Description of problem:
Claws Mail cannot connect to the Cyrus IMAP server via the DIGEST-MD5 authentication mechanism in Fedora. Squirrelmail is connected normally via DIGEST-MD5.
Version-Release number of selected component:
Steps to Reproduce:
1. $ cat /etc.imapd.conf:
sasl_mech_list: SCRAM-SHA-256 SCRAM-SHA-1 DIGEST-MD5
2. Claws Mail:
«Settings» → «The parameters for the current account…» → «Receive»
Authentication method: DIGEST-MD5
Journal of network:
* User account 'firstname.lastname@example.org': Connecting to an IMAP server: mail.lime2.cf:993...
[2020-01-09 23:18:17] IMAP< * OK [CAPABILITY IMAP4rev1 LITERAL+ ID ENABLE AUTH=SCRAM-SHA-256 AUTH=SCRAM-SHA-1 AUTH=DIGEST-MD5 SASL-IR] lime2.cf Cyrus IMAP 3.0.13-1.fc31 Fedora server ready
* IMAP connection is un-authenticated
[2020-01-09 23:18:17] IMAP> 1 CAPABILITY
[2020-01-09 23:18:17] IMAP< * CAPABILITY IMAP4rev1 LITERAL+ ID ENABLE ACL RIGHTS=kxten QUOTA MAILBOX-REFERRALS NAMESPACE UIDPLUS NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND BINARY CATENATE CONDSTORE ESEARCH SEARCH=FUZZY SORT SORT=MODSEQ SORT=DISPLAY SORT=UID THREAD=ORDEREDSUBJECT THREAD=REFERENCES THREAD=REFS ANNOTATEMORE ANNOTATE-EXPERIMENT-1 METADATA LIST-EXTENDED LIST-STATUS LIST-MYRIGHTS LIST-METADATA WITHIN QRESYNC SCAN XLIST XMOVE MOVE SPECIAL-USE CREATE-SPECIAL-USE DIGEST=SHA1 X-REPLICATION URLAUTH URLAUTH=BINARY AUTH=SCRAM-SHA-256 AUTH=SCRAM-SHA-1 AUTH=DIGEST-MD5 SASL-IR XCONVERSATIONS COMPRESS=DEFLATE X-QUOTA=STORAGE X-QUOTA=MESSAGE X-QUOTA=X-ANNOTATION-STORAGE X-QUOTA=X-NUM-FOLDERS IDLE
[2020-01-09 23:18:17] IMAP< 1 OK Completed
[2020-01-09 23:18:17] IMAP> Logging sejd to mail.lime2.cf using DIGEST-MD5
[2020-01-09 23:18:17] IMAP< Completed
** Mistake IMAP in mail.lime2.cf: Mistake LOGIN
[2020-01-09 23:18:17] IMAP< Error logging in to mail.lime2.cf
[2020-01-09 23:20:15] IMAP> 2 LOGOUT
[2020-01-09 23:20:15] IMAP< * BYE LOGOUT received
[2020-01-09 23:20:15] IMAP< 2 OK Completed
Claws Mail pop-up window:
The connection with the mail.lime2.cf didn't work: the login is rejected.
The DIGEST-MD5 login only works if libetpan is built with SASL support and the DIGEST-MD5 SASL module is installed.
Connection via DIGEST-MD5 (or even better-via SCRAM-SHA-256-PLUS).
did you verify that "libetpan is built with SASL support and the DIGEST-MD5 SASL module is installed"?
> libetpan-1.9.3-2.fc31.x86_64 installed.
That confirms that you have libetpan installed, but not whether it is built with SASL support and the DIGEST-MD5 SASL module is installed.
It looks like you also need this package installed:
Do you have that installed?
cyrus-sasl-md5-2.1.27-2.fc31.x86_64 also installed.
libetpan-1.9.3-2.fc31.x86_64 is built with SASL support:
$ rpm -qR libetpan|grep -i sasl
Did you try SCRAM-SHA-1 also?
Since MD5 encryption is broken it might be the case that the server does not allow using Digest-MD5 anymore.
SCRAM-SHA-1 works fine, although only the first mailbox in the list worked fine yesterday, and the others had the same error. After the reboot, everything worked fine again. Squirrelmail works well with the server via DIGEST-MD5.
I was thinking, maybe Claws Mail uses a pseudo-random number generator for this authentication, and the problem is with it?
> I was thinking, maybe Claws Mail uses a pseudo-random number generator
> for this authentication, and the problem is with it?
If so, that would be a problem in libetpan (which is where this entire problem could be located).