After I had upgraded my server to Debian 5.0, I found that I could no longer log in via IMAP. I turned authentication debugging on by changing /etc/courier/authdaemonrc as follows:
DEBUG_LOGIN=1
This did not reveal any problems. Here’s an excerpt from mail.info:
authdaemond: received auth request, service=imap, authtype=cram-md5 authdaemond: authmysql: trying this module authdaemond: cram: challenge=[...], response=[...] authdaemond: cram: decoded challenge/response, username 'user@example.org' authdaemond: SQL query: SELECT username, crypt, clear, uid, gid, pop, "", "", realname, "" FROM users WHERE username = 'user@example.org' authdaemond: cram validation succeeded authdaemond: Authenticated: sysusername=<null>, sysuserid=1000, sysgroupid=1000, homedir=/home/user/var/mail/example.org/user, address=user@example.org, fullname=Joe User, maildir=<null>, quota=<null>, options=<null>
Even though all seemed fine, Thunderbird complained about “server doesn’t support secure authentication.”
So I telnetted into my IMAP server by issuing telnet localhost imap and manually logged in as follows:
a login user@example.org thePass
Now I noticed immediately what was wrong:
* BYE [ALERT] Fatal error: Account's mailbox directory is not owned by the correct uid or gid:
The solution is that Courier now by default performs stricter checks on the “sanity” of your setup. I changed /etc/courier/imapd as follows, and all was fine again:
IMAP_MAILBOX_SANITY_CHECK=0