From nobody Fri Sep 9 20:51:24 2022 X-Original-To: freebsd-questions@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4MPSq95QTtz4cJTb for ; Fri, 9 Sep 2022 20:52:21 +0000 (UTC) (envelope-from web@3dresearch.com) Received: from smtpg.telissant.net (smtpg.telissant.net [104.225.1.73]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4MPSq86W3fz3VHk for ; Fri, 9 Sep 2022 20:52:20 +0000 (UTC) (envelope-from web@3dresearch.com) Received: from sacada.3dresearch.com (localhost [127.0.0.1]) by smtpg.telissant.net (Postfix) with ESMTP id 4MPSq20JBVz2DcSN for ; Fri, 9 Sep 2022 16:52:14 -0400 (EDT) X-Virus-Scanned: amavisd-new at telissant.net Received: from smtpg.telissant.net ([127.0.0.1]) by sacada.3dresearch.com (sacada.3dresearch.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qJ9STyxIaF5v for ; Fri, 9 Sep 2022 16:52:13 -0400 (EDT) Received: from elettra.3dresearch.com (unknown [71.112.244.170]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) (Authenticated sender: elettra@sacada.3dresearch.com) by smtpg.telissant.net (Postfix) with ESMTPSA id 4MPSq130rcz2DcS9 for ; Fri, 9 Sep 2022 16:52:13 -0400 (EDT) Received: from elettra.3dresearch.com (localhost [127.0.0.1]) by elettra.3dresearch.com (Postfix) with SMTP id 9ACD777E39 for ; Fri, 9 Sep 2022 16:52:10 -0400 (EDT) Date: Fri, 9 Sep 2022 16:51:24 -0400 From: Janos Dohanics To: FreeBSD Questions Subject: cyrus sieve authentication Message-Id: <20220909165124.df7a80e061ecfe3ded9d5c87@3dresearch.com> X-Mailer: Sylpheed 3.7.0 (GTK+ 2.24.33; amd64-portbld-freebsd13.0) List-Id: User questions List-Archive: https://lists.freebsd.org/archives/freebsd-questions List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-questions@freebsd.org X-BeenThere: freebsd-questions@freebsd.org Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Rspamd-Queue-Id: 4MPSq86W3fz3VHk X-Spamd-Bar: / Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=pass (mx1.freebsd.org: domain of web@3dresearch.com designates 104.225.1.73 as permitted sender) smtp.mailfrom=web@3dresearch.com X-Spamd-Result: default: False [-0.80 / 15.00]; ENVFROM_SERVICE_ACCT(1.00)[]; FROM_SERVICE_ACCT(1.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; NEURAL_HAM_LONG(-1.00)[-1.000]; NEURAL_HAM_SHORT(-1.00)[-1.000]; MV_CASE(0.50)[]; R_SPF_ALLOW(-0.20)[+mx]; MIME_GOOD(-0.10)[text/plain]; ASN(0.00)[asn:36236, ipnet:104.225.1.0/24, country:US]; MIME_TRACE(0.00)[0:+]; MLMMJ_DEST(0.00)[freebsd-questions@freebsd.org]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; RCPT_COUNT_ONE(0.00)[1]; RCVD_TLS_LAST(0.00)[]; RCVD_COUNT_FIVE(0.00)[5]; ARC_NA(0.00)[]; TO_DN_ALL(0.00)[]; FROM_HAS_DN(0.00)[]; PREVIOUSLY_DELIVERED(0.00)[freebsd-questions@freebsd.org]; TO_MATCH_ENVRCPT_ALL(0.00)[]; DMARC_NA(0.00)[3dresearch.com]; MID_RHS_MATCH_FROM(0.00)[] X-ThisMailContainsUnwantedMimeParts: N Hello, I run an instance of mail/cyrus-imapd32 for a small number of users with saslauthd authentication. However, sieve authentication doesn't work. Cyrus-imapd was compiled as below: # make showconfig ===> The following configuration options are available for cyrus-imapd32-3.2.9_1: AUTOCREATE=on: Enable autocreate support BACKUP=off: Enable backup support (experimental) CLAMAV=off: Use ClamAV DOCS=on: Build and/or install documentation HTTP=off: Enable HTTP support IDLED=on: Enable IMAP idled support LDAP=off: Enable LDAP support (experimental) MURDER=off: Enable IMAP Murder support MYSQL=off: MySQL database support NNTP=off: Enable NNTP support PGSQL=off: PostgreSQL database support REPLICATION=off: Enable replication (experimental) SNMP=off: SNMP network protocol support SQLITE=on: SQLite database support SQUAT=on: Enable Squat support SRS=on: Enable Sender Rewriting Scheme support XAPIAN=off: Enable Xapian support ====> GSSAPI Security API support: you can only select none or one of them GSSAPI_HEIMDAL=off: GSSAPI support via security/heimdal GSSAPI_MIT=off: GSSAPI support via security/krb5 GSSAPI_BASE=on: GSSAPI support via base system (needs Kerberos) ====> Command line editing via libreadline: you can only select none or one of them READLINE_GNU=off: Use Term::Readline::GNU for cyradm READLINE_PERL=off: Use Term::Readline::Perl for cyradm ===> Use 'make config' to modify these settings When I try to connect: # telnet localhost sieve Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. "IMPLEMENTATION" "Cyrus timsieved 3.2.7" "VERSION" "1.0" "SASL" "PLAIN" "SIEVE" "comparator-i;ascii-numeric fileinto reject ereject vacation vacation-seconds imapflags notify enotify include editheader ihave envelope environment body imap4flags date mailbox mboxmetadata servermetadata duplicate relational regex extlists subaddress copy index variables mailboxid" "NOTIFY" "mailto" "EXTLISTS" "urn:ietf:params:sieve:addrbook" "STARTTLS" "UNAUTHENTICATE" OK The example on the Cyrus web site shows: [...] Escape character is '^]'. "IMPLEMENTATION" "Cyrus timsieved v1.1.0" "SASL" "ANONYMOUS PLAIN KERBEROS_V4 GSSAPI" "SIEVE" "fileinto reject envelope vacation imapflags notify subaddress regex" OK Someone on the Cyrus mailing list suggested that KERBEROS_V4 and GSSAPI are required for sieve authentication. Is that correct? If so, what compile options should I choose? Please advise. -- Janos Dohanics