[Dovecot] MANAGESIEVE patch v6 for dovecot 1.0.3
Stephan Bosch
stephan at rename-it.nl
Sat Aug 18 01:21:19 EEST 2007
Hi,
Robin Breathe schreef:
> Stephan Bosch wrote:
> > On Fri, 2007-08-17 at 11:56 +0100, Robin Breathe wrote:
> >> Should the current incarnation of the patch support TLS,or is
> >> there anything I need to do to enable TLS for managesieve;the
> >> Thunderbird Sieve extension hangs when "Use TLS" option is
> >> selected.
> > Yes, it should. I'll have a look at the sieve extension's TLS
> > support this evening (i didn't know it supported TLS already). I
> > re-tested the TLS support of the managesieve patch v6 at my end and
> > it still works
> I can confirm that TLS is working via gnutls-cli, so I guess the
> problem must lie with the Sieve extension. Of note, we're using a
> non-standard port (12000) and a chained, wildcard GlobalSign
> certificate.
Ok, I have the same problem here and as for KMail I decided to dive into
the sourcecode of Thunderbird's Sieve extension. The offending source
code is the following
(extensions/sieve at mozdev.org/chrome/chromeFiles/content/editor/SieveFilterExplorer.js):
onStartTLSResponse : function(response)
{
// activate TLS
sieve.startTLS();
// we should call now Capabilities ...
// .. they can change with enabled TLS
var request = new SieveCapabilitiesRequest();
request.addCapabilitiesListener(event);
request.addErrorListener(event);
sieve.addRequest(request);
},
This method is called after the server gives an Ok response to the
STARTTLS command. It starts the TLS negotiation and afterwards it sends
a capability command. So, it seems like managesieve client implementors
have a hard time reading the specification which clearly gives the
following example (KMail had this problem as well):
C: StartTls
S: oK
<TLS negotiation, further commands are under TLS layer>
S: "IMPLEMENTATION" "Example1 ManageSieved v001"
S: "SASL" "PLAIN DIGEST-MD5 GSSAPI"
S: "SIEVE" "FILEINTO VACATION"
S: ok
As you can see, the server is supposed to send the CAPABILITY reponse
implicitly, just like when the client first connects. The Sieve
extension for Thunderbird does not expect this implicit reponse and
sends a CAPABILITY command to get the new capabilities. The unexpected
data causes the sieve extension's connection attempt to freeze. The
following log shows the sequence of commands:
Aug 18 00:14:29 xi dovecot: managesieve-login: managesieve: C: STARTTLS
Aug 18 00:14:31 xi dovecot: managesieve-login: managesieve: C: CAPABILITY
Aug 18 00:14:31 xi dovecot: managesieve-login: managesieve: C: AUTHENTICATE
I'll give it a try to fix it, but my Xul/JavaScript is a bit rusty. I'll
pop the author an e-mail in either case.
Regards,
Stephan.
More information about the dovecot
mailing list