IMAP authentication with TLS 1.2

[jberanek]

Hi there,

we're using MRBS for a long time no and are very happy with it. Untill now, we used imap as authentication method. Our mail provider recently deactivated TLS 1.0/1.1 for POP3, IMAP and SMTP and switched to TLS 1.2. Since then, a login in our MRBS is not possible anymore (username not known). I've updated to the latest release of MRBS (1.11.0), but that did not solve the problem. Any help is apprecatied! Thanks a lot and kind reagrds, Michael

Reported by: *anonymous

Original Ticket: mrbs/bugs/542

[jberanek]

TLS version will be based on your version of PHP/OS combination. I'd guess you're using either an old OS or version of PHP

Original comment by: jberanek

[jberanek]

Are you using 'imap' or 'imap_php' (recommended)?

Original comment by: campbell-m

[jberanek]

Thanks a lot for your quick reply! We're using PHP 8.1, thus it'll most probably be an issue with our OS version, I guess. Unfortunately, we're using a simple webspace at Ionos, where I have no influence on the OS version :-/ Guess I'll have to switch to some other authentication then. Kind regards, Michael

Original comment by: *anonymous

[jberanek]

imap

Original comment by: *anonymous

[jberanek]

Thanks for the hint! I did check with imap_php, but that didn't solve the issue.

Original comment by: *anonymous

[jberanek]

Did you have $auth["imap_php"]["port"] = 993;? Also you could try $auth["imap_php"]["tls"] = true;

Original comment by: campbell-m

[jberanek]

Thanks for the hint. Yes, I did have set these, but with no effect. Our school (where we use the MRBS) has switched its infrastructure to Microsoft recently. Thus I'll have to change the authentication to Azure AD anyhow. Since now it authenticated against our old mailserver. I was just too lazy/no time to switch it :-|

Original comment by: *anonymous

[jberanek]

Ah, if you're using Microsoft then I wonder if the problem is that Microsoft have changed their policy on authentication. See https://sourceforge.net/p/mrbs/support-requests/2607/

Original comment by: campbell-m

[jberanek]

Uhh, this is good to know, thanks. Untill now we used an Ionos-Mailserver, thus I did not have the "joy" of authenticate with mircosoft, but when I'll switch, this is an important information. Thus, thanks again :-)

Original comment by: *anonymous

[jberanek]

You should be OK authenticating against AD.

Original comment by: campbell-m

[jberanek]

If the MRBS installation is being hosted outside of the school you'd need a way to do secure LDAP to authenticate against a school Active Directory server though. Not many people are willing to allow LDAP access to AD from outside their organisation...

Original comment by: jberanek

[jberanek]

What this leaves is SimpleSAML to Azure AD which is...less than simple.

Original comment by: jberanek

[jberanek]

(By the way, see the section "SAML Authentication" in MRBS's AUTHENTICATION instructions)

Original comment by: jberanek

[jberanek]

Yes, I've just took a look and this seems to be the only valid option. Doesn't sound like fun, especially running simplesaml on a webspace without real root permissions. Maybe I'll give it a try during vacation (with a bit more time). Anyhow, thanks a lot for your help so far!

Original comment by: *anonymous

[Gergama]

Did you have any success getting SAML/Azure AD working with MRBS? I've had success, however issues with Chrome/Edge browsers.