Quick solution to an infuriating problem.
Cyrus IMAP server is installed and authenticating just fine using saslauthd to my Active Directory:
/etc/imapd.conf:
...snip... sievedir: /var/lib/imap/sieve sendmail: /usr/sbin/sendmail sasl_pwcheck_method: saslauthd sasl_mech_list: PLAIN LOGIN ...snip...
/etc/sysconfig/saslauthd:
SOCKETDIR=/run/saslauthd MECH=ldap FLAGS="-r"
However I can’t get my sieve clients including sieveshell to authenticate:
[root@mailserver /]# sieveshell --user="first.last@example.com" --authname="first.last@example.com" localhost connecting to localhost connect: Connection refused unable to connect to server at /bin/sieveshell line 170.
Telnet-ing in yielded no auth mech’s presented:
[root@mailserver /]# telnet localhost sieve Trying ::1... Connected to localhost. Escape character is '^]'. "IMPLEMENTATION" "Cyrus timsieved v2.4.17-Fedora-RPM-2.4.17-8.el7_1" "SIEVE" "comparator-i;ascii-numeric fileinto reject vacation imapflags notify envelope relational regex subaddress copy" "STARTTLS" "UNAUTHENTICATE" OK
No auth mech’s listed, e.g. PLAIN, LOGIN, etc. What gives? The search string “timsieved sasl_auth_mech” yielded 3 results on Google, luckily this page was one of them. How often is it simply that some package you need isn’t installed?
[root@mailserver /]# yum -y install cyrus-sasl-plain
That’s it:
[root@mailserver /]# telnet localhost sieve Trying ::1... Connected to localhost. Escape character is '^]'. "IMPLEMENTATION" "Cyrus timsieved v2.4.17-Fedora-RPM-2.4.17-8.el7_1" "SASL" "PLAIN LOGIN" "SIEVE" "comparator-i;ascii-numeric fileinto reject vacation imapflags notify envelope relational regex subaddress copy" "STARTTLS" "UNAUTHENTICATE" OK
Another takeaway I learned – if you want disable TLS for just Cyrus sieve adjust your /etc/cyrus.conf as such:
sieve cmd="timsieved" -C /etc/sieve.conf listen="sieve" prefork=0
And just modify the /etc/sieve.conf file to suit your needs. I know this has caused me issues in the past and never knew it could be tuned separate of imapd.