So, here is my dovecot configuration. /etc/dovecot/dovecot.conf
## Dovecot configuration file
# Enable installed protocols
!include_try /usr/share/dovecot/protocols.d/*.protocol
dict {
#quota = mysql:/etc/dovecot/dovecot-dict-sql.conf.ext
#expire = sqlite:/etc/dovecot/dovecot-dict-sql.conf.ext
}
!include conf.d/*.conf
!include_try local.conf
!include_try /usr/share/dovecot/protocols.d/*.protocol
listen = *
disable_plaintext_auth = yes
mail_privileged_group = mail
passdb {
args = /etc/dovecot/dovecot-sql.conf
driver = sql
}
protocols = imap lmtp pop3
namespace inbox {
inbox = yes
mailbox Trash {
auto = subscribe # autocreate and autosubscribe the Trash mailbox
special_use = \Trash
}
mailbox Sent {
auto = subscribe # autocreate and autosubscribe the Sent mailbox
special_use = \Sent
}
mailbox Spam {
auto = subscribe # autocreate and autosubscribe the Spam mailbox
}
}
service auth {
unix_listener /var/spool/postfix/private/auth {
group = postfix
mode = 0660
user = postfix
}
}
service imap-login {
inet_listener imap {
port = 0
}
inet_listener imaps {
port = 993
}
}
service lmtp {
unix_listener /var/spool/postfix/private/dovecot-lmtp {
group = postfix
mode = 0600
user = postfix
}
}
protocol lmtp {
postmaster_address=postmas...@mydomain.com
hostname=mail.mydomain.com
}
ssl = required # Enable installed protocols
!include_try /usr/share/dovecot/protocols.d/*.protocol
listen = *
disable_plaintext_auth = yes
mail_privileged_group = mail
passdb {
args = /etc/dovecot/dovecot-sql.conf
driver = sql
}
namespace inbox {
inbox = yes
mailbox Trash {
auto = subscribe # autocreate and autosubscribe the Trash mailbox
special_use = \Trash
}
mailbox Sent {
auto = subscribe # autocreate and autosubscribe the Sent mailbox
special_use = \Sent
}
}
service auth {
unix_listener /var/spool/postfix/private/auth {
group = postfix
mode = 0660
user = postfix
}
}
service imap-login {
inet_listener imap {
port = 0
}
inet_listener imaps {
port = 993
}
}
service lmtp {
unix_listener /var/spool/postfix/private/dovecot-lmtp {
group = postfix
mode = 0600
user = postfix
}
}
protocol lmtp {
postmaster_address=postmas...@mydomain.com
hostname=mail.mydomain.com
}
ssl = required
ssl_cert = </etc/letsencrypt/live/mail.mydomain.com/fullchain.pem
ssl_cipher_list = AES128+EECDH:AES128+EDH
ssl_key = </etc/letsencrypt/live/mail.mydomain.com/privkey.pem
ssl_prefer_server_ciphers = yes
userdb {
driver = prefetch
}
userdb {
driver = sql
args = /etc/dovecot/dovecot-sql.conf
}
ssl_cert = </etc/letsencrypt/live/mail.mydomain.com/fullchain.pem
ssl_cipher_list = AES128+EECDH:AES128+EDH
#ssl_dh_parameters_length = 4096
ssl_key = </etc/letsencrypt/live/mail.mydomain.com/privkey.pem
ssl_prefer_server_ciphers = yes
#ssl_protocols = !SSLv3
userdb {
driver = prefetch
}
userdb {
driver = sql
args = /etc/dovecot/dovecot-sql.conf
}
And here is the /etc/dovecot/conf.d/20-managesieve.conf file. I tried enabling
ssl = yes in the config below but it still didn’t work.
##
## ManageSieve specific settings
##
# Uncomment to enable managesieve protocol:
protocols = $protocols sieve
# Service definitions
service managesieve-login {
inet_listener sieve {
port = 4190
# ssl = yes
}
#inet_listener sieve_deprecated {
# port = 2000
#}
# Number of connections to handle before starting a new process. Typically
# the only useful values are 0 (unlimited) or 1. 1 is more secure, but 0
# is faster. <doc/wiki/LoginProcess.txt>
#service_count = 1
# Number of processes to always keep waiting for more connections.
#process_min_avail = 0
# If you set service_count=0, you probably need to grow this.
#vsz_limit = 64M
}
#service managesieve {
# Max. number of ManageSieve processes (connections)
#process_limit = 1024
#}
# Service configuration
protocol sieve {
# Maximum ManageSieve command line length in bytes. ManageSieve usually does
# not involve overly long command lines, so this setting will not normally
# need adjustment
#managesieve_max_line_length = 65536
# Maximum number of ManageSieve connections allowed for a user from each IP
# address.
# NOTE: The username is compared case-sensitively.
#mail_max_userip_connections = 10
# Space separated list of plugins to load (none known to be useful so far).
# Do NOT try to load IMAP plugins here.
#mail_plugins =
# MANAGESIEVE logout format string:
# %i - total number of bytes read from client
# %o - total number of bytes sent to client
# %{put_bytes} - Number of bytes saved using PUTSCRIPT command
# %{put_count} - Number of scripts saved using PUTSCRIPT command
# %{get_bytes} - Number of bytes read using GETCRIPT command
# %{get_count} - Number of scripts read using GETSCRIPT command
# %{get_bytes} - Number of bytes processed using CHECKSCRIPT command
# %{get_count} - Number of scripts checked using CHECKSCRIPT command
# %{deleted_count} - Number of scripts deleted using DELETESCRIPT command
# %{renamed_count} - Number of scripts renamed using RENAMESCRIPT command
#managesieve_logout_format = bytes=%i/%o
# To fool ManageSieve clients that are focused on CMU's timesieved you can
# specify the IMPLEMENTATION capability that Dovecot reports to clients.
# For example: 'Cyrus timsieved v2.2.13'
#managesieve_implementation_string = Dovecot Pigeonhole
# Explicitly specify the SIEVE and NOTIFY capability reported by the server
# before login. If left unassigned these will be reported dynamically
# according to what the Sieve interpreter supports by default (after login
# this may differ depending on the user).
#managesieve_sieve_capability =
#managesieve_notify_capability =
# The maximum number of compile errors that are returned to the client upon
# script upload or script verification.
#managesieve_max_compile_errors = 5
# Refer to 90-sieve.conf for script quota configuration and configuration of
# Sieve execution limits.
}
Here is the output of testing with openssl from the roundcube server.
I ran this: openssl s_client -connect 10.116.0.2:4190 </dev/null
And got this:
CONNECTED(00000003)
139804327073088:error:1408F10B:SSL routines:ssl3_get_record:wrong version
number:../ssl/record/ssl3_record.c:331:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 5 bytes and written 283 bytes
Verification: OK
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
—
Is the second line in the output above the problem?
Thanks to all of you for your help so far!
Austin Witmer
> On Jul 10, 2022, at 2:17 AM, Tomas Habarta <lists+dove...@tocc.cz> wrote:
>
> I can't see your dovecot conf, but anyway -- roundcube side has to be aligned
> with dovecot's, i.e. if you use ssl on roundcube side, make sure you have it
> enabled on dovecot side too, something like:
>
> service managesieve-login {
> inet_listener sieve {
> port = 4190
> ssl = yes
> }
>
> or just use tls, i.e. no "ssl=yes" in dovecot conf, but tls://10.116.0.2 in
> roundcube conf
> This seems to be the same case:
> https://github.com/roundcube/roundcubemail/issues/7127
>
> Tomas
>
>
> On Sat, Jul 09, 2022 at 10:31:04PM -0600, Austin Witmer wrote:
>> Hello all!
>> I’ve got a bit of a problem that I would like some help with. So, I have
>> two servers, one is my mail server running postfix, dovecot etc. I have a
>> second server setup as my roundcube server. Both servers are running on
>> the same LAN network.
>> I have sieve scripts setup in dovecot in my mail server and they are
>> working great! My trouble is that I can’t seem to make my roundcube talk
>> correctly to managesieve on my mail server.
>> Here is the mail.log file from the mail server when I try to create a
>> sievescript from roundcube webmail:
>> Jul 10 04:11:45 mail dovecot: managesieve-login: Disconnected: Too many
>> invalid commands. (no auth attempts in 0 secs): user=<>, rip=10.116.0.3,
>> lip=10.116.0.2, session=<cZMzomvjyNgKdAAD>
>> And here is my managesieve configuration from my roundcube server.
>> /var/www/roundcube/plugins/managesieve/config.inc.php
>> <?php
>> $config['managesieve_port'] = 4190;
>> $config['managesieve_host'] = '[1]ssl://10.116.0.2';
>> $config['managesieve_auth_type'] = null;
>> $config['managesieve_auth_cid'] = null;
>> $config['managesieve_auth_pw'] = null;
>> $config['managesieve_usetls'] = false;
>> $config['managesieve_conn_options'] = array(
>> 'ssl' => array(
>> 'verify_peer' => false,
>> 'allow_self_signed' => true,
>> ),
>> );
>> $config['managesieve_default'] = 'var/lib/dovecot/sieve/default.sieve';
>> $config['managesieve_script_name'] = 'default.sieve';
>> $config['managesieve_mbox_encoding'] = 'UTF-8';
>> $config['managesieve_replace_delimiter'] = '';
>> $config['managesieve_disabled_extensions'] = [];
>> $config['managesieve_debug'] = true;
>> $config['managesieve_kolab_master'] = false;
>> $config['managesieve_filename_extension'] = '.sieve';
>> $config['managesieve_filename_exceptions'] = [];
>> $config['managesieve_domains'] = [];
>> $config['managesieve_default_headers'] = ['Subject', 'From', 'To'];
>> $config['managesieve_vacation'] = 0;
>> $config['managesieve_forward'] = 0;
>> $config['managesieve_vacation_interval'] = 0;
>> $config['managesieve_vacation_addresses_init'] = false;
>> $config['managesieve_vacation_from_init'] = false;
>> $config['managesieve_notify_methods'] = ['mailto'];
>> $config['managesieve_raw_editor'] = true;
>> $config['managesieve_disabled_actions'] = [];
>> $config['managesieve_allowed_hosts'] = null;
>> Does anybody have any clue why roundcube isn’t able to login in to
>> managesieve on my mail server?
>> Are there more logs/configs you would like to see?
>> Thanks in advance for your help and suggestions!
>> Austin Witmer
>>
>> References
>>
>> Visible links
>> 1. file:///tmp/ssl:/10.116.0.2
