Re: [Dovecot] Managesieve connection hangs with TLS

Fri, 04 Jun 2010 12:41:08 -0700 

Hi Timo, thanks for getting back to me.

Timo Sirainen <t...@iki.fi> writes:

> On to, 2010-06-03 at 12:51 -0400, Joel James Adamson wrote:
>
>> However, I can't connect to the managesieve daemon.  I've tried the
>> Emacs client[1], and it just hangs.
>
> Cyrus version of managesieve was implemented differently than spec, and
> since it was pretty much the only implementation, many clients just made
> it work the Cyrus way. Cyrus was somewhat recently fixed, but there are
> still clients that work the old way. Maybe emacs is one of them.

Yes, I believe that's the case, but my real point was that this problem
isn't client-specific.

>> "IMPLEMENTATION" "dovecot"
>> "SIEVE" "comparator-i;octet comparator-i;ascii-casemap fileinto reject 
>> envelope encoded-character vacation subaddress comparator-i;ascii-numeric 
>> relational regex imap4flags copy include variables body enotify environment 
>> mailbox date"
>> "SASL" "PLAIN"
>> "STARTTLS"
>> "NOTIFY" "mailto"
>> "VERSION" "1.0"
>> OK "Dovecot ready."
>> *** Starting TLS handshake
>>   C-c C-c
>
> You didn't give STARTTLS command.
> http://tools.ietf.org/html/draft-martin-managesieve-12

Thanks: now that I did that, I get that the hostname doesn't match the
one in the certificate, since I was using "localhost" in the gnutls-cli
command, and the certificate has the FQDN.

Now that I use my FQDN, I get this:

Resolving 'host.name.in.question.edu'...
Connecting to '::1:2000'...
Cannot connect to host.name.in.question.edu:2000: Connection refused

I thought this might be the problem:

  j...@hostname: ~ > nmap localhost
  
  Starting Nmap 5.21 ( http://nmap.org ) at 2010-06-04 15:16 EDT
  Nmap scan report for localhost (127.0.0.1)
  Host is up (0.00075s latency).
  rDNS record for 127.0.0.1: hostname
  Not shown: 990 closed ports
  PORT     STATE SERVICE
  22/tcp   open  ssh
  25/tcp   open  smtp
  80/tcp   open  http
  443/tcp  open  https
  631/tcp  open  ipp
  993/tcp  open  imaps
=>2000/tcp open  cisco-sccp<=
  3306/tcp open  mysql
  5900/tcp open  vnc
  6000/tcp open  X11
  
  Nmap done: 1 IP address (1 host up) scanned in 0.11 seconds
  
But when I use a different port, enabled in dovecot.conf and opened from
the firewall, I still get connection refused from gnutls-cli.  This
could be from our campus firewall.

Just how safe is it to create a certificate that says "localhost?"  I
could just use Squirrelmail's Avelsieve to manipulate my Sieve scripts.

Joel

-- 
Joel J. Adamson
Servedio Lab
University of North Carolina at Chapel Hill

FSF Member #8164
http://www.unc.edu/~adamsonj

Attachment: pgpQcLDQX7vup.pgp
Description: PGP signature

Reply via email to