Announcement

Collapse
No announcement yet.

CentOS and sieve problem (MAIL_FILTER-0002)

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • CentOS and sieve problem (MAIL_FILTER-0002)

    I have a problem with sieve an OX 6.18 on my CentOS system.
    I have read that since OX 6.14 most of this problems with sieve has been solved.

    The error message from mailfilter is:

    Invalid sieve credentials (MAIL_FILTER-0002)

    In another message i've read that i should create user in the form:

    -e email@domain.de --imaplogin username .....

    My users are in this form but it dont work.
    I've tested also to change the SIEVE_CREDSRC (session/imaplogin/mail) but nothing changed.

    I think i have a problem with plain authentication on the sieve server. Every time a user logged in i found this in my maillog:

    Dec 1 20:36:56 mail master[23713]: about to exec /usr/lib/cyrus-imapd/timsieved
    Dec 1 20:36:56 mail sieve[23713]: executed
    Dec 1 20:36:56 mail sieve[23713]: accepted connection
    Dec 1 20:36:56 mail sieve[23713]: mystore: starting txn 2147483855
    Dec 1 20:36:56 mail sieve[23713]: mystore: committing txn 2147483855
    Dec 1 20:36:56 mail sieve[23713]: starttls: TLSv1 with cipher RC4-MD5 (128/128 bits new) no authentication
    Dec 1 20:36:56 mail sieve[23713]: badlogin: localhost.localdomain[127.0.0.1] PLAIN authentication failure

    Sieve accept:
    S: "IMPLEMENTATION" "Cyrus timsieved v2.3.7-Invoca-RPM-2.3.7-7.el5_4.3"
    S: "SASL" "DIGEST-MD5 LOGIN CRAM-MD5 PLAIN"

    The problem is plain auth doesnt work.

    My questions are:
    1. Has anybody sieve on CentOS working with OX 6.18?
    2. Can OX connect to sieve using md5?

    In the mailfilter.properties i found only using tls true/false but nothing about plain or md5 encryption.

    My system:
    CentOS 5.5
    Java 6.22
    open-xchange-mailfilter-6.18.0.0-7_7.2


    Silvio

  • #2
    Hello Silvio,

    Originally posted by silvio View Post
    I have a problem with sieve an OX 6.18 on my CentOS system.
    I have read that since OX 6.14 most of this problems with sieve has been solved.

    The error message from mailfilter is:

    Invalid sieve credentials (MAIL_FILTER-0002)

    In another message i've read that i should create user in the form:

    -e email@domain.de --imaplogin username .....

    My users are in this form but it dont work.
    I've tested also to change the SIEVE_CREDSRC (session/imaplogin/mail) but nothing changed.

    I think i have a problem with plain authentication on the sieve server. Every time a user logged in i found this in my maillog:

    Dec 1 20:36:56 mail master[23713]: about to exec /usr/lib/cyrus-imapd/timsieved
    Dec 1 20:36:56 mail sieve[23713]: executed
    Dec 1 20:36:56 mail sieve[23713]: accepted connection
    Dec 1 20:36:56 mail sieve[23713]: mystore: starting txn 2147483855
    Dec 1 20:36:56 mail sieve[23713]: mystore: committing txn 2147483855
    Dec 1 20:36:56 mail sieve[23713]: starttls: TLSv1 with cipher RC4-MD5 (128/128 bits new) no authentication
    Dec 1 20:36:56 mail sieve[23713]: badlogin: localhost.localdomain[127.0.0.1] PLAIN authentication failure

    Sieve accept:
    S: "IMPLEMENTATION" "Cyrus timsieved v2.3.7-Invoca-RPM-2.3.7-7.el5_4.3"
    S: "SASL" "DIGEST-MD5 LOGIN CRAM-MD5 PLAIN"

    The problem is plain auth doesnt work.
    What leads you to this conclusion? The same badlogin line is printed if you simply didn't enter the correct credentials. And if you disable the plaintext auth in the configfile a line like

    Dec 2 11:23:21 mail sieve[28925]: badlogin: localhost[127.0.0.1] PLAIN encryption needed to use mechanism

    is printed. So imho there's no problem with plaintext auth, but a problem with the correct username and password.

    So my first suggestion would be to disable TLS in sieve, make a dump of the communication and look if the correct username/password combination is used. You can generate the Sieve Auth Command with this little perl script http://www.rename-it.nl/dovecot/util...uth-command.pl.
    If it's not correct (what I assume) you have to play with the credential settings in OX

    My questions are:
    1. Has anybody sieve on CentOS working with OX 6.18?
    2. Can OX connect to sieve using md5?
    2. OX can only use plain auth in unencryted and TLS connections. But we had no scenarios where this turned out to be a problem, as TLS cared for the encryption, if enabled.

    In the mailfilter.properties i found only using tls true/false but nothing about plain or md5 encryption.
    That's correct

    Please just try what I suggested above. I'm quite sure that this problem isn't related to plaintext auth. To enable plaintext explicitly you can use the following setting in imapd.conf:

    allowplaintext: 1
    allowplainwithouttls: yes

    But the latter seems only responsible for the imap part not the managesieve implementation.

    Regards,

    Dennis

    Comment


    • #3
      Hi Dennis,

      i have tested the auth against sieve with sivtest.
      If i use sivtest -m Plain -u -a .... against the sieve server the same error occours.
      Authentication with tls and md5 gives me no error and i can loggin. This shows me that i have a problem with the sieve server .

      With plain:

      [root@mail ~]# sivtest -m Plain -u user@domain.de -a user@domain.de
      WARNING: no hostname supplied, assuming localhost

      S: "IMPLEMENTATION" "Cyrus timsieved v2.3.7-Invoca-RPM-2.3.7-7.el5_4.3"
      S: "SASL" "DIGEST-MD5 LOGIN CRAM-MD5 PLAIN"
      S: "SIEVE" "comparator-i;ascii-numeric fileinto reject vacation imapflags notify envelope relational regex subaddress copy"
      S: "STARTTLS"
      S: OK
      Please enter your password:
      C: AUTHENTICATE "PLAIN" {48+}
      c2ZsQGRlY29wdS5kZQBzZmxAZGVjb3B1LmRlAFMtNzA3NTgu
      S: NO "Authentication Error"
      Authentication failed. generic failure
      Security strength factor: 0


      With md5:

      [root@mail ~]# sivtest -u user@domain.de -a user@domain.de
      WARNING: no hostname supplied, assuming localhost

      S: "IMPLEMENTATION" "Cyrus timsieved v2.3.7-Invoca-RPM-2.3.7-7.el5_4.3"
      S: "SASL" "DIGEST-MD5 LOGIN CRAM-MD5 PLAIN"
      S: "SIEVE" "comparator-i;ascii-numeric fileinto reject vacation imapflags notify envelope relational regex subaddress copy"
      S: "STARTTLS"
      S: OK
      C: AUTHENTICATE "DIGEST-MD5"
      S: {248}
      S: bm9uY2U9Ik5lTXZDakJJNU1udFRWd2E1WG9JQmdDQXM3amR1MH lGeWJ4SmRjY1N4Slk9IixyZWFsbT0ibWFpbC5kZWNvcHUuZGUi LHFvcD0iYXV0aCxhdXRoLWludCxhdXRoLWNvbmYiLGNpcGhlcj 0icmM0LTQwLHJjNC01NixyYzQsZGVzLDNkZXMiLG1heGJ1Zj00 MDk2LGNoYXJzZXQ9dXRmLTgsYWxnb3JpdGhtPW1kNS1zZXNz
      Please enter your password:
      {384+}
      C: dXNlcm5hbWU9InNmbEBkZWNvcHUuZGUiLHJlYWxtPSJtYWlsLm RlY29wdS5kZSIsbm9uY2U9Ik5lTXZDakJJNU1udFRWd2E1WG9J QmdDQXM3amR1MHlGeWJ4SmRjY1N4Slk9Iixjbm9uY2U9Ikd6UV diU21SN09IT05sRUtQUkJvYkxhSDl0ZGtpTTg4eUp6OUV0YUww MkE9IixuYz0wMDAwMDAwMSxxb3A9YXV0aC1jb25mLGNpcGhlcj 1yYzQsbWF4YnVmPTEwMjQsZGlnZXN0LXVyaT0ic2lldmUvbG9j YWxob3N0LmxvY2FsZG9tYWluIixyZXNwb25zZT01N2JkZWU0YT Y2NWEzMzg2YTYwNDY5ZDcxZWU4ZTQ2ZA==
      S: OK (SASL "cnNwYXV0aD03YmRjOGRjZTkxNzA3YzdlYmZlMDIyNDliNDExZ WI3Yg==")
      Authenticated.
      Security strength factor: 128

      The two options allowplaintext and allowplainwithouttls are both enabled, but i dont want disable tls completely (the system use imaps).

      This is the reason i asked, if someone has a CentOS system with sieve enabled.


      Silvio

      Comment


      • #4
        Hi Silvio
        Originally posted by silvio View Post
        This is the reason i asked, if someone has a CentOS system with sieve enabled.
        I've just tested this here with CentOS. It works fine if all is configured correctly. So at first I would take a look into /var/log/maillog if sieve gives a generic failure on plain auth login.

        Regards,

        Dennis

        Comment


        • #5
          Originally posted by Dennis Sieben View Post
          Hi Silvio

          I've just tested this here with CentOS. It works fine if all is configured correctly. So at first I would take a look into /var/log/maillog if sieve gives a generic failure on plain auth login.
          Hi Dennis,


          i found the problem but at this point i have no acceptable solution.
          In my cyrus.conf i have this:
          sieve cmd="timsieved" listen="localhost:sieve" prefork=0

          If i delete the localhost in front of the sieve port and use the fqdn in the mailfilter.properties then authentication is working:

          Dec 7 10:26:16 mail imap[2894]: accepted connection
          Dec 7 10:26:16 mail imap[2890]: open: user user opened INBOX
          Dec 7 10:26:16 mail imap[2890]: open: user user opened INBOX
          Dec 7 10:26:17 mail imap[2996]: accepted connection
          Dec 7 10:26:17 mail imap[2996]: mystore: starting txn 2147483659
          Dec 7 10:26:17 mail imap[2996]: mystore: committing txn 2147483659
          Dec 7 10:26:17 mail imap[2996]: starttls: TLSv1 with cipher RC4-MD5 (128/128 bits new) no authentication
          Dec 7 10:26:17 mail imap[2996]: login: mail.domain.de [46.4.216.131] user PLAIN+TLS User logged in
          Dec 7 10:26:17 mail imap[2996]: seen_db: user user opened /var/lib/imap/user/s/user.seen
          Dec 7 10:26:17 mail imap[2996]: open: user user opened INBOX
          Dec 7 10:26:19 mail master[3013]: about to exec /usr/lib/cyrus-imapd/timsieved
          Dec 7 10:26:19 mail sieve[3013]: executed
          Dec 7 10:26:19 mail sieve[3013]: accepted connection
          Dec 7 10:26:19 mail sieve[3013]: mystore: starting txn 2147483661
          Dec 7 10:26:19 mail sieve[3013]: mystore: committing txn 2147483661
          Dec 7 10:26:19 mail sieve[3013]: starttls: TLSv1 with cipher RC4-MD5 (128/128 bits new) no authentication
          Dec 7 10:26:19 mail sieve[3013]: login: mail.domain.de[46.4.216.131] user PLAIN+TLS User logged in
          Dec 7 10:26:19 mail master[2878]: process 3013 exited, status 0
          Dec 7 10:27:16 mail master[2878]: process 2894 exited, status 0
          Dec 7 10:27:16 mail master[2878]: process 2890 exited, status 0
          Dec 7 10:27:26 mail master[2878]: process 2996 exited, status 0
          Dec 7 10:27:26 mail master[3020]: about to exec /usr/lib/cyrus-imapd/imapd
          Dec 7 10:27:26 mail imap[3020]: executed


          Silvio

          Comment

          Working...
          X