How to remove the IMAP banner

[Halomoan]

Hi All

I have a problem with the Zimbra IMAP banner

Example:

telnet my.zimbra.imapserver.com 143
. login username password
* CAPABILITY IMAP4rev1 BINARY CATENATE CHILDREN ESEARCH ID IDLE LITERAL+ LOGIN-REFERRALS NAMESPACE QUOTA SASL-IR UIDPLUS UNSELECT WITHIN X-DRAFT-I04-SEARCHRES
. OK LOGIN completed

I have mail gateway in front of Zimbra that forward the login authentication to an IMAP server. If I forward to Zimbra IMAP, all auth are fail, but not to my old IMAP server. Because the old IMAP server doesn't have imap banner.

On my old IMAP server, the login authentication forwarding works well because if do this:

telnet my.old.imapserver.com 143
. login username password
. OK LOGIN completed

it replies OK LOGIN completed immediately without any banner.

How to remove the banner from Zimbra IMAP ? Any config file for editing?

Thank you

Regards,

Halomoan

[mmorse]

The return is just a list of all the protocols supported/send capabilities...

The old server doesn't support the return of imap banners-or just doesn't have one?
There's no current config command to change the imap banners (I suggest opening an RFE in bugzilla)
Your positive that's why auth fails? I seriously doubt it...but your concerned with:

Code:

private static final String[] SUPPORTED_EXTENSIONS = new String[] {
514
"BINARY", "CATENATE", "CHILDREN", "ESEARCH", "ID", "IDLE",
515
"LITERAL+", "LOGIN-REFERRALS", "NAMESPACE", "QUOTA", "SASL-IR",
516
"UIDPLUS", "UNSELECT", "WITHIN", "X-DRAFT-I04-SEARCHRES"
517
};

An imap proxy like perdition might suit you better...

[dkarp]

From RFC 3501 section 6.2.3:

Quote:

A server MAY include a CAPABILITY response code in the tagged OK
response to a successful LOGIN command in order to send
capabilities automatically. It is unnecessary for a client to
send a separate CAPABILITY command if it recognizes these
automatic capabilities.

And just to drive that point home, RFC 3501 section 2.2.2:

Quote:

A client MUST be prepared to accept any server response at all times.
This includes server data that was not requested. Server data SHOULD
be recorded, so that the client can reference its recorded copy
rather than sending a command to the server to request the data. In
the case of certain server data, the data MUST be recorded.

Your gateway is broken, and I'd agree with mmorse that you should consider trying a less-fragile piece of software there.

[Halomoan]

Actually my email gateway perform simple username and password forwarding to the IMAP server and parse the "OK" word. Other then "OK" will be recognized as failed authentication.

Never mind, I will do the change on my side.

Thank you.

Regards,

Halomoan

[mmorse]

My I ask what what the email gateway software is?
(and what's your old imap server software)

[Halomoan]

I used postfix + sasl (with rimap) as email gateway and iMail is my old email server.

The problem is on the rimap, it is a very simple imap forward authentication for sasl.

[phoenix]

Does this device have to do authentication when passing mail to Zimbra? If not just disable the authentication and if it's on your lan it should be forwarded to your server. If it's on a different subnet then add it's IP to your trusted network in Zimbra - I guess you *do* trust this device.

[Halomoan]

No.

The structure is like this:


Mobile users <---> SMTP Gateway <---> Zimbra <---> Office users


If the Mobile users send to email to office users, no authentication is need. But if the mobile users need to relay email to external parties, they have to pass SMTP Authentication on the SMTP gateway and sasl will do Imap forwarding to Zimbra to consult this authority.

I don't know if sasl has ldap authentication or not. If yes, i will change from rimap to ldap to query Zimbra account.

[Halomoan]

Hi

I found that sasl is support ldap authentication. The only thing i need is the ldap_bind_dn: cn=operator,ou=Profile,o=foo.com for Zimbra.

Could anyone what is the ldap binding parameter for Zimbra user account?

Thank you

Halomoan