some or all of your filters point to a non-ssl URI (this issue has been resolved in 2.0), so you'll need to re-config your move/copy filters
Jeff On Fri, 2004-09-17 at 17:42, Jamie L. Penman-Smithson wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Hey all, > > First things first, I'm running evolution 1.4.6 on Debian Sid running > kernel 2.6.8. > > I recently changed my IMAP server configuration to reject plain text > logins. I told evolution to use CRAM-MD5 and always use SSL when > connecting, all seemed fine. > > Now, when I attempt to re-filter messages in my INBOX - I can't. I get > repeatedly asked for a password. The problem appears to be because > evolution is making a connection to the server which is unencrypted, > apparently for the purposes of applying my filters, even though I > explicitly setup the account to use SSL *always*. > > Debugging evolution shows this: > > received: * OK lorien.silverdream.org Cyrus IMAP4 > v2.1.16-IPv6-Debian-2.1.16-9 server ready sending : I00000 CAPABILITY > received: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ > MAILBOX-REFERRALS NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN > MULTIAPPEND SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES IDLE STARTTLS > LOGINDISABLED AUTH=DIGEST-MD5 LISTEXT LIST-SUBSCRIBED ANNOTATEMORE > received: I00000 OK Completed > sending : I00001 LOGIN xxx xxx > received: I00001 NO Login only available under a layer > sending : I00002 LOGOUT > received: * BYE LOGOUT received > > Not only this, evolution does not comply with RFC 2595 since it issues a > LOGIN command even though the LOGINDISABLED capability is present. > > "The current IMAP protocol specification (RFC 2060) requires the > implementation of the LOGIN command which uses clear-text passwords. Many > sites may choose to disable this command unless encryption is active for > security reasons. An IMAP server MAY advertise that the LOGIN command is > disabled by including the LOGINDISABLED capability in the capability > response. Such a server will respond with a tagged "NO" response to any > attempt to use the LOGIN command." > > "An IMAP server which implements STARTTLS MUST implement support for the > LOGINDISABLED capability on unencrypted connections." > > ** "An IMAP client which complies with this specification MUST NOT issue > the LOGIN command if this capability is present." ** > > "This capability is useful to prevent clients compliant with this > specification from sending an unencrypted password in an environment > subject to passive attacks. It has no impact on an environment subject to > active attacks as a man-in-the-middle attacker can remove this capability. > Therefore this does not relieve clients of the need to follow the privacy > mode recommendation in section 2.2. " > > If I'm missing something, let me know... > > Thanks, > > -j _______________________________________________ evolution maillist - [EMAIL PROTECTED] http://lists.ximian.com/mailman/listinfo/evolution
