61\r\n"
Mar 13 11:47:24 tourmalet perdition.imaps[2627]: CLIENT: "1.20 ID
(\"name\" \"Mac OS X Mail\" \"version\" \"7.2 (1874)\" \"os\" \"Mac OS
X\" \"os-version\" \
"10.9.2 (13C64)\" \"vendor\" \"Apple Inc.\")\r\n"
Mar 13 11:47:27 tourmalet perdition.imaps[2627]: SELF: "1.20 BAD
Unrecognised command, mate\r\n"
Mar 13 11:47:27 tourmalet perdition.imaps[2627]: CLIENT: "2"
Mar 13 11:47:27 tourmalet perdition.imaps[2627]: CLIENT: ".20
AUTHENTICATE PLAIN YmlndWV0AGJpZ3VldABCYXkzMyFFczEw\r\n"
Mar 13 11:47:30 tourmalet perdition.imaps[2627]: SELF: "2.20 BAD Mate,
try AUTHENTICATE <mechanism>\r\n"
Mar 13 11:47:30 tourmalet perdition.imaps[2627]: CLIENT: "3"
Mar 13 11:47:30 tourmalet perdition.imaps[2627]: CLIENT: ".20
AUTHENTICATE PLAIN AGJpZ3VldABCYXkzMyFFczEw\r\n"
Mar 13 11:47:33 tourmalet perdition.imaps[2627]: SELF: "3.20 BAD Mate,
try AUTHENTICATE <mechanism>\r\n"
Mar 13 11:47:33 tourmalet perdition.imaps[2627]: CLIENT: ""
Mar 13 11:47:33 tourmalet perdition.imaps[2627]: token_read:
token_fill_buffer
Mar 13 11:47:33 tourmalet perdition.imaps[2627]: read_line: token_read
Mar 13 11:47:33 tourmalet perdition.imaps[2627]: imap4_in_get_auth:
read_imap4_line 1
Mar 13 11:47:33 tourmalet perdition.imaps[2627]: main: protocol->in_get_auth
Mar 13 11:47:33 tourmalet perdition.imaps[2627]: Fatal Error reading
authentication information from client
192.168.8.10:49753->192.168.12.2:993: Exiting chi
ld
Mar 13 11:47:36 tourmalet perdition.imaps[2628]: Connect:
192.168.8.10:49754->192.168.12.2:993
Mar 13 11:47:36 tourmalet perdition.imaps[2628]: SSL connection using
AES128-SHA
Mar 13 11:47:36 tourmalet perdition.imaps[2628]: SELF: "* OK
[CAPABILITY IMAP4 IMAP4REV1 LITERAL+ ID AUTH=PLAIN SASL-IR] perdition
ready on tourmalet.ibcg.
biotoul.fr 0002ab61\r\n"
Mar 13 11:47:36 tourmalet perdition.imaps[2628]: CLIENT: "1.21 ID
(\"name\" \"Mac OS X Mail\" \"version\" \"7.2 (1874)\" \"os\" \"Mac OS
X\" \"os-version\" \
"10.9.2 (13C64)\" \"vendor\" \"Apple Inc.\")\r\n"
Mar 13 11:47:39 tourmalet perdition.imaps[2628]: SELF: "1.21 BAD
Unrecognised command, mate\r\n"
Mar 13 11:47:39 tourmalet perdition.imaps[2628]: CLIENT: "2"
Mar 13 11:47:39 tourmalet perdition.imaps[2628]: CLIENT: ".21
AUTHENTICATE PLAIN YmlndWV0AGJpZ3VldABCYXkzMyFFczEw\r\n"
Mar 13 11:47:42 tourmalet perdition.imaps[2628]: SELF: "2.21 BAD Mate,
try AUTHENTICATE <mechanism>\r\n"
Mar 13 11:47:45 tourmalet perdition.imaps[2628]: CLIENT: ""
Mar 13 11:47:45 tourmalet perdition.imaps[2628]: token_read:
token_fill_buffer
Mar 13 11:47:45 tourmalet perdition.imaps[2628]: read_line: token_read
Mar 13 11:47:45 tourmalet perdition.imaps[2628]: imap4_in_get_auth:
read_imap4_line 1
Mar 13 11:47:45 tourmalet perdition.imaps[2628]: main: protocol->in_get_auth
Mar 13 11:47:45 tourmalet perdition.imaps[2628]: Fatal Error reading
authentication information from client
192.168.8.10:49754->192.168.12.2:993: Exiting chi
ld
I have made some tests with ssl_mode but no more access.
Is any one can have an idea ?
Thank you
--
Christophe Carles
CNRS - LMGM
Service Informatique
Bât. IBCG
118, route de Narbonne
31062 Toulouse Cedex9
sinfo(a)ibcg.biotoul.fr
Tél : 05.61.33.59.60
Fax : 05.61.33.58.86