[asterisk-users] Zimbra IMAP authentication - SOLVED

John A. Sullivan III jsullivan at opensourcedevel.com
Thu Jul 2 23:51:45 CDT 2009 

On Thu, 2009-07-02 at 20:59 -0400, John A. Sullivan III wrote:
> Hello, everyone.  No need to read this message.  I'm posting for
> documentation for other poor, ignorant slobs like me who are struggling
> to pull together the many technologies to make converged networks
> happen.  Hopefully, this will help save someone else the time I spent.
> I started the below email until I realized I had solved multiple parts
> of a compound problem but not all at the same time.  When I put them
> together in the right order, it worked.
> 
> I did not understand that I needed to use AUTHENTICATE PLAIN and that
> such authentication is a single string which pertains to the user and
> not the authuser.  Then, once I got the right password parameter name
> and figured out that I could not use a distribution list rather than a
> real email account for shared voice mail (duh), it all fell into place.
> The configuration in the examples below works.  It's a wonder to behold.
> Thanks Asterisk developers - John
> 
> 
> Hello, all. I'm having a nasty time trying to integrate Asterisk and
> Zimbra for voice mail.  No matter whether I use imappassword=,
> imappasswd=, or imapsecret=, I get these errors:
> 
> [Jul  2 19:54:26] WARNING[26609]: app_voicemail.c:2306 mm_log: IMAP Warning: SECURITY PROBLEM: insecure server advertised AUTH=PLAIN
> [Jul  2 19:54:26] WARNING[26609]: app_voicemail.c:2306 mm_log: IMAP Warning: Retrying PLAIN authentication after AUTHENTICATE failed
> [Jul  2 19:54:26] WARNING[26609]: app_voicemail.c:2306 mm_log: IMAP Warning: SECURITY PROBLEM: insecure server advertised AUTH=PLAIN
> [Jul  2 19:54:26] WARNING[26609]: app_voicemail.c:2306 mm_log: IMAP Warning: Retrying PLAIN authentication after AUTHENTICATE failed
> [Jul  2 19:54:26] WARNING[26609]: app_voicemail.c:2306 mm_log: IMAP Warning: SECURITY PROBLEM: insecure server advertised AUTH=PLAIN
> [Jul  2 19:54:26] ERROR[26609]: app_voicemail.c:2309 mm_log: IMAP Error: Can not authenticate to IMAP server: AUTHENTICATE failed
> [Jul  2 19:54:26] ERROR[26609]: app_voicemail.c:1669 messagecount: Houston we have a problem - IMAP mailstream is NULL
> 
> My voicemail.conf file has lines such as:
> 
> 10 => xxxxx,Some User,,,imapuser=person at somewhere.com|imappassword=Y2xlcmljYWxAZWJjLWNvLmNvbXgAemltYnJhbWFuAFNTIVMzcnZpY2VzcEBzc3BocmFzZQ==
> 
> I can authenticate via telnet with . authenticate plain using these
> passwords.  If it's of any help to anyone, I put together a small script
> to produce them:
> 
> #!/bin/bash
> # Copyright 2009 by John A. Sullivan III, SSI Services, LP
> # This script takes a file with a list of email accounts (accountfile) and
> # produces a file containing Zimbra PLAIN AUTHENTICATION passwords
> # (accountfile.pauth) in the current directory.
> # Thus, be sure you have read rights where you run this script.
> 
> if [ -z "${1}" ];then
>         echo "usage: $(basename ${0}) <accounts file name>"
>         exit 5
> fi
> 
> read -p "What is the admin email account name? " ADMIN
> echo "Thank you"
> read -s -p "Now what is the admin's password? " APW
> 
> LINE=
> OFILE="$(basename ${1}).pauth"
> : > "${OFILE}"
> while read EADD
> do
>         echo "${EADD}"
>         LINE="$(printf ${EADD}\000${ADMIN}\000${APW} | openssl base64 | tr -d '\n')"
>         echo -e "${EADD}\t${LINE}\n" >> "${OFILE}"
> done < "${1}"
> 
> Here is a portion of voicemail.conf:
> 
> pollmailboxes=yes
> pollfreq=60
> ; IMAP voice mail storage
> imapserver=zimbra.ssiservices.biz
> imapport=7143 ; Using the Zimbra IMAP proxy at 143 on this station - real IMAP listens on 7143
> expungeonhangup=yes
> imapfolder=INBOX
> imapflags=notls
> ;authuser=manager at ssiservices.biz
> ;authpassword=password
> 
> imapgreetings=no
> 
> 
Hmm . . . I shouldn't have celebrated so quickly.  It suddenly all came
crashing down and I don't understand why.  When I do a packet trace, the
strings being passed as the AUTHENTICATE PLAIN tokens are nothing like
the strings in the voicemail.conf file! Does the conf file want them in
a different format or is it doing something else with them?

Ah, it looks like another part of a compound problem - the age of the
c-client library.  I am running on CentOS 5.3 but the library it uses is
from 2004.  Perhaps it is the combination of very old libc-client and
very new Zimbra.  I installed the latest recommended versions of
c-client (2007e), recompiled, went back to using a single authuser and
authpassword and all is working!
-- 
John A. Sullivan III
Open Source Development Corporation
+1 207-985-7880
jsullivan at opensourcedevel.com

http://www.spiritualoutreach.com
Making Christianity intelligible to secular society

More information about the asterisk-users mailing list