Giters

afterlogic / webmail-lite-8

Open-source webmail script for existing IMAP server

Home Page:https://afterlogic.org/webmail-lite-8

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

ManageSieve issue with authentication

mdecimus opened this issue · comments

commented

Hi,

I am having an issue using Afterlogic with Stalwart Mail Server related to SASL authentication. The server responds with an empty list of SASL mechanisms as well as a STARTTLS capability. Rather than upgrading to TLS, Afterlogic proceeds without authenticating. Here are the logs:

11:20:44.46][a1605473]  ===== API: Mail::UpdateFilters
[11:20:44.47][a1605473] MANAGE-SIEVE[NOTE]: Start connection to "tcp://[mx.domain.org:4190](http://mx.domain.org:4190/)"
[11:20:44.68][a1605473] MANAGE-SIEVE[DATA]: < "IMPLEMENTATION" "Stalwart ManageSieve v0.6.0"\r\n
[11:20:44.68][a1605473] MANAGE-SIEVE[DATA]: < "VERSION" "1.0"\r\n
[11:20:44.68][a1605473] MANAGE-SIEVE[DATA]: < "SASL" ""\r\n
[11:20:44.68][a1605473] MANAGE-SIEVE[DATA]: < "STARTTLS"\r\n
[11:20:44.68][a1605473] MANAGE-SIEVE[DATA]: < "SIEVE" "body comparator-elbonia comparator-i;ascii-casemap comparator-i;ascii-numeric comparator-i;octet convert copy date duplicate editheader enclose encoded-character enotify envelope envelope-deliverby envelope-dsn environment ereject extlists extracttext fcc fileinto foreverypart ihave imap4flags imapsieve include index mailbox mailboxid mboxmetadata mime redirect-deliverby redirect-dsn regex reject relational replace servermetadata spamtest spamtestplus special-use subaddress vacation vacation-seconds variables virustest"\r\n
[11:20:44.68][a1605473] MANAGE-SIEVE[DATA]: < "NOTIFY" "mailto"\r\n
[11:20:44.68][a1605473] MANAGE-SIEVE[DATA]: < "MAXREDIRECTS" "1"\r\n
[11:20:44.68][a1605473] MANAGE-SIEVE[DATA]: < OK "Stalwart ManageSieve v0.6.0 at your service."\r\n
[11:20:44.68][a1605473] MANAGE-SIEVE[ERROR]: MailSo-Sieve-Exceptions-LoginBadMethodException
[11:20:44.68][a1605473] MANAGE-SIEVE[DATA]: > PUTSCRIPT "sieve" {257+}\r\n
[11:20:44.68][a1605473] MANAGE-SIEVE[DATA]: > # Sieve filter\r\nrequire ["fileinto", "copy", "vacation"] ;\r\n\r\n#begin = filters =\r\n#sieve filter\r\n\r\n\r\n#sieve_filter:1;0;0;google;3;Abuse;\r\nif header :contains ["From"] "google" {\r\nfileinto "Abuse" ;\r\nstop ;\r\n}\r\n\r\n#end sieve filter\r\n\r\n#end = filters =\r\nkeep ;\r\n
[11:20:44.89][a1605473] MANAGE-SIEVE[DATA]: < NO "Not authenticated."\r\n
[11:20:44.89][a1605473] MANAGE-SIEVE[WARNING]: MailSo-Sieve-Exceptions-NegativeResponseException
[11:20:44.89][a1605473] Exception: MailSo-Sieve-Exceptions-NegativeResponseException

This behavior is not in compliance with RFC5804 that indicates:

   SASL - List of SASL mechanisms supported by the server, each
   separated by a space.  This list can be empty if and only if STARTTLS
   is also advertised.  This means that the client must negotiate TLS
   encryption with STARTTLS first, at which point the SASL capability
   will list a non-empty list of SASL mechanisms.
commented

Currently, the product does not automatically detect whether the use of STARTTLS is required for ManageSieve. To enable it, you need to set "SieveUseStarttls" to true in data/settings/modules/Mail.config.json configuration file.

commented

Thanks, will report this to the user.