Request #4053 :: Please add start_tls support for sieve backend

Package home | Report new bug | New search | Development Roadmap

Status: Open | Feedback | All | Closed Since Version 1.3.2

Request #4053	Please add start_tls support for sieve backend
Submitted:	2005-04-04 09:21 UTC	Modified:	2006-03-26 17:57 UTC
From:	andreas at conectiva dot com dot br	Assigned:	amistry
Status:	Closed	Package:	Net_Sieve
PHP Version:	4.3.10	OS:	GNU/Linux
Roadmaps:	(Not assigned)
Subscription	Your email:

Comments Add Comment Add patch

[2005-04-04 09:21 UTC] andreas at conectiva dot com dot br

Description:
------------
Cyrus' timsieved daemon supports encrypted connections, but only via the START TLS mechanism as far as I can see.

There are situations where only PLAIN and/or LOGIN authentication mechanisms can be used, and those require an encrypted transport layer in order to be protected. timsieved supports START TLS. Other mechanisms like DIGEST-MD5 do not need this to protect the password on the wire.

So, currently there is no way to protect the password when PLAIN/LOGIN has to be used. Not even stunnel helps, because timsieved only supports START TLS which has to be initiated after the clear text connection was established.

Comments

[2005-12-20 00:21 UTC] amistry

http://am-productions.biz/docs/patch-STARTTLS-Net_Sieve.patch

- Fixes a regex bug that prevented STARTTLS from being correctly detected during CAPABILITY.
- Adds STARTTLS support.  Just connect normally unencrypted and STARTTLS will be detected and automatically enabled.  It requires PHP 5.1, but should fail gracefully if you have a lower version installed.

[2006-01-27 14:39 UTC] amistry at php dot net

Can you try the following patch to see if it fixes your problem?  The STARTTLS support is for PHP 5.1 and above.
http://am-productions.biz/docs/Sieve.patch

[2006-02-01 18:54 UTC] andreas at conectiva dot com dot br

I'll be able to test it this weekend.

[2006-02-06 15:22 UTC] amistry at php dot net

Any news?  I'm planning on updating the package sometime this week so I'd like to make sure it works for you too.

[2006-03-21 22:13 UTC] amistry at php dot net (Anish Mistry)

Is STARTTLS support working for you?  I'd like to close this bug report.

[2006-03-23 08:15 UTC] andreas at conectiva dot com dot br

I'm terribly sorry for the delay. I *promise* I'll do it *this* weekend (25 and 26/mar/2006).

[2006-03-26 17:01 UTC] andreas at conectiva dot com dot br

It worked:
Mar 26 19:59:41 bach sieve[5635]: TLS server engine: No CA file specified. Client side certs may not work
Mar 26 19:59:41 bach sieve[5635]: starttls: TLSv1 with cipher AES256-SHA (256/256 bits new) no authentication
Mar 26 19:59:41 bach sieve[5635]: login: maestro.lowtech[192.168.1.2] andreas PLAIN+TLS User logged in

Thanks!

P.S.: this was tested with version 1.1.1 of the module plus the patch applied.

[2006-03-26 17:57 UTC] amistry at php dot net (Anish Mistry)

Thank you for your bug report. This issue has been fixed
in the latest released version of the package, which you can download at
http://pear.php.net/get/Net_Sieve

[2006-09-06 22:55 UTC] lnc91281 at yahoo dot com (chungln)

Hi all,
i have some problem with sending a email like this:

Warning: mail(): SMTP server response: 530 5.7.0 Must issue a STARTTLS command first r66sm173695pye in...

really that you guys have mention about this but i dont know how to use the fix package on window platform.