Bug 4294 - Claws Mail cannot connect to the Cyrus IMAP server via the DIGEST-MD5 authentication in Fedora
Summary: Claws Mail cannot connect to the Cyrus IMAP server via the DIGEST-MD5 authent...
Status: NEW
Alias: None
Product: Claws Mail
Classification: Unclassified
Component: Other (show other bugs)
Version: 3.17.4
Hardware: PC Linux
: P3 normal
Assignee: users
URL: https://bugzilla.redhat.com/show_bug....
Depends on:
Blocks:
 
Reported: 2020-01-12 19:08 CET by Сейд
Modified: 2020-01-17 14:14 CET (History)
0 users

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Сейд 2020-01-12 19:08:34 CET
Description of problem:
Claws Mail cannot connect to the Cyrus IMAP server via the DIGEST-MD5 authentication mechanism in Fedora. Squirrelmail is connected normally via DIGEST-MD5.

Version-Release number of selected component:
claws-mail-3.17.4-3.fc31.x86_64
cyrus-sasl-md5-2.1.27-2.fc31.x86_64
libetpan-1.9.3-2.fc31.x86_64

cyrus-imapd-3.0.13-1.fc31.armv7hl
cyrus-sasl-md5-2.1.27-2.fc31.armv7hl


Steps to Reproduce:

1. $ cat /etc.imapd.conf:
sasl_mech_list: SCRAM-SHA-256 SCRAM-SHA-1 DIGEST-MD5

2. Claws Mail:
«Settings» → «The parameters for the current account…» → «Receive»
Authentication method: DIGEST-MD5


Actual results:

Journal of network:
* User account 'sejd@lime2.cf': Connecting to an IMAP server: mail.lime2.cf:993...
[2020-01-09 23:18:17] IMAP< * OK [CAPABILITY IMAP4rev1 LITERAL+ ID ENABLE AUTH=SCRAM-SHA-256 AUTH=SCRAM-SHA-1 AUTH=DIGEST-MD5 SASL-IR] lime2.cf Cyrus IMAP 3.0.13-1.fc31 Fedora server ready 
* IMAP connection is un-authenticated
[2020-01-09 23:18:17] IMAP> 1 CAPABILITY 
[2020-01-09 23:18:17] IMAP< * CAPABILITY IMAP4rev1 LITERAL+ ID ENABLE ACL RIGHTS=kxten QUOTA MAILBOX-REFERRALS NAMESPACE UIDPLUS NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND BINARY CATENATE CONDSTORE ESEARCH SEARCH=FUZZY SORT SORT=MODSEQ SORT=DISPLAY SORT=UID THREAD=ORDEREDSUBJECT THREAD=REFERENCES THREAD=REFS ANNOTATEMORE ANNOTATE-EXPERIMENT-1 METADATA LIST-EXTENDED LIST-STATUS LIST-MYRIGHTS LIST-METADATA WITHIN QRESYNC SCAN XLIST XMOVE MOVE SPECIAL-USE CREATE-SPECIAL-USE DIGEST=SHA1 X-REPLICATION URLAUTH URLAUTH=BINARY AUTH=SCRAM-SHA-256 AUTH=SCRAM-SHA-1 AUTH=DIGEST-MD5 SASL-IR XCONVERSATIONS COMPRESS=DEFLATE X-QUOTA=STORAGE X-QUOTA=MESSAGE X-QUOTA=X-ANNOTATION-STORAGE X-QUOTA=X-NUM-FOLDERS IDLE 
[2020-01-09 23:18:17] IMAP< 1 OK Completed 
[2020-01-09 23:18:17] IMAP> Logging sejd to mail.lime2.cf using DIGEST-MD5
[2020-01-09 23:18:17] IMAP< Completed
** Mistake IMAP in mail.lime2.cf: Mistake LOGIN
[2020-01-09 23:18:17] IMAP< Error logging in to mail.lime2.cf
[2020-01-09 23:20:15] IMAP> 2 LOGOUT 
[2020-01-09 23:20:15] IMAP< * BYE LOGOUT received 
[2020-01-09 23:20:15] IMAP< 2 OK Completed 

Claws Mail pop-up window:
The connection with the mail.lime2.cf didn't work: the login is rejected. 
The DIGEST-MD5 login only works if libetpan is built with SASL support and the DIGEST-MD5 SASL module is installed.

Expected results:
Connection via DIGEST-MD5 (or even better-via SCRAM-SHA-256-PLUS).
Comment 1 Paul 2020-01-15 16:08:01 CET
did you verify that "libetpan is built with SASL support and the DIGEST-MD5 SASL module is installed"?
Comment 2 Сейд 2020-01-15 16:19:58 CET
libetpan-1.9.3-2.fc31.x86_64 installed.
Comment 3 Paul 2020-01-15 17:51:31 CET
> libetpan-1.9.3-2.fc31.x86_64 installed.

That confirms that you have libetpan installed, but not whether it is built with SASL support and the DIGEST-MD5 SASL module is installed.
Comment 4 Paul 2020-01-15 18:03:59 CET
It looks like you also need this package installed:

cyrus-sasl-md5

Do you have that installed?
Comment 5 Сейд 2020-01-15 19:39:18 CET
cyrus-sasl-md5-2.1.27-2.fc31.x86_64 also installed.
Comment 6 Сейд 2020-01-16 10:18:25 CET
libetpan-1.9.3-2.fc31.x86_64 is built with SASL support:

https://kojipkgs.fedoraproject.org//packages/libetpan/1.9.3/2.fc31/data/logs/x86_64/build.log

$ rpm -qR libetpan|grep -i sasl
libsasl2.so.3()(64bit)
Comment 7 Paul 2020-01-17 11:47:33 CET
Did you try SCRAM-SHA-1 also?
Comment 8 Michael Rasmussen 2020-01-17 11:53:48 CET
Since MD5 encryption is broken it might be the case that the server does not allow using Digest-MD5 anymore.
Comment 9 Сейд 2020-01-17 13:17:00 CET
SCRAM-SHA-1 works fine, although only the first mailbox in the list worked fine yesterday, and the others had the same error. After the reboot, everything worked fine again. Squirrelmail works well with the server via DIGEST-MD5.
I was thinking, maybe Claws Mail uses a pseudo-random number generator for this authentication, and the problem is with it?
Comment 10 Paul 2020-01-17 14:14:13 CET
> I was thinking, maybe Claws Mail uses a pseudo-random number generator
> for this authentication, and the problem is with it?

If so, that would be a problem in libetpan (which is where this entire problem could be located).