[Dovecot] MANAGESIEVE patch v5 for dovecot 1.0.2

Stephan Bosch stephan at rename-it.nl
Wed Aug 1 18:53:16 EEST 2007 

Hi Andreas,

On Wed, 2007-08-01 at 16:45 +0200, Stephan Bosch wrote:
> Most likely the problem relates to the fact that, unless configured
> otherwise, dovecot will refuse to use plain text SASL mechanisms if the
> connection is not encrypted. I haven't re-tested the STARTTLS command in
> the last versions... I will give it a go.
I gave it a go and STARTTLS still seems to work fine at my end. This
test was performed using 'disable_plaintext_auth = yes' in the config
file, forcing a _remote_ host to use TLS/SSL for all protocols. 

The gnutls-cli tool is very useful to test the STARTTLS command in
various protocols. Using the --starttls switch the client starts in 
plaintext mode and starts the TLS negotiation when Ctrl-D is pressed. 

With the information you provide I could test it with your setup, but of
course you can test it yourself as well. 

Oh, the end of this transcript might be interesting for Timo. The
reported fatal error also occurs on IMAP (dovecot-1.0.2). I don't know
whether gnutls-cli is just moaning or whether dovecot is not closing the
tls connection very nicely...

Regards,

Stephan.   

host:/#  gnutls-cli -p 2000 --starttls host.example.com
Resolving 'host.example.com'...
Connecting to '10.0.0.1:2000'...

- Simple Client Mode:

"IMPLEMENTATION" "dovecot"
"SASL" ""
"SIEVE" "fileinto reject envelope vacation imapflags notify subaddress
relational comparator-i;ascii-numeric"
"STARTTLS"
OK "Dovecot ready."
STARTTLS
OK "Begin TLS negotiation now."
*** Starting TLS handshake
- Certificate type: X.509
 - Got a certificate list of 1 certificates.

 - Certificate[0] info:
 # The hostname in the certificate matches 'host.example.com'.
 # valid since: *******************************
 # expires at: *******************************
 # fingerprint: *******************************
 # Subject's DN: O=Dovecot mail
server,OU=host.,CN=host.example.com,EMAIL=root at host.example.com
 # Issuer's DN: O=Dovecot mail
server,OU=host.,CN=host.example.com,EMAIL=root at host.example.com


- Peer's certificate issuer is unknown
- Peer's certificate is NOT trusted
- Version: TLS 1.0
- Key Exchange: DHE RSA
- Cipher: AES 256 CBC
- MAC: SHA
- Compression: DEFLATE
"IMPLEMENTATION" "dovecot"
"SASL" "PLAIN"
"SIEVE" "fileinto reject envelope vacation imapflags notify subaddress
relational comparator-i;ascii-numeric"
OK "TLS negotiation successful."
AUTHENTICATE "PLAIN" "**********"
OK "Logged in."
logout
OK "Logout completed."
*** Fatal error: A TLS packet with unexpected length was received.
*** Server has terminated the connection abnormally.

More information about the dovecot mailing list