Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Connect » Failed IMAP login from 192.168.0.1, authentication method CRAM-MD5
  •  
reneS

Messages: 62
Karma: 0
Send a private message to this user
Hello,

since I have one user with Outlook 2011 (IMAP), I get lots of entries in my security-log.
Failed IMAP login from 192.168.0.1, authentication method CRAM-MD5

Everything is working normal in Outlook 2011, the user is able to send and receive eMails, move eMails to any IMAP folder and so on.

I'm using the latest version of Kerio Connect (7.1.2 build 2260) and Outlook is also up to date (14.0.1)

Has anyone any ideas why I get this entries?

TIA

René
  •  
reneS

Messages: 62
Karma: 0
Send a private message to this user
Hello,

sorry to ask again. Does nobody else has this problem?

Kind regards
René
  •  
TorW

Messages: 769
Karma: 9
Send a private message to this user
Our security log is crammed with failed logins. They're generated by anything from deleted accounts, hand-me-down cellphones/mobile phones where the ActiveSync setup hasn't been removed, long forgotten clients and many other things. I have no idea how you define "lots of entries", but unless it's several dozen per minute I wouldn't worry too much.

It's part of the constant background noise on the internet. Just be glad you don't admin a firewall.
  •  
reneS

Messages: 62
Karma: 0
Send a private message to this user
Hi TorW,

first of all thank you very much for your answer!

The error message (in Kerio's security log) is reproducible when Outlook 2011 for Mac is used. Every time i open an IMAP folder I get one entry with the timestamp.

When more and more people are using Outlook 2011 for mac, I'm afraid that the messages will get out of hand Sad

Kind regards
René
  •  
TorW

Messages: 769
Karma: 9
Send a private message to this user
Good point. Have you tried switching Outlook 2011 to LOGIN and PLAIN authentication (if it's at all possible)? Sounds like MS still haven't figured out CRAM-MD5 authentication. It's been broken and missing in Outlook and Outlook Express since ... forever.
  •  
reneS

Messages: 62
Karma: 0
Send a private message to this user
As far as I can see it's not possible to change the login method in Outlook 2011.

Kind regards
René
  •  
TorW

Messages: 769
Karma: 9
Send a private message to this user
Well OK, probably because Outlook 2011 is supposed to pick a suitable auth method based on what the server can do. Only it fails. And, seeing that Outlook 2011 STILL insists that port 465 is usable for anything, I'd say MS is as firmly entrenched in their alternate reality as ever.

Oh, well. The joke known as "Microsoft email clients" is still alive. Yuck.

(Note: to get around this you could disable CRAM-MD5 on the server. But you don't want that if you have other clients).
  •  
reneS

Messages: 62
Karma: 0
Send a private message to this user
Okay thank you very much for your suggestions!

I'll report this problem to Microsoft, maybe they're going to fix this in a future update.

Have a nice day and thank'a again!

Kind regards
René
  •  
j.a.duke

Messages: 351
Karma: 11
Send a private message to this user
reneS wrote on Mon, 15 November 2010 07:56
Hello,

since I have one user with Outlook 2011 (IMAP), I get lots of entries in my security-log.
Failed IMAP login from 192.168.0.1, authentication method CRAM-MD5

Everything is working normal in Outlook 2011, the user is able to send and receive eMails, move eMails to any IMAP folder and so on.

I'm using the latest version of Kerio Connect (7.1.2 build 2260) and Outlook is also up to date (14.0.1)

Has anyone any ideas why I get this entries?

TIA

René


René,

In my network setups, an address that ends with .1 is usually the router, so tracking the source of the login with that would be difficult.

As for the errors, I'm not seeing this with my Outlook 2011 and KC 7.1.2.

Cheers,
Jon
  •  
reneS

Messages: 62
Karma: 0
Send a private message to this user
Hello Jon,

thank you very much for your answer!

You're right, this is the IP address of my router. But I'm very sure, that Outlook 2011 is causing this error messages. I've never had before this message in my logs - and now nobody is using Outlook anymore - I don't have it right now.

When Outlook 2011 was connected to Kerio via IMAP, every time I click on a folder (e.g the Inbox or Sent Messages) I got one entry in the logs.

Very strange that you don't have this. Can you please tell me, which ports you're using? When I use SMTP with SSL, Outlook 2011 sets 25 as default port Confused
As far as I know, this is wrong, isn't it? I set it to 465 manually... maybe here is something wrong?

Kind regards
René
  •  
Pavel Dobry (Kerio)

Messages: 5245
Karma: 251
Send a private message to this user
reneS wrote on Mon, 22 November 2010 21:49

Very strange that you don't have this. Can you please tell me, which ports you're using? When I use SMTP with SSL, Outlook 2011 sets 25 as default port Confused
As far as I know, this is wrong, isn't it? I set it to 465 manually... maybe here is something wrong?

Kind regards
René


It depends on user authentication type. Users from internal database with passwords stored in non-SHA1 format can use Cram-MD5 authentication.
Users with password in SHA1 or users authenticated against directory service can't use Cram-MD5 and the authentication can't be completed. The client immediately switches to LOGIN or PLAIN method and authenticate successfully.

So if your users are from directory service or are using SHA1 passwords then disable the Cram-MD5 and Digest-MD5 authentication methods on the servers. They cannot be used.

[Updated on: Mon, 22 November 2010 21:56]

  •  
TorW

Messages: 769
Karma: 9
Send a private message to this user
reneS wrote on Mon, 22 November 2010 21:49
Hello When I use SMTP with SSL, Outlook 2011 sets 25 as default port Confused
As far as I know, this is wrong, isn't it? I set it to 465 manually... maybe here is something wrong?


Browsing IMAP folders does not use these services, only IMAP on port 143 or IMAP-SSL on port 993. Port 465 and 25 is only used to send mail via SMTP.
  •  
reneS

Messages: 62
Karma: 0
Send a private message to this user
Hello,

Kerio_pdobry wrote on Mon, 22 November 2010 21:55

It depends on user authentication type. Users from internal database with passwords stored in non-SHA1 format can use Cram-MD5 authentication.
Users with password in SHA1 or users authenticated against directory service can't use Cram-MD5 and the authentication can't be completed. The client immediately switches to LOGIN or PLAIN method and authenticate successfully.

So if your users are from directory service or are using SHA1 passwords then disable the Cram-MD5 and Digest-MD5 authentication methods on the servers. They cannot be used.


Okay, I'll disable Cram-MD5 and Digest-MD5 as you suggested. The odd thing is, that all the other eMail clients (Apple Mail, Outlook 2010, Outlook 2007) using IMAP didn't cause this entry in security log. Thank you!

TorW wrote on Mon, 22 November 2010 22:03

Browsing IMAP folders does not use these services, only IMAP on port 143 or IMAP-SSL on port 993. Port 465 and 25 is only used to send mail via SMTP.


Also I've to say a big thank's for your help!

Kind regards
René
Previous Topic: Droid X, Droid 2, Droid Incredible, Droid Eris, G1, G2 email issues
Next Topic: Connect 7.1 security log entries
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Wed Sep 20 11:21:07 CEST 2017

Total time taken to generate the page: 0.00541 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.