On Jul 10, 2022, at 8:52 AM, Austin Witmer <austi...@emypeople.net>
wrote:
So, here is my dovecot configuration. /etc/dovecot/dovecot.conf
## Dovecot configuration file
# Enable installed protocols
!include_try /usr/share/dovecot/protocols.d/*.protocol
dict {
#quota = mysql:/etc/dovecot/dovecot-dict-sql.conf.ext
#expire = sqlite:/etc/dovecot/dovecot-dict-sql.conf.ext
}
!include conf.d/*.conf
!include_try local.conf
!include_try /usr/share/dovecot/protocols.d/*.protocol
listen = *
disable_plaintext_auth = yes
mail_privileged_group = mail
passdb {
args = /etc/dovecot/dovecot-sql.conf
driver = sql
}
protocols = imap lmtp pop3
namespace inbox {
inbox = yes
mailbox Trash {
auto = subscribe # autocreate and autosubscribe the Trash mailbox
special_use = \Trash
}
mailbox Sent {
auto = subscribe # autocreate and autosubscribe the Sent mailbox
special_use = \Sent
}
mailbox Spam {
auto = subscribe # autocreate and autosubscribe the Spam mailbox
}
}
service auth {
unix_listener /var/spool/postfix/private/auth {
group = postfix
mode = 0660
user = postfix
}
}
service imap-login {
inet_listener imap {
port = 0
}
inet_listener imaps {
port = 993
}
}
service lmtp {
unix_listener /var/spool/postfix/private/dovecot-lmtp {
group = postfix
mode = 0600
user = postfix
}
}
protocol lmtp {
postmaster_address=postmas...@mydomain.com
hostname=mail.mydomain.com
}
ssl = required # Enable installed protocols
!include_try /usr/share/dovecot/protocols.d/*.protocol
listen = *
disable_plaintext_auth = yes
mail_privileged_group = mail
passdb {
args = /etc/dovecot/dovecot-sql.conf
driver = sql
}
namespace inbox {
inbox = yes
mailbox Trash {
auto = subscribe # autocreate and autosubscribe the Trash mailbox
special_use = \Trash
}
mailbox Sent {
auto = subscribe # autocreate and autosubscribe the Sent mailbox
special_use = \Sent
}
}
service auth {
unix_listener /var/spool/postfix/private/auth {
group = postfix
mode = 0660
user = postfix
}
}
service imap-login {
inet_listener imap {
port = 0
}
inet_listener imaps {
port = 993
}
}
service lmtp {
unix_listener /var/spool/postfix/private/dovecot-lmtp {
group = postfix
mode = 0600
user = postfix
}
}
protocol lmtp {
postmaster_address=postmas...@mydomain.com
hostname=mail.mydomain.com
}
ssl = required
ssl_cert = </etc/letsencrypt/live/mail.mydomain.com/fullchain.pem
ssl_cipher_list = AES128+EECDH:AES128+EDH
ssl_key = </etc/letsencrypt/live/mail.mydomain.com/privkey.pem
ssl_prefer_server_ciphers = yes
userdb {
driver = prefetch
}
userdb {
driver = sql
args = /etc/dovecot/dovecot-sql.conf
}
ssl_cert = </etc/letsencrypt/live/mail.mydomain.com/fullchain.pem
ssl_cipher_list = AES128+EECDH:AES128+EDH
#ssl_dh_parameters_length = 4096
ssl_key = </etc/letsencrypt/live/mail.mydomain.com/privkey.pem
ssl_prefer_server_ciphers = yes
#ssl_protocols = !SSLv3
userdb {
driver = prefetch
}
userdb {
driver = sql
args = /etc/dovecot/dovecot-sql.conf
}
And here is the /etc/dovecot/conf.d/20-managesieve.conf file. I tried
enabling ssl = yes in the config below but it still didn’t work.
##
## ManageSieve specific settings
##
# Uncomment to enable managesieve protocol:
protocols = $protocols sieve
# Service definitions
service managesieve-login {
inet_listener sieve {
port = 4190
# ssl = yes
}
#inet_listener sieve_deprecated {
# port = 2000
#}
# Number of connections to handle before starting a new process.
Typically
# the only useful values are 0 (unlimited) or 1. 1 is more secure,
but 0
# is faster. <doc/wiki/LoginProcess.txt>
#service_count = 1
# Number of processes to always keep waiting for more connections.
#process_min_avail = 0
# If you set service_count=0, you probably need to grow this.
#vsz_limit = 64M
}
#service managesieve {
# Max. number of ManageSieve processes (connections)
#process_limit = 1024
#}
# Service configuration
protocol sieve {
# Maximum ManageSieve command line length in bytes. ManageSieve
usually does
# not involve overly long command lines, so this setting will not
normally
# need adjustment
#managesieve_max_line_length = 65536
# Maximum number of ManageSieve connections allowed for a user from
each IP
# address.
# NOTE: The username is compared case-sensitively.
#mail_max_userip_connections = 10
# Space separated list of plugins to load (none known to be useful so
far).
# Do NOT try to load IMAP plugins here.
#mail_plugins =
# MANAGESIEVE logout format string:
# %i - total number of bytes read from client
# %o - total number of bytes sent to client
# %{put_bytes} - Number of bytes saved using PUTSCRIPT command
# %{put_count} - Number of scripts saved using PUTSCRIPT command
# %{get_bytes} - Number of bytes read using GETCRIPT command
# %{get_count} - Number of scripts read using GETSCRIPT command
# %{get_bytes} - Number of bytes processed using CHECKSCRIPT command
# %{get_count} - Number of scripts checked using CHECKSCRIPT command
# %{deleted_count} - Number of scripts deleted using DELETESCRIPT
command
# %{renamed_count} - Number of scripts renamed using RENAMESCRIPT
command
#managesieve_logout_format = bytes=%i/%o
# To fool ManageSieve clients that are focused on CMU's timesieved
you can
# specify the IMPLEMENTATION capability that Dovecot reports to
clients.
# For example: 'Cyrus timsieved v2.2.13'
#managesieve_implementation_string = Dovecot Pigeonhole
# Explicitly specify the SIEVE and NOTIFY capability reported by the
server
# before login. If left unassigned these will be reported dynamically
# according to what the Sieve interpreter supports by default (after
login
# this may differ depending on the user).
#managesieve_sieve_capability =
#managesieve_notify_capability =
# The maximum number of compile errors that are returned to the
client upon
# script upload or script verification.
#managesieve_max_compile_errors = 5
# Refer to 90-sieve.conf for script quota configuration and
configuration of
# Sieve execution limits.
}
Here is the output of testing with openssl from the roundcube server.
I ran this: openssl s_client -connect 10.116.0.2:4190 </dev/null
And got this:
CONNECTED(00000003)
139804327073088:error:1408F10B:SSL routines:ssl3_get_record:wrong
version number:../ssl/record/ssl3_record.c:331:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 5 bytes and written 283 bytes
Verification: OK
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
—
Is the second line in the output above the problem?
Thanks to all of you for your help so far!
Austin Witmer
On Jul 10, 2022, at 2:17 AM, Tomas Habarta <lists+dove...@tocc.cz>
wrote:
I can't see your dovecot conf, but anyway -- roundcube side has to be
aligned with dovecot's, i.e. if you use ssl on roundcube side, make
sure you have it enabled on dovecot side too, something like:
service managesieve-login {
inet_listener sieve {
port = 4190
ssl = yes
}
or just use tls, i.e. no "ssl=yes" in dovecot conf, but
tls://10.116.0.2 in roundcube conf
This seems to be the same case:
https://github.com/roundcube/roundcubemail/issues/7127
Tomas
On Sat, Jul 09, 2022 at 10:31:04PM -0600, Austin Witmer wrote:
Hello all!
I’ve got a bit of a problem that I would like some help with. So, I
have
two servers, one is my mail server running postfix, dovecot etc. I
have a
second server setup as my roundcube server. Both servers are
running on
the same LAN network.
I have sieve scripts setup in dovecot in my mail server and they
are
working great! My trouble is that I can’t seem to make my roundcube
talk
correctly to managesieve on my mail server.
Here is the mail.log file from the mail server when I try to create
a
sievescript from roundcube webmail:
Jul 10 04:11:45 mail dovecot: managesieve-login: Disconnected: Too
many
invalid commands. (no auth attempts in 0 secs): user=<>,
rip=10.116.0.3,
lip=10.116.0.2, session=<cZMzomvjyNgKdAAD>
And here is my managesieve configuration from my roundcube server.
/var/www/roundcube/plugins/managesieve/config.inc.php
<?php
$config['managesieve_port'] = 4190;
$config['managesieve_host'] = '[1]ssl://10.116.0.2';
$config['managesieve_auth_type'] = null;
$config['managesieve_auth_cid'] = null;
$config['managesieve_auth_pw'] = null;
$config['managesieve_usetls'] = false;
$config['managesieve_conn_options'] = array(
'ssl' => array(
'verify_peer' => false,
'allow_self_signed' => true,
),
);
$config['managesieve_default'] =
'var/lib/dovecot/sieve/default.sieve';
$config['managesieve_script_name'] = 'default.sieve';
$config['managesieve_mbox_encoding'] = 'UTF-8';
$config['managesieve_replace_delimiter'] = '';
$config['managesieve_disabled_extensions'] = [];
$config['managesieve_debug'] = true;
$config['managesieve_kolab_master'] = false;
$config['managesieve_filename_extension'] = '.sieve';
$config['managesieve_filename_exceptions'] = [];
$config['managesieve_domains'] = [];
$config['managesieve_default_headers'] = ['Subject', 'From', 'To'];
$config['managesieve_vacation'] = 0;
$config['managesieve_forward'] = 0;
$config['managesieve_vacation_interval'] = 0;
$config['managesieve_vacation_addresses_init'] = false;
$config['managesieve_vacation_from_init'] = false;
$config['managesieve_notify_methods'] = ['mailto'];
$config['managesieve_raw_editor'] = true;
$config['managesieve_disabled_actions'] = [];
$config['managesieve_allowed_hosts'] = null;
Does anybody have any clue why roundcube isn’t able to login in to
managesieve on my mail server?
Are there more logs/configs you would like to see?
Thanks in advance for your help and suggestions!
Austin Witmer
References
Visible links
1. file:///tmp/ssl:/10.116.0.2
