afterlogic / webmail-lite-8

Open-source webmail script for existing IMAP server
https://afterlogic.org/webmail-lite-8
GNU Affero General Public License v3.0
336 stars 72 forks source link

ManageSieve issue with authentication #106

Closed mdecimus closed 8 months ago

mdecimus commented 9 months ago

Hi,

I am having an issue using Afterlogic with Stalwart Mail Server related to SASL authentication. The server responds with an empty list of SASL mechanisms as well as a STARTTLS capability. Rather than upgrading to TLS, Afterlogic proceeds without authenticating. Here are the logs:

11:20:44.46][a1605473]  ===== API: Mail::UpdateFilters
[11:20:44.47][a1605473] MANAGE-SIEVE[NOTE]: Start connection to "tcp://[mx.domain.org:4190](http://mx.domain.org:4190/)"
[11:20:44.68][a1605473] MANAGE-SIEVE[DATA]: < "IMPLEMENTATION" "Stalwart ManageSieve v0.6.0"\r\n
[11:20:44.68][a1605473] MANAGE-SIEVE[DATA]: < "VERSION" "1.0"\r\n
[11:20:44.68][a1605473] MANAGE-SIEVE[DATA]: < "SASL" ""\r\n
[11:20:44.68][a1605473] MANAGE-SIEVE[DATA]: < "STARTTLS"\r\n
[11:20:44.68][a1605473] MANAGE-SIEVE[DATA]: < "SIEVE" "body comparator-elbonia comparator-i;ascii-casemap comparator-i;ascii-numeric comparator-i;octet convert copy date duplicate editheader enclose encoded-character enotify envelope envelope-deliverby envelope-dsn environment ereject extlists extracttext fcc fileinto foreverypart ihave imap4flags imapsieve include index mailbox mailboxid mboxmetadata mime redirect-deliverby redirect-dsn regex reject relational replace servermetadata spamtest spamtestplus special-use subaddress vacation vacation-seconds variables virustest"\r\n
[11:20:44.68][a1605473] MANAGE-SIEVE[DATA]: < "NOTIFY" "mailto"\r\n
[11:20:44.68][a1605473] MANAGE-SIEVE[DATA]: < "MAXREDIRECTS" "1"\r\n
[11:20:44.68][a1605473] MANAGE-SIEVE[DATA]: < OK "Stalwart ManageSieve v0.6.0 at your service."\r\n
[11:20:44.68][a1605473] MANAGE-SIEVE[ERROR]: MailSo-Sieve-Exceptions-LoginBadMethodException
[11:20:44.68][a1605473] MANAGE-SIEVE[DATA]: > PUTSCRIPT "sieve" {257+}\r\n
[11:20:44.68][a1605473] MANAGE-SIEVE[DATA]: > # Sieve filter\r\nrequire ["fileinto", "copy", "vacation"] ;\r\n\r\n#begin = filters =\r\n#sieve filter\r\n\r\n\r\n#sieve_filter:1;0;0;google;3;Abuse;\r\nif header :contains ["From"] "google" {\r\nfileinto "Abuse" ;\r\nstop ;\r\n}\r\n\r\n#end sieve filter\r\n\r\n#end = filters =\r\nkeep ;\r\n
[11:20:44.89][a1605473] MANAGE-SIEVE[DATA]: < NO "Not authenticated."\r\n
[11:20:44.89][a1605473] MANAGE-SIEVE[WARNING]: MailSo-Sieve-Exceptions-NegativeResponseException
[11:20:44.89][a1605473] Exception: MailSo-Sieve-Exceptions-NegativeResponseException

This behavior is not in compliance with RFC5804 that indicates:

   SASL - List of SASL mechanisms supported by the server, each
   separated by a space.  This list can be empty if and only if STARTTLS
   is also advertised.  This means that the client must negotiate TLS
   encryption with STARTTLS first, at which point the SASL capability
   will list a non-empty list of SASL mechanisms.
afterlogic-support commented 9 months ago

Currently, the product does not automatically detect whether the use of STARTTLS is required for ManageSieve. To enable it, you need to set "SieveUseStarttls" to true in data/settings/modules/Mail.config.json configuration file.

mdecimus commented 8 months ago

Thanks, will report this to the user.