# cyrus-imapd-2.2.8 / Sieve authentication problem

## pactoo

Hello,

I am having trouble with sieve not wanting to authenticate anyone. imtest works fine (asides from PLAIN, whyever), sivtest (and therefore sieveshell) do not, no matter what sasl-mechanism I am trying. I am using auxprop (sasldb) as user database. Two examples below, fails for all mechanisms.

Anyone any Idea or run into the same problem ? Found lots of similar problems, but no answers. Problem is also existant for the 2.2.3 ebuild. 

```

# sivtest -u test -a test localhost

S: "IMPLEMENTATION" "Cyrus timsieved v2.2.8-Gentoo"

S: "SASL" "GSSAPI CRAM-MD5 DIGEST-MD5 LOGIN PLAIN NTLM"

S: "SIEVE" "fileinto reject envelope vacation imapflags notify subaddress relational regex"

S: "STARTTLS"

S: OK

Authentication failed. generic failure

Security strength factor: 0

```

```

# sivtest -u test -a test localhost -m DIGEST-MD5

S: "IMPLEMENTATION" "Cyrus timsieved v2.2.8-Gentoo"

S: "SASL" "GSSAPI CRAM-MD5 DIGEST-MD5 LOGIN PLAIN NTLM"

S: "SIEVE" "fileinto reject envelope vacation imapflags notify subaddress relational regex"

S: "STARTTLS"

S: OK

C: AUTHENTICATE "DIGEST-MD5"

S: {244}

S: bm9uY2U9IkVBbWROaHRoY1FxdUt0VDNhN0U1ZDhPV21STXkraEpiVjFtWUszNTNKVk09IixyZWFsbT

0iZHJhY2hlbnRvciIscW9wPSJhdXRoLGF1dGgtaW50LGF1dGgtY29uZiIsY2lwaGVyPSJyYzQtNDAscmM

0LTU2LHJjNCxkZXMsM2RlcyIsbWF4YnVmPTQwOTYsY2hhcnNldD11dGYtOCxhbGdvcml0aG09bWQ1

LXNlc3M=

Please enter your password:

{348+}

C: dXNlcm5hbWU9InRlc3QiLHJlYWxtPSJkcmFjaGVudG9yIixub25jZT0iRUFtZE5odGhjUXF1S3RUM2E3R

TVkOE9XbVJNeStoSmJWMW1ZSzM1M0pWTT0iLGNub25jZT0iNW1rR21SWkdtaGo0akdNVXdUbS8z

cXdMK0hpZW5kWmZPcGVrcEhkQVpzST0iLG5jPTAwMDAwMDAxLHFvcD1hdXRoLWNvbmYsY2lwaG

VyPXJjNCxtYXhidWY9MTAyNCxkaWdlc3QtdXJpPSJzaWV2ZS9sb2NhbGhvc3QiLHJlc3BvbnNlPThkOT

FkOGZmY2ExMzdmODZjNzAyMDJiYjc1MGViMTcx

S: NO "Authentication Error"

Authentication failed. generic failure

Security strength factor: 128

```

EDIT:  Split up long lines of seemingly random text.  --pjp

----------

## langthang

post your /etc/imapd.conf, auth.log, imap.log.

----------

## pactoo

Here we go, imap.conf:

```

configdirectory:        /var/imap

partition-default:      /var/spool/imap

sievedir:               /var/imap/sieve

tls_ca_path:            /etc/ssl/certs

tls_cert_file:          /etc/ssl/cyrus/server.crt

tls_key_file:           /etc/ssl/cyrus/server.key

admins:                 cyrus

hashimapspool:          yes

allowanonymouslogin:    no

allowplaintext:         yes

sasl_pwcheck_method:   auxprop

defaultacl: lrswipcda

sendmail: /usr/sbin/sendmail

```

The logs: Did not see any hint I could use. Problem persists with sasl-2.1.19, too. I startet the server and ran sivtest like in my first post. Using user "cyrus" this time, who is existant in sasldb, too. imtest works, as said before. 

imap.log:

```

Oct  8 18:37:27 drachentor master[22643]: setrlimit: Unable to set file descriptors limit to -1: Operation not permitted

Oct  8 18:37:27 drachentor master[22643]: retrying with 1024 (current max)

Oct  8 18:37:27 drachentor master[22643]: process started

Oct  8 18:37:27 drachentor master[22645]: about to exec /usr/lib/cyrus/ctl_cyrusdb

Oct  8 18:37:28 drachentor ctl_cyrusdb[22645]: recovering cyrus databases

Oct  8 18:37:28 drachentor ctl_cyrusdb[22645]: skiplist: recovered /var/imap/mailboxes.db (0 records, 144 bytes) in 0 seconds

Oct  8 18:37:28 drachentor ctl_cyrusdb[22645]: skiplist: recovered /var/imap/annotations.db (0 records, 144 bytes) in 0 seconds

Oct  8 18:37:28 drachentor ctl_cyrusdb[22645]: done recovering cyrus databases

Oct  8 18:37:28 drachentor master[22643]: ready for work

Oct  8 18:37:28 drachentor master[22664]: about to exec /usr/lib/cyrus/tls_prune

Oct  8 18:37:28 drachentor master[22664]: can't exec /usr/lib/cyrus/tls_prune on schedule: No such file or directory

Oct  8 18:37:28 drachentor master[22665]: about to exec /usr/lib/cyrus/ctl_deliver

Oct  8 18:37:28 drachentor master[22666]: about to exec /usr/lib/cyrus/ctl_cyrusdb

Oct  8 18:37:28 drachentor master[22643]: process 22664 exited, status 71

Oct  8 18:37:28 drachentor ctl_cyrusdb[22666]: checkpointing cyrus databases

Oct  8 18:37:28 drachentor ctl_cyrusdb[22666]: archiving database file: /var/imap/annotations.db

Oct  8 18:37:28 drachentor cyr_expire[22665]: duplicate_prune: pruning back 3 days

Oct  8 18:37:28 drachentor cyr_expire[22665]: duplicate_prune: purged 0 out of 0 entries

Oct  8 18:37:28 drachentor cyr_expire[22665]: expunged 0 out of 0 messages from 0 mailboxes

Oct  8 18:37:28 drachentor master[22643]: process 22665 exited, status 0

Oct  8 18:37:28 drachentor ctl_cyrusdb[22666]: archiving log file: /var/imap/db/log.0000000001

Oct  8 18:37:28 drachentor ctl_cyrusdb[22666]: archiving database file: /var/imap/mailboxes.db

Oct  8 18:37:28 drachentor ctl_cyrusdb[22666]: archiving log file: /var/imap/db/log.0000000001

Oct  8 18:37:28 drachentor ctl_cyrusdb[22666]: done checkpointing cyrus databases

Oct  8 18:37:28 drachentor master[22643]: process 22666 exited, status 0

Oct  8 18:37:29 drachentor master[22668]: about to exec /usr/lib/cyrus/timsieved

Oct  8 18:37:29 drachentor sieve[22668]: executed

Oct  8 18:37:29 drachentor sieve[22668]: accepted connection

Oct  8 18:37:38 drachentor master[22643]: process 22668 exited, status 0

Oct  8 18:37:45 drachentor master[22670]: about to exec /usr/lib/cyrus/timsieved

Oct  8 18:37:45 drachentor sieve[22670]: executed

Oct  8 18:37:45 drachentor sieve[22670]: accepted connection

Oct  8 18:37:51 drachentor master[22643]: process 22670 exited, status 0

```

auth.log:

```

Oct  8 18:37:29 drachentor sieve[22668]: DIGEST-MD5 server step 1

Oct  8 18:37:29 drachentor sivtest: DIGEST-MD5 client step 2

Oct  8 18:37:33 drachentor sivtest: DIGEST-MD5 client step 2

Oct  8 18:37:33 drachentor sieve[22668]: DIGEST-MD5 server step 2

Oct  8 18:37:45 drachentor sieve[22670]: DIGEST-MD5 server step 1

Oct  8 18:37:45 drachentor sivtest: DIGEST-MD5 client step 2

Oct  8 18:37:48 drachentor sivtest: DIGEST-MD5 client step 2

Oct  8 18:37:48 drachentor sieve[22670]: DIGEST-MD5 server step 2

```

debug.log

```

Oct  8 18:37:27 drachentor master[22645]: about to exec /usr/lib/cyrus/ctl_cyrusdb

Oct  8 18:37:28 drachentor master[22664]: about to exec /usr/lib/cyrus/tls_prune

Oct  8 18:37:28 drachentor master[22665]: about to exec /usr/lib/cyrus/ctl_deliver

Oct  8 18:37:28 drachentor master[22666]: about to exec /usr/lib/cyrus/ctl_cyrusdb

Oct  8 18:37:28 drachentor master[22643]: process 22664 exited, status 71

Oct  8 18:37:28 drachentor ctl_cyrusdb[22666]: archiving database file: /var/imap/annotations.db

Oct  8 18:37:28 drachentor master[22643]: process 22665 exited, status 0

Oct  8 18:37:28 drachentor ctl_cyrusdb[22666]: archiving log file: /var/imap/db/log.0000000001

Oct  8 18:37:28 drachentor ctl_cyrusdb[22666]: archiving database file: /var/imap/mailboxes.db

Oct  8 18:37:28 drachentor ctl_cyrusdb[22666]: archiving log file: /var/imap/db/log.0000000001

Oct  8 18:37:28 drachentor master[22643]: process 22666 exited, status 0

Oct  8 18:37:29 drachentor master[22668]: about to exec /usr/lib/cyrus/timsieved

Oct  8 18:37:29 drachentor sieve[22668]: executed

Oct  8 18:37:29 drachentor sieve[22668]: accepted connection

Oct  8 18:37:38 drachentor master[22643]: process 22668 exited, status 0

Oct  8 18:37:45 drachentor master[22670]: about to exec /usr/lib/cyrus/timsieved

Oct  8 18:37:45 drachentor sieve[22670]: executed

Oct  8 18:37:45 drachentor sieve[22670]: accepted connection

Oct  8 18:37:51 drachentor master[22643]: process 22670 exited, status 0

```

----------

## langthang

did you create the user mailbox?

```

# cyradm -u cyrus localhost

Password:

localhost> cm user.test

localhost> quit

```

----------

## pactoo

Yes. For user test as for user cyrus. However, this should not be relevant according to the docs - and does not change anything. sivtest still fails to authenticate.

----------

## okuhl

Hi,

I'm having the same problem. What I find out is that when you upgrade from 2.1 or lower to 2.2 sieve scripts have to be compiled. 

There is a script in /usr/share/doc/cyrus-imapd-2.2.8/tools/, which uses the command "sievec", which I can't find anywhere on my installation. I don't really know if it has to do with the authentication-problems - but who knows.

What I am confused about is the fact that cyrus and sieve normally use the same authentication. In my case it's sasl. And logging into the mailbox works fine.

Does anyone know where to get "sievec"?

Gruss,

  Ollie.

----------

## drzook

I run /usr/share/doc/cyrus-imapd-2.2.8/tools/upgradesieve as user cyrus to upgrade the sieves.

bye

drzook

----------

## pactoo

Dr. Zook, you have no authentication problems running sieveshell and/or sivtest ? Are you using sasldb or saslauthd ?

I'a asking because I think of opening a bug report.  Got no response on the cyrus mailing list so far. Been a couple of days now and I really would like the stuff getting to work - its the last missing item on the migration to gentoo.

----------

## okuhl

 *drzook wrote:*   

> I run /usr/share/doc/cyrus-imapd-2.2.8/tools/upgradesieve as user cyrus to upgrade the sieves.
> 
> 

 

This does not compile my old sieve-skripts. Therefore I need sievec - which I cannot find.

Gruss,

  Ollie.

----------

## langthang

Please try cyrus-imapd-2.2.8-r1 in portage, sievec is added in that ebuild.

```
# emerge -vp cyrus-imapd

These are the packages that I would merge, in order:

Calculating dependencies ...done!

[ebuild   R   ] net-mail/cyrus-imapd-2.2.8-r1  -afs -drac -kerberos +pam +snmp +ssl +tcpd 0 kB

Total size of downloads: 0 kB

# qpkg -l cyrus-imapd | grep sievec

/usr/lib/cyrus/sievec
```

----------

## okuhl

 *langthang wrote:*   

> Please try cyrus-imapd-2.2.8-r1 in portage, sievec is added in that ebuild.
> 
> 

 

Ah! Thanks for the hint! I'll try that one soon....

Gruss,

  Ollie.

----------

## daemonb

same problem here updated to 2.2.10, but the auth error is the same.

I tried sieveshell --user=testuser localhost

In auth.log he tells me Passwort verification failed.

Any tips for solving this problem, cause i need sieve as soon as possible....

----------

## turtlendog

I have to specify an -a (auth name) with sieveshell because it mangles my domain name (virtual mailboxes).

sieveshell -u lucky@FQ.DN -a lucky@FQ.DN localhost

----------

## FIy

any upates on this? i am running 2.2.12 and have the exact same error.

----------

## Timz

hi, dont worry your not alone.

you can have more informations with strace ...

it seems to be a problem with a perl module

----------

