[Dovecot] managesieve proxy cyrus

Mathieu Kretchner mathieu.kretchner at sophia.inria.fr
Wed Jan 28 16:21:05 EET 2009 

I've found this in the cyrus log file :

Jan 28 13:19:18 cyrus_server sieve[10793]: login:
proxy_dovecot[138.138.138.138] imap2 PLAIN User logged in

When I test with sivtest -a myuser I can connect with PLAIN mechanism.

If I replay with a telnet cyrus_server 2000 exactly what avelsieve send
to a dovecot server I got this :

telnet cyrus_server sieve
Trying 138.138.138.138...
Connected to cyrus_server.inria.fr (138.138.138.138).
Escape character is '^]'.
"IMPLEMENTATION" "Cyrus timsieved v2.2.12"
"SASL" "PLAIN"
"SIEVE" "fileinto reject envelope vacation imapflags notify subaddress
relational comparator-i;ascii-numeric regex"
"STARTTLS"
OK
AUTHENTICATE "PLAIN" "AGltYXAyAGltYXAy"
OK
CAPABILITY
"IMPLEMENTATION" "Cyrus timsieved v2.2.12"
"SIEVE" "fileinto reject envelope vacation imapflags notify subaddress
relational comparator-i;ascii-numeric regex"
OK

It's like avelsieve just stop the connection by itself because once the
user is logged, there is no other command send ! I don't understand why
avelsieve tell me :
unable to connect to server IMAP. localhost.


I've done some others tests :
 - sivtest to a dovecot sieve server it's working.
 - telnet cyrus_server 2000 : it's working too
 - directly telnet dovecot 2000 : it's working too
 - telnet dovecot_proxy 2000 : it's not working ! (complain with NO
"Authentication failed.")

It seems like the problem comes from dovecot in proxy mode ?? (only to
connect to a cyrus sieve server, because it's working well with a
dovecot sieve server)


Mathieu Kretchner wrote:
>> Does Squirrelmail try to use STARTTLS? Having full session traffic logs
> I don't think Squirrelmail is trying to use STARTTLS. But anyway I've
> tried to trace the sieve connection protocol, you could find it in the
> attachement. It's approximatively the same data, I've posted yesterday
> with extra protocol tcp/ip :)
> 
>> of when Squirrelmail is logging into Dovecot proxy and when logging into
>> Cyrus proxy would be helpful (ngrep, wireshark, etc). If Squirrelmail
>> uses STARTTLS, this doesn't really work though (but at least the logs
>> will reveal that it is doing STARTTLS). Also if it is doing that,
>> perhaps the issue is SASL PLAIN after all, since Dovecot proxy won't do
>> STARTTLS to the Cyrus.
>>
>> Also if you set auth_debug=yes, what do you see in Dovecot logs when
>> attempting to log in?
>>
> Here is my dovecot log with auth_debug=yes :
> 
> Jan 28 09:31:24 myservername dovecot: auth(default): client in: AUTH   3
>       PLAIN   service=managesieve  secured  lip=127.0.0.1
> rip=127.0.0.1   lport=2000      rport=42791     resp=<hidden>
> Jan 28 09:31:24 myservername dovecot: auth-worker(default):
> sql(imap2,127.0.0.1): query: SELECT NULL AS password, host, destuser,
> 'Y' as nopassword, 'Y' AS proxy FROM proxy WHERE user = 'imap2'
> Jan 28 09:31:24 myservername dovecot: auth(default): client out: OK    3
>       user=imap2      host=138.138.138.138     destuser=imap2  proxy
> pass=<hidden>
> Jan 28 09:31:24 myservername dovecot: managesieve-login: Disconnected:
> user=<imap2>, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured
> Jan 28 09:31:24 myservername dovecot: auth(default): new auth
> connection: pid=4760
> 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: mathieu_kretchner.vcf
Type: text/x-vcard
Size: 258 bytes
Desc: not available
Url : http://dovecot.org/pipermail/dovecot/attachments/20090128/4d637adf/attachment.vcf

More information about the dovecot mailing list