Artica For Postfix

[EmiteAves]

Hello,

as I see, Artica provides only plain-text authentication with TLS for now?

Code: Select all

Feb 20 10:28:21 Debian cyrus/imap[13009]: accepted connection
Feb 20 10:28:21 Debian cyrus/imap[13009]: STARTTLS negotiation failed: xxx [xx.xx.xx.xx]
Feb 20 10:28:21 Debian cyrus/imap[13009]: Connection reset by peer, closing connection
Feb 20 10:28:23 Debian cyrus/imap[13007]: accepted connection
Feb 20 10:28:24 Debian cyrus/imap[13007]: starttls: TLSv1 with cipher AES256-SHA (256/256 bits new) no authentication
Feb 20 10:28:24 Debian cyrus/imap[13007]: badlogin: xxx [xx.xx.xx.xx] plain [SASL(-13): authentication failure: Password verification failed]
Feb 20 10:28:27 Debian cyrus/imap[13007]: badlogin: xxx [xx.xx.xx.xx] login [SASL(-13): authentication failure: checkpass failed]
Feb 20 10:28:30 Debian cyrus/imap[13007]: badlogin: xxx [xx.xx.xx.xx] plaintext stasik SASL(-13): authentication failure: checkpass failed
Feb 20 10:28:33 Debian cyrus/imap[13002]: accepted connection
Feb 20 10:28:33 Debian cyrus/imap[13002]: starttls: TLSv1 with cipher AES256-SHA (256/256 bits new) no authentication
Feb 20 10:28:33 Debian cyrus/imap[13002]: login: xxx [xx.xx.xx.xx] user@dexample.com plain+TLS User logged in

(This happens when I try to add CRAM-MD5, DIGEST-MD5 PLAIN to /etc/default/saslauthd)

The time-stamps show, that the it goes through all possible types and ends with PLAIN.
Artica is already using SASL, is it possible to add these authentication methods? cyrus -> auxprop -> /etc/sasldb (with cyrus reading sasldb), then ALL mechanisms are supported.

For example iPad and MacOSX refuse to use automatically use Plaintext (APOP) and you need to change it manually, which is pretty nasty for some users.

Authentication Recommendations by CyrusIMAP.org

If you are running a mail server on a single machine, we recommend that you configure the system to use CRAM-MD5 or DIGEST-MD5.

I do not know how Artica+Zarafa are handling that, but I think this is a good intent.

Kind regards

[admin]

I will add these option but it took time because, i need to tranform it to a form in the Artica interface.
I will ping you when the feature will be available.

[EmiteAves]

Hello,

There is a How-To and one site in French, maybe this will help you finishing this request more quickly.

The main problem is, that mobile clients can't use Artica with their devices - without the need to adjust settings (Password-Authentication) and for some iPhone2g or Nokia users its a mess. Would really appreciate this feature.

Btw. I spoke to the maintainer of Zarafa - they only support Plain-Text+TLS for unknown reasons.

Regards.

[admin]

Many thanks

I will add the feature before end of this week

[admin]

On the 1.5.030400 version you will be able to add different mechanisms that changes the /etc/imapd.conf file.

2011-03-04_004652.png (64.87 KiB) Viewed 796 times

I have read in some wikis there is some incompatibilities with cram/digest using ldap backend.
These post has been written in 2005.. perhaps something changed since this date.

[EmiteAves]

For now I can confirm that DIGEST-MD5 + TLS is working. Thank you for adding this feature. I will test this during this day!