Bug #80658 for NET-Sieve: Problem conecting to Cyrus

Tue Nov 06 05:25:43 2012 JIRA [...] cpan.org - Ticket created

CC:	agostini [...] univ-metz.fr
Subject:	Problem conecting to Cyrus

HI,

I cannot get Net::Sieve to work with Cyrus server. Below is a log from Net::SIeve and Cyrus

connection: remote host address is 127.0.0.1
<<< "IMPLEMENTATION" "Cyrus timsieved v2.3.16-Fedora-RPM-2.3.16-6.5.amzn1"
<<< "SASL" ""
<<< "SIEVE" "comparator-i;ascii-numeric fileinto reject vacation imapflags notify envelope relational regex subaddress copy"
<<< "STARTTLS"
<<< OK
Show quoted text

>>> STARTTLS\r\n

<<< OK "Begin TLS negotiation now"
--- TLS activated here
Subject Name: /trimmed
Issuer Name: /trimmed
-----BEGIN CERTIFICATE-----
trimmed
-----END CERTIFICATE-----
Show quoted text

>>> NOOP\r\n

<<< "IMPLEMENTATION" "Cyrus timsieved v2.3.16-Fedora-RPM-2.3.16-6.5.amzn1"
<<< "SASL" "PLAIN"
<<< "SIEVE" "comparator-i;ascii-numeric fileinto reject vacation imapflags notify envelope relational regex subaddress copy"
<<< OK
Show quoted text

>>> AUTHENTICATE "PLAIN" {20+}\r\n

----------------------------------------------------------------------------
in Cyrus log

Nov 6 10:23:24 ps-aws-p1 cyrus/master[18009]: about to exec /usr/lib/cyrus-imapd/timsieved
Nov 6 10:23:24 ps-aws-p1 cyrus/sieve[18009]: executed
Nov 6 10:23:24 ps-aws-p1 cyrus/sieve[18009]: accepted connection
Nov 6 10:23:24 ps-aws-p1 cyrus/sieve[18009]: imapd:Loading hard-coded DH parameters
Nov 6 10:23:24 ps-aws-p1 cyrus/sieve[18009]: SSL_accept() incomplete -> wait
Nov 6 10:23:24 ps-aws-p1 cyrus/sieve[18009]: SSL_accept() succeeded -> done
Nov 6 10:23:24 ps-aws-p1 cyrus/sieve[18009]: starttls: TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits new) no authentication
Nov 6 10:23:24 ps-aws-p1 cyrus/sieve[18009]: Lost connection to client -- exiting

Tue Nov 06 10:32:37 2012 agostini [...] univ-metz.fr - Status changed from 'new' to 'open'

Tue Nov 06 10:32:39 2012 agostini [...] univ-metz.fr - Taken

Tue Nov 06 10:46:23 2012 agostini [...] univ-metz.fr - Correspondence added

Le Mar 06 Nov 2012 05:25:43, JIRA a écrit : Show quoted text

> HI, > > I cannot get Net::Sieve to work with Cyrus server. Below is a log from > Net::SIeve and Cyrus >

thanks for your bug report Now I can't test cyrus 2.3. >= 13 but I just upload a new release of Net::Sieve with few waiting backport from sieve_connect Maybe you can test this 0.10 release, as soon as cpan mirrors are updated I hope this will solve your problem Show quoted text

> connection: remote host address is 127.0.0.1 > <<< "IMPLEMENTATION" "Cyrus timsieved v2.3.16-Fedora-RPM-2.3.16-6.5.amzn1" > <<< "SASL" "" > <<< "SIEVE" "comparator-i;ascii-numeric fileinto reject vacation imapflags > notify envelope relational regex subaddress copy" > <<< "STARTTLS" > <<< OK

> >>> STARTTLS\r\n

> <<< OK "Begin TLS negotiation now" > --- TLS activated here > Subject Name: /trimmed > Issuer Name: /trimmed > -----BEGIN CERTIFICATE----- > trimmed > -----END CERTIFICATE-----

> >>> NOOP\r\n

> <<< "IMPLEMENTATION" "Cyrus timsieved v2.3.16-Fedora-RPM-2.3.16-6.5.amzn1" > <<< "SASL" "PLAIN" > <<< "SIEVE" "comparator-i;ascii-numeric fileinto reject vacation imapflags > notify envelope relational regex subaddress copy" > <<< OK

> >>> AUTHENTICATE "PLAIN" {20+}\r\n

>

---------------------------------------------------------------------------- Show quoted text

> in Cyrus log > > Nov 6 10:23:24 ps-aws-p1 cyrus/master[18009]: about to exec > /usr/lib/cyrus-imapd/timsieved > Nov 6 10:23:24 ps-aws-p1 cyrus/sieve[18009]: executed > Nov 6 10:23:24 ps-aws-p1 cyrus/sieve[18009]: accepted connection > Nov 6 10:23:24 ps-aws-p1 cyrus/sieve[18009]: imapd:Loading hard-coded DH > parameters > Nov 6 10:23:24 ps-aws-p1 cyrus/sieve[18009]: SSL_accept() incomplete

-> wait Show quoted text

> Nov 6 10:23:24 ps-aws-p1 cyrus/sieve[18009]: SSL_accept() succeeded ->

done Show quoted text

> Nov 6 10:23:24 ps-aws-p1 cyrus/sieve[18009]: starttls: TLSv1 with cipher > DHE-RSA-AES256-SHA (256/256 bits new) no authentication > Nov 6 10:23:24 ps-aws-p1 cyrus/sieve[18009]: Lost connection to client -- > exiting

Tue Nov 06 10:46:25 2012 agostini [...] univ-metz.fr - Status changed from 'open' to 'stalled'

Tue Nov 06 14:51:29 2012 JIRA [...] cpan.org - Correspondence added

On 2012-11-06 10:46:23, YVESAGO wrote:
Show quoted text

> Le Mar 06 Nov 2012 05:25:43, JIRA a écrit :

> > HI,
> >
> > I cannot get Net::Sieve to work with Cyrus server. Below is a log from
> > Net::SIeve and Cyrus
> >

>
> thanks for your bug report
>
> Now I can't test cyrus 2.3. >= 13
>
> but I just upload a new release of Net::Sieve with few waiting backport
> from sieve_connect
>
> Maybe you can test this 0.10 release, as soon as cpan mirrors are updated
>
> I hope this will solve your problem

I have just tried it, but I now get a different error message - see below. I tried with and without various certificates.
My SSL serificates foo is quite low though

------------------------------------------------------------
my $server = Net::Sieve->new (
       server => 'localhost',
       user => 'user',
       password => 'password' ,
       port => 4190,
        ssl_verif => 0x00,
        notssl_veri => 0x01,
        debug => '1',
        dumptlsinfo => '1',
);

-----------------------------------------------------------------
connection: remote host address is 127.0.0.1
<<< "IMPLEMENTATION" "Cyrus timsieved v2.3.16-Fedora-RPM-2.3.16-6.5.amzn1"
<<< "SASL" ""
<<< "SIEVE" "comparator-i;ascii-numeric fileinto reject vacation imapflags notify envelope relational regex subaddress copy"
<<< "STARTTLS"
<<< OK
Show quoted text

>>> STARTTLS\r\n

<<< OK "Begin TLS negotiation now"
STARTTLS promotion failed: SSL connect attempt failed with unknown error error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
Show quoted text

>>> LOGOUT\r\n

<<< %16%03%01%01%8D%0C%00%01%89%00%80%FF%FF%FF%FF%FF%FF%FF%FF%C9%0F%DA%A2!h%C24%C4%C6b%8B%80%DC%1C%D1)%02N%08%8Ag%CCt%02%0B%BE%A6;%13%9B"QJ%08y%8E4%04%DD%EF%95%19%B3%CD:C%1B0+

Tue Nov 06 14:51:30 2012 The RT System itself - Status changed from 'stalled' to 'open'

Wed Nov 07 03:06:36 2012 agostini [...] univ-metz.fr - Correspondence added

CC:	JIRA [...] cpan.org
Subject:	Re: [rt.cpan.org #80658] Problem conecting to Cyrus
Date:	Wed, 07 Nov 2012 09:06:12 +0100
To:	bug-NET-Sieve [...] rt.cpan.org
From:	Yves Agostini <agostini [...] univ-metz.fr>

thanks for your test it's better ;-) Le mardi 06 novembre 2012 à 14:51 -0500, Jiří Pavlovský via RT a écrit : Show quoted text

> <URL: https://rt.cpan.org/Ticket/Display.html?id=80658 > > > On 2012-11-06 10:46:23, YVESAGO wrote:

> > Le Mar 06 Nov 2012 05:25:43, JIRA a écrit :

> > > HI, > > > > > > I cannot get Net::Sieve to work with Cyrus server. Below is a log from > > > Net::SIeve and Cyrus > > >

> > > > thanks for your bug report > > > > Now I can't test cyrus 2.3. >= 13 > > > > but I just upload a new release of Net::Sieve with few waiting backport > > from sieve_connect > > > > Maybe you can test this 0.10 release, as soon as cpan mirrors are updated > > > > I hope this will solve your problem

> > I have just tried it, but I now get a different error message - see below. I > tried with and without various certificates. > My SSL serificates foo is quite low though > > ------------------------------------------------------------ > my $server = Net::Sieve->new ( > server => 'localhost', > user => 'user', > password => 'password' , > port => 4190, > ssl_verif => 0x00, > notssl_veri => 0x01,

^^^^^^ please use "notssl_verif", there's a missing 'f' maybe I made a mistake in doc Show quoted text

> debug => '1', > dumptlsinfo => '1', > ); > > > ----------------------------------------------------------------- > connection: remote host address is 127.0.0.1 > <<< "IMPLEMENTATION" "Cyrus timsieved v2.3.16-Fedora-RPM-2.3.16-6.5.amzn1" > <<< "SASL" "" > <<< "SIEVE" "comparator-i;ascii-numeric fileinto reject vacation imapflags > notify envelope relational regex subaddress copy" > <<< "STARTTLS" > <<< OK

> >>> STARTTLS\r\n

> <<< OK "Begin TLS negotiation now" > STARTTLS promotion failed: SSL connect attempt failed with unknown error > error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify > failed

> >>> LOGOUT\r\n

> <<< > %16%03%01%01%8D%0C%00%01%89%00%80%FF%FF%FF%FF%FF%FF%FF%FF%C9%0F%DA%A2!h%C24%C4%C6b%8B%80%DC%1C%D1)%02N%08%8Ag%CCt%02%0B%BE%A6;%13%9B"QJ%08y%8E4%04%DD%EF%95%19%B3%CD:C%1B0+ >

Wed Nov 07 03:59:45 2012 agostini [...] univ-metz.fr - Correspondence added

CC:	JIRA [...] cpan.org
Subject:	Re: [rt.cpan.org #80658] Problem conecting to Cyrus
Date:	Wed, 07 Nov 2012 09:59:24 +0100
To:	bug-NET-Sieve [...] rt.cpan.org
From:	Yves Agostini <agostini [...] univ-metz.fr>

Le mardi 06 novembre 2012 à 14:51 -0500, Jiří Pavlovský via RT a écrit : Show quoted text

> <URL: https://rt.cpan.org/Ticket/Display.html?id=80658 > > > On 2012-11-06 10:46:23, YVESAGO wrote:

> > Le Mar 06 Nov 2012 05:25:43, JIRA a écrit :

> > > HI, > > > > > > I cannot get Net::Sieve to work with Cyrus server. Below is a log from > > > Net::SIeve and Cyrus > > >

> > > > thanks for your bug report > > > > Now I can't test cyrus 2.3. >= 13 > > > > but I just upload a new release of Net::Sieve with few waiting backport > > from sieve_connect > > > > Maybe you can test this 0.10 release, as soon as cpan mirrors are updated > > > > I hope this will solve your problem

> > I have just tried it, but I now get a different error message - see below. I > tried with and without various certificates. > My SSL serificates foo is quite low though > > ------------------------------------------------------------ > my $server = Net::Sieve->new ( > server => 'localhost', > user => 'user', > password => 'password' , > port => 4190, > ssl_verif => 0x00, > notssl_veri => 0x01,

^^^^^^ oops it's "notssl_verify", there are missing 'fy' Show quoted text

> debug => '1', > dumptlsinfo => '1', > ); > > > ----------------------------------------------------------------- > connection: remote host address is 127.0.0.1 > <<< "IMPLEMENTATION" "Cyrus timsieved v2.3.16-Fedora-RPM-2.3.16-6.5.amzn1" > <<< "SASL" "" > <<< "SIEVE" "comparator-i;ascii-numeric fileinto reject vacation imapflags > notify envelope relational regex subaddress copy" > <<< "STARTTLS" > <<< OK

> >>> STARTTLS\r\n

> <<< OK "Begin TLS negotiation now" > STARTTLS promotion failed: SSL connect attempt failed with unknown error > error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify > failed

> >>> LOGOUT\r\n

...

Wed Nov 07 04:31:30 2012 JIRA [...] cpan.org - Correspondence added

On 2012-11-07 03:59:45, YVESAGO wrote:

Show quoted text

> >
> > ------------------------------------------------------------
> > my $server = Net::Sieve->new (
> > server => 'localhost',
> > user => 'user',
> > password => 'password' ,
> > port => 4190,
> > ssl_verif => 0x00,
> > notssl_veri => 0x01,

> ^^^^^^
>
> oops
> it's "notssl_verify", there are missing 'fy'

With these spelled correctly I'm getting more or less to the same point as in the previous version. See log below.

If it helps you to know I cannot log in over ssl with the cyrus suppplied sieveshell tool neither.
OTOH the PHP Pear package Net-Sieve works - it is used for example in the sieveruls plugin for Roundcube webmail
------------------------------------------------------------------------------connection: remote host address is 127.0.0.1
<<< "IMPLEMENTATION" "Cyrus timsieved v2.3.16-Fedora-RPM-2.3.16-6.5.amzn1"
<<< "SASL" ""
<<< "SIEVE" "comparator-i;ascii-numeric fileinto reject vacation imapflags notify envelope relational regex subaddress copy"
<<< "STARTTLS"
<<< OK
Show quoted text

>>> STARTTLS\r\n

<<< OK "Begin TLS negotiation now"
--- TLS activated here
Subject Name: /trimmed
Issuer Name: /trimmed
-----BEGIN CERTIFICATE-----
trimmed
-----END CERTIFICATE-----
Show quoted text

>>> NOOP "STARTTLS-RESYNC-CAPA"\r\n

<<< "IMPLEMENTATION" "Cyrus timsieved v2.3.16-Fedora-RPM-2.3.16-6.5.amzn1"
<<< "SASL" "PLAIN"
<<< "SIEVE" "comparator-i;ascii-numeric fileinto reject vacation imapflags notify envelope relational regex subaddress copy"
<<< OK
Show quoted text

>>> AUTHENTICATE "PLAIN" {20+}\r\n

Wed Nov 07 04:50:13 2012 agostini [...] univ-metz.fr - Correspondence added

CC:	JIRA [...] cpan.org
Subject:	Re: [rt.cpan.org #80658] Problem conecting to Cyrus
Date:	Wed, 07 Nov 2012 10:49:53 +0100
To:	bug-NET-Sieve [...] rt.cpan.org
From:	Yves Agostini <agostini [...] univ-metz.fr>

Le mercredi 07 novembre 2012 à 04:31 -0500, Jiří Pavlovský via RT a écrit : Show quoted text

> <URL: https://rt.cpan.org/Ticket/Display.html?id=80658 > > > On 2012-11-07 03:59:45, YVESAGO wrote: >

> > > > > > ------------------------------------------------------------ > > > my $server = Net::Sieve->new ( > > > server => 'localhost', > > > user => 'user', > > > password => 'password' , > > > port => 4190, > > > ssl_verif => 0x00, > > > notssl_veri => 0x01,

> > ^^^^^^ > > > > oops > > it's "notssl_verify", there are missing 'fy'

> > > With these spelled correctly I'm getting more or less to the same point as in > the previous version. See log below. > > If it helps you to know I cannot log in over ssl with the cyrus suppplied > sieveshell tool neither. > OTOH the PHP Pear package Net-Sieve works - it is used for example in the > sieveruls plugin for Roundcube webmail

ok thanks I will start to mount a test machine with cyrus 2.3.13 ... it will be longer ... Show quoted text

> ------------------------------------------------------------------------------connection: > remote host address is 127.0.0.1 > <<< "IMPLEMENTATION" "Cyrus timsieved v2.3.16-Fedora-RPM-2.3.16-6.5.amzn1" > <<< "SASL" "" > <<< "SIEVE" "comparator-i;ascii-numeric fileinto reject vacation imapflags > notify envelope relational regex subaddress copy" > <<< "STARTTLS" > <<< OK

> >>> STARTTLS\r\n

> <<< OK "Begin TLS negotiation now" > --- TLS activated here > Subject Name: /trimmed > Issuer Name: /trimmed > -----BEGIN CERTIFICATE----- > trimmed > -----END CERTIFICATE-----

> >>> NOOP "STARTTLS-RESYNC-CAPA"\r\n

> <<< "IMPLEMENTATION" "Cyrus timsieved v2.3.16-Fedora-RPM-2.3.16-6.5.amzn1" > <<< "SASL" "PLAIN" > <<< "SIEVE" "comparator-i;ascii-numeric fileinto reject vacation imapflags > notify envelope relational regex subaddress copy" > <<< OK

> >>> AUTHENTICATE "PLAIN" {20+}\r\n

>

Fri Nov 09 08:31:41 2012 agostini [...] univ-metz.fr - Correspondence added

I made tests on cyrus 2.1, 2.2 on Debian lenny and squeeze, cyrus 2.4 on Ubuntu 12-04 LTS and cyrus 2.3 on Fedora 11 This bug is now fixed in Net::Sieve 0.11 It was really a strange behavior on cyrus 2.3 a NOOP command after STARTTLS crashed the sieve connection after the OK response ... This was fixed in cyrus 2.4 Le Mer 07 Nov 2012 04:50:13, YVESAGO a écrit : Show quoted text

> Le mercredi 07 novembre 2012 à 04:31 -0500, Jiří Pavlovský via RT a > écrit :

> > <URL: https://rt.cpan.org/Ticket/Display.html?id=80658 > > > > > On 2012-11-07 03:59:45, YVESAGO wrote: > >

> > > > > > > > ------------------------------------------------------------ > > > > my $server = Net::Sieve->new ( > > > > server => 'localhost', > > > > user => 'user', > > > > password => 'password' , > > > > port => 4190, > > > > ssl_verif => 0x00, > > > > notssl_veri => 0x01,

> > > ^^^^^^ > > > > > > oops > > > it's "notssl_verify", there are missing 'fy'

> > > > > > With these spelled correctly I'm getting more or less to the same

> point as in

> > the previous version. See log below. > > > > If it helps you to know I cannot log in over ssl with the cyrus

> suppplied

> > sieveshell tool neither. > > OTOH the PHP Pear package Net-Sieve works - it is used for example

> in the

> > sieveruls plugin for Roundcube webmail

> > ok thanks > > I will start to mount a test machine with cyrus 2.3.13 ... it will be > longer ... >

> >

>

------------------------------------------------------------------------------connection: Show quoted text

> > remote host address is 127.0.0.1 > > <<< "IMPLEMENTATION" "Cyrus timsieved v2.3.16-Fedora-RPM-2.3.16-

> 6.5.amzn1"

> > <<< "SASL" "" > > <<< "SIEVE" "comparator-i;ascii-numeric fileinto reject vacation

> imapflags

> > notify envelope relational regex subaddress copy" > > <<< "STARTTLS" > > <<< OK

> > >>> STARTTLS\r\n

> > <<< OK "Begin TLS negotiation now" > > --- TLS activated here > > Subject Name: /trimmed > > Issuer Name: /trimmed > > -----BEGIN CERTIFICATE----- > > trimmed > > -----END CERTIFICATE-----

> > >>> NOOP "STARTTLS-RESYNC-CAPA"\r\n

> > <<< "IMPLEMENTATION" "Cyrus timsieved v2.3.16-Fedora-RPM-2.3.16-

> 6.5.amzn1"

> > <<< "SASL" "PLAIN" > > <<< "SIEVE" "comparator-i;ascii-numeric fileinto reject vacation

> imapflags

> > notify envelope relational regex subaddress copy" > > <<< OK

> > >>> AUTHENTICATE "PLAIN" {20+}\r\n

> >

Fri Nov 09 08:31:42 2012 agostini [...] univ-metz.fr - Status changed from 'open' to 'resolved'

Fri Nov 09 17:43:34 2012 JIRA [...] cpan.org - Correspondence added

On 2012-11-09 08:31:41, YVESAGO wrote:
Show quoted text

> I made tests on cyrus 2.1, 2.2 on Debian lenny and squeeze, cyrus 2.4
> on
> Ubuntu 12-04 LTS and cyrus 2.3 on Fedora 11
>
> This bug is now fixed in Net::Sieve 0.11
>
> It was really a strange behavior on cyrus 2.3
> a NOOP command after STARTTLS crashed the sieve connection after the
> OK
> response ...

Works! Thanks a lot, for the quick fix.

Regards,
Jiri

Fri Nov 09 17:43:35 2012 The RT System itself - Status changed from 'resolved' to 'open'

Mon Nov 12 02:39:04 2012 agostini [...] univ-metz.fr - Status changed from 'open' to 'resolved'

Mon Nov 12 02:39:04 2012 agostini [...] univ-metz.fr - Fixed in 0.11 added