From nobody Wed Jun 15 15:54:53 2022 X-Original-To: freebsd-questions@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 3952B8589E8 for ; Wed, 15 Jun 2022 15:55:44 +0000 (UTC) (envelope-from web@3dresearch.com) Received: from smtpg.telissant.net (smtpg.telissant.net [104.225.1.73]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4LNVJb3m3Bz4qNC for ; Wed, 15 Jun 2022 15:55:43 +0000 (UTC) (envelope-from web@3dresearch.com) Received: from sacada.3dresearch.com (localhost [127.0.0.1]) by smtpg.telissant.net (Postfix) with ESMTP id 4LNVJT1y8Sz1L3LF for ; Wed, 15 Jun 2022 11:55:37 -0400 (EDT) X-Virus-Scanned: amavisd-new at telissant.net Received: from smtpg.telissant.net ([127.0.0.1]) by sacada.3dresearch.com (sacada.3dresearch.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2TKLa2KzK0wu for ; Wed, 15 Jun 2022 11:55:36 -0400 (EDT) Received: from elettra.3dresearch.com (unknown [71.112.243.217]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) (Authenticated sender: elettra@sacada.3dresearch.com) by smtpg.telissant.net (Postfix) with ESMTPSA id 4LNVJS5cHqz1L3LC for ; Wed, 15 Jun 2022 11:55:36 -0400 (EDT) Received: from elettra.3dresearch.com (localhost [127.0.0.1]) by elettra.3dresearch.com (Postfix) with SMTP id 31982734BD for ; Wed, 15 Jun 2022 11:55:36 -0400 (EDT) Date: Wed, 15 Jun 2022 11:54:53 -0400 From: Janos Dohanics To: freebsd-questions@freebsd.org Subject: sieveshell authentication fails Message-Id: <20220615115453.57edea40499ffd89fed7151f@3dresearch.com> X-Mailer: Sylpheed 3.7.0 (GTK+ 2.24.33; amd64-portbld-freebsd13.0) List-Id: User questions List-Archive: https://lists.freebsd.org/archives/freebsd-questions List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-questions@freebsd.org X-BeenThere: freebsd-questions@freebsd.org Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Rspamd-Queue-Id: 4LNVJb3m3Bz4qNC X-Spamd-Bar: / Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=pass (mx1.freebsd.org: domain of web@3dresearch.com designates 104.225.1.73 as permitted sender) smtp.mailfrom=web@3dresearch.com X-Spamd-Result: default: False [0.49 / 15.00]; RCVD_VIA_SMTP_AUTH(0.00)[]; ARC_NA(0.00)[]; RCVD_COUNT_FIVE(0.00)[5]; FROM_HAS_DN(0.00)[]; ENVFROM_SERVICE_ACCT(1.00)[]; MV_CASE(0.50)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MIME_GOOD(-0.10)[text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-questions@freebsd.org]; TO_DN_NONE(0.00)[]; NEURAL_SPAM_MEDIUM(0.29)[0.292]; RCPT_COUNT_ONE(0.00)[1]; NEURAL_HAM_LONG(-1.00)[-1.000]; DMARC_NA(0.00)[3dresearch.com]; R_SPF_ALLOW(-0.20)[+mx]; NEURAL_HAM_SHORT(-1.00)[-1.000]; FROM_SERVICE_ACCT(1.00)[]; MLMMJ_DEST(0.00)[freebsd-questions]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:36236, ipnet:104.225.1.0/24, country:US]; RCVD_TLS_LAST(0.00)[]; MID_RHS_MATCH_FROM(0.00)[]; RECEIVED_SPAMHAUS_PBL(0.00)[71.112.243.217:received] X-ThisMailContainsUnwantedMimeParts: N Hello, I have a couple of Cyrus servers (cyrus-imapd32 and cyrus-imapd34) on FreeBSD 13.1-STABLE. I cannot authenticate with sieveshell(1) on either one of these servers. I can telnet to the Sieve server: # telnet localhost sieve Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. "IMPLEMENTATION" "Cyrus timsieved 3.4.3" "VERSION" "1.0" "SASL" "PLAIN" "SIEVE" "encoded-character comparator-i;ascii-numeric fileinto reject ereject vacation vacation-seconds notify enotify include editheader vnd.cyrus.snooze envelope environment body imap4flags date ihave mailbox mboxmetadata servermetadata duplicate relational regex extlists subaddress copy index variables redirect-deliverby redirect-dsn special-use fcc mailboxid" "NOTIFY" "mailto" "EXTLISTS" "urn:ietf:params:sieve:addrbook" "STARTTLS" "UNAUTHENTICATE" OK However, can't authenticate with sieveshell(1): # sieveshell -a [user] localhost Empty compile time value given to use lib at /usr/local/bin/sieveshell line 60. Empty compile time value given to use lib at /usr/local/bin/sieveshell line 61. connecting to localhost Please enter your password: unable to connect to server at /usr/local/bin/sieveshell line 202, line 1. Authentication with imtest(1) works: # imtest -a [user] -p 1430 WARNING: no hostname supplied, assuming localhost S: * OK [CAPABILITY IMAP4rev1 LITERAL+ ID ENABLE STARTTLS AUTH=PLAIN SASL-IR] [server] Cyrus IMAP 3.4.3 server ready Please enter your password: C: A01 AUTHENTICATE PLAIN AGpzcHJvdXQAVXJhai1vdjI= S: A01 OK [CAPABILITY IMAP4rev1 LITERAL+ ID ENABLE ACL ANNOTATE-EXPERIMENT-1 BINARY CATENATE CHILDREN CONDSTORE CREATE-SPECIAL-USE ESEARCH ESORT LIST-EXTENDED LIST-MYRIGHTS LIST-STATUS MAILBOX-REFERRALS METADATA MOVE MULTIAPPEND NAMESPACE OBJECTID QRESYNC QUOTA RIGHTS=kxten SAVEDATE SEARCH=FUZZY SORT SORT=DISPLAY SPECIAL-USE STATUS=SIZE THREAD=ORDEREDSUBJECT THREAD=REFERENCES UIDPLUS UNSELECT URLAUTH URLAUTH=BINARY WITHIN DIGEST=SHA1 LIST-METADATA NO_ATOMIC_RENAME PREVIEW=FUZZY SCAN SORT=MODSEQ SORT=UID THREAD=REFS X-CREATEDMODSEQ X-REPLICATION XLIST XMOVE LOGINDISABLED COMPRESS=DEFLATE X-QUOTA=STORAGE X-QUOTA=MESSAGE X-QUOTA=X-ANNOTATION-STORAGE X-QUOTA=X-NUM-FOLDERS IDLE] Success (no protection) SESSIONID=<[SESSIONID]> Authenticated. Security strength factor: 0 ^CC: Q01 LOGOUT Connection closed. A kind person on the Cyrus list suggested that mail/cyrus-imapd34 should be compiled with Kerberos. Accordingly, I recompiled mail/cyrus-imapd34 with GSSAPI_MIT=on; however, changing that option did not resolve the problem. Could someone please point me in the right direction? -- Janos Dohanics